| |
Arizona Medical-Marijuana Law Likely to Test Workplace Regulations
Arizona Republic (AZ) (12/01/10) Berry, Jahna
Arizona's new medical-marijuana law is likely to raise a number of issues for employers. While the law does not allow companies to discriminate against employees who use medical marijuana, it does allow them to fire or discipline workers who use the drug while at work or those whose work is impaired. However, companies would have a difficult time determining whether medical marijuana use was a factor in workplace accidents, since an employee could test positive in a post-accident drug test for using medical marijuana outside of work. Compounding the problem is the fact that there is no accepted standard for marijuana intoxication as there is for alcohol, said attorney John Kerkorian. As a result, positive drug tests do not necessarily mean that someone is impaired by medical marijuana, he said. Arizona's medical-marijuana program is expected to be up and running by next summer. In the meantime, employers should take several steps to prepare, including reviewing their drug-testing policies and closely examining rules for employees, said attorney John Lomax Jr.
China to Inspect Government Computers for Pirated Software
Computerworld (12/01/10) Kan, Michael
The Chinese government has scheduled inspections of government workers' computers to check for pirated software. The inspections, which are expected to be completed before October 2011, is part of a larger government initiative to crack down on intellectual property infringement. Meanwhile, Microsoft has filed suit against 10 Chinese companies for selling computers with pirated software pre-installed. Pirating continues to be a major problem in China as 79 percent of the software found in computers in the country is not from a legal source. In addition to the inspections, China also plans to establish budget controls for long-term software and to encourage businesses to purchase legitimate software. Although the government has taken similar steps in the past, observers are hopeful that this push may be more successful.
RIM Sues App Maker Kik Over Patents
Wall Street Journal (12/01/10) Weinberg, Stuart
BlackBerry maker Research In Motion Ltd. is suing start-up company Kik Interactive Inc. for patent infringement and misuse of trademarks. RIM is seeking unspecified damages and a permanent injunction that would prohibit the use of Kik's messaging application on its BlackBerry devices. The instant-messenger app offered by Kik competes with RIM's BlackBerry Messenger. RIM said in its complaint, filed Nov. 30 in Federal Court of Canada, that Kik Chief Executive Ted Livingston worked on product strategy for its BlackBerry Messenger and had access to proprietary information. On three separate occasions, the complaint says, Livingston had worked for RIM between April 2007 and December 2008. RIM removed the Kik service from its BlackBerry App World store earlier in November and then stopped supporting the service altogether.
Columbia is Hit With $4.5 Million Bank Fraud
Wall Street Journal (11/30/10) El-Ghobashy, Tamer
Authorities in New York have arrested and charged a suspect in the theft of nearly $4.5 million from Columbia University. According to authorities, 48-year-old George Castro modified Columbia University Medical Center's accounts payable system to add a bank account that he owned as a payee. Castro then allegedly transferred $3.4 million to the account in October, followed by another $1 million this month. Some of the money was then transferred to accounts at other banks, including accounts that were owned by Castro or a purported company called IT Security Solutions, which Castro owned, authorities say. Castro, who is not an employee of Columbia University, has been charged with first degree grand larceny and first degree criminal possession of stolen property. An attorney for Castro said that his client will be cleared when "all the facts come out," though Castro has admitted to buying a variety of goods with the money.
Website Closures Escalate U.S. War on Piracy
Wall Street Journal (11/29/10) Clark, Don
U.S. Immigration and Customs Enforcement (ICE) recently seized the domain names of more than 70 Web sites that were believed to be selling counterfeit and pirated products. The move prevents users from visiting these sites. Although the domains were seized by ICE under court-approved warrants, the seizures took place without the owners of the sites being notified beforehand, according to lawyers tracking the case. Attorney Peter Harvey says the seizure of the domain names without prior notification was justified because the Web site owners could have posted a notice on their sites telling shoppers to visit other sites to buy pirated goods if they had been warned about the seizures in advance. But the move has been criticized by some, including the Electronic Frontier Foundation's Peter Eckersley, who says that his organization had a number of concerns about authorities taking Internet domain names without giving their owners prior notice. The Electronic Frontier Foundation has also expressed concern about proposed legislation known as the Combating Online Infringement and Counterfeits Act, which would give the government more power to go after sites that engage in copyright infringement.
Human Rights Activist: Nigerian Military Attack in Oil-Rich Delta Kills as Many as 150 People
Associated Press (12/03/10) Gambrell, Jon
The Nigerian military on Friday launched an attack on several villages in the southern Niger Delta region as part of a manhunt for a militant who is no longer participating in the government's amnesty program. As many as 150 people, some of whom were civilians, were killed in the attack, said Oghebejabor Ikim, the national coordinator for the Forum of Justice and Human Rights Defense. According to a spokesman for the Nigerian military, anti-aircraft guns, rocket-propelled grenades, automatic rifles, and dynamite were confiscated during the attacks on the villages. However, the militant that the military was looking for, John Togo, was nowhere to be found. Ikim noted that militants had left the area before the attacks began. A lawyer for Togo also said that the militant was not in the area, but was instead on a ship on the high seas. Nevertheless, the military operation is continuing in the region. Nigeria has had a problem with militants attacking oil pipelines and kidnapping oil company employees for the last several years. Although some of the militants have accepted amnesty deals from the government and have stopped engaging in attacks, the primary militant group in the region, the Movement for the Emancipation of the Niger Delta, has said that it plans to continue to launch new attacks.
