| |
Manchester United Cancel Indonesia Leg of Asian Tour After Hotel Attacks
Guardian Unlimited (UK) (07/17/09) Rich, Tim
The British soccer team Manchester United has announced that it is canceling its three-day visit to Indonesia, which had been scheduled to begin Saturday night. The announcement came in the aftermath of the bombing of two luxury hotels in Jakarta, which killed at least nine people and injured 50. The Manchester United had been scheduled to stay at one of those hotels, the Ritz-Carlton, during its stay in Indonesia. In making the announcement that the team was canceling its visit to Indonesia, Manchester United chief executive David Gill noted that there was no indication that the bombing was a response to the players' presence in the country. Gill also said that the team did not take a risk by planning to go to Indonesia to play the country's soccer team on Monday, despite the fact that Britain's Foreign Office had issued warnings that the risk of terrorism in the country was high. "We were aware of the situation," Gill said. "We took the best advice we could and to go to Indonesia was the right decision at the time."
French Workers Ratchet Up Threats
New York Times (07/15/09) Jolly, David
French workers have threatened to blow up factories if they do not receive more severance pay. Workers at a closing Nortel Networks research center said they were prepared to blow up gas canisters around the building. After authorities and company officials agreed to negotiate; however, workers revealed the threat to be a hoax. The Nortel threats followed a situation at a plant owned by sinking automaker New Fabris where workers said they were prepared to destroy the factory and their equipment if workers did not each receive $42,000 in additional severance. In reaction to these threats, French Labor Minister Xavier Darcos said the government would continue to search for nonviolent options but warned that more layoffs were likely as struggling companies continue to downsize.
China Warns Companies in Algeria to Heighten Security
Bloomberg (07/15/09)
China's government has issued a warning to all Chinese located in Algeria to heighten security. The warning follows a threat, identified by risk analysis company Stirling Assynt, by Al-Qaeda in the Islamic Maghreb against the 50,000 Chinese workers in Algeria and Chinese nationals and projects throughout northwest Africa. The threat is reportedly the group's reaction to unrest between Muslim Uighurs and Han Chinese in China's Xinjiang province that has thus far left 192 people dead. Most recently, police shot and killed two Uighur men armed with knives and sticks who were calling for jihad. Al-Qaeda in the Islamic Maghreb is the first militant group to formally react to the violence in Xinjiang province. The group, which supports the creation of an Islamic state in Algeria, was founded in the mid-1990s and pledged its allegiance to Osama bin Laden in 2003. Three weeks ago the group ambushed a convoy of Algerian security forces protecting Chinese engineers, killing 24 Algerians.
Nigeria Militants Call 60-Day Cease-Fire
Dow Jones Newswires (07/15/09)
Nigeria's main militant group is calling a 60-day cease-fire immediately in response to the release of an ailing rebel leader. Henry Okah was freed on July 13 just hours after the Movement for the Emancipation of the Niger Delta set fire to an oil depot and loading tankers in the country's economic center, Lagos. Five people were killed in the group's first attack outside the Delta region. The insurgents said in a July 15 statement that they hope the cease-fire will create an "enabling environment" for negotiations. Rebel attacks on oil installations and kidnapping of foreign oil workers have cut output of Africa's biggest oil producer by a quarter and often affect the world price of oil.
What's Normal in Security Awareness Education for General Employees?
Security Director's Report (07/09) Vol. 2009, No. 7,
New research on corporate security spending, administered by IOMA, indicates that firms spend a negligent amount on security awareness on a per-employee basis. It is likely that money for it will be in short supply in the near future, so implementing strategies that imbue the awareness program with the most value at the smallest cost is crucial. Some tips on getting the most bang for the buck: Standardize the program by giving it a goal, creating strategies to accomplish it, and performing regular assessments to test its effectiveness. Work toward pushing employees to embrace security as an individual responsibility. Involve senior management team members in the process, and ask them to sign off on a summary statement that the security department can use to introduce its comments. Take time to form a relationship with the audience, and devote the time and effort to making a high-quality, persuasive presentation. New hires will probably not remember every detail of the presentation, but they will cultivate an attitude relating to whether security at their new place of business is worth their attention. Deborah Russell Collins, executive director of the National Security Training Institute and former instructor of security awareness at TRW, says to that end, security's aim during new-hire orientations should be addressing employees' needs instead of inundating them with more responsibilities. Finally, give a fair presentation that underscores that all people are different and caters to a number of individual learning styles.
Twin Hotel Blasts Kill 9 in Indonesia Capital
Los Angeles Times (07/17/09) Glionna, John M.
Near-simultaneous explosions rocked two luxury hotels in the Indonesian capital of Jakarta on Friday morning, killing nine people and injuring 50. Witnesses at the scene said the first blast occurred at the Marriott Hotel, which is often the site of official American events like the U.S. Embassy's Independence Day celebrations. That blast was followed several minutes later by an explosion at the Ritz-Carlton. Officials say the blasts were likely the result of suicide bombings. Officials also say that the suspected bombers had been staying at the Marriott. Experts say the suicide bombers were likely connected with Jemaah Islamiyah, an Islamic terrorist group that is affiliated with al-Qaida. Jemaah Islamiyah is being blamed because they typically carry out coordinated attacks and because they are believed to be the only group that is capable of evading the security that was put in place at the Marriott in the wake of a 2003 suicide bombing. However, authorities say that the attacks may be the result of ethnic tensions or politics and that they may have been launched by criminal enterprises.
Real ID Act Faces Repeal After Outcry From Napolitano, States
Milwaukee Journal Sentinel (WI) (07/16/09) Marrero, Diana; Marley, Patrick
Homeland Security Secretary Janet Napolitano appeared before the Senate Committee on Homeland Security and Governmental Affairs on Wednesday to call for the repeal of the Real ID Act, the 2005 law whose supporters say will enhance the security of driver's licenses but whose critics say is too costly and complicated for states to implement. According to Napolitano, travelers could face increased security screening at airports next year unless Congress takes action soon because few states are ready to comply with the law when it takes effect at the end of 2009. Napolitano noted that dozens of states have passed laws prohibiting compliance with the Real ID Act while others have raised objections about the law, including concerns about the cost and challenges involved in meeting the legislation's requirement for creating interconnected driver's license databases. Napolitano called on Congress to replace the Real ID Act with legislation known as Pass ID, which she said would improve the security of driver's licenses but would give states more flexibility in complying with the program. In addition, the program would be less expensive and would take less time to implement than Real ID, Napolitano said. But any attempt to repeal Real ID is likely to face opposition from several members of Congress, including Rep. Jim Sensenbrenner (R-Wis.), the author of the Real ID Act. Sensenbrenner said Pass ID is a watered down version of Real ID that would weaken homeland security.
Homeland Security to Reconsider Color-Coded Terror-Alert System
Bloomberg (07/14/09) Schmick, Bill
The Department of Homeland Security has announced that it has appointed a bipartisan task force to review the nation's five-tiered terror alert system. According to a statement from Homeland Security Secretary Janet Napolitano on DHS' Web site, the 17-member panel will be chaired by William Webster, the former director of the FBI and CIA, and Frances Townsend, a homeland security adviser to former President George W. Bush. The panel will also consist of elected state and local officials, security experts, law-enforcement officials, and other professionals, Napolitano said in her statement. She added that the panel's members will conduct a 60-day review of the color-coded terror alert system and make suggestions about needed improvements. Napolitano said she hoped the process would result in an effective system for informing the public about terrorist threats to the country.
C.I.A. Had Plan to Assassinate Qaeda Leaders
New York Times (07/13/09) Mazzetti, Mark
The CIA program that former Vice President Cheney ordered be kept secret from Congress involved small teams being sent overseas to kill senior members of al-Qaida, several current and former government officials say. The program was designed by the Bush administration after September 11, 2001 as part of an effort to use more accurate methods for eliminating terrorists than Predator drone attacks. The CIA also wanted to be able to take out members of al-Qaida wherever they were, even if they were not in a war zone. However, the program was never fully implemented for a number of reasons, including the difficulties involved in creating and training the paramilitary teams that would have carried out the assassinations. Revelations that Cheney kept the program a secret have sparked a controversy in Washington, where congressional Democrats have said that the House and Senate Intelligence Committees should have been informed of its existence. However, Republicans have said that the CIA was not required to give lawmakers details about the program because it never carried out any missions and because Congress had granted the agency sweeping new powers in the wake of the September 11, 2001 terrorist attacks. The program was terminated by CIA Director Leon Panetta shortly after he learned of its existence. It remains unclear why Panetta decided to end the program.
Bush Anti-Terror Policies Get Reluctant Revisit
Washington Post (07/13/09) Johnson, Carrie; Warrick, Joby
The U.S. Justice Department appears to be prepared to pursue an investigation into whether or not CIA programs authorized during the Bush administration violated the law. Attorney General Eric Holder is reportedly leaning towards appointing a criminal prosecutor from inside the department who may look into whether CIA interrogators operated outside boundaries set by the Bush Justice Department. Such an appointment is expected to come in the next several weeks, possibly when the department releases an ethics report involving Bush lawyers. Federal law enforcement officials are obligated to investigate possible violations of anti-torture statutes and other criminal laws. However, the Obama administration has been reluctant to pursue such investigations due to concerns that they would create a distracting and divisive partisan battle. Thus far, Republican lawmakers appear to be proving these concerns well-founded as they have continually challenged even the small steps that the administration may be taking. As further reports of misconduct surface from both former and current CIA officials as well as international watchdog groups, the administration is expected to be forced to take these steps despite conservative objections, in order to avoid the prospect of a drawn-out public congressional hearing.
Twitter Hack Raises Flags on Security
New York Times (07/16/09) P. B1; Miller, Claire Cain; Stone, Brad
The recent security breach at Twitter has raised questions about the security of the passwords some businesses use to protect the data they store on the Internet. During the breach, which took place last month but was not revealed until Wednesday, a hacker broke into a Twitter employee's Gmail account by correctly answering the security questions that Google asks users in order to reset their password. After the hacker broke into the employee's Gmail account, he was able to gain access to the employee's Google Apps account, which contained Twitter spreadsheets and documents that discussed business ideas and financial details. The hacker then sent the information to the tech news blogs TechCrunch and Korben, purportedly as part of an attempt to make Internet users aware "that no one is protected on the Net." The hackers also was able to break into an email account belonging to the wife of Twitter CEO Evan Williams, as well as his accounts at Amazon and PayPal. Security experts say the incident underscores the need for Internet users to choose incorrect answers to the security questions on Web sites or make up their own questions instead of using the default questions that are provided. In addition, they say users should avoid sending out details of their lives--such as their pet's name or the name of their home town--over services such as Twitter.
Catching Spammers in the Act
Technology Review (07/15/09) Lemos, Robert
Indiana University researchers have exposed some of the methods spammers use to collect email addresses and send junk mail through multiple computers. In a paper scheduled to be presented at the Conference on E-mail and Anti-Spam, the researchers explain how they studied spammers' methods to obtain email addresses. The researchers used various techniques to match the programs that collect email addresses from Web pages, including exposing 22,230 unique email addresses on the Web for more than five months and watching for spam sent to those emails. The study found that an email address included in a comment posted to a Web site had a significantly higher probability of receiving spam. Only four of the email addresses submitted to 70 Web sites during a registration received spam, while half of the email addresses posted on popular sites received spam. The researchers also created a Web site on their own domain and waited for their pages to be crawled. Each visitor to the Web site saw a different email, which the researchers hoped would determine how often programs that crawl sites are actually operated by spammers. The researchers were able to identify characteristics that were unique to spamming crawlers, which could make it easier to detect and fight these programs. People can protect themselves from email harvesting by using simple obfuscation techniques, such as replacing the @ symbol with the word "at" when posting an email address.
Insiders Becoming Source of Hacking and ID Theft Threats
Computer Business Review (07/15/09) White, Kevin
A new Cisco report has brought attention to insider hacking and identity theft attempts as legitimate security concerns, which can be expected to escalate this summer and fall. In its most recent audit of global security threats and trends, the firm said that considering the recession during which many workers have lost their jobs or become disillusioned, the increase of insider attacks seems especially likely. Cisco's Maurizio Taffone said that companies need to reexamine their security strategies and vulnerabilities to possible insider thefts. "Data leakage protection technology has a part to play, as do systems that help identify unauthorized access to enterprise resources," he said. The report also verified a resurgence of spam, while social networking attacks are set to persist and attacks on legitimate Web sites are increasing. Cisco noted that cybercrooks are increasingly taking advantage of current events, while spamdexing is expanding, in which cybercrooks load Web sites with keywords to exploit users' trust of search engine rankings.
Security Scare Hits Microsoft Office
Reuters (07/15/09)
Microsoft announced on Tuesday that cybercriminals are attacking a vulnerability in its Microsoft Office XP, 2003, and 2007 software. According to the Redmond, Wash.-based company, cybercriminals are attacking Office users by putting malicious code on certain Web sites. When Office users visit these sites, their computers become part of a botnet that is used for identity theft, spamming, and other types of online crimes. Microsoft has not said how many computers have been affected by the attacks. However, the company did say that it has developed a temporary workaround for the vulnerability. Users must install the fix manually in order to protect themselves from the attack. A spokeswoman for Microsoft said the patch would soon be available on the company's Web site.
Why Feds Can't Stop Cyberattacks
Federal Times (07/13/09) Vol. 45, No. 19, P. 1; Carlstrom, Gregg
Experts say there are a number of lessons that can be learned from the distributed denial-of-service (DDOS) attack that struck several U.S. government Web sites over the July 4 holiday weekend. For instance, the slow and uneven reaction to the attacks underscores the need for a single White House official who can coordinate the federal government's response to such an incident, says James Lewis at the Center for Strategic and International Studies. Although President Obama has announced that he would appoint a cyberczar to oversee the federal government's cybersecurity efforts, he has yet to nominate someone for the position. Other experts say the attacks illustrate why it is necessary for the federal government to adopt uniform standards for its Web sites. In addition, the attacks highlight the need to educate federal managers about which company to call to set up a filter on their Web site to block a DDOS attack. SANS Institute director Alan Paller notes that many federal managers did not know who to turn to for help during the recent incident because they did not know which network service provider connected their Web sites to the Internet. Finally, the attacks have pointed out that at least some federal agencies may not be prepared to handle a serious cyberattack, since the recent attack was fairly primitive, Lewis says.
Abstracts Copyright © 2009 Information, Inc. Bethesda, MD |
No comments:
Post a Comment