Friday, October 21, 2005

Security Management Weekly - October 21, 2005

header

  Learn more! ->   sm professional  

October 21, 2005
 
 
CORPORATE SECURITY  
  1. " Broad Data Security Bill Hits a Snag" Senate Judiciary Committee Unanimously Approves Narrow Data Security Bill That Is Supported by Business Community
  2. " Bomb Explodes in Argentina Prior to Bush's Visit" Several Recent Attacks on U.S. Banks and Businesses in Argentina
  3. " Security: Knowledge of the Threat Is Paramount" Terrorism-Insurance Underwriters Examining Companies' Security Measures
  4. " Accused Kidnappers' First Target Got Away" Ransom Kidnapping in Yakima, Wash., Goes Awry
  5. " Theft Is Serious Business" Steps Small Businesses Can Take to Reduce Employee Theft
  6. " War on Shoplifting" Anti-Shoplifting Advice for Business Owners

HOMELAND SECURITY   sponsored by  
  7. " Gov. Bush Tells Panel Florida Is Storm-Ready" Florida Governor Shares Details of Emergency-Response Plan for Hurricane Wilma
  8. " Baltimore Tunnels Tied Up by Report of Terrorist Threat" Bombing Threat Not Corroborated, Four Foreigners Detained
  9. " Foreign Fighters Captured in Iraq Come From 27, Mostly Arab, Lands"
  10. " Communications Still a Problem in Disaster Response" Bill in Congress Would Reserve Radio Space for First Responders
  11. " Burr to Introduce Biodefense Bill" Bill Aims to Prepare U.S. for Bird Flu Pandemic or Bioterror Attack
  12. " Anti-Terrorism Site Security" Security of Army Division's Headquarters Emphasizes Anti-Terrorism Measures

CYBER SECURITY  
  13. " At Microsoft, Interlopers Sound off on Security" Independent Security Researchers Attend Microsoft's Second Blue Hat Conference
  14. " Dutchmen Hack Into 1.5 Million PCs" Steal Access Codes of PayPal Customers
  15. " As Threats Evolve, Defenses Must Adapt" Anti-Virus Software Proving Ineffective Against New Classes of Malware


   







 

"Broad Data Security Bill Hits a Snag"
American Banker (10/21/05) ; Heller, Michelle

The Senate Judiciary Committee has unanimously and without debate approved a narrow data security bill that the business community supports but which may become overshadowed by other legislation. Committee Chairman Arlen Specter (R-Pa.) had planned to bring a sweeping bill to a vote, but postponed consideration after objections from members of his own party. Businesses are waging a pitched battle against the broader measure, which comes with the dual sponsorship of Sen. Specter and Sen. Patrick Leahy, the top Democrat on the committee It would set rules for securing information and notifying consumers about breaches. It would also allow consumers to correct inaccurate information that companies hold on them, subject financial firms to two sets of rules for notifying individuals of breaches, and increase civil and criminal penalties for violations. Sen. Jeff Sessions (R-Ala) says 30 corporate interests - including the U.S. Chamber of Commerce, the National Retail Federation, General Motors, and General Electric - "have expressed concern - unless some alterations are made. It is legitimate that we slow down a little bit in recognizing that we don't want to pass another one of these good-intended bills that end up having a lot of consequences that may not be as good as we hoped for," Sen. Sessions said. Specter says he still plans to resume consideration of the bill next week. The narrower bill, sponsored by Sen. Sessions, would institute the limited approach industry wants the federal government to take to shore up the security of consumer information. The narrower bill would require all businesses to secure data they hold on consumers, and only tell people about a breach if it puts them at risk for identity theft. The Sessions bill would prohibit states from setting conflicting rules and allow financial firms to continue operating under security rules established in 1999 by the Gramm-Leach-Bliley Act and notification requirements regulators set out for banks this year. "The Sessions bill is the best example of how business interests believe Congress should address the data security and breach-notification problem," said Thomas Boyd, a partner in Alston & Bird LLP and counsel to the National Business Coalition on E-commerce and Privacy.
(go to web site)

"Bomb Explodes in Argentina Prior to Bush's Visit"
Peoples Daily (China) (10/19/05)

During the past two weeks, there have been several attacks in Argentina on U.S. banks and businesses with U.S. investment ties. The latest attack occurred Wednesday in La Plata, Argentina, when a bomb exploded in a Bank Boston branch, causing minor damage but no injuries. Several pamphlets criticizing President Bush were found in the bank branch. The attack occurred ahead of a visit from Bush, who will be attending the upcoming fourth summit of the Organization of American States, to be held in Mar del Plata on Nov. 4 and 5. Security has been bolstered in Mar del Plata, which is located 50 km south of Buenos Aires, in preparation for the summit.
(go to web site)

"Security: Knowledge of the Threat Is Paramount"
Financial Times (10/18/05)

Terrorism-insurance underwriters are examining the security measures that companies have implemented when considering whether to insure the companies. For example, Aon insurance brokers who examined a high-profile building in New York used a detailed report on the building's ability to withstand a truck bombing. Aon brokers used this report, along with other information, to convince the underwriters to provide insurance for the building. "We were able to go to the underwriters on a risk they were inherently pretty reluctant to get involved with, and were able to secure the capacity the client wanted," explains Aon's William Farmer, a director in the firm's crisis management unit. Of particular concern to underwriters are a building's access control measures for vehicles that enter underground parking garages--this because a bomb that explodes beneath a building can cause severe damage to the structure. The damage a bomb causes at a distance of at least 30 meters is significantly reduced; therefore, underwriters prefer that buildings implement outside security barriers, says Farmer. Companies that invest in security will see some type of return on their investment in terms of insurance savings, says war and terrorism underwriter Nicholas Davies: "If you are seen as a client that is very risk averse, and very committed to a sustained risk management program, then that is regarded as a strength by insurers."
(go to web site)

"Accused Kidnappers' First Target Got Away"
Yakima Herald-Republic (10/15/05) ; Bristol, Chris

Two armed Spanish-speaking men attempted a ransom kidnapping in a wealthy neighborhood in Yakima, Wash., on Oct. 8, authorities said. The two arrested suspects were identified as 24-year-old Heriberto Garibaldo Martinez and 23-year-old Pedro Ochoa-Mendoza. Katherin D. Jubran, a 63-year-old woman who was taking her daily walk in the affluent neighborhood, was allegedly confronted at gunpoint by Mendoza and Martinez, who forced her into their car, stole her wedding ring, and held her for several hours as they attempted to contact Jubran's husband to negotiate a ransom payment. Martinez and Mendoza were forced to abandon their plot when their car broke down, and they let Jubran go without harming her. Prosecutors allege that just 45 minutes before kidnapping Jubran, Martinez and Mendoza tried to kidnap a female jogger. The two men face up to 16 years in prison on charges of first-degree kidnapping and robbery.
(go to web site)

"Theft Is Serious Business"
Houston Chronicle (10/16/05) P. 5 ; Doggett, Don

There are a number of measures that small businesses can take to protect themselves from employee theft, which is said to be one of the most common types of theft that small businesses experience. The first such measure should be conducting background and reference checks of job applicants, particularly those who will be handling money. Businesses should also make sure that inventory records are kept current, and audits should be conducted regularly, as these measures increase the chances that employee theft will be detected. Employees should be trained and supervised closely, and this training can include a presentation on the drawbacks of employee theft, such as the possibility that employees will lose their jobs or harm their reputations. Time locks, alarms, surveillance cameras, motion detectors, and central alarm systems are all effective tools for minimizing theft, and only a handful of employees should be given keys to the business. Two employees should be responsible for checking incoming inventory, which is a popular target for theft, and the employees should compare the log items received to the shipping ticket. Trash cartons should be checked and flattened to ensure that merchandise has not been hidden, and the receiving and shipping door should be locked when not being used. There are positive ways to discourage employees from stealing, and these include showing employees that they are valued--giving them discounts on merchandise, for example.
(go to web site)

"War on Shoplifting"
Mercury (AU) (10/13/05) P. 14 ; Choy, Heather Low

Police in Tasmania are offering retailers advice for guarding against shoplifters. "Staff should be aware of large groups of people entering shops and hanging around display cabinets or near expensive items," says Police Sgt. Darren Spinks, adding that this is a common tactic to distract store employees as other shoplifters remove security tags from merchandise or steal items. In addition, business owners are advised to always keep display cases locked, to train their employees to be aware of shoplifting tactics, and to install surveillance cameras and/or security mirrors. Also, owners should be aware that shelving and signs can create clutter and blind spots that allow shoplifters to operate. CDs and DVDs should be displayed in dummy cases, shopping bags should be closed with receipts stapled to the outside of bags, signs should be placed to indicate that bags will be checked, clothing in and out of fitting rooms should be checked, and the rear areas of stores should remain locked during business hours.
(go to web site)

"Gov. Bush Tells Panel Florida Is Storm-Ready"
St. Petersburg Times (FL) (10/20/05) ; Kumar, Anita

Florida Gov. Jeb Bush told the House Homeland Security Committee on Wednesday that the state of Florida is prepared for Hurricane Wilma, should the hurricane make landfall. Bush stated that he has activated local emergency operation centers from Tampa Bay to Key West and that the Florida National Guard is ready to help every hospital in Florida to carry out evacuations, should that be necessary. In addition, the state has opened its shelters, and some shelters will accept pets, and supplies such as water, food, and ice are ready for delivery to areas along the storm's projected path. "The state has contracted with the North Carolina National Guard for helicopters, and a private logistics expert was hired to help locate distribution points for supplies," Bush said. Bush testified that he firmly believes in a state-led "bottom-up approach" to the role of first response to hurricanes and other disasters. "If this response is federalized that will be as big as any disaster to hit this country," Bush said. Bush, along with the governors of Texas and Arizona, said that the federal government does have a role to play during disaster response but that role should be limited unless a state is overwhelmed. The scenario of a state being overwhelmed is more likely to happen during a terrorist attack than a hurricane, Bush noted.
(go to web site)

"Baltimore Tunnels Tied Up by Report of Terrorist Threat"
Washington Post (10/19/05) P. B1 ; Rich, Eric; Wagner, John

U.S. officials are attempting to corroborate the authenticity of a terrorist threat against the Baltimore Harbor, and four foreigners in Baltimore have been detained as a result of the threat. The threat caused authorities to shut down one of the harbor's highway tunnels for more than 90 minutes Tuesday and to partially close another harbor highway tunnel. The plot, which was detailed by an informant from overseas, allegedly involves six Egyptians or foreign terrorists in the United States who will receive explosives materials from a ship. The terrorists will turn the materials into bombs and use vehicles to transport the bombs into one or both of the Baltimore tunnels, where they would be detonated. The informant who described the plot also gave investigators the specific names of several people who supposedly have knowledge of or are participating in the plot. "We're taking it seriously, because the person is naming names," said one law enforcement source. The threat forced the closure of the Harbor Tunnel on Interstate 395 and the partial closure of the Fort McHenry Tunnel on I-95, where vehicles were searched. FBI spokesman Kevin Perkins says that the informant provided information that "was somewhat specific as to date and time," though the threat has not been corroborated. Three Egyptians and one Jordanian have been detained after investigators conducted interviews in response to the threat; the four foreigners, who are associated with Baltimore-area businesses, were being held on immigration violations.
(go to web site)

"Foreign Fighters Captured in Iraq Come From 27, Mostly Arab, Lands"
New York Times (10/21/05) P. A10 ; Filkins, Dexter

Since April 2005, allied forces in Iraq have captured about 312 foreign nationals, including one American of Arab descent, who have fought on the side of the insurgency. Of the 312 foreign insurgents, 78 are from Egypt, 66 from Syria, 41 from Sudan, 32 from Saudi Arabia, 17 from Jordan, and 13 from Iran. The rest of the foreign insurgents have come from 21 different countries, including countries in the Middle East, North Africa, and Europe. The countries of Israel, Indonesia, Ireland, France, and Denmark each had one of their citizens among the total, and two were from Britain. Overall, there are more than 10,000 suspected insurgents who have been captured in Iraq, and foreign insurgents are believed to account for less than 5 percent of this total. However, the foreign insurgents are said to be more fanatical than the Iraqi insurgents, and the foreign insurgents are said to account for more than 90 percent of the suicide bombers. Most of the foreign insurgents apparently enter Iraq through Syria.
(go to web site)

"Communications Still a Problem in Disaster Response"
Boston Globe (10/17/05) ; Kerr, Jennifer C.

Congress this week was set to consider a measure that would reserve radio frequencies in the 700 megahertz range for emergency response and public safety. Emergency responders experienced communications problems during the response to the 1993 World Trade Center bombing, and the same type of problems were experienced during the response to Hurricane Katrina. These interoperability communications problems are probably several years away from being solved, due to a number of hurdles, including bureaucratic red tape, the limited amount of radio space, the expense, and the sheer number of agencies that are involved in emergency response. As an example of this difficulty, David Boyd, the Homeland Security Department's director of interoperability, notes that it took only a month to implement technology for a communications project in San Diego, but two years were needed before all the various emergency agencies involved could come to an agreement and coordinate on the project.
(go to web site)

"Burr to Introduce Biodefense Bill"
Charlotte Observer (NC) (10/17/05) ; Christensen, Rob

Sen. Richard Burr (R-N.C.) plans to introduce the National Biodefense Act of 2005 this week, a bill that aims to ensure that the United States is prepared for a bird flu pandemic or bioterrorism attack. "This legislation will provide a comprehensive approach to combat deliberate, accidental, or natural outbreaks of infectious diseases," says Burr, the chairman of the Senate Subcommittee on Bioterrorism and Public Health Preparedness. Burr's legislation seeks the creation of a federal agency that would combat any outbreak, with the agency placed under the umbrella of the Department of Health and Human Services. The legislation would provide investment in the research and development of new vaccines and drugs and allow vaccines and drugs to be developed faster.
(go to web site)

"Anti-Terrorism Site Security"
Security Technology & Design (09/05) Vol. 15, No. 9, P. 86 ; Smith, Ron

The new headquarters of the Army's famous 101st Airborne Division at Fort Campbell, Ky., includes an emphasis on security that exceeds even the strict new anti-terrorism security standards of the U.S. Defense Department. These security measures do not detract from the facility's aesthetics, as the security features are blended with the campus' architecture and landscaping. The site has a number of perimeter security techniques that are not readily apparent: hidden bollards, natural barriers, setbacks, drainage layout, and well-positioned landscaping. Key to the site's security are the setbacks from parking areas and roadways, which create a physical distance that prevents car bombs or other potential vehicle-borne threats from getting too close to the building. The setback area is filled with mature deciduous trees and other barriers to prevent vehicles from penetrating the setback area. Rows of juniper hedgerow serve as a second line of defense, because concealed behind the hedgerows are concrete and steel bollards with stranded cable. Located along the site's walkways are another series of heavily reinforced bollards that mimic upscale lighting posts, disguising their true purpose. The entire site of the headquarters can also be surrounded with portable bollards.
(go to web site)

"At Microsoft, Interlopers Sound off on Security"
New York Times (10/17/05) P. C1 ; Markoff, John

Microsoft recently held its second Blue Hat conference, where a small group of independent security researchers are invited to the company's Redmond, Wash., headquarters to share details of their work exposing vulnerabilities in Microsoft's programs. The conference, held last week, comes after a year of intense focus on security that has signaled a clear shift in Microsoft's priorities. The hackers in attendance identified the manner in which Windows operating systems address peripherals, and its forthcoming Xbox 360, as specific targets for hackers. The Blue Hat gathering marks an about-face in the way Microsoft views the hacker community. The Blaster and Slammer worms fundamentally altered Microsoft's position toward security, as they began to compromise the company's stature in the eyes of customers. The white hat hacker community has taken notice of Microsoft's efforts to improve security, and has been largely receptive to the software giant's overtures, though many warn that security could be just entering a new era with the growing use of mobile devices. The widespread, scattershot attacks such as Blaster will also likely become a thing of the past, as profit is now the motive for more precise, targeted attacks, rather than Web-wide assaults designed solely to create chaos. Microsoft has been using a technique known as fuzzing in the development of its software, where tens of thousands of combinations are tested automatically in the search for flaws. According to company officials, Microsoft has significantly reduced the number of security bulletins it has issued in the last few years.
(go to web site)

"Dutchmen Hack Into 1.5 Million PCs"
SAPA-South African Press Association (10/21/05)

Three computer hackers from the Netherlands were arrested on Oct. 4 for allegedly hacking into 1.5 million computers across the globe and stealing PayPal customers' access codes. PayPal is the online payment system owned by Internet auction company eBay. The three hackers, ranging in age from 19 to 27, allegedly downloaded the Toxbot virus onto poorly secured PCs, allowing the hackers to remotely control the PCs. An unnamed U.S. company was targeted by the hackers, along with private individuals.
(go to web site)

"As Threats Evolve, Defenses Must Adapt"
eWeek (10/17/05) Vol. 22, No. 41, P. 20 ; Roberts, Paul F.

The effectiveness of anti-virus software is waning as hackers and other online miscreants craft new classes of malware that can work around traditional safeguards, forcing anti-virus experts into a race to develop better forms of protection. The hacking landscape has changed as teenagers seeking notoriety are replaced by professional criminals seeking financial gain; accompanying this trend is an increase in the frequency of exploits, which means anti-virus companies' window of opportunity for updating virus signatures before an attack is growing smaller. More and more malicious programs are using features taken from rootkit programs that can thwart anti-virus scanners by masking common malware identifiers, according to F-Secure's Kimmo Kasslin at the recent Virus Bulletin International Conference. Also attending was Symantec manager Kevin Hogan, who pointed to changes in malware dissemination techniques fueling exploits' transformation from global to local affairs. Although the sharing of malware samples between anti-virus companies is a longstanding tradition, companies are increasingly placing priority on malicious programs reported by customers and concentrating less on viruses sent by competitors, noted New Zealand virus researcher Nick FitzGerald; he warned that the anti-virus community could be fragmented in the face of increasingly specialized attacks. As the nature of cyber-threats changes, so too does the role of anti-virus technology in the enterprise, said Hogan. Gartner analyst John Pescatore illustrated this point with his observation that signature-based detection is still useful for shielding email and spotting malign programs at the edge of the network, but it has little value on the desktop. IDefense's Ken Dunham said anti-virus scanning will have to be integrated with data taken from threat analysis and vulnerability scans.
(go to web site)

Abstracts Copyright © 2005 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment