| |
Business Owners Get Burned by Sticky Fingers
Wall Street Journal (03/11/10) Needleman, Sarah E.
Small businesses often lose more as the result of employee theft than larger companies do, according to the Association of Certified Fraud Examiners. The organization found that employee frauds at businesses with less than 100 employees result in a median loss of $200,000, which is $57,000 more than the median losses at larger companies. One reason why small businesses typically lose more money may be the fact that small business owners often trust their employees and therefore do not implement strict security controls or install security cameras. Experts say that this is a mistake, because the opportunity to easily steal money can be irresistible for some employees, particularly when the economy is bad. Mark R. Doyle, the chief executive officer of the workplace crime-prevention services provider Jack L. Hayes International, said that small business owners need to be vigilant about signs that their employees may be engaging in theft, including sudden improvements in an employee's lifestyle that do not line up with the worker's income. Doyle also noted that small business owners may want to consider installing an anonymous employee hotline so workers can report cases of theft. In addition, employees should be required to work in teams of two or more when handling cash or inventory, Doyle said.
Background Check Missed Suspected Shooter's Prison Stint
CNN.com (03/10/10)
Nathaniel Brown, the Ohio State University employee suspected of opening fire on his co-workers on Tuesday, served five years in prison, according to the Columbus-Dispatch. However, a background check on Brown did not turn up this fact. The background check, released by Ohio State, was performed by OPENonline after Brown applied for a job as a janitor at the university. A check commissioned by CNN with a different vendor also showed no criminal past. Police say that Brown's attack was motivated by a poor performance evaluation. He killed a manager before killing himself. Another employee was also wounded.
The Open Carry Gun Movement and Corporate Security
SecurityInfoWatch.com (03/09/10) Kohl, Geoff
The growing "open carry" movement, which encourages individuals to exercise their Second Amendment rights by openly carrying a firearm, may have significant implications for security managers. The first of these issues is whether or not a business has policies about guns on its premises. While companies like Starbucks do not have these policies, other organizations have rules that prohibit weapons, even if they are legally carried. Security managers must consider what impact these policies (or lack thereof) will have on their business. Furthermore, security managers must consider the business impact of open carry protests and/or counter protests on or near their premises. As Felix Nater, an IAPSC certified security consultant points out, "Corporate security directors really don't want the guns anywhere near their business, because a situation can change so quickly." However, Curtis Baillie, a former retail security director, said that retailers may face a more complicated situation because customers could face a different set of rules than employees. He recommends that businesses defer to state laws. Both Nater and Baillie agree that the open carry issue can extend beyond state laws and become a liability concern, especially when state laws are in conflict with OSHA requirements to maintain a safe work environment.
Poker Heist: Armed Gang Rob European Tournament Live on Air
Belfast Telegraph (03/07/10) Fennelly, Gary
A televised poker tournament in Germany was disrupted on Saturday when a gang of six armed men stormed into the hotel where the event was being held and stole nearly all of the 1 million euro jackpot. According to witnesses and police, the men were wearing masks and were armed with automatic weapons, machetes, and hand grenades when they made their way into Berlin's Grand Hyatt hotel as the poker tournament was being broadcast live. During the robbery, the gang was confronted by an unarmed hotel security guard, who threw a pole and a strongbox at them as they filled their bags with money from the tournament's jackpot. The security guard was also able to get one of the robbers in a headlock, though he eventually let the man go. All of the robbers managed to get away, along with 800,000 euros. There were no serious injuries in the heist. The poker tournament was able to resume several hours later.
Nuclear Commissioner Says Plants Are Secure
Raleigh News & Observer (NC) (03/06/10) Murawski, John
Dale Klein, a commissioner at the U.S. Nuclear Regulatory Commission (NRC), said the nation's 64 nuclear plants are safe from terrorist attacks. Klein was speaking in Raleigh, N.C., at the Summit on the National Academy of Engineering on March 5. He urged against requiring nuclear power plants to implement further security measures. "In most instances, the U.S. nuclear industry has reached a level of security such that additional requirements would not substantially improve overall security," he said. Klein also noted that in the wake of Sept. 11, nuclear plants were required to install bullet-proof enclosures that he says contributed to guards falling asleep on the job. "Let's be honest. If you were isolated in a small room with little ventilation and only small slits to use to view the outside world, you would likely grow bored and inattentive, too." Opponents of nuclear power have cited potential terrorist threats to stop attempts by Progress Energy and other power providers to renew nuclear plant licenses and get licenses for new reactors. This includes Progress Energy's application to the NRC for federal licenses to add two reactors to its Shearon Harris facility roughly 25 miles southwest of Raleigh.
Suicide Blasts in Pakistan's Lahore Kill 39
Reuters (03/12/10) Bukhari, Mubasher
Two suicide bombers on foot in a military neighborhood in the Pakistani city of Lahore detonated their bombs in rapid succession on Friday, killing at least 39 people and wounding nearly 100. Among those killed in the attack, which targeted the Pakistani military, were five Pakistani soldiers. The attack is just the latest incident in what has been a violent week in Pakistan. There have been a total of five bombings this week, including a car bombing on a police intelligence building in Lahore on Monday that killed 13 people. A shooting and a bombing also took place at a U.S.-based aid agency in northwestern Pakistan earlier this week, killing 6 people. The attacks have occurred despite claims by Pakistan's government that its security crackdowns have weakened the Pakistani Taliban. Although those crackdowns have dismantled Taliban bases in South Waziristan, fighters have simply disappeared into rugged areas that are difficult for the military to enter.
Internet Making it Easier to Become a Terrorist
Los Angeles Times (03/11/10) Susman, Tina; Drogin, Bob
Security experts say that the case of "Jihad Jane," a.k.a. Colleen LaRose, shows that the Internet makes it easier for individuals with extremists tendencies to connect with terrorist groups. "The new militancy is driven by the Web," says Fawaz A. Gerges, a terrorism expert at the London School of Economics. "The terror training camps in Afghanistan and Pakistan are being replaced by virtual camps on the Web." The sheer vastness of the Internet poses a serious challenge to intelligence officials and law enforcement officers charged with monitoring it for potential terrorist activity. Still, U.S. authorities have started to closely monitor several imams who preach jihad in English via the Internet and, in some cases, help funnel recruits to al-Qaida and other radical groups. The best known is Anwar al Awlaki, an American-born imam who is believed to be living in Yemen. U.S. officials say more than 10 percent of visitors to his website are in the U.S. Awlaki gained notoriety after officials released information indicating he had traded e-mails with Maj. Nidal Malik Hasan prior to his alleged attack on the Fort Hood army base. Awlaki also reportedly had contact with Umar Farouk Abdulmutallab prior to his alleged attempt to blow up a Detroit-bound airplane last year.
U.S. Falters in Screening Border Patrol Near Mexico
New York Times (03/11/10) Archibold, Randal C.
In testimony before the Senate Homeland Security Committee on Thursday, representatives from the FBI and the Department of Homeland Security said that security checks on potential U.S. Border Patrol officers had fallen far behind. According to their testimony, this lag could pose a major risk as drug cartels work hard to infiltrate the ranks of Customs and Border Protection. Following 9/11, the ranks of the border patrol have swelled by more than 41,000 officers. For this reason, polygraph examinations, which officials say are an important tool to help detect potential security risks, were administered to about 15 percent of applicants by the end of 2009. That was an increase from the 10 percent of the previous year, but made possible only because hiring slowed for the first time in several years. James F. Tomsheck, who is in charge of internal affairs for Customs and Border Protection, said that approximately 60 percent of candidates tended to fail the test, including some who officials believed had ties to criminal organizations. In addition, he said, the agency is far behind in conducting periodic background checks of current law enforcement employees. Tomsheck said that more internal affairs personnel and funding would be needed to correct these problems.
JihadJane, an American Woman, Faces Terrorism Charges
Washington Post (03/10/10) Johnson, Carrie
Federal prosecutors on Tuesday unsealed criminal charges against 46-year-old Colleen LaRose, a Pennsylvania woman who allegedly helped recruit men and women from the U.S., Europe, and South Asia to wage jihad. According to the indictment, LaRose--who has been in U.S. custody since October--looked for recruits who could blend in in Europe and the U.S. Authorities also believe that LaRose, who used the nickname "JihadJane" in a 2008 YouTube posting in which she expressed a desire to do something to help Muslims, conspired to attack a Swedish artist named Lars Vilks who made a drawing of the prophet Muhammad in 2007 that angered the Islamic world. That plot began to unfold last March when LaRose asked the Swedish Embassy for information on how to obtain permanent residency in the country. Last August, LaRose traveled to Sweden as part of her plan to "live and train jihadists" and "find and kill" Vilks, the indictment said. A month later, LaRose began performing online searches to find Vilks. She eventually joined an online community that he hosted and traveled to his artists' enclave in Sweden. In an e-mail to her fiancé, LaRose said she had gotten so close to killing Vilks that "only death" could stop her. LaRose returned to the U.S. in October, and was charged with helping transfer a U.S. passport to a man identified in the indictment as K.G. to "the brothers" in Sweden. LaRose was also taken into custody on suspicions that she provided material support to terrorists and that she traveled to Sweden to carry out an attack. She could be sentenced to life in prison if convicted on the charges against her.
Pentagon Shooting Puts Federal Building Security Back in Spotlight
Washington Post (03/09/10) P. B03; O'Keefe, Ed
Lawmakers are gearing up to once again focus on the issue of security at federal buildings in the wake of the shooting at the Pentagon last week. The issue gained wide attention last summer when the Government Accountability Office released a report on serious security vulnerabilities at 10 major federal buildings across the country. However, lawmakers' attention has been diverted to other issues since the release of the report. But now the House subcommittee on the federal workforce is planning to discuss a number of issues related to the security of federal buildings, including how federal agencies share information on potential threats with local law enforcement agencies, who are sometimes unfamiliar with the tenants and security measures at government buildings in the areas they are responsible for. Homeland Security Secretary Janet Napolitano has been invited to attend hearings on this issue, though it remains unclear whether she will participate. Meanwhile, Sen. Joseph Lieberman (I-Conn.), the chairman of the Homeland Security and Governmental Affairs Committee, is planning to introduce legislation next month that would make changes to the security measures that are currently in place at federal buildings. Colleen M. Kelley, the president of the National Treasury Employees Union, applauded the increased focus on security at federal buildings, but said that she was worried that concern about the issue would evaporate in time. To prevent that from happening, members of the union--which represents IRS employees--are planning to visit congressional offices to try to secure statements of support for federal workers, Kelley said.
State Web Site Breach Tied to Foreign Attacker
Des Moines Register (IA) (03/11/10) Petroski, William
An Iowa state official said Wednesday that the March 3 attack on a state homeland security Web site was perpetrated by a foreign attacker. According to Robert Bailey, the communications director for the Iowa Department of Administrative Services, the attacker—who was based somewhere outside of North America, but has not been identified—took advantage of a security vulnerability in an application to deface a site operated by the Iowa Division of Homeland Security and Management. No sensitive data was compromised during the breach, though a total of six state Web sites—including one that offers advice to the public about how to prepare for emergencies—were temporarily shut down. Iowa State University researcher Steffen Schmidt says the breach is troubling because it means that a hacker could post incorrect information about how the public should respond to a terrorist attack or natural disaster on the state homeland security Web site. However, steps are being taken to ensure such an attack does not happen again, Bailey notes. He says the homeland security Web site is being rebuilt from the ground up in order to reduce the risk of a hacker attacking it.
Hackers Love to Exploit PDF Bugs, Says Researcher
Computerworld (03/10/10) Keizer, Gregg
Hackers, long a fan of Adobe Reader, have propelled it to first place as the software most often exploited in targeted attacks, a Finnish security firm says. F-Secure also implores users to download the newest version of Reader to protect themselves against attacks that exploit a weakness patched just last month. According to F-Secure 61 percent of the nearly 900 targeted attacks it recorded in January and February 2010 exploited a vulnerability in Reader, Adobe's popular software for viewing PDF files. By comparison, attackers exploited Microsoft Word in fewer than 25 percent of attacks, and bugs in the software giant's Excel spreadsheet and PowerPoint presentation maker were wielded only a combined 14 percent of the time. Word, Excel, and PowerPoint accounted for just 39 percent of all attacks in the first two months of 2010, says F-Secure.
Mapping the Malicious Web
Technology Review (03/09/10) Lemos, Robert
Websense researchers have developed FireShark, software that automatically monitors malicious activity on Web sites. Websense researcher Stephan Chenette says the experimental system scans the Web, identifies the source of embedded content in Web pages, and determines whether any code on a site is acting maliciously. FireShark then creates a map of interconnected Web sites and looks for potentially malicious content. FireShark, which maps nearly one million Web sites and servers per day, decodes the HTML, Javascript, and other code embedded in each Web site, looking for the ultimate source of content. "When you graph multiple sites, you can see their communities of content," Chenette says. Websense researchers plan to release a plug-in for Firefox that will reveal the content hubs that a site is linked to.
Cybersecurity Program Has Serious Defects, GAO Says
Government Computer News (03/08/10) Jackson, William
The U.S. Government Accountability Office (GAO) has released a report criticizing the implementation of the Comprehensive National Cybersecurity Initiative (CNCI), a program that was created in 2008 as part of an effort to better protect the nation's cyberinfrastructure. The report says the deployment of CNCI has been hurt by a number of factors, including poor coordination and a lack of definition of roles and responsibilities across federal agencies. The GAO also criticizes the fact that much of the CNCI, which was outlined in National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, has been classified since it was created in 2008. The GAO acknowledges that while some details of the program need to remain classified, the lack of transparency reduces accountability for agencies handling CNCI projects and makes it difficult for some agencies to help make CNCI projects successful. The report says that several steps need to be taken to improve CNCI's progress, including creating better-defined agency roles and responsibilities, creating methods for measuring the effectiveness of CNCI projects in improving cybersecurity, improving transparency, and agreeing on the scope of cybersecurity education efforts. Federal CIO Vivek Kundra agrees with the recommendations, but says a lack of definition of the roles and responsibilities of federal agencies and a lack of coordination on those roles was not an issue in the progress of CNCI. He also points out that the Obama administration has declassified much of the information about CNCI in the wake of the GAO's report.
Hunting Mobile Threats in Memory
Technology Review (03/05/10) Naone, Erica
Xerox PARC scientist Markus Jakobsson has developed a way to detect malware on mobile devices that can catch unknown viruses and protect a device without draining its battery or straining its processor. The approach relies on having a central server monitor a device's memory for signs that it has been infected. The system checks a device by shutting down nonvital applications to make sure nothing is running except the detection software and the operating system. If malware is present and active, it will need to use some random access memory (RAM) to execute instructions on the device. The central server contacts the detection software to see if malware is using RAM by measuring how much memory is available. Once a device passes this check, the system can be certain that no malware programs are actively running, at which point it can scan secondary storage for dormant malware. Jakobsson notes the system is designed to find existing malware, and is not a prevention program.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment