| |
Visa Investigates European Security Breach, Romanian Bank Reissues 17,000 Cards
Computerworld (12/15/11)
Visa Europe is investigating a possible security breach at a European payment processor. Visa would not identify the payment processor where the purported security breach took place, saying only that the processor serves a retail chain that does business in a number of different Eastern European countries. A number of banks have already been informed about the possible security breach and have taken steps to reduce the possibility of fraud. Romania's CEC Bank, for example, is planning to reissue 17,000 payment cards. The attack did not specifically target CEC Bank's customers, and the security breach was not the result of vulnerabilities in the bank's systems, the financial institution said.
China Deploys Patrols Along Mekong
Wall Street Journal (12/12/11) Spegele, Brian
China has started running patrols along the Mekong River, along the border with Thailand, Laos, and Myanmar. The patrols, which are being carried out in conjunction with Thailand, Laos, and Myanmar, are in response to the killing of 13 Chinese sailors along the Thai section of the river. Shipping was suspended along the river following the killings, and 9 Thai soldiers were eventually arrested and charged. China's Ministry of Public Security has provided little information on how the patrols will be conducted as well as whether Chinese boats will be allowed in waters belonging to its neighbors and given leave to arrest their citizens. Five patrol boats and 10 cargo vessels will be used. All patrol boats will be equipped with heavy machine guns, and participating police officers will be armed with automatic rifles. China typically does not interfere in the security of other nations, but this move indicates an increased willingness to use force to protect its economic interests. The Chinese navy also takes part in anti-piracy patrols off the coast of Africa.
US Immigration Services Blasted for Domain Seizures
PC World (12/11/11) Mello Jr., John P.
Legislators and anti-censorship advocates continue to raise concerns about Immigration and Customs Enforcement's (ICE) In Our Sites program, which has, thus far, seized hundreds of Web sites for alleged intellectual property infringement. Sen. Ron Wyden (D-Ore.) and Rep. Zoe Lofgren (D-Calif.) also continue to raise questions about the program and how it chooses the sites it targets. They have expressed particular concern about ICE's decision to shut down Web sites just for linking to sites that traffic in pirated or counterfeit materials. "Given that hyperlinks in many ways form the foundation of the Internet, efforts to go after one site for linking to another site... threaten to do much more than protect [intellectual property]," Wyden says. Lofgren calls the program nothing short of censorship. "[O]ur government has seized domains with nothing more than the rubber stamp of a magistrate, without any prior notice or adversarial process, leaving the authors of these sites with the burden of proving their innocence," she argues. Even if In Our Sites weathers this criticism, the program may soon be made much less effective by a Firefox extension called MAFIAAfire, which can detect a seized domain and reroute traffic around it. BlockAide has also set up Domain Name System servers that enable users to circumvent government roadblocks around seized sites.
Experts Share Compliance Tactics
Security Management (12/01/11) Vol. 55, No. 12, P. 34 Wagley, John
There are a number of things that companies can do to make their Payment Card Industry Data Security (PCI DSS) compliance efforts go more smoothly. For instance, many organizations struggle with PCI DSS compliance because they wait until the last minute to launch their compliance efforts, according to Jen Mack, the director of Verizon's PCI Consulting Services. Instead of integrating their PCI compliance efforts into their day-to-day business functions, these companies wait until a few months before an assessment to begin moving towards compliance with the standards. Mack noted that this can sometimes result in organizations shelling out more money for things such as new technologies to meet PCI DSS standards. She added that companies should integrate their PCI DSS compliance efforts into their daily, weekly, or monthly company procedures, and should develop strategies to use over the short- and long-term to safeguard payment data and document security processes and procedures. Meanwhile, Whitman Laboratories Qualified Security Assessor Andrew Jamieson said that companies should perform an inventory of where cardholder data is being stored so that they can determine how to handle that data and whether they should invest in certain types of security measures in light of the PCI DSS requirements. As for organizations that are already in compliance with PCI DSS, they should be sure that they are prepared for the new requirements that are included in the second version of PCI DSS, which is scheduled to take effect on Jan. 1.
