| |
EU Plans Overhaul of Internet Download Rules
Reuters (India) (07/09/09) Grajewski, Marcin
Speaking at a seminar on Thursday, European Union Telecommunications Commissioner Viviane Reding said the EU needs to adopt new rules for Internet downloads that do not force people to resort to piracy when they want to download music and films from the Web. Reding noted that the new laws should establish a consumer-friendly framework for downloading digital content while ensuring the creators of that content are paid for their work. She added that the EU's current laws are inadequate because they appear to be forcing people, particularly younger individuals, to download digital content illegally. A recent survey found that 60 percent of people between the ages of 16 and 24 illegally downloaded digital content over the last several months.
Six Employees of Sky Capital Are Accused in a $140 Million Fraud Scheme
New York Times (07/08/09)
Civil and criminal charges have been filed against six employees of the Wall Street retail broker Sky Capital, who allegedly perpetrated a $140 million international boiler-room scheme. According to the civil complaint filed by the Securities and Exchange Commission, the six brokers--all of whom surrendered to FBI agents on Wednesday and subsequently entered not guilty pleas on charges of securities, wire and mail fraud in federal court in Manhattan--raised $61 million from investors in the U.S. and the U.K. between 2002 and 2006. In addition, the SEC complaint noted that the brokers--including Sky Capital founder and CEO Ross Mandell--enforced a policy that prevented the investors from selling their stocks in Sky Capital Holdings and Sky Capital Enterprises, which were publicly traded on the Alternative Investment Market of the London Stock Exchange until 2006. However, the investors were never informed that they were prohibited from selling their shares, the SEC said in its complaint. All six of the brokers are currently out on bond as they await trial.
Goldman May Lose Millions From Ex-Worker's Code Theft
Bloomberg (07/07/09) Glovin, David; Harper, Christine
A former Goldman Sachs computer programmer was arrested last Friday for allegedly stealing the company's proprietary trading codes. According to prosecutors, the programmer, Sergey Aleynikov, stole the codes--which are worth millions of dollars--and transferred them to a computer server in Germany between June 1 and June 5. At an appearance by Aleynikov in U.S. District Court in New York on Saturday, Assistant U.S. Attorney Joseph Facciponti said the code could be used to manipulate financial markets in unfair ways. He added that it remains unclear who else has accessed the code from the German server. Prosecutors also say that the theft of the code and its subsequent transfer to the German server could allow someone to use Goldman Sachs' trading platform, which allows the firm to perform sophisticated, high-speed, and high-volume trades on several different stock and commodities markets. If someone is able to access that system, it could cost Goldman Sachs millions of dollars in increased competition, prosecutors say. Meanwhile, former Securities and Exchange Commission Chairman Harvey Pitt has said that the theft of the codes should serve as a wake-up call to financial institutions to review their security systems.
NYPD Aims Anti-Terror Guide at High-Rise Owners
GlobeSt.com (07/06/09) Bubny, Paul
The New York Police Department last week issued "Engineering Security: Protective Design for High Risk Buildings," a 130-page, counter-terrorism handbook aimed at owners of medium- and high-risk buildings. The report provides guidelines for both existing structures and future ones. In a preface, Mayor Michael Bloomberg wrote that the report "provides sensible guidelines for balancing the important need for security and the realities of urban development." Prepared by the NYPD's counter-terrorism bureau, "Engineering Security: Protective Design for High Risk Buildings" assigns the city's buildings to either low-, medium- or high-risk categories. Furthermore, it provides recommendations for mitigating these risks. Although it does not identify any specific buildings as high-risk, the study says there are structures that present a number of risk factors at once. They range from location to structural design, including: proximity to other high-risk buildings or to major infrastructure; a lack of controlled access; the inability to withstand specific blast pressures at certain distances; and, finally, key financial or government tenants.
Businesses Should Prepare Now for Fall Flu
Las Vegas Sun (07/06/09) Warner, Jo Ellen
The Centers for Disease Control and Prevention is urging businesses to take several steps over the summer to prepare for the possibility of another swine flu outbreak during the upcoming influenza season. For starters, businesses should be sure to encourage employees who are sick to stay home so that they do not infect others. Companies should also take steps to ensure that they can continue to do business even with high employee absentee rates. For example, companies should train several employees to perform key tasks such as fulfilling customer orders and handling payroll so these jobs are done even if the person who normally does them is out sick. In addition, companies should adjust their sick leave policies so that ill employees can stay home for seven to 10 days, and so that other workers can stay home and care for sick family members. Finally, businesses should take common steps to prevent the spread of the swine flu, such as requiring hand washing and stocking appropriate supplies, while companies that do business in other countries should also set up feeds of information to monitor local conditions in those nations.
Iran Protests Draw Thousands but Are Quickly Quelled
Los Angeles Times (07/10/09) Mostaghim, Ramin; Daragahi, Borzou
Thousands of supporters of Iranian opposition presidential candidate Mir-Hossein Mousavi took to the streets of downtown Tehran on Thursday, despite calls by Supreme Leader Ali Khamenei for an end to the acts of civil disobedience and violence that have plagued the country since the disputed June 12 elections. The protests turned violent when security forces armed with batons and tear gas moved into the area to break up the demonstrations. According to one witness, five members of the Basiji militia beat an elderly woman who was taking part in the protests. Demonstrators, meanwhile, set fire to trash bins in an effort to protect themselves from the effects of the tear gas fired by security forces. However, they largely avoided throwing rocks at security forces and engaging them in running street battles. Witnesses say the demonstrations were quelled within about three hours. In the aftermath of the demonstrations, protesters said they would wait to decide what their next move would be. "We will wait to see the reflection of today's events in the local and international media and the responses of the authorities," said a protester named Farzad, who asked that his name not be published. "Then we get together with our fellow demonstrators and decide another contingency plan for further struggles."
Chinese Police Break Up Small Xinjiang Protest
Reuters (07/10/09) Buckley, Chris
Chinese riot police reportedly broke up a small demonstration by several hundred Uighurs who were leaving prayers in a neighborhood of Urumqi on July 10. Several people were arrested following the demonstration near the White Mosque. Originally the government had closed all mosques in the neighborhood but relented in order to allow Muslim Uighurs to attend afternoon prayers. This demonstration is the first test of government control over the city since security forces moved in following Han attacks on Uighur neighborhoods in retaliation for the deaths of 156 people killed in Uighur rioting on July 5. Uighurs have reported that people were killed in those attacks, though the government has not released any figures.
Federal Protective Service Faulted After GAO Sting With Bomb Parts
Washington Post (07/09/09) O'Keefe, Ed
The Government Accountability Office's Mark L. Goldstein testified before the Senate Homeland Security and Governmental Affairs Committee on Wednesday about the preliminary findings of the GAO's recent investigation into the security practices of the Federal Protective Service, the agency that provides security guards for 9,000 federal buildings across the country. Goldstein noted that the investigation found that undercover government investigators were able to smuggle bombmaking materials into 10 federal buildings and assemble the materials into bombs in the buildings' bathrooms. After assembling the bombs, the undercover investigators were able to walk around with the devices largely undetected. Goldstein noted that there was only one instance in which an FPS security guard questioned an undercover investigator carrying suspicious materials. Goldstein added that at three or four of the federal buildings that were part of the investigation, guards were not looking at the screens of their X-ray machines, and that if they had they had been they would have been able to detect the bombmaking materials. The GAO's investigation also found that many security guards were not properly trained on how to use metal detectors or X-ray machines. Also at the hearing on Wednesday was FPS Director Gary W. Schenkel, who faulted a lack of money and manpower at his agency for the security problems at federal buildings. Committee Chairman Sen. Joseph Lieberman (I-Conn.) responded by promising to introduce legislation that would reauthorize FPS, give it additional funding, and force Homeland Security Secretary Janet Napolitano to reorganize it while developing new staffing and training plans.
Liberty Gets Her View Back
USA Today (07/05/09) Hampson, Rick
The Statue of Liberty is scheduled to reopen its crown to visitors on July 11. All groups will be small, specially ticketed, and escorted by a park ranger. However, even with these limitations, this will be the first time the statue's crown has been open to the public since September 11. Security experts say this decision was based on two major changes in public attitudes. First, that some anti-terrorism restrictions may be more costly then they are currently worth. And second, public convenience and effective security may not be mutually exclusive. Further encouraging the move is another public opinion poll, conducted by USA TODAY/Gallup, that found that nine out of ten Americans agree with the decision to reopen the crown. The same poll found that the number of Americans who worry they will be victims of terrorism has fallen from 44 percent to 36 percent over the past two years. According to Charlotte-based consultant Ross Bulla, companies are also getting "complacent", reducing security measures because there have been no terrorist attacks since September 11. However, the government appears to be leading a trend towards compromising between security and public accessibility. In addition to the new Statue of Liberty policy the government has created a 100-yard security buffer zone around the new Capital Visitor Center that also provides an air-conditioned environment for waiting visitors; benches around the Washington Monument that double has car-bomb barriers; and a new bridge, scheduled to be built near the Hoover Dam, designed to divert non-visitor traffic.
North Korea May Have Shot Mid-Range Missile
Reuters (07/05/09) Herskovitz, Jon
According to South Korea's defense ministry, North Korea has launched seven mid-range ballistic missiles on or near July 4. Officials say the North appears to have fired two Rodong missiles, capable of striking targets in all of South Korea and most of Japan, as well as five Scud missile, which could hit most of South Korea. "We found five of the several missiles fell near the same spot in the East Sea (Sea of Japan), which indicates their accuracy has improved," one official reported. It will take several days to completely confirm these reports but if they are true it would represent an escalation on the part of North Korea, which has been banned by U.N resolutions from firing ballistic missile of any kind. The launches came as the United States has cracked down harder on the country, releasing information that it may freeze several Malaysian bank accounts that are believed to belong to North Korea.
Cyberattacks Jam Government and Commercial Web Sites in U.S. and South Korea
New York Times (07/09/09) Sang-Hun, Choe; Markoff, John
Several South Korean Web sites were attacked once again on Thursday by the botnet that has targeted 27 American and South Korean government and commercial Web sites since the July 4 holiday weekend. According to Shin Hwa-soo, an official from the state-run Korea Communications Commission, Thursday's attacks affected one government and six commercial Web sites in the country. Hwa-soo noted that the attacks were minor, and all but two of the targeted sites were up and running again within several hours. Hwa-soo added that the distribution of vaccine programs against the attack helped the sites fight back, and that the program will continue to be distributed in an effort to protect against new attacks. Meanwhile, the investigation into the source of the attacks is continuing. South Korea's spy agency, the National Intelligence Service, said it believes the attacks were carried out by a hostile group or government, though it could not confirm reports that North Korea is involved. Although it remains unclear who is involved in the attack, some clues are beginning to emerge. For instance, Joe Stewart, a researcher at Atlanta-based Secureworks' Counter Threat Unit, has found that the data generated by the attacking program appears to be based on a Korean-language browser.
MasterCard Halts Remote POS Security Upgrades
Computerworld (07/08/09) Vijayan, Jaikumar
MasterCard has decided to bar merchants from using remote key injection (RKI) services to install new encryption keys on point-of-sale (POS) systems, says Gartner analyst Avivah Litan. The new policy will mean that merchants hoping to implement automated upgrades of POS terminal encryption over their networks will have to continue manual upgrading on a terminal-by-terminal basis in a secure off-site facility. Retailers were counting on RKI for rapid migration of their terminals to Triple Data Encryption Algorithm standards (TDES) as mandated by the PCI Data Security Standard, Litan says. MasterCard's decision comes at a time when retailers are facing a deadline to move all of their POS terminals from DES to TDES by next July as part of a PCI requirement designed to spur merchants to deploy stronger encryption at retail sites. RKI technologies and services are designed to accelerate and reduce the cost of upgrading data encryption keys on POS terminals. "Nobody understands the rationale for [MasterCard's decision]," Litan says. PCI analyst Jim Huguelet points out that retailers' interest in RKI technologies that lower the cost of ownership affiliated with periodic encryption key replacement is growing.
Microsoft Has No Patch Yet for Security Flaw
USA Today (07/07/09) P. 2B; Acohido, Byron
Microsoft alerted users on July 6 about another critical vulnerability related to its Internet Explorer browser for which there is no solution. Symantec says the flaw, found in PCs running Windows XP or Windows Server 2003 operating systems, is already being exploited by cybercrooks. It can permit nefarious users to remotely commandeer victims' computers. The victims do not need to do anything to invite infection except browse Web sites contaminated with a small bit of code that takes advantage of the security vulnerability. Symantec's Dean Turner says a cybercriminal gang has compromised approximately several hundred legitimate Web sites with such infections since July 1. "This is not that uncommon," he says. "But this kind of exploit in the wild, with no security patch yet available, has the potential to affect hundreds of thousands of people."
Cybercrooks Descend on Twitter With Spam, Attacks
USA Today (07/06/09) P. 1B; Acohido, Byron
Online crooks are increasingly abusing Twitter to lead users to sites that peddle pornography and fake prescriptions and generate advertisements for sham anti-virus products. "We're starting to see a groundswell of attacks," says Websense's Dan Hubbard. "Spam is usually the first bad thing we see before it escalates to things more nefarious." A rise in attacks seems unstoppable. Any person can acquire a Twitter account and begin disseminating unwarranted messages across cyberspace. Another challenge is Twitter's frequent use of condensed URLs, which allow the user to direct someone to a page in a brief message. That has cleared the path for cybercriminals to transmit malicious URLs that can give a hacker access to a user's PC, warns Kaspersky Lab researcher Stefan Tanase. "The more active a Twitter user is, the more attacks he or she is seeing," Tanase says.
We're Serious About Cybersecurity This Time, Says U.S. Official
IDG News Service (07/01/09) Gross, Grant
The inclusion of a list of specific goals in the White House's recent 60-day review of the U.S.'s cybersecurity measures is an indication that the Obama administration is determined to follow through on its plans to make cybersecurity a main priority, says Christopher Painter, the cybersecurity director at the U.S. National Security Council. In addition to praising the Obama administration for including a number of steps that can be taken to improve cybersecurity--such as appointing a White House cybersecurity coordinator and developing a plan for responding to cyberincidents--Painter also noted that the president's May 29 speech on cybersecurity was the first talk ever by a national leader that was devoted entirely to the topic. Painter says Obama's emphasis on cybersecurity should illustrate how serious efforts to protect the nation's IT systems from attack are. But not all cybersecurity experts are as pleased with the president's efforts to improve cybersecurity. Among those who are critical of the administration is Cigital's Gary McGraw. McGraw called on the Obama administration and the rest of the federal government "to get past talking about cybersecurity" and take concrete steps toward protecting computer systems from attackers. He also questioned the need for a White House cybersecurity coordinator, saying such a person would be nothing more than a "cheerleader."
Abstracts Copyright © 2009 Information, Inc. Bethesda, MD |
No comments:
Post a Comment