| |
DHS Taps ASIS, NFPA, BSI Private-Sector Preparedness Standards
Security Management (10/09) Straw, Joseph
Homeland Security Secretary Janet Napolitano announced Thursday that her department has proposed using three existing emergency management and business continuity standards under its Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep), which aims to develop a comprehensive standard that will help private companies to respond to disasters. Among the standards that were chosen was the ANSI/ASIS Organizational Resilience American National Standard, which helps organizations tailor their preparedness needs to meet their business needs, said Michael R. Cummings, the president of ASIS International. In addition, DHS also chose the National Fire Protection Association Standard on Disaster/Emergency Management and Business Continuity Programs and the British Standards Institute's business continuity standard. Elements of the three standards will be integrated to meet the needs of certain stakeholders, such as small businesses. Once the PS-Prep standards are completed, the ANSI-ASQ National Accreditation Board will develop and oversee the certification process, handle the accreditation, and accredit qualified third parties to perform the certification under the accepted procedures of the program. DHS is asking those who want to comment on the standards to do so by Nov. 15, though it has said that it plans to keep the docket open after that date.
U.S. Appeals Court Upholds Convictions of Animal-Rights Activists Charged Under Terrorism Statute
Associated Press (10/15/09)
The 3rd U.S. Circuit Court on Wednesday upheld the convictions of six animal-rights activists charged with conspiracy to violate the 1992 Animal Enterprise Protection Act, which aims to protect animal research labs from illegal and violent protests. The activists, who are members of a group known as Stop Huntingdon Animal Cruelty, were originally convicted in a 2006 trial in New Jersey for posting the home addresses of contractors and officials at Huntingdon Life Sciences--a company that has been criticized for allegedly abusing animals at a facility in the U.K.--on their organization's Web site. Some of the Huntingdon officials and contractors were harassed or had their homes vandalized or attacked after their addresses were posted. Among the officials who were targeted was Andrew Baker, the chairman of a Huntingdon holding company. During the animal-rights activists' trial, Baker testified that protesters broke windows and threw smoke bombs into his home in Los Angeles. Baker also testified that protesters plastered the door of his daughter's New York apartment with pictures depicting his death. The activist claimed that they were simply exercising their right to free speech by posting the addresses of Huntingdon officials and contractors on Stop Huntingdon Animal Cruelty's Web site. But Judge Julio Fuentes of the 3rd U.S. Circuit Court disagreed, saying that the posting of the addresses constituted a "true threat," and is thus not protected speech. The activists are considering appealing the ruling.
Surveillance Never Folds
Security Management (10/09) Vol. 53, No. 10, P. 38; Longmore-Etheridge, Ann
When Tampa Bay Downs wanted to expand its poker room in 2008, the state of Florida said that it also had to upgrade its surveillance system to one that used cameras and DVRs capable of displaying at least 30 frames per second and a 4CIF (704 x 480 pixel equivalent). After looking at its current system, Tampa Bay Downs discovered that its existing cameras were in compliance with state regulations but its DVRs were not--which meant that it needed to begin what John Vacha, the racetrack's director of information technology, called a "dramatic" upgrade process. As Tampa Bay Downs shopped around for a new surveillance system, Vacha said, it looked for one that had active directory integration that provided a user's log and security credentials, as well as a system that was expandable and did not conflict with other corporate applications. The racetrack eventually settled on a system that used hardware from Axis Communications and software from Milestone Systems. Vacha noted that the software gives Tampa Bay Downs a number of capabilities that it did not have with its old system, including the ability to give state investigators a DVD that shows three camera angles all at once. The hardware, meanwhile, uses a high compression system that reduces the size of video files without degrading image quality. Vacha said Tampa Bay Downs has been pleased with the system, since it was relatively inexpensive to install and because there have been no major technical issues thus far.
One in Three Young Women Are the Victims of Workplace Bullying, Alarming New Figures Have Revealed
Personnel Today (10/15/09)
A recent survey of 685 young women in the workplace has found that 33 percent of these women have been bullied while on the job in the last six months. The survey, conducted by Company magazine, found that the most common perpetrator of bullying in these cases was an older woman in a more senior professional position. Common bullying behaviors detected included excessive work monitoring and criticism, isolation or intimidation, unrealistic goals, and public humiliation or insults. Women who were the targets of these behaviors most often reported suffering from anger, mental stress, depression, low confidence, and insomnia. Despite these effects, more than half of respondents said that bullying was an acceptable part of the workplace or that their organization does not take bullying seriously. Additionally, 40 percent said that they felt the recent economic climate contributed to the tolerance of bullies in recent months.
Data Breach Decision May Go to Maine's High Court
Computerworld (10/13/09) Vijayan, Jaikumar
U.S. District Court Judge Brock Hornby has requested Maine's Supreme Court to weigh in on whether consumers can seek remuneration from retailers for the time and effort involved in changing payment cards and bank accounts following a data breach. The request comes from Hornby's reversal of an earlier ruling in a case that favored the Hannaford Bros. grocery chain, which last year report that thieves had stolen the data of more than 4.2 million credit and debit cards. The judge has asked the Maine Law Court to consider whether the time and effort spent ameliorating the impact from a data breach could be deemed a cognizable injury under Maine statutes. "Whether time and effort spent mitigating or averting harm from actionable conduct ... is alone sufficient to recover damages is uncertain under Maine law," Hornby wrote in his ruling. Many courts have had a tendency to throw out most consumer class-action lawsuits brought in the aftermath of a data breach in which debit and credit card information is exposed, arguing that the card-issuing banks' compensation to consumers for any monetary losses they sustain precludes merchant liability. The Maine Supreme Court's ultimate ruling on the case could set a new precedent.
DHS Reshapes Immigration Enforcement Program
Washington Post (10/16/09) Hsu, Spencer
The Department of Homeland Security reports that several of the 66 law enforcement agencies currently participating in the federal program that allows local law enforcement to apprehend illegal immigrants have chosen to drop out. Their decision to leave the program is based on new federal requirements for the program designed to curb abuses of the program, such as racial profiling. Under the new requirements, participating agencies will be asked to focus more on checking the immigration status of already-arrested criminals and on suspects in major drug offences or violent crimes. They have also been asked to discontinue roadside stops and neighborhood sweeps aimed at Latinos and other ethnic groups. Although several agencies may drop out of the program, 13 additional law enforcement agencies have applied to begin participating in it. Since its inception in 2006, the program caught 135,389 illegal immigrants, approximately 60,000 in the past year. Of these, 94 percent were apprehended using checks at local and state jails.
Napolitano Says Coordination Key to Tracking Al-Qaeda Backers
Bloomberg (10/13/09) Bliss, Jeff; Blum, Justin
In an interview with Bloomberg Television on Oct. 12, Department of Homeland Security Secretary Janet Napolitano said law enforcement agencies are tracking terrorists in the U.S. who may have ties to al-Qaida by focusing on improving how they share information with one another. "It is fair to say there are individuals in the United States who ascribe to al-Qaida-type beliefs," Napolitano said. "And so it makes information-sharing, it makes effective law enforcement and it makes the shared responsibility of law enforcement ever so important." Napolitano also noted that information sharing among law enforcement agencies at all levels of government has improved significantly since the September 11, 2001 terrorist attacks, and that such sharing is more important than technology that can allow officials to track visitors leaving the country. According to Napolitano, developing a system that is capable of tracking the more than 200,000 people who intentionally overstay their visas would be a "very expensive and laborious effort." She also noted that the technology for such a system may not even exist. In addition to discussing efforts to combat terrorists in the U.S., Napolitano also talked about the fight against al-Qaida in Pakistan. Napolitano said the U.S. has managed to keep al-Qaida holed up in the tribal region of northwestern Pakistan, and that the U.S. has been able to capture or kill a number of the group's leaders. In addition, the U.S. has been able to trace and block al-Qaida's financing, Napolitano said. However, she also noted that Osama bin Laden's terrorist organization has adapted by using affiliated groups around the world to help plan attacks.
CERN Physicist Accused of Terror Links
Christian Science Monitor (10/13/09) Spotts, Peter N.
Adlene Hicheur, a French-Algerian researcher who worked at the European Organization for Nuclear Research (CERN), was accused in French court of collaborating with an Al Qaida affiliate group in North Africa. Hicheur was a data analyst for CERN's Large Hadron Collider (LHC) project. While the LHC lab does use some radioactive materials, they are no different than those that are readily available at hospitals and industrial complexes, reports indicate. The lab where Hicheur worked was not involved in any nuclear-energy research or nuclear weapons. CERN also told authorities that Hicheur had not been around the lab for months prior to his arrest with his brother on Oct. 8, in southeastern France. Hicheur is suspected with discussing potential European targets for an attack with the aforementioned al Qaida spinoff group. French officials say they have no evidence that CERN was one of those targets.
U.S. Can't Trace Foreign Visitors on Expired Visas
New York Times (10/12/09) McKinley, James C.; Preston, Julia
The attempted attack by Hosam Maher Husein Smadi, a 19-year-old Jordanian immigrant, has raised serious concerns about the U.S.'s ability to track individuals who stay in the country after their visas have expired. Smadi entered the country on such a tourist visa, and significantly overstayed the visa. In 2008, 2.9 million foreign visitors on temporary visas like Smadi's checked into the country but never officially left, according to immigration officials. All in all, officials estimate that approximately 40 percent of the 11 million illegal immigrants in the United States initially entered the country using legal visas. In light of Smadi's arrest, Congress and Department of Homeland Security officials are calling for the completion of an electronic monitoring system designed to track when someone with a visa leaves the country. However, Homeland Security officials also warn that such a system could be costly and, if handled improperly, could impede trade and border crossings. Thus far, the agency has been unable to find a workable technology that could provide an exit monitoring system for the whole nation. Immigration analysts say that it may be up to law enforcement officials to thwart terrorist suspects who do not have records that would draw scrutiny before they enter the United States. "You can't ask the immigration system to do everything," maintains Doris Meissner, a senior fellow at the Migration Policy Institute.
Manchester Airport Trials Naked-Image Security Scans
Guardian Unlimited (UK) (10/13/09) Topping, Alexandra
England's Manchester airport has begun testing a new scanning system that allows staff to instantly spot any weapons or explosives. However, the system has raised privacy concerns because the full-body scanner also shows a clear outline of passengers genitalia, as well as any false limbs, breast enlargements, or body piercing. According to airport officials, the scan will be viewed by one officer at a remote location before it is deleted. Travelers can refuse to undergo the virtual strip search and choose the traditional "pat down" method. "Most of our customers do not like the traditional 'pat down' search," airport customer experience representative Sarah Barrett says. "They find it too intrusive, but they still want to be kept safe. This scanner completely takes away the hassle of needing to undress. The images are not erotic or pornographic and they cannot be stored or captured in any way." As Barrett points out, the scanner removes the need for passengers to take off shoes, belts, or coats; hypothetically speeding up the security process. Airport representatives also assured frequent fliers that they will not be at risk from low-level radiation, as the scanners are approximately 20,000 times less powerful than a dental x-ray. Similar scanners have also been tested at Heathrow airport. The U.K. Department of Transport is expected to decide weather to install them permanently after the trial at Manchester ends in one year.
Why Don't Companies Make Security a Priority, Six Tips for Garnering Executive Buy-In
Risk Center (10/14/09) Casey, Tami
A survey on Web application security, conducted by eMedia and sponsored by Cenzic, found that 63 percent of companies test their Web applications quarterly, or even less often. Out of nearly 400 IT professionals who responded to the survey, 28 percent were unaware of a security breach ever occurring at their organizations. According to IT firm Gartner, however, 75 percent of all deployed Web applications are vulnerable to a security attack, which can put a company's reputation, brand, and business at risk. Company security professionals should effectively communicate the issue to executive management, and build awareness of the importance of application security. Security strategies should line up with business objectives, including a calculated return on investment and potential costs of security breaches. Security professionals should point out any possible penalties for non-compliance with regulatory standards, emphasize Web application security as part of the software development process, and provide cloud-based solutions.
IRS Wins Some, Loses a Few in Fight Against Identity Theft and Data Loss
Government Computer News (10/13/09) Jackson, William
A recent report from the U.S. Government Accountability Office (GAO) has found that there were more than 51,000 cases of apparent taxpayer identity theft in 2008. GAO notes that there are a number of ways in which taxpayers' identities are being stolen. For example, some taxpayers have their personal information stolen by clicking on fraudulent links in emails that claim to be sent by the Internal Revenue Service (IRS). In addition, the personal data of some taxpayers is being stolen by Web sites that offer fraudulent electronic tax return filing services. Meanwhile, the IRS is taking several steps to fight back against the theft of taxpayers' identities, such as by creating an identity protection strategy. In addition, the IRS' Online Fraud Detection and Prevention Office is actively searching for fraudulent online activity and shutting down fraudulent Web sites. Last year, the office shut down more than 3,000 Web sites suspected of phishing for taxpayer information. Despite these efforts, it is still difficult to combat taxpayer ID theft, in part because of the jurisdictional issues that arise when officials go after cybercriminals in other countries, GAO notes in its report. Compounding the problem is the fact that many victims are hesitant to report cases of fraud. In response to this problem, officials are working with the National Cyber Forensics and Training Alliance, the Anti-Phishing Working Group, and other organizations to facilitate and improve data sharing.
Big-Box Breach: The Inside Story of Wal-Mart's Hacker Attack
Wired News (10/13/09) Zetter, Kim
Wal-Mart suffered a major security breach in 2005 and 2006 when hackers targeted the development team responsible for the chain's point-of-sale system and diverted source code and other sensitive information to a computer in Eastern Europe. Among the retailer's security vulnerabilities at the time of the hack were at least four years' worth of customer purchasing data that was stored on company networks without being encrypted. The hackers secretly installed a password-busting tool on one of Wal-Mart's servers. It was discovered after a server crash, which was triggered when the intruder tried to activate the program. A probe revealed that the program had been remotely installed by a party using a generic network administrator account assigned to a former Wal-Mart employee in Canada, which Wal-Mart had failed to close following the worker's departure. An email summarizing the initial investigation said the security team identified "over 800 machines that the attacker either tried to brute force or actually made a successful connection." The investigator concluded that the hackers "knew what they were going for and they were all over it—point-of-sale." A similar method was used to breach the networks of other retailers, which ultimately led to more than 100 million cards being exposed. Wal-Mart says the security challenges raised in various investigations have been met and that it has been commissioning PCI audits in six-month intervals since it became PCI compliant in August 2006.
Researchers Advise Cyber Self Defense in the Cloud
IDG News Service (10/12/09) Nystedt, Dan
Security experts are warning that Web-based user platforms are exacerbating the potential for identity and personal data theft to a greater degree than ever before. The best shield against cloud-based threats is self defense, panelists at the recent Hack In The Box security symposium said. But changing the ways and extent to which people share personal information online will be difficult. On popular social networking sites such as Facebook, MySpace, and Twitter, people are uploading photos, personal diaries, and resumes, and many do not stop to read the fine print, which in many cases stipulates that anything posted on the site becomes property of the site. The ability to access a network from just about anywhere on a wide array of machines, from smart phones to PCs, underlines another critical weakness because other people may be able to access that network as well. "As an attacker, you should be licking your lips," says Sensepost researcher Haroon Meer. "If all data is accessible from anywhere, then the perimeter disappears. It makes hacking like hacking in the movies." Meer said a person trolling for data is usually out to turn a profit, and every morsel of information they can gather puts them one step closer to someone's bank or credit card account.
Software Piracy Increasingly Leading to Malware Infection, Study Says
Dark Reading (10/12/09) Wilson, Tim
A recent study by the Business Security Alliance (BSA) has found that the use of pirated software is on the rise--a finding that the organization says is troubling because pirated software is vulnerable to several different types of cybersecurity threats. The BSA noted in its study that it sent out nearly 2.4 million "takedown requests"--which are issued when it finds suspicious software being offered on peer-to-peer networks and online auction sites--in the first half of this year, an increase of 200 percent compared with the same period last year. In addition, the study noted that BSA's in-house Internet "crawler" identified and requested the removal of nearly 103,000 torrent files from nine of the biggest BitTorrent hosting sites around the world in the first half of 2009--files that were being used by nearly 3 million people to illegally download software. Finally, the study found that roughly 41 percent of software on PCs is pirated, and that many of these applications are unpatched. As a result, these applications are vulnerable to malware such as viruses, Trojans, and spyware, the study noted. The study concluded by saying that there is a correlation between Internet piracy and the spread of malware, since areas with high instances of software piracy tend to also have high instances of malware.
Abstracts Copyright © 2009 Information, Inc. Bethesda, MD |
2 comments:
Sharing this topic to everyone is a helpful act. I will share this post to my friends because I believe they also need these information you've shared here.
Thanks for sharing.
[b]NationalClicks.com-Free Adult, Sexy Videos, Pictures, Games.[/b]
[b]**NOTE:[/b] We are your ONLY Free Softcore Adult Playground with over 20 Free Social Communities built towards your favorite fantasy.
You don't have a favorite fantasy? You should.
Maybe its Hot Teachers, Hot Mom's, Hot Wives, Lingerie, Daisy Dukes, Nip Slips, Sexy Legs, Booty or Panties.
Don't worry, we have you covered.
With over 20 Free Hot Social Communities to upload Pictures, Videos and Blogs we are sure to have what you want.
[b]Check it out, have some fun, interact and enjoy all the free stuff.
[/b]
Post a Comment