| |
Domestic Violence in the Workplace
Seaway News (07/09/10) Kaplan, Sarah
Domestic violence that spills over into the workplace is a significant problem in Canada, according to the results of several studies. One such study found that nearly three-quarters of employed women who were victims of domestic violence had been harassed by their partners while at work. When domestic violence spills over into the workplace, it can have a number of negative ramifications for employers. For example, 24 percent of female domestic violence victims between the ages of 18 and 65 were late to work or missed days at work because of the abuse they suffered, a 1997 survey found. Employers, meanwhile, incur $727.8 million in lost productivity costs each year as the result of domestic violence. In addition to tardiness and absenteeism, domestic violence hurts productivity because victims often have difficulty concentrating and suffer fatigue. But employers can mitigate the effects of domestic violence by taking several steps, including implementing measures aimed at keeping victims of domestic violence safe. Supervisors may also want to make themselves available to abuse victims who want to talk about what they are going through. Finally, employers should try to accept abuse victims' need for adjusted work hours.
Mass Leak of Client Data Rattles Swiss Banking
Wall Street Journal (07/08/10) Ball, Deborah; Gauthier-Villars, David
Two former employees of HSBC Holdings PLC in Switzerland sent e-mails to financial authorities in the U.K., France, and Germany offering access to data on thousands of the bank's clients. Herve Falciani and Georgina Mikhael have denied that they broke any laws by gaining possession on the data, and there is no evidence that they sought to profit from offering the data to the authorities. Eventually, French tax authorities acquired the data when police raided Falciani's home in southern France at the request of Swiss authorities who launched an investigation into Falciani's alleged violation of bank secrecy. Falciani began copying HSBC client data while working in the company's private banking arm in Geneva and Monaco. Falciani claims that he alerted HSBC of flaws in data storage that could have an adverse effect on client confidentiality in 2006, but HSBC officials say they received no such warnings. There is evidence that Falciani then sought out advice on how to monetize the data he had collected starting in 2007. In February 2008, he and Mikhael flew to Lebanon, where their lawyers say they met Beirut representatives from BNP Paribas, Societe Generale de Banque au Liban, Blom Bank, Audi Bank, and Byblos Bank. When talks with the banks turned up no opportunities Falciani and Mikhael returned to Geneva. They allegedly began sending messages to European governments regarding the data in March 2008. Mikhael denies she was involved in those messages, saying that Falciani often used her computer.
Workplace Snooping and Data Theft on the Rise
Network World (07/07/10) Nguyen, Anh
A recent Cyber-Ark Software survey of 400 senior IT administrators in the U.S. and the U.K. has found that 35 percent of respondents believe sensitive information has been given to competitors. Of that 35 percent, 37 percent believe that former employees are responsible for the loss while 28 percent cited human error, 10 percent cited an external hack, and 10 percent cited the loss of a mobile device. The most popular sensitive information shared were customer databases, followed by R&D plans. Cyber-Ark also found that 41 percent of IT professionals admit to abusing administrative passwords to access sensitive or confidential information while 67 percent said they accessed information not relevant to their jobs. The type of data accessed depended on the region. Thirty percent of U.K. respondents accessed HR records, compared to 28 percent of U.S. respondents, but 38 percent of U.S. respondents accessed their company's customer database, compared to 16 percent of U.K. respondents. Despite these findings, companies are making it more difficult for IT staff to access sensitive data. The number of respondents who said they had the ability to circumvent company controls fell from 77 percent in 2009 to 61 percent in 2010. However, insider sabotage increased from 20 percent in 2009 to 27 percent in 2010.
