| |
Securing the Hotel Room of the Future
SecurityInfoWatch.com (07/09/12) Gottlieb, Jamie
Hospital Financial and Technology Professionals (HFTP) recently set up a model of a hotel guestroom equipped with a number of new security features designed to keep customers safer and more comfortable. The first feature of the new room is a door using VingCard Elsafe's VISIONLINE wireless software, Radio Frequency Identification (RFID), and mobile-friendly Near Field Communications (NFC) technology. This equipment allows guests to receive their room number and room key via a computer, smartphone, or other mobile device. The door also uses Axxess Industries IP Video Intercom instead of a peephole. The feed from this device allows guests to see and speak with someone at the door using a mobile device or smartphone. Guests staying in the model room would additionally have the option of using VingCard Elsafe's Infinity II safe that employs RFID contactless technology.
Court: Mall Security Not Negligent in Murder
Security Director News (07/09/12)
A New York appellate court has dismissed a lawsuit charging the owner of the Hudson Valley Mall in Kingston, N.Y., with negligence in the 2006 stabbing death of the manager of a restaurant located in the mall. The suit was brought after Sharon Inger, the manager of the Ground Round restaurant, was stabbed to death by a coworker while closing up on June 4, 2006. Inger's daughter alleged that the mall had been negligent in providing adequate security, especially in light of an earlier incident in 2005 when a gunman wielding an assault rifle opened fire in the mall. However, the court found that the mall had met the threshold of "minimal precautions to protect tenants from foreseeable harm" and was therefore not liable. The court's decision hinged on the "unforeseeable" nature of the murder, which they found, "was not predictable or expected given that no similar assault had occurred in any tenant spaces," and that, "criminal activity on the mall premises consisted of much less serious offenses, such as shoplifting, disorderly conduct, and fist fights." The decision overturned an earlier lower court ruling in favor of the plaintiff and follows a ruling last December where the mall was also found not liable in the 2005 shooting case.
To 'Minimize Risk,' Penn State Expands Background Check Policy
Security Director News (07/09/12)
Following the conviction of former assistant football coach Jerry Sandusky on child sexual abuse charges, Penn State University has announced a plan to expand criminal background check requirements for all new and some current employees. The new policy, which reflects best practices, is meant to ensure that the criminal histories and potential sexual abuse records of future employees will be thoroughly reviewed before hiring. The new policy also affects some current employees who occupy "sensitive/critical" positions. These include workers responsible for personal data, those with master key access to campus buildings, and those responsible for the handling of controlled substances or dangerous materials. This move follows a June announcement by Penn State of a new sexual abuse reporting policy that requires all university employees to complete annual reporter training, and calls for disciplinary action, up to and including dismissal, to be taken against any employee that willfully fails to report a suspected case of child abuse.
Pilot Aims to Improve Security at Sports Venues
Security Director News (07/02/12) Richardson, Whit
The Department of Homeland Security ranks attacks on stadiums and sporting events among the 12 most devastating potential acts of terrorism, a fact which a new pilot program run by the National Center for Spectator Sports Safety and Security (NCS4) at the University of Southern Mississippi hopes to change. The new pilot program is part of a four-year effort, funded in part by a DHS grant, to create new industry standards for security at sporting venues. The pilot program is expected to launch this fall with the cooperation of several other institutions, including Michigan State, Ohio State, Penn State, and Texas A&M, each of which is focused on developing safety and security standards for different parts of a sporting venue's team, such as parking attendants and ticket takers. According to NCS4 Director Lou Marciani, "the long-term goal is to professionalize and add accountability to these positions, so that an athletic director or team owner would recognize some qualifications both in training and in backgrounds." With a new survey of security procedures at current sporting venues around the country being distributed this summer and the pilot program taking off in the fall, NCS4 hopes to have a formalized set of standards in place by next winter.
FBI: High-Tech Economic Espionage a Vast, Expanding Threat
Network World (06/29/12) Cooney, Michael
The mounting threat of economic espionage has cost U.S. companies approximately $13 billion in the current fiscal year, with insiders an expanding element of this problem, according to the Federal Bureau of Investigation's testimony to a recent House Committee on Homeland Security Subcommittee on Counterterrorism and Intelligence hearing. Assistant Director of the FBI's Counterintelligence Division Frank Figliuzzi cited as an example of the insider threat a February indictment involving several former FBI employees who sold trade secrets to a Chinese competitor. Figliuzzi noted several factors underlying the insider threat's growing prevalence, including the pervasiveness of employee financial difficulties as a result of the economy, the global economic crisis confronting foreign countries, the ease of stealing electronically stored material, and the increasing exposure to foreign intelligence services presented by the fact of global business, joint ventures, and the growing international presence of U.S. companies. "The theft of U.S. proprietary technology, including controlled dual-use technology and military grade equipment, from unwitting U.S. companies is one of the most dangerous threats to national security," warned Immigration and Customs Enforcement Assistant Director of National Security Investigations John Woods. Figliuzzi also pointed to the unlawful transfer of U.S. technology as another serious danger to national security. "The FBI is seeing an expansion of weapons proliferation cases involving U.S. acquired components," he noted. "These are components exported from American companies, initially headed to someplace they're allowed to be, but ultimately destined for someplace they should never be." Exacerbating the magnitude of the economic espionage threat is the growing sophistication of cyber attack methods, such as offensives that integrate multiple techniques.
U.K. to Deploy More Troops to Olympics
Wall Street Journal (07/13/12) Bryan-Low, Cassell
The British military is planning to play a larger role than it had originally expected in providing security to the upcoming Olympic games in London. Officials said Thursday that the military is planning to make an extra 3,500 officers available to secure Olympic venues, bringing the total number of military personnel involved in Olympic security efforts to 17,000. That number includes 11,000 venue guards and 6,000 soldiers who will provide support to general policing efforts. British military officials made the extra officers available because the contractor G4S, which was supposed to have taken the lead on providing security at the Olympics, has found it difficult to provide the number of guards that it promised. According to G4S, those problems are the result of difficulties in training and screening people to work as guards. There are currently over 9,000 people going through G4S' training, vetting, and accreditation process, and nearly 4,000 people who are working at Olympic sites. There is still no specific threat against the London Olympics, says British Home Secretary Theresa May.
Al-Qaida Infiltrates War-Torn Country
Daily Telegraph (UK) (07/13/12)
As the conflict between rebel groups and the regime of Syrian President Bashar al-Assad continues to rage, there are reports that al-Qaida and groups claiming to be allied with it are openly attempting to infiltrate and hijack the rebellion. Al-Qaida flags have been seen flying in Idlib, Aleppo, and other provinces along the country's borders with Turkey and Iraq. Fighters from the Free Syrian Army have told reporters that al-Qaida representatives have been calling FSA members to make a "Bayan" or commitment to the group, while other affiliated groups have been trying, with some success, to gain control of individual towns and villages in recent months. One FSA member recounts how a group led by a man named Abu Saddiq seized control of a village called Der Tezzeh for nearly three months, installing Saddiq as the Emir, or prince, of the surrounding area, imposing religious law and calling for suicide bombings against the government. Similar events are said to have taken place inside the city of Idlib, with an al-Qaida affiliated group of Syrian fighters carrying out suicide attacks and bombing operations against government forces there, before being run out of the city by residents. Al-Qaida groups have, on the whole, not been welcome in Syria, where even populations in open revolt against their government find the group's tactics and extremist interpretation of Islam distasteful.
D.C. Officer Allegedly Made Threatening Comments About First Lady
Washington Post (07/12/12) Williams, Clarence; Flaherty, Mary Pat
A D.C. police officer from the department's Special Operations Division, which provides motorcycle escorts for White House officials and other dignitaries, has been placed on administrative duty after he was overheard making a threat towards first lady Michelle Obama. The officer's comments were allegedly made as he discussed threats against the Obamas with several other members of the division. Reports indicate that the officer said he would shoot the first lady and used his phone to show a picture of the firearm he would use. The type of firearm in the picture has not been made apparent. The D.C. police department's Internal Affairs Division is investigating the comments and has notified the U.S. Secret Service. The department declined to identify the officer, and U.S. Attorney's office officials declined to comment. A spokesperson for the D.C. police did say that there was no evidence Mrs. Obama was ever in any legitimate danger.
Iranian Embassy Recruiting Expats Using Embassy in Canada
Vancouver Sun (Canada) (07/09/12) Edwards, Steven
Questions are being raised about the activity of the Iranian Embassy in Ottawa, Canada, in regards to Iranian expatriates and second generation Iranian-Canadians. In a recent interview for an Iranian Web site, Hamid Mohammadi, the cultural affairs counselor at the embassy in Ottawa, encouraged second generation Iranians to make their way into high-level positions in government and said that by using cultural outreach programs the growing population of Iranians in Canada can, "be of service to our beloved Iran." Steven Emerson of the Washington, D.C.-based Investigative Project on Terrorism, says that the Iranian government wants to have access to Iranians with Canadian passports, especially those with Canadian citizenship, who could travel with ease between the U.S. and Canada to carry out, "anything from intelligence gathering, to being an intermediary in the recruitment of others, or to actually carry out an attack." According to David Harris of Insignis Strategic Research, the Iranian Embassy has a history of, "variously relying on, and victimizing, its expatriates." Iranian activists in Canada opposed to Tehran have long opposed the actions of the Iranian Embassy, which has been linked to the organization and administration of "cultural centers" or "cultural outreach" programs throughout Canada that are often seen as poorly disguised attempts to recruit young Iranians to the Islamic Republic's cause.
Officials: Feared al-Qaida Offshoot Neutralized
Associated Press (07/09/12) Schemm, Paul
Algerian officials say that they have neutralized al-Qaida in the Islamic Maghreb (AQIM). Security experts say that there are only a few hundred members of one of al-Qaida's most dangerous affiliates remaining in Algeria's Kabylie mountains. While violence and kidnapping remain a problem in the mountains, AQIM has not been able to mount a serious terrorist attack in the past five years. This is a significant change from the decades of battling between AQIM and Algerian security forces that left 200,000 people dead. The recent campaign to contain AQIM has been so successful that experts believe it may be a model for eradicating other terrorist groups. The Algerian military spent millions of dollars and put the full weight of its security forces into fighting AQIM with limited U.S. aid. Operations included a combination of counterterrorism and counterinsurgency strategies, including offering amnesty to former militants. By doing so, the military was able to drive AQIM out of most of the country.
Tridium's Niagara Framework: Marvel of Connectivity Illustrates New Cyber Risks
Washington Post (07/12/12) O'Harrow Jr., Robert
Security vulnerabilities have been found in an application known as the Niagara Framework, which was developed by the Richmond, Va.-based company Tridium to allow users to control a variety of different types of systems from Internet-connected computers. According to security researchers Billy Rios and Terry McCorkle, Niagara Framework--which is used by Defense Department installations to provide surveillance and access control at high-security locations, among other things--contains a vulnerability that would allow an attacker to carry out a directory traversal attack. Rios said that he was able to alter the Web address of the Niagara Framework to command it to perform a number of tasks, including providing him with access to a configuration file that contained usernames, passwords, and other types of sensitive information. Although the passwords contained in the configuration file were hashed, meaning that they were scrambled in order to secure them, automated tools can crack hashed passwords fairly easily. After the passwords are cracked, Rios said, an attacker could log on to Niagara Framework as any user. Tridium is aware of the vulnerability, which it said was caused by an employee error as well as misconfigurations in the systems of Niagara Framework users. The company plans to move the configuration file so that it is more difficult for an attacker to find, change the framework's default security settings so that it is harder to make a mistake, and strengthen password hashing. Cyber security officials at the Department of Homeland Security, who have been made aware of the vulnerability, have recommended that Tridium also offer better security training for its customers.
Hackers Claim to Steal 450,000 Yahoo Accouts
Reuters (07/12/12) Wagstaff, Jeremy
A recently formed hacker group is claiming to have stolen the usernames and passwords of some 450,000 private accounts from a Yahoo server this week. Calling themselves D33DS Company, the hacker group claims to have obtained the encrypted information by hacking an unidentified subdomain of Yahoo's main Web site. The group then posted the information on their Web site d33ds.co, which, as of Thursday, was no longer available. The accounts all appeared to be linked to Yahoo's voice-over-Internet-protocol service Yahoo Voices, which is powered by the Jajah VoIP platform and is owned by Telefonica Europe BV. According to CNET, D33DS Company says that the breach was carried out not for criminal purposes, but to act as a wake-up call highlighting Yahoo's lax security.
Businesses at Risk From Data Breaches, Cyber Attacks: Survey
eWeek (07/12/12) Eddy, Nathan
Many organizations' use of vulnerability scanning to secure IT systems is inadequate and the ability to properly utilize such tools is largely dependent on an organization's size, according to a new SkyBox survey. The study polled over 200 IT security professionals, including security managers and network and systems engineers from companies ranging in size from 250 to 350,000 employees, about their organizations' use of vulnerability scanning. The results showed that while 92 percent of companies had vulnerability management programs in place, almost half of those polled viewed their networks as "somewhat" to "extremely" vulnerable. This was largely correlated with the frequency and thoroughness of vulnerability scans, with 40 percent of companies only scanning their internal networks once per month or less. Internal networks and data centers on average received top scanning priority and were scanned most often. However, the frequency and quality of these scans was largely dependent on the size of an organization, with larger companies better able to obtain the computing resources necessary to preform frequent, in-depth scans. "Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for 'spot checks' that aren't effective at minimizing risks," says SkyBox CEO Gidi Cohen.
Linux Vulnerability Found in Web Exploit
Network World (07/11/12) Gold, Jon
A hacked Colombian Transport Web site has been rigged to deliver a malware payload that can target Mac OS, Windows, and even Linux systems, according to a new F-Secure report. Users will see a certificate warning, informing them that the site is trying to run a signed applet with an invalid signature, and if that warning is bypassed, F-Secure says the malware checks the victim's computer and downloads various malicious files based on what operating system it detects. The malware's subsequent behavior is the same regardless of what OS it detects—it downloads additional files from a remote server and creates a backdoor on a compromised machine. The malware, which F-Secure has dubbed GetShell.A, is notable for a few reasons. It attacks Linux, an OS that experiences relatively few attacks because it has a comparatively small user base and is intrinsically more difficult to compromise than Mac OS and Windows. Malware that targets multiple platforms at once is uncommon, though it does happen. CNET blogger Topher Kessler says it is far from the most dangerous malware on the Web, and it is likely the malware is the brainchild of less technically gifted hackers. PowerPC oversight would dramatically limit the malware's effectiveness against Macs, Kessler notes.
Machines Still Infected With DNSChanger Pose Dangers
Dark Reading (07/09/12) Higgins, Kelly Jackson
The July 9 shutdown of temporary servers keeping computers infected with the DNSChanger trojan online went very smoothly and resulted in only minor disruptions. However, roughly 210,000 unique IP users have managed to remain infected even after the aggressive, year-long push to inform and provide them with the tools needed to eliminate the infection, prompting cybersecurity experts to worry that forestalling the shutdown only encouraged the sort of complacency that allows malware to flourish. Computers infected with one piece of malware are usually infected with others, and with DNSChanger likely to be rewritten and recycled, some see those 210,000 infected machines as an active threat. "Every one of those still-infected machines is a danger to its owners and to the rest of us," says ISC chairman Paul Vixie. He points out that giving users time to learn that they were infected also gave them time to ignore the problem, prolonging the exposure of their infected machines to the Internet. The SANS Institute's Johannes Ulrich says that even disregarding the specific threat of a resurgent DNSChanger, the obliviousness or willful ignorance of those users that have remained infected makes them dangerous enough that "they probably should be disconnected from the Internet."
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
Attractive section of content. I just stumbled upon your site and in accession capital to
ReplyDeleteassert that I get actually enjoyed account your blog posts.
Anyway I will be subscribing to your augment and even I achievement you access consistently quickly.
My weblog: newcs cccam