| | 
"Fingerprinting of Job-Seekers Proliferates"
Wall Street Journal (06/07/05) P. B1 ; Fields, Gary Once a rarity for job applicants, fingerprints are now required in for those seeking positions in a wide variety of fields. Applicants for the janitor's job at the Bruggenmeyer Memorial Library in Monterey, Calf., must be screened with prints, as must liquor-store owners in Telluride, Colo., and school-bus drivers throughout Illinois. Insurers are requiring some companies to conduct background checks, including fingerprints, of workers. The laws requiring fingerprints have spawned a cottage industry of electronic fingerprint capturers, companies that gather prints by computer or those that convert the old-style fingerprint cards to electronic images. Once taken, most of the prints are sent to state authorities, which pass them on to the FBI fingerprint center in Clarksburg, Va. Last year, the FBI performed nine million checks for private employers, up from 3.5 million in 1992; in fact, half of the FBI's fingerprint checks today are employment-related. The mass fingerprinting is raising concerns among privacy advocates and forensic experts, who question both the wisdom of widespread fingerprinting and the accuracy of fingerprint data. Placing prints in the hands of private companies will eventually make it easier for someone to replicate -- and misuse -- fingerprints of average citizens, claims Timothy Sparapani, legislative counsel on privacy issues for the American Civil Liberties Union. "There are going to be data spills," he says. Last month, a travel agency for the Justice Department lost information on 80,000 Justice employees. For years, employees of private organizations needing prints checked went through law-enforcement agencies. Now, companies such as National Background Check Inc., a Columbus, Ohio, company with 12 offices around that state, digitally fingerprint thousands of job applicants and other individuals each month and usually process the prints within 24 hours. The speed "allows people to make hiring decisions rather than firing decisions," says Eric Lapp, company vice president.
(go to web site) "Colonel Sanders Finds Himself Under Fiery Siege in Pakistan"
New York Times (06/08/05) P. A1 ; Sengupta, Somini Symbols of American commercialism have been under attack in Pakistan ever since Pakistan allied itself with the United States in the war on terrorism. Last week, an angry mob attacked a KFC outlet in Karachi, the largest city in Pakistan, setting a fire at the fast-food restaurant that killed six employees. The mob apparently attacked the KFC outlet to vent anger at a suicide bombing that had occurred at a Karachi mosque just minutes earlier. The same KFC restaurant, one of 32 KFC Pakistani franchises owned by local man Rafiq Rangoonwala, had been attacked three other times since the war on terrorism began, and another of Rangoonwala's outlets was also set ablaze during that time span. Rangoonwala says he has had a hard time convincing Pakistanis that his restaurants should be spared violence because they are Pakistani-owned. Attacks on American symbols are "something you have to live with in this part of the world, if you are going to do business here," said Rangoonwala, noting that after each attack on his KFC outlets he has taken steps to address the violence. For example, Rangoonwala has taken out newspaper ads in local papers explaining that the restaurants are owned by Pakistanis, and he has created decorative plates emblazoned with the words "Pakistani management" and "Pakistani owner." A spokesman for the parent company that owns KFC claims that KFC outlets are not being targeted, but Pakistani literature teacher Munawer Abbas says that the KFCs are targets because the people hate America and its policies.
(go to web site) "The Scramble to Protect Personal Data"
New York Times (06/09/05) P. C1 ; Zeller Jr., Tom Recent incidents of identity theft from data aggregators such as ChoicePoint and Citigroup call for the widespread institution of a holistic data security strategy, says Unisys security consultant and former FBI chief cybercrime investigator Mike Gibbons. Such an approach requires the creation of more secure online access techniques, strong customer authentication, the recruitment of dedicated security personnel, and improvements in the transfer and storage of large volumes of consumer data. Safenet CEO Anthony Caputo says Internet connections usually have insufficient capacity for handling the huge amounts of data being transmitted, which is why sensitive information is still being stored on magnetic tape and shipped by truck. Nevertheless, he expects the data to be transferred to networks in a matter of months or years, in response to growing public demand. Security expert Bruce Schneier believes data brokers must be jarred into beefing up their security through the establishment of liability and penalties for those who fail to do so, and such legislation is pending. Many people think the most likely bill to be passed is a national version of a 2003 California law requiring data brokers to notify consumers of security breaches, while a proposal from Rep. Cliff Stearns (R-Fla.) calls for companies to craft written data security policies, and to be penalized for security failures. In anticipation of legislation, institutions such as the financial industry have started to bolster their defenses against identity theft. Both E*Trade and Bank of America recently started implementing stronger customer log-in measures, while the transfer of large volumes of stored consumer data is migrating to wide-area networks with encrypted, fiber-optic technology on closed systems.
(go to web site) "Steal This Software"
IEEE Spectrum (06/05) ; Hood, Marlowe China is one of the world's fastest-growing technology markets, but an entrenched culture of intellectual property theft is proving to be a difficult issue, not only for foreign software firms but also for the Chinese government. With improved bandwidth, the Internet has usurped disc-based piracy in China as Chinese users can easily find open-access FTP servers with illegal copies of major software releases hosted by entities such as Tsinghua University and the Chinese Academy of Sciences. Chinese consumers point out that purchasing legitimate copies of the software would be prohibitively expensive and that China has traditionally viewed imitation as an "elegant offense." Although 22 percent of software in the United States is illegally copied and 36 percent stolen in western Europe, China's piracy rate is an astounding 92 percent of all installed software. Observers say the Chinese national government subtly supports piracy of foreign vendors' products as a sort of industrial subsidy, while corrupt local government officials utilize stolen intellectual property for financial gain. In an investigation last year, Sony found some 50,000 PlayStation 2 consoles per day were being assembled in a Shenzhen prison, for example. But the national government is also realizing that adhering to intellectual property laws is important for local business; foreign firms may lose some of their overall sales to piracy in China, but local Chinese firms lose nearly all of their sales when their products are pirated, notes Founder Technology Group chief legal counsel Lun Yu, whose firm is the largest Chinese software firm. And China has recently taken a somewhat harder line with intellectual property thieves by changing laws and successfully prosecuting a handful of small-time purveyors of illegal goods.
(go to web site) "Lost"
Washington Times (06/07/05) ; Powell, Eileen Alt CitiFinancial and UPS announced that backup tapes from the consumer finance division of Citigroup Inc. had been misplaced. The tapes contained the Social Security numbers and payment histories of 3.9 million U.S. customers and were lost in transit from CitiFinancial to the credit bureau by UPS. The firm noted that the information was for both active and inactive accounts, but stated that no information on those tapes had been misused as of yet. Customers are expected to be notified of the disappearance after a delay in notification prompted by the U.S. Secret Service. UPS has completed an exhaustive search for the tapes but has been unable to locate them. CitiFinancial is expected to provide affected customers with identity theft resolution services and credit monitoring for free.
(go to web site) "Marines 'Beat US Workers' in Iraq"
Guardian Unlimited (UK) (06/09/05) ; Wilson, Jamie A group of 16 U.S. security contractors in Iraq is claiming that the U.S. military physically mistreated them after detaining them outside Falluja, Iraq, on May 18. The 16 guards and three other employees of Zapata Engineering were detained outside Falluja for allegedly shooting at a Marine patrol in Falluja. The guards, who had been traveling in a convoy of sports utility vehicles and trucks at the time, claim that the shooting was accidental. The marines approached the convoy in an unidentified vehicle, and the security contractors fired their guns into the air as a warning, not realizing that the vehicle was with the U.S. military, the security contractors said. In response, the Marines detained the security contractors for three days, and the security contractors claim that they were beaten, threatened with weapons, and stripped to their underwear. "They treated use like insurgents, roughed us up, took photos, hazed us, called us names," said one security contractor. Brookings Institute scholar Peter Singer says that the incident could be indicative of a rising tension between security contractors and U.S. Marines in Iraq.
(go to web site) "A CIO Guide to HIPAA Security Compliance"
Citrix White Paper (06/01/05) ; Chell, Regina Anne The Health Insurance Portability and Accountability Act (HIPAA) is expected to improve health care services delivery, protect medical data, prevent health care errors, and transfer money securely. Chief information officers (CIOs) at health care facilities are bombarded daily with the latest telecommunication regulations, security breaches, technology upgrades, and other events, but HIPAA is expected to improve many of the risk management programs at these facilities and improve cash flow, patient safety, access to critical patient data, seamless data and money transfers, and other current hassles. In order for health care facilities to successfully comply with the latest HIPAA regulations, CIOs need to assess their technology needs and determine which systems will create the most effective communications and data storage system in accordance with security regulations set forth by the Department of Health and Human Services. CIOs will first have to develop a secure system in which patient records and other data can be turned into electronic files for easy transfer between departments, personnel, insurers, health care facilities, and other related parties. One such system created by Citrix Systems would allow health care facilities to install software applications that can be managed on central servers, allowing workers to connect to applications from a central location and keeping data in a single location which reduces possible security breaches. Moreover, these centralized systems will also reduce the time it takes to update applications, which can lower administrative costs, increase productivity, and simplify the auditing of computer networks and systems. CIOs should invest in systems that will also allow workers to use log-in names and passwords to ensure that patient data is secure, while at the same time tracking who is accessing various information; these systems should also periodically change passwords to reduce the possibility of security breaches as well. Experts warn, however, that even the most secure systems should still be monitored, and various users should have their abilities limited in terms of viewing, printing, transferring, and other options in relation to patient data.
(go to web site) 
"Father, Son Tied to Al Qaeda Camp Are Held"
Washington Post (06/09/05) P. A2 ; Eggen, Dan; Nieves, Evelyn U.S. authorities have detained four men in Lodi, Calif.--a Pakistani American, his father, and two Muslim clerics--in connection with a potential Al Qaeda plot against the United States. "We believe through our investigation that various individuals connected to Al Qaeda have been operating in the Lodi area in various capacities," said an FBI spokesman. Late Sunday, the FBI arrested 23-year-old Hamid Hayat and 45-year-old Umer Hayat on charges of making false statements to the FBI. Authorities say that the younger Hayat confessed that he had participated in an Al Qaeda terrorism training camp in Pakistan and that he had offered to attack grocery stores and hospitals in the United States. Authorities became aware of Hamid Hayat on May 29 when they saw his name on the government's "no-fly list" as he took a flight from Pakistan to the United States, by way of South Korea. That flight was diverted to Japan but Hayat was allowed to enter the United States, where he was interviewed by the FBI. During that interview, Hayat denied any affiliation with terrorists, but after failing a polygraph test he admitted that he attended an Al Qaeda camp where he received terrorism training; Hayat's father also confessed to being affiliated with Al Qaeda after his son confessed. The two Muslim clerics are being held on immigration charges.
(go to web site) "Security at Symbol of Resolve: Many Demands on New Ground Zero Tower"
New York Times (06/07/05) P. A21 ; Collins, Glenn; Dunlap, David W. The designers of New York City's Freedom Tower, which will occupy the space where the World Trade Center once stood, have been challenged to redesign the building so that it is more secure. Specifically, the redesign focuses on protecting the building from potential car bombs or truck bombs, as the original design for the Freedom Tower called for the structure to come as close as 25 feet to a major thoroughfare. The redesign, sources say, will likely at least double this distance from the street, and original plans that envisioned a twisting style of architecture for the tower will be scuttled in favor of a square floor plan. In addition, plans for an arcade of ringed columns around the base of the structure could be abandoned; changes likely will be made to the building's summit; more occupied floors will be added to the design; and the building will have fewer, smaller windows on the floors below 150 feet. Several protective zones and barriers like checkpoints and bollards will keep the building safe, and the building can be built with blast-resistant materials, according to the redevelopment managers. The Police Department's risk evaluation experts recognize that no urban site can be made 100 percent safe from terrorism, but they are concerned that the original design plan could invite a terrorism attack. The redesign will aim to comply with the security standards for American embassies, and the structure's base will be "a hard bottom" potentially fashioned from material like translucent concrete, stainless steel, or laminated glass.
(go to web site) "Officials: Terrorists Could Target Chicken Nuggets"
Chicago Sun-Times (06/08/05) The U.S. government is examining the possibility that terrorists could target school lunches, according to an official with the Agriculture Department's Food Safety Inspection Service. Carol Maczka, an administrator with the service, says that the U.S. school lunch program is especially vulnerable to terrorism and that her agency has examined the vulnerability of milk, egg substitutes, and spaghetti sauce. The agency is currently examining the vulnerability of chicken nuggets. Companies that provide food to schools must show federal officials that they are working on a food safety plan, Maczka says, noting that the U.S. government has sent these providers information about food safety.
(go to web site) "Blast-Resistant Design for Buildings"
Structural Engineer (06/05) Vol. 6, No. 5, P. 18 ; Paczak, Michael G.; Duvall, Warren; Cosby, Judith The U.S. government has established criteria for blast-resistant design for federal buildings, which vary based on whether the threat level is designated as "high," "medium," or "low." A high threat level means that there is a verified high threat of attack, a medium threat level means that there is a verified threat of attack, and a low threat level means that there is a suspected threat. The blast-resistant design field is a relatively new one in which few structural engineers have much expertise, so it may be best to hire a blast consultant to help establish the building's threat level. The most effective way to defend against explosives is to establish a blast standoff perimeter, while the next level of defense is screening at public entrances. Engineers must also consider the structural implications of an explosive device being brought into a building or placed near an exterior wall, such as the force on the slab above an interior explosion or on interior or exterior columns near the blast. The threat of progressive collapse is traditionally gauged by examining what the structural effect would be of removing one of the columns from the building, or removing portions of masonry construction. In addition, window, curtain wall, and skylight manufacturers are often familiar with federal standards for blast-resistant glazing, although the manufacturers may not have specialized, in-house expertise. Not only must structural engineers take possible blast effects into account, but they must also coordinate with the design architect and other affected engineering disciplines in a proactive manner.
(go to web site) 
"Computer Viruses Become Hacker Informants"
New Scientist (06/09/05) ; Marks, Paul Security experts have discovered an emerging class of malware called vulnerability assessment worms that keep hackers apprised of the latest computer-network vulnerabilities so they can refine their cyberattack strategies or even target individual machines. Once the worms contaminate a network, they scan for security holes and report back to hackers via an Internet chatroom; scores of computers compromised by "bot" viruses are frequently directed through a chatroom link, and are often used to distribute spam or knock out Web sites with a denial of service attack. Symantec's Kevin Hogan says new viruses are coming out of the woodwork in ever-increasing numbers because the source code for many programs is freely available online. Computer security expert Bruce Schneier notes in the June 2005 edition of the Association for Computing Machinery's Queue magazine that over 1,000 new viruses and worms were uncovered in just the last six months, and points to the SpyBot.KEG worm as one of the most advanced forms of vulnerability assessment malware. The program informs its creator about vulnerabilities through an Internet Relay Chat (IRC) channel, and Schneier anticipates the emergence of even more complex IRC worms of a similar nature, as well as the use of peer-to-peer file-trading networks as launching platforms for new viruses. Hogan says the bot-hacker communication channel can be blocked with strong firewalls, while the IRC these hackers use can also be their undoing, since a hacker can be easily tracked once the authentic IP address of the IRC channel host is learned.
(go to web site) "Big Tech Outfits Unite to Try to Hook Phish"
Investor's Business Daily (06/06/05) P. A4 ; Howell, Donna A consortium of major tech corporations has organized to create an effective email authentication standard by combining Cisco's Internet Identified Mail technique with Yahoo!'s DomainKeys strategy; the hybrid method, DomainKeys Identified Mail (DKIM), promises to deliver backward compatibility and simple ungradeability from DomainKeys. Sent emails would be coded with DKIM, which establishes a message's legitimacy by encryption and other measures, and ISPs would then employ special procedures to see if incoming emails bear the appropriate DKIM signature. In the long run, the signatures could help make ISPs more effective at filtering out authentic email from spam and phishing email. Email authentication schemes currently in use besides DomainKeys include Microsoft's Sender ID and SPF, both of which rely on an email's Internet Protocol (IP) to distinguish between genuine and bogus messages. Sender ID is faster than the DomainKeys method, but it lacks the latter's encryption; conversely, encrypted approaches can strain systems. The expectation is that various authentication schemes will eventually coexist and complement each other. "IP-based solutions I think will stay around for a long, long time and offer us a really good bridge to encrypted solutions," says Email Service Provider Coalition executive director Trevor Hughes. The Internet Engineering Task Force has yet to ratify an official email authentication standard, but Sendmail CEO Dave Anderson says the chances of such a standard being passed have improved, since industry players are coming into agreement even before they submit a proposal.
(go to web site) "Q&A: Ex-eBay Security Chief Sees a Safer Internet in the Future"
InformationWeek (06/03/05) ; Claburn, Thomas Former eBay security chief and onetime chair of the President's Critical Infrastructure Protection Board Howard Schmidt is generally optimistic that the Internet's security will improve, and attributes this to a shrinking gap between the identification of security issues and industry's response to them, as well as increased recognition of security measures that must be taken by the private sector and the user community. He thinks end users' awareness of the need to practice safe computing and fortify themselves against cyberattack is on the rise, partly because of industry's increasingly aggressive promotion of security, and partly because of town-hall meetings the White House held throughout the nation while putting together the National Strategy to Secure Cyberspace. Schmidt says vendors are sufficiently improving the simplicity of secure PC use for end users, while the federal government has done a good job of spreading awareness among the private sector of the issue's ramifications for public safety, the economy, and national security through bodies such as the National Infrastructure Assurance Council, the National Security Telecommunications Advisory Council, the Information Security and Privacy Board for the Commerce Department, and the Office of Management and Budget. He says the government must continue its efforts to untangle and smooth out their own internal processes so that it can fulfill its promise to be a model for cybersecurity. Schmidt also believes encryption software is a valid and necessary tool for computer security, although he acknowledges that the use of encryption can be construed as a criminal act if it is used by wrongdoers to conceal evidence of their guilt. Looking ahead the next few years, Schmidt expects online identity management to improve, resulting in better privacy protection.
(go to web site) "Security Action Plans"
InformationWeek (05/30/05)No. 1041, P. 34 ; Garvey, Martin J. Companies need to focus as much on common-sense processes as on new software technology when it comes to securing their systems and networks. The first step is to devise a master plan that evaluates the importance of business assets, includes input from business-unit managers on risk management priorities, and implements a plan for managing risk intelligently. Meanwhile, managing access is a enormous concern, considering passwords offer hackers an easy in and that they need to be changed often to limit insiders' access to sensitive data. Companies should invest in sophisticated identity-management tools and commit to better practices for safeguarding access. Consolidating and automating security is a strategy that is being pursued by more companies, including HNTB, and the architectural and engineering firm says it has not had a major security issue since it started centrally managing its security policies and monitoring employee usage of systems and networks nine months ago. Though employees at HNTB no longer have to update security software on their own, the AAA Reading-Berks office in Pennsylvania has deployed new software that automatically detects and fixes the spyware problems that its 95 employees encounter. Security professionals also do not have to spend as much time patching manually now that patch management systems that automate the testing and installation of fixes are now available.
(go to web site) Abstracts Copyright © 2005 Information, Inc. Bethesda, MD |
3 comments:
Ρrettу section of content. I just stumbled
upon уour blog anԁ in aсcеѕsіon capіtal to ѕаy thаt I асquire аctually loved aсcount yоur blοg рosts.
Any way I'll be subscribing on your augment and even I success you get entry to constantly quickly.
Here is my web page - Payday Loans
What you postеd made a great dеal оf sеnse.
But, what about this? ωhat if yоu tуped а сatchier title?
I am nоt saуing your infοrmаtion
іѕn't good, however suppose you added something that makes people desire more? I mean "Security Management Weekly - June 10, 2005" is kinda plain. You might glance at Yahoo'ѕ front page
and note how they сreаte аrticle
titles to grab peoplе to clicκ. You might аԁd a vіdеo or
a геlated picture or twо to get peoplе exсited about what you've written. In my opinion, it might bring your posts a little livelier.
My web blog - New Bingo Sites
Juѕt wish to sаy your artiсle is as aѕtounding.
The clearness in your post is simplу cool and i can assume
you are an expert on thіѕ subject. Fine with your pегmission let
me to grаb yοur fеed tο κeep upԁated ωіth
forthcoming post. Thanks a mіllion and please continue thе enjοyable worκ.
Check out mу homepage - payday loans
Post a Comment