Medical Marijuana Law in Michigan Runs Into Workplace Rule
Detroit Free Press (MI) (07/06/10) Damron, Gina
A Michigan medical marijuana user's lawsuit against Wal-Mart could help clarify the state law that legalized the drug for medicinal purposes. The lawsuit was filed by Joseph Casias, a Battle Creek, Mich., man who worked for Wal-Mart but was fired from his job after testing positive for medical marijuana. However, Casias never used medical marijuana while at work and was never under the influence of the drug while on the job, according to his attorney, Dan Korobkin. Nevertheless, Wal-Mart chose to fire Casias because it has a zero-tolerance drug policy that is based on federal law, which prohibits the use of marijuana. The lawsuit, which will be heard in Calhoun County (Mich.) Circuit Court, will determine whether employers in the state are required to allow employees to use medical marijuana while off duty and subsequently report to work with the drug in their systems, said attorney Kurt McCammon. Michigan's medical marijuana law is unclear on this subject. The legislation states that workers cannot be disciplined for using medical marijuana in accordance with the law, but also says that employers do not have to allow employees to use the drug or be under its influence while at work. Similar cases in other states have tended to favor employers. The Oregon State Supreme Court, for example, ruled in April that workers could be fired for using medical marijuana even though the drug is legal in the state because the federal law banning marijuana supersedes state law.
Credit Card Hackers Visit Hotels All Too Often
New York Times (07/05/10) Sharkey, Joe
Nearly 40 percent of credit card hacking cases in 2009 involved the hotel industry, versus 19 percent involving the financial services industry and 14.2 percent the retail sector, according to a Trustwave study. Security investigator Anthony C. Roman says hotels are particularly attractive to credit card hackers because they can use very simple methods to steal the greatest volume of card data. "Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems," Roman says. The study found that organizations of all sizes are implementing new technology without considering fundamental security threats. Roman says appropriate tech security involves not just the acquisition of software and hardware, but also the training of staff and continuous watchdogging of transactions and data access. Fraud experts say hackers frequently steal personal data and make multiple small charges to authenticate a card, see how vulnerable it is, and test the watchfulness of the cardholder before making bigger charges. Credit card breaches often take place for months without being discovered by the hotel, and by customers who may travel frequently and not scrutinize card activity reports.
NSA: Secret 'Perfect Citizen' Project Does Not Spy on US
Register (UK) (07/09/10) Page, Lewis
The U.S National Security Agency (NSA) denies that its "Perfect Citizen" program included setting up monitoring equipment on privately-owned America networks. Recent reports indicate that Project Citizen was being developed by defense contractor Raytheon. According to those reports, the project would "instrument" infrastructure networks such as power, telecoms, and transport systems, in order to detect and prevent possible attacks. This information has raised concerns that NSA could use the project to conduct domestic-surveillance on U.S. citizens. NSA vehemently denies that the project involved monitoring of communications or the placement of sensors on utility company systems. According to an NSA representative, Judith Emmel, Perfect Citizen will merely "provide a set of technical solutions that help the National Security Agency better understand the threats." She added that "any suggestions that there are illegal or invasive domestic activities associated with this contracted effort are simply not true."
U.S., Russia Swap Agents
Wall Street Journal (07/09/10) Perez, Evan; Rothfeld, Michael; Bray, Chad; et al.
A deal between CIA Director Leon Panetta and his Russian counterpart has wrapped up the case of the 10 Russian agents who were recently arrested for spying on the U.S. for Moscow. On Thursday, the 10 Russian agents pleaded guilty in a New York courtroom to charges that they lived in the U.S. for a number of years and used a variety of methods to pass on information to their Russian handlers, including letters written in invisible ink and hidden images on Web sites. However, officials do not believe that the agents--most of whom used aliases during their time in the U.S.--ever penetrated the federal government or passed on classified or sensitive information to the Russian intelligence service, SVR. After pleading guilty to the charges against them, the Russian agents were believed to have flown to Vienna, where they were swapped for four people being held in Russia on charges of spying for Western intelligence agencies, including agencies in the U.S. and the U.K. The four individuals will be resettled outside of Russia with their families. By wrapping up the case of the Russian spy ring in this way, experts say, Russia will avoid further embarrassment from the incident, while U.S. officials will not have to spend time trying to obtain information from the spies. In addition, the deal will prevent the U.S. from having to reveal its counterespionage methods in court.
Agent Shares Lesson From Terror Attack
Miami Herald (07/08/10) Weaver, Jay
In an appearance in Miami on Wednesday before members of the FBI's Joint Terrorism Task Force and more than 160 law enforcement officers from a variety of jurisdictions in South Florida, FBI Supervisory Special Agent Anthony Tindall said there were a number of lessons the U.S. could learn from the November 2008 terrorist attacks in Mumbai. For instance, the incident showed how it was possible for a group of terrorists with inadequate education, training, and funding to launch a terrorist attack with just automatic weapons, grenades, and cell phones, said Tindall, who led the FBI's investigation into the attacks. Also appearing at the event was Erin Beckman, the FBI's chief of counter terrorism in South Florida, who noted that the ease with which the Mumbai attacks were carried out is an indication that similar attacks could take place in the U.S. However, a Mumbai-style attack in the U.S. would not be as deadly as the one that took place in India because law enforcement in this country are better coordinated and are better prepared to take on armed terrorists than their counterparts in Mumbai, who did not carry weapons at the time of the attack, Tindall said.
Al-Qaida Suspects Held Over Norway Bomb Plot
Associated Press (07/08/10)
Three unnamed members of al-Qaida were arrested on Thursday for planning terrorist attacks on Norway. The men, who had been under surveillance for more than a year, were reportedly attempting to make portable explosives from peroxide and other household chemical similar to bombs being constructed by suspects in the U.S. and Britain. Prosecutors revealed that the plot was likely linked to a planned attack on Manchester, England, as well as to a thwarted attack on New York. Two men have already pleaded guilty in relation to the planned attack on New York's subway system and a third awaits trial. All three attacks were reportedly planned by al-Qaida's former chief of external operations, Salah al-Somali, who was killed in a CIA drone airstrike in 2009.
NYers Still Living Behind Post-9/11 Checkpoints
Associated Press (07/07/10) Dou, Eva
Security remains tight in many large U.S. cities nearly nine years after the September 11, 2001 terrorist attacks. In New York City, for example, security is particularly tight in the Park Row neighborhood of Lower Manhattan. The roughly 2,000 residents who live in two apartment complexes in the area live inside a security zone, and must present identification at a police checkpoint to get to their homes. In addition, security barriers are in place to protect the New York Police Department's headquarters, which is located in the neighborhood, from terrorist attacks like truck bombings. The security measures have been criticized by many who live in the Park Row neighborhood. Residents say that the security barricades blocking the street that the NYPD headquarters is located on are too close to their homes, which could put them at risk if terrorists try to bomb them. Others say that the security measures have turned the neighborhood into a ghost town because they have significantly reduced foot traffic. Meanwhile, Rep. Jerrold Nadler (D-N.Y.) has sent a letter to Homeland Security Secretary Janet Napolitano asking for security barricades that protect the NYPD headquarters to be removed. DHS has not yet responded to the request, though New York Police Commissioner Raymond Kelly has said that the security measures will remain in place in spite of the complaints.
U.S. Plans Cyber Shield for Utilities, Companies
Wall Street Journal (07/08/10) Gorman, Siobhan
The U.S. government is launching a program nicknamed "Perfect Citizen" to detect cyber assaults on private U.S. companies and government agencies running critical infrastructure. The surveillance by the National Security Agency would rely on sensors deployed in computer networks for critical infrastructure such as the electricity grid or nuclear power plants that would be triggered by unusual activity suggesting an impending cyber attack, the unnamed sources told the newspaper. The U.S. government has long claimed a national-security interest in privately owned critical infrastructure that, if attacked, could cause significant damage to the government or the economy. Defense contractor Raytheon Co. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million. "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," says one internal Raytheon email, the text of which was seen by The Wall Street Journal. An unnamed U.S. military official says the program is long overdue and calls it a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country. U.S. intelligence officials have grown increasingly concerned about alleged Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind and have since been linked to the Internet, making them more efficient but also exposing them to cyber attack. The information gathered by the program could also serve as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks.
Internal Sabotage Security Risks Rising
InformationWeek (07/07/10) Schwartz, Mathew J.
According to a poll of more than 400 IT managers at the 2010 Infosecurity Europe and RSA USA conferences, many IT administrators are guilty of a little behind-the-firewall exploration. The poll found that 66 percent of respondents said they had viewed information that was not important for their particular job, and 41 percent said they had even used administrative passwords to look at sensitive or confidential files. That figure was 33 percent higher than it was in a similar study conducted by Cyber-Ark in 2009. Within the enterprise, respondents also cited IT as the group most likely to be nosy, given its authority as the so-called keyholders of the kingdom, from an IT standpoint. The records IT administrators said they were most likely to view were databases containing customer information or human resources data. When queried about what they would take with them if fired tomorrow, 66 percent of U.S. respondents said they would take nothing. However, 17 percent of respondents said they would steal a database, while 2 percent said they would take the passwords to the CEO's email account or the server administrator account.
No Sign of Attacks Exploiting Latest Windows Zero-Day, Microsoft Says
Dark Reading (07/07/10) Higgins, Kelly Jackson
Microsoft says it is still examining reports that Windows 2000 and Windows XP contain a zero-day bug. According to Secunia, which disclosed the buffer overflow vulnerability this week, an attacker could exploit the flaw to control Windows-based computers from a remote location. However, Microsoft says that it has not seen any sign that hackers have exploited the reported vulnerability. If and when Microsoft finds evidence of attacks against the flaw, the company plans to either provide a security update through its monthly release process, an out-of-band update, or help for users so that they can protect themselves. Meanwhile, a group of hackers has disclosed another zero-day vulnerability in several versions of the Windows operating system. The flaw is a so-called "use-after-free" vulnerability that could be exploited to deliberately crash systems running Windows Vista and Server 2000.
Government Auditors Urge Clearer Cybersecurity R&D Strategy
InformationWeek (07/07/10) Hoover, J. Nicholas
The Government Accountability Office has released a report that criticizes the way in which the federal government funds and carries out cybersecurity research and development. According to the report, the federal government needs to develop a comprehensive strategy for carrying out and funding cybersecurity R&D to replace the various initiatives that are currently in place. Those initiatives are overseen by a variety of different agencies and organizations, including several White House councils and committees and 14 other government bodies. That results in a large number of people being involved in cybersecurity R&D, though just five agencies fund and conduct most of the research and development. In addition, the report criticized the White House's Office of Science and Technology Policy's Subcommittee on Networking and Information Technology (NITRD) for not using its power to coordinate cybersecurity R&D efforts and for not prioritizing a national or federal cybersecurity R&D agenda. The report called on OSTP, one of the government bodies charged with overseeing cybersecurity R&D, to address this problem by finishing its efforts to create near-term, mid-term, and long-term cybersecurity R&D goals. Finally, the report criticized the government for not meeting a requirement in the 2002 E-Government Act to track cybersecurity R&D funding. As a result, it remains unclear how much money is being spent on cybersecurity R&D, the report noted.
Agencies Wary of Handing Over Security Management to Cloud Providers
NextGov.com (07/02/10) Aitoro, Jill R.
Despite intentions to standardize security processes associated with cloud computing, some government agencies remain hesitant to hand over responsibility for entrusting vendors with sensitive data, according to a new report from the Government Accountability Office (GAO). A study GAO conducted from September 2009 through May 2010 revealed many agencies were concerned about depending too heavily on the vendor community to ensure data security in the cybercloud. For instance, 20 of the 24 agencies identified concerns about service provider compliance with and implementation of federal information security requirements. In addition, agencies objected to restrictions on their ability to lead independent audits and assessments of security controls of cloud computing service vendors. "Until federal guidance and processes that specifically address information security for cloud computing are developed, agencies may be hesitant to implement cloud computing, and those programs that have been implemented may not have effective information security controls in place," says GAO's Gregory Wilshusen.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment