| |
Poll: No Entrance Security at More Than 40 Percent of U.S. Job Sites
Security Director News (09/05/13)
According to a new poll conducted by Zogby Analytics, the majority of workers in the United States feel safe and secure when on the job, despite that fact that 42 percent of the nation's workplaces do not have entrance security. Frank Kenna III, president of The Marlin Company, which commissioned the study, noted that "Companies are turning a blind eye to serious threats of violence," adding that "It's almost a cliche that everyone says they feel safe until someone who is after money, drugs, domestic revenge or who is grossly impaired comes in, perhaps with a weapon, and causes a tragedy." In a prepared statement, Marlin said that 94 percent of workers feel safe at work, though 20 percent reported that their employer had inadequate security procedures in place.
BU Fights Time-Sensitive Patent Infringement Battle
Daily Free Press (MA) (09/04/13) Riley, Rachel
Over the spring and summer, Boston University trustees sued several major technology companies for patent infringement, partly because the patent in question is set to expire in November 2014, according to BU spokesperson Colin Riley. BU officials filed complaints against both large and small tech companies on grounds that they infringed a patent for insulating films; the method was created by BU professor Theodore Moustakas in 1997. BU officials had licensed and sublicensed the patent to another firm in the past, and have made efforts to make the technology available to others, Riley says. "My sense is that the patent is pretty solid, and it has definitely been used...and they [companies] have made a lot of money," says tech analyst Roger Kay. "One could argue that their ability to make that money was enhanced by these patents, and BU deserves a piece of that.”
IT Security Critically Underfinanced, Study Finds
ComputerWeekly.com (09/03/2013) Ashford, Warwick
The Kaspersky Lab's Global Corporate IT Security Risks 2013 survey found that 60 percent of IT decision-makers report they are not given enough time or funding to develop effective IT security policies. Just under half of those surveyed also said they do not feel they have organized, systematic processes to deal with IT risks. Underinvestment in IT security is particularly acute in the education sector, where only 28 percent of IT decision-makers surveyed reported sufficient investment. However, underinvestment is likely to have the most severe consequences in the government and defense sector, where only 34 percent of organizations say IT security is given sufficient support. Fortunately, the survey also showed that simple measures, like instituting IT security for mobile devices, could vastly decrease security risks. Currently, almost half of the organizations surveyed had no policy in place to secure smartphones or other mobile devices, and many of those that have these policies say there is still not the funding to implement them properly. The survey additionally found that 91 percent of respondents belonged to organizations that had experienced at least one external IT security incident in the past year, while 85 percent had experienced internal incidents.
Republic Services Security Breach Could Affect 82,000 People
Phoenix Business Journal (09/03/13) Sunnucks, Mike
Phoenix, Arizona-based Republic Services has reported to credit bureaus, employees and law enforcement agencies that a laptop containing the personal data over more than 82,000 of the company's current and previous employees was stolen from the Phoenix-area home of a current employee in August. Republic has notified the potentially impacted employees and former employees, and will be paying for free credit monitoring and credit reports for each of those individuals. The company has also filed a theft report with the Maricopa County Sheriff's Office, and submitted a copy of the notification for file at the Vermont Attorney General's office. Republic attorneys Jason Gavejian and Joseph Lazzarotti informed the New Hampshire Department of Justice of the security breach and the employee information on the laptop, which "contained names and social security numbers." They said that "It appears 82,160 individuals could have been affected."
Google, Microsoft Prepare for Showdown Over NSA Spying
The Hill (08/31/13) Sasso, Brendan
Google and Microsoft are teaming up for a legal battle with the Obama administration over the right to disclose more information about how the National Security Agency is spying on their users. The companies argue that publishing aggregated statistics about the scope of the surveillance would not threaten national security and that they have a right under the First Amendment to discuss the information. While the companies and the government have negotiated for several weeks, the case is now moving to the Foreign Intelligence Surveillance Court, which handles national security surveillance issues. "With the failure of our recent negotiations, we will move forward with litigation in the hope that the courts will uphold our right to speak more freely," says Microsoft general counsel Brad Smith. The companies think they should be allowed to reveal how often they turn over statistics about user communication trends.
Iran Plots Revenge, U.S. Says
Wall Street Journal (09/06/13) Barnes, Julian; Entous, Adam
U.S. officials report the United States has intercepted an order from Iran to militants in Iraq to attack the U.S. Embassy and other American interests in Baghdad in the event of a strike on Syria. The U.S. military is on alert for Iran's fleet of small, fast boats in the Persian Gulf, where American warships are positioned. U.S. officials also fear Hezbollah could attack the U.S. Embassy in Beirut. While the United States has moved military resources in the region for a possible strike, it has other assets in the area that would be ready to respond to any reprisals by Syria, Iran, or its allies. The U.S. military has also readied Marines and other assets to aid evacuation of diplomatic compounds if needed, and the State Department began making preparations last week for potential retaliation against U.S. embassies and other interests in the Middle East and North Africa. The State Department issued a new alert on Thursday warning against nonessential travel to Iraq and citing terrorist activity "at levels unseen since 2008." Earlier this year, an alert said that violence against Americans had decreased. That reassurance was dropped from the most recent alert. The Iranian message, intercepted in recent days, came from Qasem Soleimani, the head of Revolutionary Guards' Qods Force, and went to Iranian-supported Shiite militia groups in Iraq, according to U.S. officials. Soleimani said Shiite groups must be prepared to respond with force after a U.S. strike on Syria. U.S. officials said the U.S. Embassy in Baghdad was one likely target.
Putin Admits Early Snowden Contact
Wall Street Journal (09/05/13) Alpert, Lukas
Russian President Vladimir Putin admitted on Sept. 4 that his government had contact with U.S. National Security Agency (NSA) leaker Edward Snowden prior to his departure from Hong Kong to Moscow. However, he says that no agreement to take him in on a permanent basis was reached at that time. Putin had previously said that Snowden's arrival at a Moscow airport was a surprise. "Mr. Snowden first appeared in Hong Kong and met with our diplomatic representatives," Putin said in a recent interview. He also acknowledged that he would allow Snowden to come to Russia, but only if he stopped leaking classified information on U.S. surveillance programs. According to Putin, Snowden was originally supposed to transfer to another flight to Cuba and ultimately to Ecuador, where he had been offered asylum. He was unable to do so after the U.S. revoked his passport, a decision that Putin criticized. He said U.S. officials should have instead allowed Snowden to travel somewhere that has an extradition treaty with the United States, which Russia does not. Putin did suggest that an agreement may potentially be reached or some other compromise, but in the meantime, he has no intention of giving Snowden up.
Split Senate Panel Approves Giving Obama Limited Authority on Syria
New York Times (NY) (09/04/13) Landler, Mark; Weisman, Jonathan; Gordon, Michael R.
On Wednesday, by a vote of 10 to 7, the Senate Foreign Relations Committee gave President Obama limited authority to use force against Syria. The resolution passed by the committee would restrict strikes against Syrian forces to a period no longer than 60 days, though there would be the possibility of an additional 30 days pending consultation with Congress, and would black the use of American ground troops. The Senate panel struggled in drafting the resolution, as the committee's leaders were pushing to limit the duration and nature of military strikes, while Senator John McCain (Ariz.) demanded greater leeway for the military's efforts. Some of the languages in the resolutions was strengthened in order to win the support of McCain, who is viewed as crucial to the authorization's final passage. A resolution by Senator Rand Paul (R-Ken.) was set aside, as it would have granted the president the authority to act unilaterally only when the nation faces attack, while a separate resolution by Democratic Representatives Chris Van Hollen of Maryland and Gerald E. Connolly of Virginia, which would impose tighter limitations on Obama, is being circulated. A final Senate vote is expected at the end of next week, though administration officials said they do not think that the House would vote until the week after.
U.S. Documents Detail al-Qaeda's Efforts to Fight Back Against Drones
Washington Post (09/04/13) Whitlock, Craig; Gellman, Barton
Top-secret U.S. intelligence documents released by the fugitive former National Security Agency contractor Edward Snowden reveal that although there is no evidence that al-Qaeda has assigned cells of engineers to find ways to shoot down, jam, or remotely hijack U.S. drones, hoping to exploit the technological vulnerabilities of a weapons system that has inflicted huge losses upon the terrorist network. The airstrikes have forced al-Qaeda operatives and other militants to take extreme measures to limit their movements in Pakistan, Afghanistan, Yemen, Somalia, and other places. The top-secret report, titled "Threats to Unmanned Aerial Vehicles," is a summary of dozens of intelligence assessments posted by U.S. spy agencies since 2006. U.S. spy agencies have concluded that al-Qaeda faces "substantial" challenges in devising an effective way to attack drones, according to the top-secret report disclosed by Snowden. Still, U.S. officials and aviation experts acknowledge that unmanned aircraft have a weak spot: the satellite links and remote controls that enable pilots to fly them from thousands of miles away.
In July 2010, a U.S. spy agency intercepted electronic communications indicating that senior al-Qaeda leaders had distributed a “strategy guide” to operatives around the world advising them how “to anticipate and defeat” unmanned aircraft. The Defense Intelligence Agency (DIA) reported that al-Qaeda was sponsoring simultaneous research projects to develop jammers to interfere with GPS signals and infrared tags that drone operators rely on to pinpoint missile targets. The technological vulnerabilities of drones are no secret. The U.S. Air Force Scientific Advisory Board issued an unclassified report two years ago warning that "increasingly capable adversaries" in countries such as Afghanistan could threaten drone operations by inventing inexpensive countermeasures.
U.S. Beefs Up Security Measures Before Possible Military Strike on Syria
MyFox8 [Greensboro-High Point- Winston-Salem] (09/02/13)
As the United States prepares for a possible military strike on Syria, the nation's authorities are strengthening domestic security measures, as both the Department of Homeland Security and the FBI have warned that there will likely be a higher risk of cyber attacks by the hacker group known as the Syrian Electronic Army following any strike against Syrian President Bashar al-Assad's regime. Law enforcement officials noted that Iranian officials have also warned that any U.S. attack on Syria could be met with retaliation, prompting warnings that there could be terror threats in the United States or its interests abroad. Both Iran and the Lebanese group Hezbollah have intervened in the 2-year-old Syrian civil war, siding with al-Assad's regime, which the U.S. has blamed for alleged chemical weapons attacks that have killed scores of Syrian civilians. FBI agents have been asked to focus on their ongoing investigations related to Syria and the surrounding region, and to check-in with contacts and informants to identify any new information that could suggest possible retaliation against the United States.
NSA Able to Foil Basic Safeguards of Privacy on Web
The New York Times (09/06/13) Perlroth, Nicole; Larson, Jeff; Shane, Scott
The National Security Agency uses a variety of means to overcome encryption technologies, such as supercomputers, technical strategies, court orders, and persuasion, according to documents leaked by former NSA contractor Edward Snowden. The documents show that NSA has cracked much of the encryption technology that protects global commerce and banking systems, trade secrets, and medical records, and secures the emails, Web searches, Internet chats, and phone calls of users worldwide. "For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," according to a 2010 memo from Britain's Government Communications Headquarters. NSA's efforts to decipher secured information are restricted to those cleared for a highly classified program dubbed Bullrun, according to the documents. The extent of NSA's decoding capabilities is known only to a few top analysts from NSA and its counterparts in Britain, Canada, Australia, and New Zealand. The documents show how the agency works with Internet companies to compel them to comply with court orders, use their encryption keys, or alter their software or hardware. The documents also reveal that NSA spends more than $250 million annually on its Sigint Enabling Project, which "engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs" to make them "exploitable."
Can Cloud Computing Be Secure? Six Ways to Reduce Risk and Protect Data
The Guardian (09/05/13) Marx, Gretchen
As employees, customers, business partners, suppliers, and contractors increasingly access corporate applications and data with mobile devices from the cloud, it becomes more important to ensure cloud security. People within the organization who are privileged users should receive a higher level of scrutiny, receive training on securely handling data, and stronger access control. Organizations should change the level of access to data in the cloud depending on where the user is and what device they are using, and identify databases with highly sensitive or valuable data. Organizations should ensure that corporate data is isolated from personal data on the mobile device, and that network protection devices can provide extra control with analytics and insight into which users are accessing what content and applications. Finally, security devices capture security data to create the audit trail needed for regulatory compliance and forensic investigation.
U.S. Likely to Wage Cyber Attacks Against Syria
The Hill (09/04/13) Sasso, Brendan
The United States is likely to accompany a physical attack on Syria with a cyberoffensive that could enable officials to gather intelligence and spy on the Syrian regime, according to cybersecurity experts. Additionally, the cyberattacks would likely be lead by intelligence agencies such as the National Security Agency (NSA) rather than the military, according to Truman National Security Project fellow Chris Finan. "The military would be very dependent on the intelligence community for anything it wants to do," because the NSA has more advanced hackers than the military does, Finan says. However, the United States is unlikely to try to disable Syrian air defenses with cyberattacks, according to Council on Foreign Relations fellow Adam Segal. One less destructive strategy could be to use long-distance Wi-Fi technology to provide Internet access in Syria, which would allow for more free communication and empower moderates in the country.
Mitigating Shared Data Security in Brave New World of BYOD
eWeek (08/31/13) Preimesberger, Chris
Many organizations are turning to private cloud deployments as a solution to the security issues created by modern public cloud technology and bring your own device policies, according to a Palmer Research survey. Many employees have turned to public cloud file-sharing services to share data across multiple devices, potentially compromising the security of that data. The survey found that 36 percent of respondents have responded by setting up their own private cloud for internal purposes, while 29 percent plan to deploy a private cloud in the near future. A private cloud offers an organization much tighter control over data sharing, application management, and sensitive data storage, and organizations are increasingly employing private clouds to run in-office functions such as recruitment management, software development, travel and expense management, and employee benefit management. Such private cloud solutions are being pushed by major cloud infrastructure providers while other firms are responding with tools and services meant to better secure data transfers to and from public clouds.
Syria, Iran Capable of Launching a Cyberwar
Washington Times (08/28/13) Waterman, Shaun
The United States is concerned about the growing ability of Syria and Iran to launch cyberattacks, which are playing an increasingly large role in modern warfare. Syria has proven cyberattack capabilities and could retaliate against Western military strikes over Syria's suspected chemical weapons attack on civilians. "It's foreseeable that [Syrian] state-sponsored or state-sympathetic hackers could seek to retaliate" against U.S., Israeli, or Western interests, says former Homeland Security secretary Michael Chertoff. The Syrian Electronic Army has claimed credit for hacking networks used by U.S. media outlets, including this week's attack on The New York Times website and an earlier hack of the Twitter account of the Associated Press. In addition, Islamic hackers believed to have ties to Iran have been staging cyberattacks against large U.S. bank websites for almost a year. However, hackers can also hijack critical infrastructure by breaking into computer-control systems that operate transportation networks as well as chemical, electrical, and water and sewage treatment plants. "An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals," warns former CIA director Leon E. Panetta. The U.S. Cyber Command says it can access hostile networks to defend against attacks, and experts note U.S. responses to cyberattacks might not be visible.
Abstracts Copyright © 2013 Information, Inc. Bethesda, MD |
No comments:
Post a Comment