The Logistics of Security
Security Products (12/11) Vol. 15, No. 12, P. 30 Jankowski, Pete
The Minneapolis, Minn.-based distribution and retail support company Navarre Corp. recently sought to replace its analog-based surveillance system with a new system that was entirely IP-based. Navarre wanted to make the change because its old system was unreliable when it came to capturing high-quality video of security incidents, and because security personnel found it difficult to search through the video that the system recorded in order to find relevant images. Navarre was looking for a number of characteristics in a system to replace its old surveillance system, including the ability for several users to access the system remotely. The company also wanted a system that included intelligent search functions and video analytics features to make it easier for personnel to investigate incidents, as well as the ability to correlate data from a number of different systems via a single user interface. Navarre eventually decided on the NLSS (Next Level Security Systems) Gateway, a security management system that combines networked video management, IP access control, and video analytics into one unified solution. NLSS Gateway was installed at Navarre's Texas facility, where personnel were impressed with the ease with which the system was deployed. The system has helped reduce the cost of investigations and has made video analytics easier. In addition, management can use the system to quickly determine what is going on at any given moment, which in turn has given the company's asset protection team a level of freedom and flexibility that it did not have before. The success of the system at Navarre's Texas facility convinced the company to install NLSS Gateway at its distribution facility in Minneapolis and its warehouse in Toronto.
Holder Skirts Fight Over Terror Bill
Wall Street Journal (12/16/11) Perez, Evan
The U.S. Senate on Thursday approved a bill that would allow military officials to take the lead in terrorism investigations involving suspected members of al-Qaida and affiliated groups. As a result, the bill--which has already been passed by the House of Representatives--would limit the role the Justice Department plays in terrorism cases. Sen. Kelly Ayotte (R-N.H.), a leading supporter of the bill, said that the legislation was necessary because the Justice Department and the Obama administration consider the fight against terrorism a criminal justice matter rather than a war. Nevertheless, President Obama has indicted that he plans to sign the bill into law, particularly after changes were made to grant the president the authority to issue a waiver that would allow the FBI to participate in investigations. Despite President Obama's plans to sign the bill, after he previously said that he would veto the legislation over the terrorist detainee provisions, Attorney General Eric Holder remains opposed to the legislation. Although Holder seemed to avoid a public role in the debate over the legislation, the attorney general did make calls to a number of senators on Nov. 29, when some lawmakers tried to defeat the legislation. A Justice Department spokeswoman said that Holder is opposed to the legislation because he believes that the civilian justice system has been used effectively in the fight against terrorism.
Belgium Rules Out Terrorism in Fatal Rampage
Denver Post (CO) (12/15/11) Kanter, James
The prosecutor in the Belgian city of Liege, which was the scene of a deadly shooting and grenade attack on Tuesday, said that the massacre could not be considered terrorism. The prosecutor, Daniele Reynders, noted nothing has been discovered during the investigation so far that would link the attack--which killed three people and injured more than 120 others--to terrorism. The attack was carried out by Nordine Amrani, a Belgian of Moroccan descent who did not seem to have been involved in Islamic extremism. However, Amrani had a troubled past, including a number of gun and drug offenses. Amrani, who shot himself in the head following the conclusion of Tuesday's attack, had been ordered to appear before the police as part of an investigation into a sexual-abuse case. That appearance was scheduled to take place at roughly the same time as the attack.
Exclusive: Iran Hijacked US Drone, Says Iranian Engineer
Christian Science Monitor (12/15/11) Faramarzi, Payam; Peterson, Scott
An Iranian engineer told the Christian Science Monitor in a interview how the U.S. drone that recently crashed in Iran was brought down. According to the engineer, Iranian electronic warfare specialists first cut off communications to the drone. This put the drone into autopilot mode, the engineer said. The engineer noted that the Iranians then reconfigured the aircraft's GPS coordinates so that it thought it was landing at its base in Afghanistan when it was actually landing in Iran. According to the engineer, this step involved the use of knowledge that the Iranians had gained from other U.S. drones that had been taken down. In addition, the weakness of GPS signals also helped facilitate the Iranian efforts to bring down the drone, the engineer noted. Experts say that the manner in which the drone was allegedly brought down is realistic. Some U.S. officials, however, say that a malfunction was to blame for the crash of the drone. But even these officials cannot explain how Iran was able to obtain the drone in one piece if the aircraft crashed.
Protests Boost Sales and Fears of Sonic Blaster
Associated Press (12/12/11)
A growing number of police and emergency-response agencies in the U.S. are using a device known as a Long-Range Acoustic Device (LRAD) to help them control large crowds of people. The devices were developed by San Diego-based LRAD Corp. following the attack on the U.S.S. Cole in Yemen in 2000. LRADs can be used to broadcast messages or to emit a piercing tone that irritates those who hear it, causing them to move away. The devices were initially used by sailors to order small vessels to stop moving towards U.S. warships, and were later used to help prevent pirates from attacking cruise ships. But now LRADs have since been used to control crowds at the Occupy Wall Street protests in New York City and the 2009 G-20 summit in Pittsburgh. Some who have had LRADs directed at them have described the devices as being "sound cannons." The smallest LRAD produces as much as 137 decibels of sound 1 meter away, which is louder than the sound of a jet taking off 100 meters away but lower than 140 decibels that causes pain to humans. LRAD spokesman Robert Putnam said that the sound causes those who hear it to experience discomfort and move to another location. But a woman was at the 2009 G-20 protests in Pittsburgh said that the use of the device by police resulted in permanent damage to her hearing. The deputy director of the Pittsburgh Office of Emergency Management and Homeland Security defended the city's use of LRADs, saying that the use of the devices in crowd control was more humane than more conventional crowd-control methods.
Al Qaeda Militants Escape From Yemen Prison
Associated Press (12/12/11)
Reports indicate that at least 10 al-Qaida militants escaped from a prison in the Yemeni port city of Aden on Monday. A security official said that 15 militants had fled, including 12 who had been convicted of killing security officials and carrying out a bank robbery. The militants are believed to have escaped through a tunnel that ran under one side of the prison to an area near a gas station located outside of the prison's security perimeter. This is the most recent in a series of spectacular jailbreaks by militants in Yemen. In 2003, 11 al-Qaida militants convicted in the bombing of the U.S.S. Cole escaped from the same prison that the militants escaped from on Monday. In 2006, 23 militants--including Nasser al-Wahishi, who has become the leader of al-Qaida in the Arabian Peninsula--broke out of a prison in San'a. Finally, in June 2011, nearly 60 al-Qaida suspects tunneled their way out of a prison in the city of Mukalla. Investigations into these jailbreaks have found that prison security officers were involved. Several of these officers have been jailed themselves.
Will U.S. Businesses Finally Get Some Cybersecurity?
Wall Street Journal (12/16/11) Bussey, John
A recent House Intelligence Committee bill is designed to improve cybersecurity information sharing between the government and the private sector. A number of companies, including IBM, AT&T, Verizon, Intel, Lockheed Martin, and Microsoft as well as the U.S. Chamber of Commerce support the bill, because it provides businesses with significant liability protection against any customer who feels the information-sharing has violated their privacy. While privacy advocates have objected to the bill for this same reason, supporters say that it is less invasive than some other proposals because it is very specific that companies and the government will only share information about current cybersecurity threats. The writers of the bill also report that it is based on a pilot program run between the government and companies in the defense industry, and is meant to ensure U.S. businesses have the capability to prevent industrial espionage from countries like China. Companies who want to take part in the program would have to obtain a security clearance. Certified companies, in turn, would be permitted to share customer data with the government as long as they have customer permission. The government would analyze any information related to cybersecurity or national security. The ultimate goal would be to track malicious IP addresses, malware, and other threats.
Spam Declined in 2011 as Criminals Shift to Targeted Attacks
eWeek (12/14/11) Rashid, Fahmida Y.
Security researchers say that cybercriminals are shifting the focus of their efforts away from building botnets and toward carrying out targeted attacks on corporate networks. According to Cisco's 2011 state of security report, the number of networks and computers that are part of botnets has been on the decline since 2009. Among the botnets that have been the targets of shutdown attempts is the Rustock botnet, whose U.S.-based command-and-control servers were shut down by Microsoft, FireEye, and federal law enforcement officials. The takedown of Rustock has helped contribute to a nearly 35 percent drop in spam volumes this year. Cisco's Mary Landesman notes that the decline in spam volumes was also result of the fact that smaller attacks on high-value targets proved to be more lucrative and efficient for cybercriminals. However, cybercriminals still used spam email campaigns that mentioned events such as the Japanese tsunami and earthquake and the death of Osama bin Laden to trick users and compromise their systems. At the same time, spam sent via social networking sites such as Facebook and Twitter became more common, according to researchers at AppRiver.
Mobile Technology Changes Making Cyber Security More Difficult: Kroll
Business Insurance (12/14/11) Greenwald, Judy
Kroll Inc.'s annual security forecast shows that security threats to mobile devices will reach record highs next year. In its report, which was released Dec. 14, Kroll noted that the demand and pressure that is being placed on some organizations to roll out mobile technologies for their employees is surpassing the ability of organizations to secure these devices. Cybercriminals know this, Kroll said, and are prepared to launch attacks using malware and malicious mobile applications. In addition, Kroll noted that the threat of attack involving social networking sites is on the rise, and that organizations should expect to see social media increasingly used in social engineering attacks. These attacks aim to convince users to divulge sensitive information or download malware. Finally, Kroll noted that cybercriminals will increasingly target small businesses, which are often unprepared for the risks and threats associated with the use of social media in the corporate environment.
U.S. Homes In on China Spying
Wall Street Journal (12/13/11) Gorman, Siobhan
The U.S. intelligence community has identified 20 Chinese groups that are believed to have been responsible for carrying out cyberattacks on U.S. government agencies and defense contractors. Using information such as the type of cyberattack software used, the different Internet addresses that were utilized by hackers when stealing data, and the manner in which attacks were carried out against their targets, U.S. intelligence agencies have determined that the bulk of Chinese cyber spying efforts have been carried out by 12 groups with ties to the People's Liberation Army. Another six groups with connections to civilian organizations such as Chinese universities have also been involved in cyberattacks against targets in the U.S. An additional two groups have played a significant part in Chinese cyber spying efforts as well, though it remains unclear whether those organizations have any ties to the Chinese military or not. In addition to identifying the groups involved in cyberattacks, U.S. intelligence agencies have also identified the individual members of these groups. Determining the identities of the members of these groups could be beneficial should the U.S. decide to directly confront China about its cyber spying or respond with an attack against Chinese targets. However, the U.S. could be hesitant to confront China about the cyberattacks, given the fact that Beijing is the largest holder of American debt.
Security Basics: Start Within the BIOS
Government Computer News (12/12/11) Jackson, William
The National Institute of Standards and Technology is offering guidance for creating tools to help guarantee the integrity of firmware that initializes a computer's hardware when it starts up. NIST notes that unauthorized changes to the Basic Input/Output System or its configuration can undermine the security of the computer and make it susceptible to additional attacks. The public comment draft of Special Publication 800-155, BIOS Integrity Measurement Guidelines, outlines the security components and guidelines required to establish a sound BIOS integrity measurement and reporting chain. "Unauthorized modification of BIOS firmware constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture," the report says. Changes to the system BIOS code could permit malicious software to run during the boot process, according to the report. The mechanisms described in the report are meant to spot changes to the code and configuration that could generate insecurities and leave the platforms susceptible to attack. The BIOS Integrity Management Guidelines are intended to aid the development of tools to detect problems with the BIOS so that appropriate remedial action can be taken.
Abstracts Copyright © 2011 Information, Inc. Bethesda, MD |
No comments:
Post a Comment