| |
Facebook Retreats on Privacy
Wall Street Journal (11/11/11) Angwin, Julia; Raice, Shayndi; Ante, Spencer E.
The Federal Trade Commission (FTC) is in the process of finalizing a settlement with Facebook Inc. regarding charges that the Web site attempted to deceive users when changing its privacy settings. Under the terms of the settlement, Facebook would need to obtain express consent from users if they wanted to make "material retroactive changes" that affect who sees the data they put on the site. The settlement would also require Facebook to undergo independent privacy audits for 20 years. Google Inc. agreed to similar audits in March, following FTC charges it deceived users on how it intended to use personal information. The Facebook changes at issue, which were made in Dec. 2009, made user information such as name, default picture, city, gender, and friend list public by default. Users previously were able to select who they wanted to see this information.
In Nation Plagued by Abductions, Search Is On for Major League Baseball Player
New York Times (11/11/11) Schmidt, Michael; Romero, Simon
Wilson Ramos, the starting catcher on the Washington Nationals baseball team, was kidnapped at gunpoint from his family home in Venezuela on Nov. 9, shining a spotlight on Venezuela's crime wave and raising concerns about the safety of professional baseball players who play there. Kidnappings have plagued Venezuela in recent years and at times have directly affected major league baseball players. Several of them have had family members taken away at gunpoint and held for ransom. In a statement, Major League Baseball and the Washington Nationals said their "foremost concern is with Wilson Ramos and his family, and our thoughts are with them at this time." Major League Baseball's department of investigations is taking part in the efforts to free Ramos and has several investigators in Venezuela working with the authorities there. Although Ramos is not a United States citizen, the State Department weighed in Thursday afternoon, with the spokesman Mark Toner saying in the daily press briefing that the kidnapping was a "big concern for us." The National Statistics Institute estimates there were 17,000 kidnappings in Venezuela from July 2008 to July 2009. A large majority of abductions are so-called express kidnappings, in which victims are released within a day. But other cases, as Ramos's abduction appears to be, are more elaborately planned by criminal gangs, which operate with a large degree of impunity in Venezuela. Venezuelan authorities say they have found the vehicle allegedly used in the abduction, and also have police sketches of two of the alleged kidnappers. Venezuela's Interior Minister Tareck El Aissami says the government has created a special task force "with the best experts in kidnapping, intelligence and criminal investigation," to bring back Mr. Ramos "safe and sound."
Exit of Apple's Security Chief Offers Lessons for Security Professionals
Security Director News (11/08/11)
Apple's Vice President of Global Security, John Theriault, has left the company following a controversial investigation into a missing iPhone prototype. The investigation, as well as Theriault's resulting departure from Apple, provides a number of lessons for former law enforcement officers now working in the private sector. Theriault worked with the FBI for 26 years before transferring to the private sector in 1996. Reports indicate that Apple investigators may have impersonated police officers when searching for the missing prototype in a private home. The homeowner also says that the investigators threatened him. Business Controls Inc. CEO Eugene Ferraro says that such mistakes may have stemmed from the mindset law enforcement officers develop that does not translate to the private sector, such as their need to be aware of how their actions impact a company's reputation as well as catching the perpetrator. "The problem is they bring with them to corporate America the mindset that the security function is similar to law enforcement. It's not. Law enforcement's responsibility is the enforcement of public laws. That's it," Ferraro, explained. "I task any security director to look at their corporate mission statement and find where it says our job is to put as many people as we can in jail." Instead, Ferraro says, corporate security officers must balance the company's need to protect their intellectual property with the potential damage their actions could do during any subsequent investigation. The most important lesson from the news, Ferraro said, is: "Think before you act. Just because you know you can do something … it doesn’t mean it's a smart thing to do."
China Considers Armed Mekong Patrols
Wall Street Journal (11/10/11) Spegele, Brian; Bellman, Eric
China is in consultations with the governments of several Southeast Asian nations about its plan to improve the security of shipping lanes in the Mekong River. Under a plan developed by Beijing, armed police boats would escort Chinese vessels in the Golden Triangle region, in which the borders of Myanmar, Laos, and Thailand come together. The plan comes in response to a number of attacks on Chinese vessels in the part of the Mekong River that is controlled by Thailand. The area is rife with drug gangs that harass shippers. Last month, 13 Chinese sailors were killed in attacks on two cargo ships sailing down the Mekong, prompting China to suspend shipping along the river. Sources say that between 600 and nearly 1,000 people could be deployed on the Chinese police boats, though it remains unclear exactly how large the Chinese force would be. It is also unclear whether Chinese agents would directly target drug smugglers or pirates who are from other countries besides China. The plan is still in the negotiation phase. Carlyle Thayer, an expert on Southeast Asia at the University of South Wales' Australian Defence Force Academy, said that the plan could make China's neighbors wary of a permanent presence in their territory and an expansion of Chinese influence in the region.
James Murdoch: I Wasn't Told of Wider Hacking
BBC News (11/10/11)
Testifying before a committee in the U.K. House of Commons, News International Chief James Murdoch claimed that he was not made aware of a widespread phone hacking in his company in 2008. He did acknowledge that he was made aware of an e-mail containing voicemail transcripts, but was under the impression that the hacking was restricted to the acts of one reporter. Murdoch was being questioned about how much he knew when he approved an out-of-court payment to footballers' union leader Gordon Taylor in 2008. Two former News Corp. executives claimed that, at the time, they did tell him about an e-mail suggesting a wider problem. Murdoch was also asked about a 2008 report by legal firm Farrer and Co. that reportedly suggested "a culture of illegal of illegal information access" in place at News Corp. However, Murdoch said he never saw the report and that its findings were not described to him "in those terms in any way." News Corp.'s News of the World publication was shut down in July after it was found to be involved in the hacking into voicemail messages. Since then, Metropolitan Police have raised their estimate to the number of people affected since 2002 to 6,000. Most recently, a private detective claimed he had worked for News of the World following more than 100 targets, including Prince William and former attorney general Lord Goldsmith.
Students Clash With Police in Unrest After Announcement
New York Times (11/10/11) Schweber, Nate
The announcement by officials at Penn State that they had fired football coach Joe Paterno sparked a riot in State College on Wednesday night, as thousands of students poured into the downtown area to protest what they said was the unfair termination of Paterno amid the unfolding sexual abuse scandal at the university. Crowds began to gather peacefully shortly after news of Paterno's firing was made public. But students became unruly shortly before midnight, when they tipped over a news vehicle and brought down a lamppost nearby. The students are believed to have gone after the news van because of the perception that the media did not accurately portray Paterno's role in the scandal, in which former Penn State football coach Jerry Sandusky is accused of pedophilia. Police responded to the violence by spraying pepper spray, to which students responded by throwing rocks, soda cans, and flares. Street signs were also torn down, trash cans were tipped over, and car windows were shattered by students. After police became more aggressive with the students, some in the crowd began to fight back. One man wearing a gas mask ran towards a police officer, lifted up his safety mask, and sprayed him with some type of chemical before running away again. Police finally marched a dozen abreast down a downtown street and sprayed students that did not move away. The crowd was finally broken up at around 1:30 a.m. Thursday.
Iran Accused of Nuclear Aims
Wall Street Journal (11/09/11) Solomon, Jay
The International Atomic Energy Agency (IAEA) has released a report that shows that Iran has developed the technologies that are necessary for producing nuclear warheads. The report noted that while some of this work could be used for civilian purposes, much of it was being done specifically to develop nuclear weapons. Among the technologies that the United Nations' nuclear agency said that Iran has developed or is working to develop is a small warhead that could be mounted on a medium-range missile. In addition, the IAEA said that Iran has been trying to develop the uranium metal necessary for the production of warheads and that it has simulated nuclear detonations with the help of computers. Officials who have been briefed on the IAEA's report said that the agency believes that North Korea has helped Iran with the computer simulation of nuclear detonations. Some of the work that Iran is believed to have done on its nuclear program took place in 2003, which was the year that the U.S. intelligence community said in 2007 that Tehran suspended its weapons research. The IAEA's report would appear to contradict that assessment. Meanwhile, Iran has criticized the report as being "unbalanced, unprofessional, and politically motivated."
NJ Transit Tests 'Security Shields' to Prevent Attacks on Bus Drivers
Newark Star-Ledger (NJ) (11/10/11) Frassinelli, Mike
Four violent attacks on New Jersey Transit bus drivers in just three months have moved the NJ Transit Agency to beef up efforts to safeguard drivers. The agency is currently testing security shield, which would surround the drivers with Plexiglas, much like what is used for taxi drivers. A spokesman for the agency, John Durso Jr. said the agency will evaluate the safety of drivers with the new devices before moving forward. The move comes after a bus driver was stabbed by a passenger on Oct. 22, resulting in the agency's bus drivers walking off the job until better security measures were implemented. Just six days after the stabbing, a brick was thrown through the windshield of another bus. Finally, two armed robberies on the same bus line in August demonstrate the dangers to bus drivers in the area.
Born in the USA, but Now Among Somalia's Islamist Terrorists
MSNBC (11/02/11) Windrem, Robert
U.S. intelligence indicates that there are at least 40 Americans fighting with al-Shabab in Somalia as well as 200 with passports that would allow them to enter the United States without a visa. Many of these individuals are believed to be Somali-Americans from the Minneapolis area. However, two of the group's leaders are not. The first is Alabama native Omar Hammami, who joined al-Shabab in late 2006 and now goes by "Abu Mansoor al-Amriki," or Abu Mansoor the American. Hammami, whose father is Syrian, is a unit commander in al-Shabab who has created numerous English-language recruiting videos for the group. The other man, Jehad Marwan Mustapha, is believed to be among the senior foreign-born jihadists supporting al-Shabab. Mustapha lived in San Diego through his late teens. During that time, U.S. officials say that they have reason to believe he may have had contact with Anwar al-Awlaki, the New Mexico-born leader of al-Qaida in the Arabian Peninsula who was killed in a recent U.S. drone strike in Yemen. He also may have been acquainted with other young jihadists, including two of the 9/11 hijackers. He dropped out of the University of California, San Diego and left the country after marrying a Somali woman. Both men have been indicted in the United States on charges of providing material support to terrorists.
Auditors Blast DHS' $1.5 Billion Border Plan
NextGov.com (DC) (11/07/11) Sternstein, Aliya
The Government Accountability Office (GAO) condemned the now-defunct Secure Border Initiative and the $1.5 billion border security program expected to replace it. According to the GAO, the new program does not include a realistic price estimate and fails to provide a convincing argument in support of the new strategy that would help officials later reassess the program. Furthermore, the GAO said, the Secure Border Imitative itself has already spent over $1 billion in federal funding on a largely failed effort. The report follows a Senate proposal to cut technology funding by $128 million because of delays in deploying systems along the U.S. border with Mexico. The original program was abandoned by the Department of Homeland Security (DHS) in January 2011 after more than 26 audits showed cost overages, schedule problems, and technology failures. The follow-up project has yet to be awarded to a vendor, but will cover all but 53 miles of the Arizona border with interconnected towers, video, mobile surveillance, handheld tools, and remote ground sensors. Homeland Security pulled incumbent contractor Boeing off the project in 2011. The new GAO report is likely to delay the project for at least a year as DHS attempts to fix budget oversights.
DARPA Boosts Cybersecurity Research Spending 50 Percent
InformationWeek (11/07/11) Hoover, J. Nicholas
The U.S. Defense Advanced Projects Research Agency (DARPA) plans to increase spending on cybersecurity research by 50 percent over the next five years. The amount of funding for cybersecurity research sought by DARPA has risen to $208 million in fiscal 2012, up from $120 million the year before, and that represents just the start of the increase in spending. Speaking before the agency's Cyber Colloquium, DARPA director Regina Dugan says creative solutions are needed to address security at Internet speed and scale. Dugan notes that military and critical infrastructure networks are easily penetrated, and says that offensive cybercapabilities will be an increasing focus of the agency. Dugan and other speakers note that layering security technology upon security technology is not working. The size of viruses remains small, but the defensive security apparatus has grown over the years. "This is not to suggest that we stop doing what we are doing in cybersecurity," Dugan says. "But if we continue only down the current path, we will not converge with the threat."
IT Must Prepare for Hadoop Security Issues
Computerworld (11/09/11) Vijayan, Jaikumar
IT executives must pay attention to numerous potential security concerns before using Hadoop to amalgamate data from multiple, unrelated sources, analysts and IT executives said at the recent Hadoop World conference. Open source Hadoop technology lets organizations amass, aggregate, share, and analyze huge volumes of structured and unstructured data from enterprise data stores as well as from blogs, online transactions, and social media interactions. Organizations increasingly are using Hadoop and related technologies, including Hive, Pig, and Hbase to analyze data in ways that cannot easily or affordably be done using standard relational database platforms. Analysts said IT operations using Hadoop technology for applications such as fraud detection, IT risk management, and self-service applications must be aware of potential security risks. Using the technology to aggregate and archive information from multiple sources can create a spate of problems related to access control and management as well as data entitlement and ownership, said JPMorgan Chase's Larry Feinsmith.
Coordinated Approach to Cyber Defense Urged
Defense News (11/09/11) Hale, Julian
According to senior cybersecurity adviser to the Israeli prime minister, Isaac Ben-Israel, countries must have a good understanding of the cyber capabilities being created by its opponents because "you can't block an attack by waiting for the attack to come, including in cyber defense." Speaking at a Security and Defense Agenda event on the matter, senior civilian representative of the secretary of defense in Europe and defense adviser to the U.S. ambassador to NATO, Robert Bell, said that NATO should combine all of its agencies and commands by the end of 2012 and said NATO must identify common standards. "NATO is trying to develop the protection of its infrastructure network," said Maj. Gen. Patrick Fermier, director of NATO C3 Staff. Ben-Israel said Israel identified power production, water distribution and food supply to be the most vulnerable areas.
Carnegie Mellon Report Finds Internet Privacy Tools Are Confusing, Ineffective for Most People
Carnegie Mellon News (PA) (10/31/11) Spice, Byron; Swaney, Chriss
Internet users that want to protect their privacy by stopping advertisers and other companies from tracking their online behavior will have a hard time doing so with the available opt-out tools, according to a recent Carnegie Mellon University report, which indicates that privacy options, including online tools for blocking access to certain Web sites, are difficult for the average user to understand or configure successfully. "We found that most people were confused by the instructions and had trouble installing or configuring the tools correctly," says Carnegie Mellon researcher Lorrie Cranor. The researchers recruited 45 people without technical training who use the Internet frequently. Each user was interviewed and assigned tools to test based on their browser and operating system preferences. The researchers found that the users could not distinguish between trackers and could not change default settings that left them vulnerable to tracking. The researchers also found that the tools presented communication problems and did not provide feedback to users. "A lot of effort is being put into creating these tools to help consumers, but it will all be wasted--and people will be left vulnerable--unless a greater emphasis is placed on usability," Cranor says.
Prisons Bureau Alerted to Hacking Into Lockups
Washington Times (11/06/11) Waterman, Shaun
Officials from the Federal Bureau of Prisons say they have verified reports from private researchers that the industrial control systems (ICS) computers used in U.S. penitentiaries could be vulnerable to hacking attacks. ICS systems, which are also used to control power plants, water treatment facilities, and other critical national infrastructure, have increasingly become targets for hacking attacks after one such system was exploited to sabotage Iran's nuclear program in 2009. Former CIA operations officer John J. Strauchs and his daughter, computer security researcher Tiffany Strauchs, presented their research on ICS vulnerabilities in prisons at the recent Hacker Halted conference in Miami. They developed a cyber attack on a simulated prison for less than $2,500. According to the Strauchs, a cyber attacker could permanently unlock doors, shut down intercom systems, and crash closed-circuit recording for dozens of state and federal prisons. Prior to their presentation, the Strauchs alerted the government to the potential problem, giving them the opportunity conduct their own investigation. Department of Homeland Security researchers say that, despite the fact that ICS systems are supposed to be disconnected from the Internet in order to prevent them from being exposed to hackers, they were able to find connections during every one of the 400-plus onsite inspections they conducted. These connections came from a variety of sources, including guards using the same computer that controls the ICS system to check their personal e-mail and technical support staff connecting the computers to update system software. In his presentation, Strauchs added that even systems where these connections did not exist could be attacked by anyone with access to the computers running the ICS software. "The most likely vector would be to bribe a prison guard to insert a USB drive with malicious programming," he explained.
Abstracts Copyright © 2011 Information, Inc. Bethesda, MD |
No comments:
Post a Comment