| |
Apple to Hire Own Security and Put Them on Payroll
USA Today (03/04/15) Snider, Mike
Apple Inc. plans to hire full-time employees to handle security at its Cupertino, Calif., headquarters, after conducting a year-long review, spokeswoman Kristin Huguet said in a statement. The company did not disclose how many employees would make up the security staff, but it will include all guards and workers who currently patrol the campus, and they will receive similar benefits as other Apple employees. This move, and a similar decision by Google, indicates an attempt to address the growing inequality and difficult conditions for service workers in Silicon Valley. United Service Workers West, an affiliate of the Service Employees International Union, had pressured Google and Apple to hire its own workers instead of using contractor Security Industry Specialists. In October, Google had announced that it would hire its own security guards. The Rev. Jesse Jackson, through his Rainbow PUSH Coalition, is working to close the racial gap in the tech sector. Many Silicon Valley tech giants lack diversity in their workforces, but the service workers at those companies tend to be minorities.
Companies Turn Tables on Human Rights Lawyers
New York Times (03/06/15) Meier, Barry
Terrence Collingsworth, a human-rights lawyer, has accused companies that do business in Colombia, such as Chiquita Brands and Dole Food, of mistreating employees or conspiring to kill labor activists, but he is now targeted in a libel suit by one of his foes. The coal producer Drummond recently asked a federal judge to hold Collingsworth in contempt as part of a libel suit it is pressing against him, and Chiquita and Dole also have expressed suspicions about his practices. This shows how difficult it is for lawyers who sue multinational corporations on charges of human-rights violations, as controversies threaten the reputation of their work and make counterattacks easier. Drummond asked a federal judge last month to issue sanctions against Collingsworth, saying he had repeatedly ignored court orders to turn over documents that provide evidence that he paid off witnesses in Colombia for their testimony. While human-rights cases draw public attention and can encourage changes in corporate behavior abroad, they usually do not succeed, partly because it is difficult to get accurate information about events from years ago in more volatile foreign countries. About two decades ago, humans-rights lawyers like Collingsworth began to use the Alien Tort Statute as a vehicle to file lawsuits in U.S. courts against companies on behalf of foreign workers and others.
Apple Pay Stung by Low-Tech Fraudsters
Wall Street Journal (03/06/15) Sidel, Robin; Wakabayashi, Daisuke
Fraudsters have used Apple Inc.’s new mobile-payment system to make unauthorized transactions involving credit-card data stolen in recent retailer hackings, including Home Depot Inc. and Target Corp. Although scammers are using stolen numbers to make purchases, the Apple Pay system itself has not been compromised. The fraudulent purchases, however, still represent a setback for Apple’s entry into electronic payments, even though banks are the ones responsible for verifying the credit-card numbers used with smartphones. About 80 percent of the purchases have been for costly items bought with smartphones at Apple’s own stores, one source said. These Apple products tend to have a higher resale value than those available through other merchants connected to the Apple Pay system, such as Whole Foods Market Inc. and Panera Bread Co. Some banks that use the Apple Pay platform are responding with changes to their security procedures, such as tightening their verification procedures to load card data into Apple Pay and and verifying a transaction by sending a text to the customer. Pittsburgh-based PNC Financial Services Group Inc. has seen 35 cases of fraud out of thousands of all Apple Pay customers, a bank spokesman said.
Costly Shift to New Credit Cards Won't Fix Security Issues
Reuters (03/03/15) Bose, Nandita
Credit-card companies have made October the deadline for deploying chip-enabled cards, which are more difficult to copy and will require U.S. consumers to carry new cards and retailers to upgrade payment terminals. The change is expected to cost $8.65 billion, but security experts say it will be minimally effective, since counterfeiting accounts for only 37 percent of credit-card fraud, and the new technology will be almost as vulnerable to other types of cyberattacks as current systems. U.S. banks and card companies also do not intend to issue PINs with the new credit cards, instead maintaining the signature requirement, but retailers and security experts say a more secure system, such as point-to-point encryption, would be better to use. Security experts say chip technology leaves data unprotected when it enters a payment terminal, when it is transmitted through a processor, when it is stored in a retailer's information systems, and when used online.
NIST Outlines Guidance for Security of Copiers, Scanners
Government Computer News (02/25/15)
The U.S. National Institute of Standards and Technology (NIST) has released its Risk Management for Replication Devices report. The report focuses on protecting the information processed, stored, or transmitted on replication devices (RDs), which are devices that copy, print, or scan documents, images, or objects. The threats to RDs include default passwords, unencrypted data, service interruptions from user interfaces, unauthorized use, alteration of passwords or configuration settings, and outdated operating systems. The NIST report recommends IT managers limit or restrict access to RDs by either placing the devices in secured areas or requiring identification and authentication for use. In addition, IT managers should ensure that event logging is enabled so they can troubleshoot problems and investigate suspicious activity. Moreover, the report advises IT managers to regularly review vendor security bulletins and install patches and upgrades as needed. When RDs are no longer required by an organization, they should be wiped or purged, and all nonvolatile storage media should be destroyed. Passwords and user PINS should be changed, and the device configurations should be reset to the factory default settings. Finally, the NIST document includes a security risk assessment template in table and flowchart format to help organizations determine the risk associated with replication devices.
ISIS Is Adept on Twitter, Study Finds
New York Times (03/06/15) Gladstone, Rick; Goel, Vindu
Although the Islamic State (ISIS) is built around the idea of establishing a seventh-century-style caliphate, the extremist group is surprisingly successful at spreading its message through modern social media, research shows. ISIS sympathizers, including a disciplined and tech-savvy core group, have maintained 46,000 active accounts on Twitter that send out frequent messages. Militants will use whatever technology serves their purpose, but ISIS "is much more successful than other groups," says J. M. Berger, an expert on online extremism and lead author of the study, a collaboration of the Brookings Institution and Google Ideas. Twitter has begun to be more aggressive in suspending accounts linked to ISIS, which has used the social network to post executions of prisoners and to espouse violence and hatred for its perceived enemies. The company's move against ISIS has led to death threats against its leaders and employees, which Berger says reflects ISIS's reliance on open social-media forums. The 92-page report, the first public attempt to measure the influence of ISIS and its sympathizers on social media, asserted that at least 1,000 accounts that support ISIS have been suspended by Twitter from September to December.
U.S. Authorities Struggle to Find a Pattern Among Aspiring Islamic State Members
Wall Street Journal (03/06/15) Hong, Nicole
The FBI last week said that it has investigated individuals seeking to join or support the Islamic State (IS) in all 50 states, but there seems to be very few common threads that tie these individuals together. Those who seek to support or join IS include those raised Muslim and those who have converted, married people and single people, men and women, boys and girls, people from both rich and poor backgrounds, recent immigrants and U.S.-born citizens. "Some are loners seeking more of the belonging and adventure. Some have ethnic-identity issues. Some are drawn to the radical ideology," says Matthew Levitt of the Washington Institute's Stein Program for Counterterrorism and Intelligence. Their specific goals differ as well. While many seek to join IS to fight, others simply want to live there, with some of the women who seek to join the group hoping to live with men they met online. Social media is a major commonality between IS supports. They use it to voice support for the group and are often radicalized by people they meet online. Another commonality is youth. Most individuals seeking to join or support IS are young, in their teens or twenties. Several have had their efforts to join IS frustrated by parents who hide their passports or otherwise refuse to support their ambitions.
South Korea Says Attacker of U.S. Ambassador, Mark Lippert, Acted Alone
New York Times (03/06/15) Sang-hun, Choe
South Korean police say they are working to bring attempted murder and other charges against an anti-American activist who slashed the United Sates ambassador to South Korea, Mark W. Lippert, with a knife. Senior Superintendent, Yun Myeong-seong saud a request had been made to a court for a warrant to formally arrest the suspect, Kim Ki-jong, on charges that also included illegal use of violence against a foreign diplomat. Kim told reporters through his lawyer that he acted alone and did not intend to kill Lippert, but the police said Ki, stabbed Lippert several times. Kim claimed he attacked Lippert to protest the annual joint military exercises the United States began with the South Korean military this week. North Korea has praised Kim for inflicting a "just punishment for U.S. war maniacs." The attack surprised the government and raised questions about security. After an emergency meeting of vice ministers, the government promised "stern punishment" for officials who failed to protect Lippert. Yun says the police did not check people entering the meeting where Lippert was to speak because the United States Embassy had not requested it.
Superbug Outbreak Extends to LA Hospital, Linked to Contaminated Scope
Los Angeles Times (03/05/15) Terhune, Chad
Cedars-Sinai Medical Center in Los Angeles has discovered that four patients were infected with deadly bacteria from a contaminated medical scope, and 67 other people may have been exposed. The hospital says one of the four infected patients died, but for reasons unrelated to carbapenem-resistant Enterobacteriaceae (CRE). The other three patients have been discharged from the hospital. The superbug CRE is highly resistant to antibiotics and can kill up to 50% of infected patients. Cedars-Sinai is now investigating the possibility of patient infections after a similar outbreak at UCLA's Ronald Reagan Medical Center that sickened seven patients, including two who died. The widening problem is expected to increase pressure on FDA, already receiving criticism for ignoring warnings about these medical instruments. Federal lawmakers, consumer advocates and patients' families have criticized both the regulators and manufacturers for failing to act sooner. The report by Cedars raises the prospect of many more disclosures, experts say, as other hospitals check patients' medical records and the scopes themselves looking for evidence linking infections to the devices.
Country's Busiest Airport Steps Up Worker Security
CNN (02/16/15) Zamost, Scott; Griffin, Drew
Atlanta's Hartsfield-Jackson International Airport, the nation's busiest airport, has introduced new employee security measures in the wake of a gun running scheme uncovered at the airport last December. Previously employees had only to swipe their badges to get access to what is called "back of the airport," and did not have to undergo any screening. Now employees will have their bags and personal belongs searched before they are allowed to enter a security door at the main terminal. Airport spokesman Reese McCranie called the new measures part of a "phased-in approach to get to full employee screening." One of the 70 access points granting employees access to back of the airport is also being closed. McCranie says the goal is to shrink the number of access points from 70 down to just 10. Additionally, 4,400 employees of companies located within the airport terminal have had their secure area access cut. They will now have to pass through Transportation Security Administration screening to access the terminal. The changes come after federal agents arrested a Delta baggage handler and passenger in December for a gun smuggling scheme in which the baggage handler would carry a satchel of guns into the terminal and hand them off to the passenger, who had already passed through security screening.
Senate Cybersecurity Bill Stalls After White House Pushback
Wall Street Journal (03/06/15) Paletta, Damian
The White House and some congressional Democrats have raised privacy concerns about a cybersecurity bill drafted by top Senate Intelligence Committee lawmakers, stalling – at least temporarily – one of Congress’s top priorities. A draft of the bill was circulated last week by the panel’s chairman, Sen. Richard Burr (R-N.C.) and the ranking Democrat, Sen. Dianne Feinstein of California. They planned to hold a debate and vote on the measure behind closed doors on March 3, people familiar with the process said. The legislation is meant, in large part, to make it easier for companies to share information with the government about potential cyberattacks, malware, viruses, or computer intrusions. The information-sharing focus of the draft has broad support from many – but not all – large companies. White House officials signaled to lawmakers that they shared privacy concerns about the draft, and pushed for modifications, people familiar with the matter said. The precise nature of the White House’s concerns couldn’t be learned, though several Democrats on Capitol Hill are believed to share similar concerns. Several people familiar with the process said lawmakers are hopeful the White House’s concerns can be addressed quickly and they believed that the Senate Intelligence Committee could hold a vote on the bill as soon as next week.
FAA Air Traffic Control System Vulnerable to Cyberattacks
Homeland Security Today (03/03/15) Vicinanzo, Amanda
According to a Government Accountability Office (GAO) audit report, security weaknesses in the Federal Aviation Administration's (FAA) information security program place the nation's air traffic control system at risk of being hacked. The Federal Information Security Management Act of 2002 requires federal agencies to enforce a security program that provides a framework for implementing controls at the agency, but FAA's implementation of the program is incomplete. GAO found that FAA "did not always sufficiently test security controls to determine that they were operating as intended; resolve identified security weaknesses in a timely fashion; or complete or adequately test plans for restoring system operations in the event of a disruption or disaster.” The reports stated that FAA will face major challenges and major weaknesses will persist until the agency develops an organization-wide strategy. The FAA agreed with the 17 recommendations made by the GAO, which the GAO stated have the possibility to "compromise the safety and efficiency of the national airspace system."
QR Codes Engineered Into Cybersecurity Protection
University of Connecticut (02/26/15) Poitras, Colin
University of Connecticut researchers led by professor Bahram Javidi want to use quick response (QR) codes to protect national security. They are using advanced three-dimensional optical imaging and extremely low-light photon counting encryption to transform a conventional QR code into a high-end cybersecurity application that can be used to protect the integrity of computer microchips. The researchers found they were able to compress information about a chip's functionality, capacity, and part number directly into the QR code so it can be obtained by the reader without accessing the Internet, which Javidi says is an important cybersecurity breakthrough because linking to the Internet greatly increases vulnerability to hacking or corruption. The researchers also applied an optical-imaging mask that scrambles the QR code design into a random mass of black-and-white pixels. Another layer of security is then added through a random phase photon-based encryption, which converts the snowy image into a darkened image with just a few random dots of pixilated light.
Universities Start Programs to Develop Cybersleuths
Security InfoWatch (03/02/15) Forster, Dave
George Mason University is now offering what it says it the world's first undergraduate degree in cybersecurity engineering. There are currently 64 students enrolled in the program. Old Dominion University (ODU), meanwhile, pulled faculty and staff from a range of disciplines to form the Center for Cyber Security Education and Research, which launched March 2. In January, Norfolk State University was tapped by White House officials to lead a consortium of 12 historically black colleges and universities, two national labs, and one South Carolina school district with the goal of educating students in cybersecurity. ODU hopes to promote new approaches to research by drawing from different disciplinary backgrounds. For example, psychology, understanding why some people click on a link they should not click on could help protect systems against poor decision-making. The consortium led by Norfolk State received a $25 million federal grant, and most of it will go toward creating workers who are knowledgeable about cybersecurity. In the fall, Norfolk State will add an online master of science degree in cybersecurity.
5 Ways to Prepare for IoT Security Risk
Dark Reading (02/24/15) Vijayan, Jai
The advent of the Internet of Things (IoT) will bring with it a plethora of new security concerns, and Verizon's Johan Sys and Hewlett-Packard's Daniel Meissler say there are several steps enterprises can take to prepare. First, is embedding security into IoT devices and applications from the start. Meissler points out that all of the security issues of networks, the Web, and the cloud will be present in IoT and will have to be confronted from the outset. He says to combat those risks enterprises will have to identify them first. Common vulnerabilities include Web authentication and authorization, physical controls, and transport encryption. Another way to address IoT security will be segmenting IoT traffic from other enterprise networks, so an issue in one won't be able to easily jump to the other. Multi-layered security also will be needed to defend IoT components, many of which are not equipped to deal with security issues on their own. Finally, IT security professionals should be prepared to share security responsibility for IoT with other divisions across the enterprise. Meissler expects IoT security to "absolutely be a shared jurisdiction." Potential partners include physical security teams and device manufacturers.
Abstracts Copyright © 2015 Information, Inc. Bethesda, MD |
No comments:
Post a Comment