U.S. Sued by Harvard Law Students Over Intrusive Airport Scans, Pat-Downs
Bloomberg (12/02/10) Jeffrey, Don; Dolmetsch, Chris
Two Harvard University law students have filed a lawsuit in federal court challenging the constitutionality of the full-body scanners and the enhanced pat-downs that are in use at U.S. airports. The lawsuit was filed after the two students, 27-year-old Jeffrey Redfern and 23-year-old Anant Pradhan, opted out of being scanned and were given pat-downs before two separate flights in mid to late November. In their lawsuit, Redfern and Pradhan said that the pat-downs were extremely invasive and involved the "prodding and lifting of the genitals and buttocks." The lawsuit asks the court to declare that mandatory screening using the scanners and the pat-downs is unconstitutional. In addition, the lawsuit seeks to have such security techniques banned when there is no reasonable suspicion or probable cause to perform them.
WikiLeaks Yemen Cables Could Embolden Al-Qaida
National Public Radio (12/02/10) Temple-Raston, Dina
Experts say that two of the diplomatic cables that were recently leaked on WikiLeaks could help al-Qaida in the Arabian Peninsula's recruitment efforts. One of those cables described a conversation between Gen. David Petraeus and Yemeni President Ali Abdullah Saleh about U.S. airstrikes on AQAP members that resulted in civilian casualties. The cable suggests that Saleh deliberately misled the Yemeni people and the country's parliament into thinking that the airstrikes were launched by the Yemeni government using American missiles, and that the U.S. was not involved. According to Gregory Johnsen, an expert on Yemen at Princeton University, the cable could be used by AQAP to back up its assertion that the Yemeni government is corrupt. Another cable describes an exchange between Saleh and U.S. counterterrorism chief John Brennan, in which Saleh joked that he was not concerned about the smuggling of whiskey from nearby Djibouti so long as the whiskey was good. Johnsen noted that this cable could allow AQAP to portray the Yemeni government as not being Islamic enough, as alcohol is prohibited by Islam. Christopher Boucek, an associate in the Middle East program at the Carnegie Endowment for International Peace, said that news of the cables will spread through via social gatherings in Yemen.
TSA: All Fliers Are Now Checked
Washington Post (12/01/10) P. A15 Halsey III, Ashley
Transportation Security Administration chief John Pistole said Tuesday that the U.S. has fully implemented the Secure Flight program, which aims to stop terrorists attacks on airplanes by collecting more detailed information about airline passengers when they purchase their tickets. Under the program, passengers on domestic flights and international passengers flying to or from the U.S. are required to submit their full name, birth date, and sex to the airline they wish to fly on. The information is then forwarded to the TSA and is compared with terrorism watch lists. Those whose names appear on the terrorist watch list will be required to see a counter agent when they arrive at the airport. Some individuals will then be prohibited from flying, while others will be allowed to fly, Pistole said. He added that the collection of the data will help reduce the number of airline passengers who are wrongly identified as being terrorists. In addition, the program will help authorities know when several people on the watch list are headed to the same destination, Pistole said. This in turn will allow authorities to place air marshals on the flight and to alert officials at the destination, Pistole noted.
U.S. Scrambles to Contain Damage From Leaked Cables
MSNBC (11/29/10)
The Obama administration has condemned the release of more than 250,000 classified State Department cables by the Web site WikiLeaks, saying that the move could put diplomats, intelligence professionals and others at risk. The documents, most of which are from 2007 or later, contain sensitive information on a number of topics, including concerns about Iran's nuclear program. According to these documents, Israel sometimes tried to convince the U.S. to take harsher action against Iran, including launching a military strike in 2011. The documents also show that leaders in a number of Arab nations, including Saudi Arabia, Jordan, and Bahrain, have called for more action to be taken to neutralize the threat from Iran's nuclear program. Such documents may have the most significant impact because they publicly detail stark assessments of Iran's nuclear program by Arab leaders for the first time. Other documents discuss the possible collapse of North Korea, while still others include unflattering descriptions of world leaders such as Russian President Dmitry Medvedev and Russian Prime Minister Vladimir Putin. Security analysts say that the release of the documents could have a major impact on U.S. diplomacy because they could make foreign leaders and activists reluctant to speak with U.S. officials in the future. Australia, which is the home country of WikiLeaks founder Julian Assange, is launching an investigation to determine whether the release of the documents was illegal.
Web Bug Reveals Browsing History
BBC News (12/02/10)
Computer science researchers at the University of California, San Diego studied the 50,000 most visited Web sites and found that 485 use a browser bug to track a visitor's history. The flaw exploits the way browsers handle links users have visited, such as by changing the color of the text to reflect an earlier visit. The bug can be abused with software that resides on the site and interrogates the visitor's browser to see what it does to a given list of sites. Sites that are displayed in a different color reveal that the visitor has already seen the site. The researchers say that 63 Web sites copy the data the bug reveals and 46 hijack a visitor's history. The researchers also examined other popular techniques for mapping and monitoring what visitors do, such as running scripts that track the trail of a user's mouse pointer across Web pages. "Our study shows that popular Web 2.0 applications like mashups, aggregators, and sophisticated ad targeting are rife with different kinds of privacy-violating flows," according to the researchers, who warn that a pressing need exists to develop defenses against history hijacking.
F.T.C. Backs Plan to Honor Privacy of Online Users
New York Times (12/01/10) Wyatt, Edward; Vega, Tanzina
The U.S. Federal Trade Commission (FTC) has proposed a broad framework for the commercial use of Web data and announced its support of a plan that would enable consumers to choose if they want their Internet browsing activity monitored. The framework features a simple "do not track" designation similar to the national "do not call" registry. If the FTC recommendations are widely accepted, online advertising and technology companies could be forced to change their methods of collecting specific information about consumers. The FTC will likely need support from Congress in order to enact many of its recommendations. However, pending Congressional action, the FTC plans to create a system called "privacy by design," which will require companies to build protections into their business practices. "We'd like to see companies work a lot faster to make consumer choice easier," says FTC chairman Jon Leibowitz. "Our main concern is the sites and services that are connecting the dots between different times and places that a consumer is online and building a profile of what a consumer is doing." The online advertising industry has generally accepted the concepts of the FTC proposal, but there is some opposition to some of the strict measures some consumer advocates prefer, according to the Interactive Advertising Bureau's Mike Zaneis. The FTC is seeking industry and public comments on the recommendations and to make other suggestions.
8 Best Ways to Secure Wireless Technology
GovInfoSecurity.com (11/30/10)
The U.S. government is not doing enough to protect its wireless networks and technologies, according to a new report from the Government Accountability Office. Report authors Gregory Wilshusen and Nabajyoti Barkakati note that federal wireless networks will continue to be vulnerable to attack until agencies are able to better implement a variety of leading practices developed by the GAO. Among the leading practices that GAO calls for are the use of a risk-based approach for wireless deployment, the use of a centralized wireless management structure that has been integrated with a legacy wired network, and the teaching of wireless and mobile device security in training courses. The authors note that these and other leading practices are consistent with the information security controls that are needed for an effective information security program. In addition, the practices reflect the wireless-specific aspects of these information security controls. The report also notes that federal agencies have been inconsistent in implementing a number of leading practices as part of their approach to wireless security, including developing policies to support federal guidelines and leading practices, using encryption, and putting practices in place to monitor or conduct security assessments of wireless networks. Finally, the report includes recommendations for the National Institute of Standards and Technology to develop and issue guidance on a variety of topics, including government-wide security measures that can be used to protect the wireless function of laptops and BlackBerry smartphones.
Incident Response Trends for 2011
GovInfoSecurity.com (11/30/10) Field, Tom
Georgia Killcrece of the CERT Program at the Software Engineering Institute says she sees several cybersecurity trends developing next year, including the increasing sophistication of botnets and other types of malware. Killcrece notes that botnets and other kinds of malware will continue to evolve by using toolkits that can help them evade detection and bypass security controls. Killcrece also predicts that financial organizations, control systems, and widely-used programs and applications will continue to be likely targets for cybercriminals in 2011. She says that these attacks will be executed by cybercriminals looking for financial gain or to achieve some type of political objective. Insider attacks also will be increasingly, Killcrece says. Meanwhile, cybercriminals will continue to use social engineering attacks, which take advantage of the trust that exists between people and their friends and co-workers. Finally, Killcrece warns that hackers will be tempted to attack smartphones and other types of mobile devices.
WikiLeaks Suffers Attack on Site
Associated Press (11/30/10)
Users in the U.S. and Europe were unable to access WikiLeaks, the Web site that recently released thousands of sensitive U.S. diplomatic cables, after the site was taken down by a massive distributed denial of service attack on Tuesday. In such an attack, computers controlled by malicious programs send large amounts of data packets to a site to overwhelm it and make it inaccessible to Web surfers. According to WikiLeaks, the individuals behind Tuesday's attack were sending 10 gigabits of data to the site per second--a rate that is 28 times faster than the average distributed denial of service attack. However, WikiLeaks recovered from the attack by late Tuesday morning by giving Amazon Web Services control of traffic to the site. It remains unclear who was behind the attack.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment