| | 
"Aiming for a Drug-Free Workplace"
New York Times (05/10/07) ; Fahmy, Dalia Employers continue to strive for the utopia of a drug-free workplace given that $82 billion in productivity is lost each year because of substance abusers. The federal government estimates that 75 percent of drug users have jobs, and these workers are more likely to be involved in workplace accidents, file workers' compensation claims, miss more days of work, change jobs more often, and show up late for work frequently. Employers indicate that drug abuse is increasingly prevalent, but drug-screening tests cost about $50 or less, which makes the investment worthwhile. Moreover, government grants and insurance policy discounts for those employers installing these screenings are plentiful. Quest Diagnostics reports that about 6 percent of all workers randomly screened and 4 percent of all job applicants test positive for drug abuse. Still, small employers often erroneously believe that their workforce resembles a family and that they know workers well enough to judge whether they are substance abusers or not without the help of drug testing. Small employers should engage in drug testing programs in order to weed out applicants seeking companies that do not conduct those tests; also, workers' compensation insurers are now beginning to require drug testing after workplace accidents occur. Various employers are wary of drug testing because they see it as a violation of workers' privacy, but experts indicate that these tests are perfectly within an employer's right to administer.
(go to web site) "Giants Quietly Prep for Home Run History"
KCBS (05/10/07) ; Sovern, Doug If and when controversial Major League Baseball star Barry Bonds breaks Hank Aaron's career home run record, the San Francisco Giants will be prepared with extra security measures at AT&T Park. Bonds is just 10 home runs shy of tying Aaron's mark, and the media attention and security measures will only increase as Bonds approaches the record. Giants COO Larry Baer says that the security measures will include limits on the number of fans allowed in the right field arcade, an extra security presence in the arcade, and Coast Guard limits on how many boats are allowed in McCovey Cove outside the stadium. "You can't have 40,000 people standing on the right field arcade or, you know, 80,000 boats in the water I suppose," Baer explained. "The Coast Guard wouldn't allow that, so there will be those sorts of arrangements that we're ahead of the curve on." After Bonds hits his 750th home run, security will increase and specially marked baseballs will be put into play when Bonds comes up to bat.
(go to web site) "Saving J.Lo's Hide"
New York Daily News (05/10/07) ; Widdicombe, Ben Actress and singer Jennifer Lopez is rumored to have hired additional security after receiving a number of threatening letters from an animal-rights extremist. The notes have threatened "to kill her in public, just like the slaughtered animals whose fur she wears," according to a source close to Lopez. The source says that Lopez did not take the letters seriously at first, but she has been receiving the letters for about a month now, and Lopez's husband, Marc Anthony, has decided to hire two off-duty police officers to protect Lopez while she is in public. The two officers are said to be an addition to Lopez's normal security team. A Lopez representative claims that the story is untrue, saying that Lopez "has had the same security team she has always had."
(go to web site) "A Tragic Mess"
Risk Management (05/07) Vol. 54, No. 5, P. 29 ; Zechman, Marlin Recent events, like Hurricane Katrina, prompted companies to establish comprehensive contingency plans that take into account environmental effects, public safety, and overall disaster preparedness. Since companies measure a disaster's severity by its economic effects, companies should consider four exposure categories. Damages to the physical environment and to ecological receptors (i.e. animals and plant life) result in cleanup expenses, fines, and penalties. Secondly, human health consequences are one of the most serious exposures, and are determined by factors, including the type of toxic material released and the length and route of exposure. Property damages and business interruption are additional concerns for businesses, especially since they can be costly and limit the ability of firms to recover from disasters. Experts suggest that businesses develop a response plan, perhaps with the help of a response-planning consulting company. Businesses should also review the extent of their insurance coverage, as an additional environmental policy may be needed; additionally, they will need to review regulations to ensure their facilities are in compliance with state and federal laws with regard to pollution controls and other items. Running mock drills, working with local emergency responders, and designating a trained and knowledgeable incident commander are other ways to ensure an immediate response to an environmental incident.
(go to web site) "Hydro Defense"
Governing (04/07) Vol. 20, No. 7, P. 50 ; Irondale, Tom The potential terrorist threat to the U.S. drinking-water supply was underscored by an incident last spring in which three teenagers in Blackstone, Mass., penetrated the considerable security measures protecting a water tower, climbed atop the tower, and broke through its protective fiberglass sheathing. In recent years, U.S. water utility operators have spent millions of dollars on armed guards, security fencing, sturdy locks, and computer security programs--all aimed at increasing the security of their water storage tanks, pipes, reservoirs, pumping stations, treatment plants, and other facilities. Since 2001, for example, the Los Angeles Department of Water and Power has doubled its security force, boosted water testing by 50 percent, implemented a background-check and fingerprint program for all employees, and purchased two helicopters for pipeline patrol. Despite such extensive precautions, industry and government officials acknowledge that completely securing water supplies is not only impractical but impossible. Thus, government researchers are exploring natural and man-made alarm systems that could alert officials to the presence of contamination, much like the proverbial canary in a coal mine. The natural systems include bluegill fish that are exposed to city water and monitored for signs of stress that indicate the presence of toxins, while the manmade systems include a computer-based detection system that is currently being tested by the Greater Cincinnati Water Works.
(go to web site) "On the Verge to Converge"
Security Products (05/07) Vol. 11, No. 5, P. 40 ; Ting, David A growing number of organizations are linking their building security systems with their network security systems in order to more strictly enforce employee behavior. Under a converged security system, an employee's access to the organization's IT systems can be denied if they do not use their security badges to enter the building. Organizations can also configure their networks to automatically query the building access system when the employee logs in to see if they have signed into the premises. Such a converged approach to security encourages correct user behavior, reinforces compliance with the company's policy, and allows organizations to enforce policies against tailgating--the practice of an employee walking into the building at the same time as another employee who has already used their badge--without deploying a turnstile-based entrance system. In addition, linking an employee's building access card with a user's password allows organizations to implement strong authentication systems for staff without having to invest in two-factor authentication technology such as tokens or biometric readers. Finally, auditing and reporting is easier for organizations with converged security systems.
(go to web site) 
"Six Charged in Plot to Attack Fort Dix"
Washington Post (05/09/07) P. A1 ; Russakoff, Dale; Eggen, Dan U.S. authorities on Tuesday provided additional details about the terrorist plot to attack Fort Dix in New Jersey. The six foreign-born suspects who have been arrested in the plot appear to be "homegrown" terrorists operating on their own, without a clear ringleader and without ties to Al Qaeda or any other international terrorist group. The suspects are Islamic immigrants from Jordan, the former Yugoslavia, and Turkey, and authorities began investigating the suspects in January 2006 after the suspects allegedly submitted a video file to a video store so that the video file could be copied to a DVD. The video file--which showed the men conducting training with assault weapons, praising jihad, and speaking in Arabic--alarmed a store employee who decided to contact authorities. The group selected Fort Dix as a target because one of the suspects delivered pizzas to the base and thus was well-acquainted with the layout of the base. Three of the suspects operated a roofing business, one worked as a taxi driver in Philadelphia, one worked at a Shop-Rite supermarket, and another had worked at a 7-Eleven. The suspects trained with guns in the Poconos, conducted paintball-gun training, and seemed to feed off of each other, officials said. The suspects were inspired by jihadist propaganda on the Internet, martyrdom videos made by two of the Sept. 11 hijackers, and images of Osama bin Laden.
(go to web site) "TSA Hard Drive With Employee Data Is Reported Stolen"
Washington Post (05/05/07) P. A9 ; Hsu, Spencer S. A computer hard drive containing the personal data of 100,000 current and former Transportation Security Administration (TSA) employees, including airport guards and air marshals, has apparently been stolen from the TSA's human resources office in Crystal City, Va. The personal data includes the names of TSA employees, their Social Security numbers, birth dates, and bank account information. A TSA spokesman claims that the loss of the hard drive does not pose a security risk to secure areas of U.S. airports, which are protected by fingerprints and other identifiers. The TSA has alerted its employees about the incident, is recommending that they alert their financial firms, and is offering them free credit-monitoring services. The FBI and Secret Service are investigating the loss of the hard drive as a criminal act, and Congress is expected to hold hearings about the security breach. "Whether it is known what the breach was or how it occurred, it did occur and this raises enormous concerns," said Rep. Sheila Jackson-Lee (D-Texas), chairwoman of a subcommittee that oversees the TSA. "We will be in a posture of quickly looking for answers."
(go to web site) "In New Video, Al Qaeda No. 2 Mocks Congress Bill, President Bush"
Fox News (05/07/07) A new video of Ayman al-Zawahiri, Al Qaeda's No. 2 leader, has been released. In the video, al-Zawahiri is dressed in white and sits in front of a bookcase as he mocks the U.S. Congress for introducing legislation that calls for the U.S. military to pull out of Iraq. "This bill will deprive us of the opportunity to destroy the American forces which we have caught in a historic trap," al-Zawahiri says, adding that the bill is proof of U.S. "failure and frustration." The video is more than one hour long, is dated in May, and has English subtitles. Al-Zawahiri also mocks President Bush's security plan for Baghdad, inviting Bush to visit "the cafeteria of the Iraqi Parliament in the middle of the Green Zone." In the video, al-Zawahiri also calls upon minority races to take up jihad. "That's why I want blacks in America, people of color, American Indians, Hispanics, and all the weak and oppressed in North and South America, in Africa and Asia, and all over the world, to know that when we wage jihad in Allah's path, we aren't waging jihad to lift oppression from the Muslims only, we are waging jihad to lift oppression from all of mankind, because Allah has ordered us never to accept oppression, whatever it may be," he says.
(go to web site) "Bill Requires Security Standards for Colleges"
Express Times (05/11/07) ; Graber, Trish G. A New Jersey Assembly committee voted unanimously Thursday to clear a bill that would require colleges and universities in the state to create comprehensive disaster plans that would be subject to annual review by a newly created Campus Security Task Force. The vote by the Assembly Higher Education Committee clears the way for the bill to reach the Assembly floor for a full vote. The task force is co-chaired by New Jersey Office of Homeland Security and Preparedness Director Richard Canas. The bill was introduced in January but quickly became a priority after the Virginia Tech shooting spree last month. Acting Gov. Richard Codey formed the Campus Security Task Force in the aftermath of the shootings with the mandate that the task force create security standards for state colleges and universities. Members of the task force include security experts, school officials, and students. Higher education and law enforcement officials testified Thursday about the task force's recommendations.
(go to web site) "Hamas 'Mickey Mouse' Preaches Resistance"
Houston Chronicle (05/08/07) ; Hadid, Diaa The Hamas terrorist group is using an oversized rodent that looks nearly identical to Mickey Mouse as a tool to spread terrorist propaganda to Palestinian children. The large black-and-white mouse, nicknamed "Farfour" (Butterfly), appears every Friday on a children's show that is broadcast on the Al-Aqsa TV station. The mouse character speaks to children in a high-pitched voice, urging them to fight against the United States and Israel and help establish Islamic rule across the world. "You and I are laying the foundation for a world led by Islamists," Farfour said during one recent episode of the show. "We will return the Islamic community to its former greatness, and liberate Jerusalem, God willing, liberate Iraq, God willing, and liberate all the countries of the Muslims invaded by the murderers." The mouse appears on the "Tomorrow's Pioneers" show, which frequently receives calls from children who sing Hamas anti-Israel anthems.
(go to web site) "Israeli Airport Security Methods Studied"
Guardian Unlimited (UK) (05/09/07) ; Winograd, Ben Airport officials from the United States toured Ben Gurion International Airport near Tel Aviv to see how Israeli authorities secure one of the most highly-prized terrorist targets. A feature that stood out on the tour is that airport design is built around security, affecting everything from windows to trash bins. But the thing that stood out the most was the difference in passenger screening, with Israel openly employing profiling to single out foreign and Arab passengers for greater scrutiny. "The Israelis are legendary for their security," said Steven Grossman, head of aviation at Metropolitan Oakland International. "Let's face it. The whole issue of profiling--that is a difficult word to use in the United States. ... The level at which they do it is far beyond, I think, anything we practically can do." Thus, while all passengers must undergo some questioning by security officers, those targeted for more intense scrutiny must undergo intensive questioning about everything from religious beliefs to acquaintances in Israel. It is this process that makes replication at busy U.S. airports difficult. While Ben Gurion serves about 9 million passengers a year, McCarran International (LAS), for one, handled 46 million last year. If passengers "have to show up at the airport three hours early to fly one hour, pretty soon they're going to say, 'Why don't I just drive?'" said LAS aviation director Randall Walker.
(go to web site) 
"Cracks in the Air"
Government Computer News (05/07/07) Vol. 26, No. 10, ; Jackson, William In a recent lecture at the CIO Council's quarterly IT forum in Washington, D.C., Justice Department information technology security specialist Mischel Kwon gave a sobering assessment of some of the security risks involved in using wireless communications. For example, Wi-Fi technology used in wireless local area networks has a number of vulnerabilities, including rogue access points that can make control difficult, signals that are easy to detect, and encryption standards that are easy to crack. As part of her lecture, Kwon--along with Rob Del Gaizo, a computer science student at George Washington University--demonstrated how hackers crack the encryption standards used in Wi-Fi networks. Kwon and Del Gaizo were able to crack the Wired Equivalent Privacy (WEP) encryption standard in just a few minutes after capturing relatively few packets, though they had much more difficulty breaking the Advanced Encryption Standard used in Wi-Fi Protected Access/2 (WPA/2). However, Kwon and Del Gaizo were eventually able to subvert the encryption standard by attacking the passphrase exchange during the connection process. Given these vulnerabilities, Kwon advised users who set up wireless networks to separate the wired and wireless segments with a firewall and avoid anything involving sensitive information on the wireless side of the network. Kwon and Del Gaizo also demonstrated how to hack Bluetooth, a wireless technology that is becoming common for hands-free cell phone communications and for the on-board computers in cars. The two showed how hackers can use a man-in-the-middle attack to intercept a cell phone call. Similar attacks can also be used to steal data stored on a Bluetooth-enabled device, Kwon and Del Gaizo said.
(go to web site) "Document Shell-Code Attacks on the Rise"
InfoWorld (05/02/07) ; Hines, Matt Targeted attacks that exploit vulnerabilities in popular document file formats--including Microsoft Word, Excel, PowerPoint, and Adobe PDF--and execute via hard-to-find shell code are becoming a growing threat, researchers at IBM's Internet Security Systems division have found. Experts working with the ISS X-Force group said they have noticed a rapid rise in the volume and variety of shell-code execution attacks leveled at their customers over the past year. Customers have been falling for these attacks in large numbers, the ISS division said, due to the fact that the threats typically come from spoofed email addresses that appear trustworthy and reside inside documents that do not have the same security concerns as Web-based applications. Compounding the problem is the fact that most anti-virus applications do not look for shell-code attacks, and intrusion protection systems miss many variants because the types of documents being used are harder to scan for potential threats. Microsoft and Adobe have also been finding it difficult to quickly patch the security vulnerabilities in their products, said X-Force's Kris Lamb. In an effort to correct this problem, Microsoft is working on improving its vulnerability testing process by rethinking some of the heuristics tools it uses to search for potential security vulnerabilities, according to Michael Howard, the program manager on the company's security team.
(go to web site) "How to Detect Security Vulnerabilities in Your Systems"
CSO Online (05/01/07) ; Miliefsky, Gary S. Spyware, viruses, Trojans, worms and other types of computer threats are becoming increasingly harder to stop for a number of reasons, writes NetClarity CTO Gary S. Miliefsky. For instance, more and more hackers are using so-called "zero-day attacks," in which threats such as viruses and worms are developed and unleashed on the same day a security hole is announced. This phenomenon is being fueled by open-source malware code that is freely available on the Internet. Given the threat posed by zero-day attacks, it is more important than ever for companies to detect and remove their Common Vulnerability and Exposure (CVE) on their networks. CVEs can be discovered in a number of ways, including by searching the U.S. National Vulnerability Database. This database allows users to search for CVEs that may be on their own systems, or type in the name of a network device to see a list of CVEs associated with that particular device. Finding and fixing CVEs has a number of benefits, including improved productivity and less downtime in the event of a successful hacker attack. Companies who remove all of the CVEs from their networks will be as close to 100 percent secure as possible.
(go to web site) Abstracts Copyright © 2007 Information, Inc. Bethesda, MD |
No comments:
Post a Comment