| |
For New York Hotel Staff, Panic Buttons and Big Raises
New York Times (02/08/12) McGeehan, Patrick
Hotel workers at some of the largest hotels in New York City will soon be getting panic buttons to protect themselves, thanks to a new contract between hotel operators and an employee union. Under that contract, housekeepers, room-service waiters, and attendants who stock mini-bars in hotel rooms will be given the panic buttons within a year's time. Employees will be able to use the panic buttons to call for help if they are in danger. Union officials and representatives of city hotel owners would not say whether panic buttons were being provided to employees in response to an incident last year in which a housekeeper at the Sofitel New York Hotel accused French politician Dominique Strauss-Kahn of sexually assaulting her in his hotel room. Those charges were dropped late last summer after prosecutors determined that the housekeeper who made the allegations was not trustworthy. The Sofitel and the Pierre hotel in Manhattan said that they would provide panic buttons to their employees in the aftermath of the allegations against Strauss-Kahn. A spokeswoman for the Pierre confirmed Feb. 7 that the hotel would be providing the panic buttons to its employees, though she did not provide any details about the plan.
Memo Offers New Account of ATF Agent's NY Shooting
Associated Press (02/08/12)
There are differing accounts of a robbery that took place at a Long Island, N.Y., pharmacy on New Year's Eve and ended with the death of Bureau of Alcohol, Tobacco, Firearms, and Explosives agent John Capano. In a document posted on the Web site of the Nassau County district attorney's office, the pharmacist who was on duty at Charlie's Family Pharmacy in Seaford at the time of the robbery said a retired Nassau County police officer responded to the store when he heard reports of a robbery in progress. The suspect in the robbery was trying to steal prescription pain killers and cash from the pharmacy, and was chased outside by Capano after the theft. When the police officer arrived at the pharmacy, he observed a struggle between the robbery suspect and Capano outside the store and fired a shot without warning, the pharmacist said. That shot killed Capano. However, an attorney for the police officer who responded to the robbery said that his client only fired his weapon after a shot he believed had been fired by the robbery suspect went past his head. The attorney added that it is not unusual for witnesses to have different versions of the same event. The Dec. 31 robbery followed an incident last June in which a gunman killed four people at another Long Island pharmacy as he was trying to steal painkillers. There have been calls for better security at pharmacies in the wake of the two robberies.
Workplace Thefts Bring Jail Time
Times Argus (02/08/12)
A Vermont court sentenced a Montpelier man to one to four years in prison for stealing more than $6,000 in high-tech optical equipment from his employer. As part of Steven Boraker's plea agreement, all of the time was suspended except for 60 days. Boraker reportedly stole the equipment from SUSS Micro Tech in Waterbury. Officials at the firm told police that the equipment had gone missing and that they had discovered the items for sale on eBay. Police were able to trace the eBay account that was used to auction the items back to Boraker. Law enforcement officials searched Boraker's home, where they discovered several pieces of the equipment.
History Expert Pleads Guilty to Stealing Documents
Associated Press (02/07/12)
A man who allegedly stole historical documents worth hundreds of thousands of dollars from the Maryland Historical Society in Baltimore and other museums in the Northeast pleaded guilty to the charges against him on Feb. 7. Barry Landau was arrested at the Maryland Historical Society along with his accomplice, 24-year-old Jason Savedoff, last summer after an employee noticed Savedoff putting a historical document into a portfolio along with personal papers. The employee subsequently called police, who discovered roughly 60 documents belonging to the Maryland Historical Society in a computer bag that was being used by Landau and Savedoff. Among the documents that were found in the bag was a land grant signed by President Lincoln, as well as presidential inaugural ball invitations and programs. Those documents were worth a total of $800,000. Another 19 historical documents belonging to other organizations were also found in the bag, Officials at the historical society believed that Savedoff may have flushed some other documents down the toilet when he went to the bathroom before police arrived, though those allegations could not be proven. Thousands of other documents, including one that was more than 500 years old, were later found in Landau's apartment in New York City. Landau could face as much as 10 years in prison when he is sentenced, and may have to pay restitution. Savedoff has already pleaded guilty to the charges against him, but no date has been set for his sentencing.
Visa Services Handle Chip-Card Security So Banks Don't Have To
Bank Technology News (02/06/12) Wolfe, Daniel
Visa's new iCVV Convert Service lets card-issuing banks get enhanced security from chip cards without making expensive technology upgrades by converting the iCVV code to a CVV code before transmitting it to the issuer. Issuing banks "don't have to worry about the added complexity of supporting keys to generate and validate another CVV value," says Visa's Stephanie Ericksen. "They can just use the same CVV system that they're using today." She says the solution is faster and adds up to less development time and costs. "The card issuers have been very reluctant to upgrade anything with the card authorization systems and even the fraud detection," notes Gartner analyst Avivah Litan. She says that Visa's new services are "a big deal for the banks because they don't want to rip anything out and modify it." Visa also is implementing an update to its Chip Authenticate service, which confirms a separate cryptogram used by EMV cards, and Ericksen says most EMV-card issuers who sign up with the service remain with it.
Report: Saudi Arabia to Buy Nukes if Iran Tests A-Bomb
MSNBC (02/10/12)
A report that was recently published in Britain's Times newspaper indicates that a successful test of an atomic bomb by Iran could set off a regional arms race. The report quoted a "senior" Saudi Arabian source who said that the country would quickly move to acquire nuclear weapons in the event Iran succeeds in developing an atomic bomb. Saudi Arabia could be fearful of a nuclear Iran because the two countries are rivals. According to the source, Saudi Arabia would likely purchase ready-made warheads, possibly from its ally Pakistan, and would begin its own program to enrich uranium to weapons-grade levels. The source noted that officials in Western nations were convinced that such an agreement between Riyadh and Islamabad would take effect if the security situation in the Persian Gulf region deteriorates further. However, officials in both Pakistan and Saudi Arabia have denied that such an arrangement exists between the two countries. The report comes after Prince Turki al-Faisal, the former Saudi ambassador to the U.S., said last month that a nuclear arms race involving Turkey, Iraq, Egypt, and other countries is inevitable unless the Middle East is declared a zone that is free of weapons of mass destruction. Turki added while the countries in the Persian Gulf region were committed not to obtain weapons of mass destruction, Saudi Arabia and other states in the region could change their minds if circumstances warrant.
Israel Teams With Terror Group to Kill Iran's Nuclear Scientists, U.S. Officials Tell NBC News
MSNBC (02/09/12)
A U.S. official says that the Iranian dissident group known as the People's Mujahedin of Iran has been carrying out the attacks against the country's nuclear scientists with the help of the Israeli secret service. Those attacks, which began in 2007, usually consisted of assailants on motorcycles who attached magnetic bombs to their targets' cars. Five Iranian nuclear scientists have been killed in those attacks, the most recent of which took place on Jan. 11. That attack took the life of Mostafa Ahamdi Roshan, a deputy director at Iran's Natanz uranium enrichment facility and was also believed to be involved in procurement for Tehran's alleged nuclear weapons program. According to the U.S. official, Mossad provides financing, training, and weapons for the People's Mujahedin of Iran, which is considered by the U.S. to be a terrorist organization. Iran also claims that Mossad has been helping the People's Mujahedin of Iran. A senior aide to supreme Iranian leader Ayatollah Ali Khamenei said that Mossad has provided members of the People's Mujahedin of Iran with training on how to use motorcycles and small bombs, and built a replica of the home of an Iranian nuclear scientist to help the group's assassins practice their attack before they actually carried it out. The People's Mujahedin of Iran has denied any involvement with Mossad, while the Israeli Foreign Ministry refused to comment on the matter.
Radical U.S. Muslims Little Threat, Study Says
New York Times (02/07/12) Shane, Scott
Despite concerns several years ago that homegrown terrorism was on the rise in the U.S., the number of radicalized Muslim Americans who have been arrested on terrorism charges has declined since 2009, a new study has found. The study by the North Carolina-based Triangle Center on Terrorism and Homeland Security noted that while the number of Muslim Americans who were charged in terrorist plots or attacks spiked to 47 in 2009, it since fell to 26 in 2010 and 20 last year. The decline put the number of Muslim Americans being arrested on terrorism charges near its 10-year average. The author of the study, University of North Carolina sociology professor Charles Kurzman, also noted that none of the 14,000 homicides that took place in the U.S. last year were the result of Islamic extremism. As a result, the threat from terrorism by Muslim Americans represents a very small risk to the safety of the public, Kurzman concluded.
Michigan Homeland Security Center Expands; Foes Urge Oversight
Detroit News (02/07/12) Ferretti, Christine
The Michigan Intelligence Operations Center (MIOC), which is responsible for homeland security in the state, is expanding, adding a Detroit location that will disseminate information on suspicious behavior and crime trends to local, state, and federal authorities. This second "fusion center" is designed to improve threat assessment for the area, but some have objected to its creation due to concerns that the data sharing operations could result in people's privacy being invaded. To prevent this potential problem, a three-member civilian oversight committee will be established. The MIOC itself is overseen by the Michigan State Police, and was created in 2007 under an executive order from the governor. The same order called for a government-appointed advisory board for the MIOC composed of residents, military, state and local police, attorneys, and civil rights advocates. The board meets quarterly, and members serve staggered, four-year terms.
Militants Attack Pipeline in Nigeria
Wall Street Journal (02/06/12) Faucon, Benoit
The Movement for the Emancipation of the Niger Delta (MEND) attacked an oil pipeline in Nigeria's Niger Delta on Feb. 5, resulting in the shut down of some oil production in the region. The Italian oil company Eni SpA said that the attack interrupted the flow of roughly 4,000 barrels of oil equivalent from its share of production. Although MEND has largely been inactive since 2009, when amnesty program was opened to members of the group, the organization has said that more attacks could take place in the Niger Delta. Security and former militant officials say that younger militants are particularly upset because they do not feel that they have benefited from the amnesty program as much as the organization's former commanders.
GSA Details Federal Cloud Security Program
Information Week (02/08/12) Hoover, J. Nicholas
The General Services Administration (GSA) on Feb. 7 released a 47-page concept of operations document that provided new information about FedRAMP, a program that will soon mandate a standard approach to authorizing the use of cloud services by federal agencies and monitoring those services to ensure that they meet the government's cybersecurity requirements. The document noted that popular collaboration and infrastructure-as-a-service will be the first tools to be pushed through the FedRAMP authorization process, which will be overseen by a program management office at the GSA. That process will consist of a number of elements, including a joint authorization board made up of the Department of Defense, the Department of Homeland Security, and GSA that will perform the initial security assessments and define and update baseline security controls. FedRAMP's authorization process also will include third-party assessment organizations that will perform outsourced assessments and an incident-response coordinator, who will work within DHS to continuously monitor security compliance and the responses to security incidents. The document noted that while either the joint authorization board or third-party accreditors will be given the responsibility of performing initial assessments themselves, federal agencies will still have to sign off on their own to verify that each cloud service they decide to use is secure. FedRAMP is scheduled to be gradually launched through the fiscal year 2013.
Trusted Internet Initiative Advances
BankInfoSecurity.com (02/07/12) Chabrow, Eric
The National Institute of Standards and Technology has proposed setting up an independent identity ecosystem steering group to identify and devise standards and policies to ensure that online transactions are secure. Managed by the private sector in partnership with the federal government, the ecosystem is viewed as a way to deploy the National Strategy for Trusted Identities in Cyberspace (NSTIC), a White House effort to get businesses, advocacy groups, governments, and other players to enhance online transactions' privacy, security, and convenience. "The recommendations we published lay out a specific path to bring together all NSTIC stakeholders to jointly create an online environment ... where individuals and organizations will be able to better trust one another, with minimized disclosure of personal information," says NIST's Jeremy Grant. NIST says the steering group should be organized to shield protections for individual privacy and the underrepresented via instruments such as a special privacy coordination panel and an appointed ombudsman. NIST recommends that the group be launched by initial government funding through a competitive, two-year grant to ensure participation free of obstructions.
Internet Explorer Dominates Browser Security as Google Faces Accusations
InfoWorld (02/07/12) Samson, Ted
Internet Explorer 9 is better than other Web browsers at protecting against malware, according to a new NSS Labs study. In its malware-blocking tests, NSS Labs found that Google Chrome blocked 34.1 percent of malware so long as the browser had been upgraded with the latest Safe Browsing updates. Firefox 7 blocked 3.6 percent of malware, while Safari 5 had a block rate of 3.5 percent. However, Chrome was only as effective as Firefox 7 and Safari 5 was at blocking malware when its newest Safe Browsing protection, which sends the URLs of suspicious Web pages or non-white listed executables downloads to Google, was not installed. NSS Labs says it did not recommend that users change browsers based on the results of its study. Mozilla says it does not use Google's Safe Browsing API because it is concerned about the fact that the technology sends information to Google about a user's browsing history. Mozilla has already made phishing and malware detection services available to its users, and it is still trying to decide whether using the Safe Browsing API would be worthwhile.
Data Breach? Blame Your Third Party's Remote Access Systems
Network World (02/07/12) Messmer, Ellen
Hackers often attack third-party vendor remote-access applications or virtual private networks set up for systems maintenance to steal payment card information, according to a Trustwave study. Trustwave analyzed data security breaches at 312 businesses, most of which were retailers, restaurants, or hotels, that asked the company for help with incident response because a payment card organization such as Visa or MasterCard traced a number of stolen cards to them and asked them to perform a forensics investigation. The analysis found that in 76 percent of the breaches, a third party firm that was responsible for systems support, development, and/or maintenance introduced the security vulnerabilities that the hackers exploited. Among the vulnerabilities that were found was the use of simple, reusable passwords. In addition, the study found that just 16 percent of the companies that were analyzed were able to detect the breach without any outside help. The study also found that although the businesses believed they were in compliance with PCI security standards, gaps in their security were found, particularly the lack of two-factor authentication use by third-party vendors.
U.S. Gov't Takes Up Mobile Challenge
GovInfoSecurity.com (02/07/12) Chabrow, Eric
The U.S. Army and the National Security Agency are seeking ways to access certain IT systems via smartphones. Although smartphones and tablets present numerous security challenges, the two Defense Department organizations are taking the challenges seriously, with the Army re-engineering its own version of the Android smartphone to store classified documents and not transmit data over a cell network. Rather than build its own handsets, the government intends to install software on commercially available technologies, an approach that is far less costly and lets the government adopt the most sophisticated technologies on the market. The organizations are opting for the Android because Apple does not let people tamper with its code. One of the problems in securing mobile devices is that they can be loaded with apps that request more information than is needed to operate. For example, a weather or clock app could use a GPS that shows a user's location. NSA is writing security requirements and carrying out test programs with commercial devices to explore their performance and usability, and will share its findings with the tech industry to help with the development of mobile products for the military and U.S. intelligence services.
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
No comments:
Post a Comment