| | 
"Concrete Fence Rings Sydney CBD for APEC"
Daily Telegraph (AU) (08/02/07) ; McDougall, Bruce Australian authorities are ramping up their efforts to secure and protect Sydney's central business district (CBD), which is expected to be at the center of protests that will likely greet the international APEC meetings, to be held in Sydney in early September. Earlier this week, authorities in Sydney addressed representatives from about 100 corporations, including Coca-Cola, Starbucks, and McDonald's, during a two-hour briefing on the security plan for the APEC meetings. Authorities are concerned that businesses, banks, shopping malls, the Australian Stock Exchange, and other "soft targets" could be attacked by radical protesters who will be unable to get near President Bush and other world leaders. The heart of the security effort will be a temporary 2.8 meter-tall reinforced concrete cage fence that will prevent protesters from accessing parts of the CBD. The fence, which some have likened to the Berlin Wall, will be installed by construction cranes and will be situated along several streets in order to protect several businesses, including the Hotel Inter-Continental. During the security briefing, police showed business leaders a 12-minute video about anti-globalization protesters and security measures that can be used to thwart the protesters. In preparation for the protesters, Sydney authorities have purchased a $600,000 water cannon. Arrested protesters will be detained in some 30 buses that will function as mobile detention cells.
(go to web site) "Modern Bank Robbers Are Low-Key"
Associated Press (07/28/07) ; Mulvihill, Geoff An examination of U.S. bank robberies from 2003 to 2006 finds that roughly three of every five bank robbers used notes passed to tellers to convey their threats. FBI statistics show that only one in 20 bank robberies are violent, and during the roughly 6,000 to 7,000 robberies that occur per year, about 20 people are killed--usually the robbers. Half of all bank robbers threaten to use a weapon when robbing a bank, but only 25 percent actually brandish a gun. Bank robberies tend to be more violent in Los Angeles, where organized bank robbery gangs that conduct "take-over" robberies account for 20 percent of the city's robberies. The vast majority of banks now have security measures in place, including security cameras, security alarms, exploding dye packs, and "bait bills." But some banks stubbornly refuse to install so-called "bandit-barriers," which place bank tellers behind a protective sheath of bulletproof glass. The FBI says that the modern bank robber is much more like New Jersey's unassuming, middle-aged "Mad Hatter" than history's romanticized Bonnie and Clyde. The Mad Hatter, who earned his moniker by the hats he wore, robbed 18 banks and stole $60,000 over a period of more than one year. He never showed a weapon, and his average looks and quiet demeanor allowed him to slip in and out of banks with ease.
(go to web site) "Thieves Turn Simple Strip Into Cutting-Edge Tool"
USA Today (08/01/07) P. 8B ; Acohido, Byron; Swartz, Jon Thieves have discovered a way to alter the magnetic stripe on the back of bank cards using a "magstripe reader-writer." A 26 year-old man was arrested in Canada in possession of thumb drives and computer printouts of credit card account data stolen from hundreds of U.S. and Canadian consumers. He also had prepaid gift cards from Visa and MasterCard. By altering the magstripes of authentic bank gift cards, the suspect was able to bypass a riskier task of fabricating fake credit cards. The ploy mimics a Miami ring that used counterfeited credit cards to buy stacks of Wal-Mart gift cards. Ring members then used the gift cards to amass $1 million worth of big-ticket items from Sam's club, a Wal-Mart subsidiary. Like merchant gift cards, bank cards do not have embossed numerals or an individual's name on the card so no proof of identity is required to use them. Altering the magstripe on bank gift cards "is a way to convert small-value cards into big-value plastic," says information risk strategist John Pironti of Getronics. Visa, MasterCard, and American Express have been rolling out contactless payment cards that use technology significantly more difficult to compromise, yet magstripe payment cards are virtually ubiquitous and will probably reign in use for decades. Mimi Hart of MagTek says consumers use magstripe cards about 15 times per week.
(go to web site) "Two NBA Players Robbed"
Washington Post (07/30/07) ; Babwin, Don The security department of the National Basketball Association (NBA) is collaborating with Chicago law enforcement on an investigation into a pair of home invasions during which two prominent--and physically imposing--NBA players and their families were robbed at gunpoint. In both instances, the robbers disabled the players by binding them with duct tape, then robbed them of jewelry and cash. Both robberies took place in the Chicago area, prompting authorities to speculate that a group of robbers may be targeting NBA players in the Chicago area. "When something like this happens, I'm sure our security department tries to get the most up-to-date information to teams so they can tell players and staff, properly educate them," said NBA spokesman Tim Frank. The NBA Players Association intends to get in touch with every NBA player who lives in Chicago, educate them about the robberies, and answer any questions related to security. The most recent robbery occurred July 28, when New York Knicks forward Eddy Curry, who is 6-foot-11 and 285 pounds, was robbed. On July 10, Miami Heat forward Antoine Walker, who is nearly as big, was robbed.
(go to web site) "Information Security Governance Framework: 7 Key Questions for Audit Committees"
WebWire (07/23/07) Directors at financial firms are obligated to ensure their firms are in regulatory compliance with a swath of regulations like the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act and maintain corporate governance standards. An Information Security Governance Framework can help directors take a holistic approach to their fiduciary duties, reduce corporate identity theft, and increase consumer protection. Experts contend that if directors actively engage in identity theft and other white-collar crime reduction efforts, bottom lines will improve. To implement this framework, directors need to conduct analyses of situations that pose litigation and regulatory risks to the firm. Those analyses should highlight how those exposures affect bottom lines, capital holdings, and credit ratings. In relation to risk appetites, directors could then steer corporate strategy in a direction that identifies risks before losses are sustained and that develops effective mitigation procedures to ensure regulatory compliance.
(go to web site) "Securing Cell Phones"
Technology Review (08/01/07) ; Greene, Kate The recent hack of Apple's iPhone by researchers at a security company should serve as a warning to all mobile device manufacturers that there is a growing need for better mobile device security, experts say. Cell-phone viruses have existed for about a decade, buy many experts believe that threats to mobile devices could become far more significant and dangerous over the next few years because of mobile devices' growing computing power, popularity, and complexity. "I think a large part of this is that cell phones are becoming miniature computers," says University of California, Berkeley computer science professor David Wagner, "and as a consequence, they are starting to inherit some of the same problems that we face with PCs." While using available security tools such as anitivirus software is an option, cell phones have their own unique problems. Some security companies have introduced products for mobile phones, but these solutions have limited functionality to avoid draining the battery too much, says NEC's Anand Raghunathan. Problems associated with battery life and processing power can be avoided in some cases by running security software on the cell-phone carrier infrastructure, but Raghunathan believes the best solution for mobile device security is hardware-based security solutions, such as an extra processor and memory that are hardwired for specific tasks. Such a system would divide the phone into two environments, one the user has access to and includes the applications, while the other is designed to be impenetrable to viruses and malicious software that stores passwords and other critical information. If a virus were to be downloaded to a device with this system, it would be unable to access any information, and if the phone were lost or stolen the carrier could access the secure environment remotely and shut down the phone.
(go to web site) 
"With Minor Exceptions, System Worked"
Washington Post (08/03/07) P. A9 ; Lee, Christopher; Lewis, Paul Preparedness experts say that Wednesday's collapse of the Interstate 35W bridge in Minneapolis served as a measuring stick of the city's ability to respond to a natural disaster or terrorist attack. By all accounts, the response to the bridge collapse was a success, the only hitches being some communications disruptions and delays. Emergency responders in Minneapolis used the guiding principles of the federal National Incident Management System plan when they responded to the collapse. A spokesman for Minnesota's Homeland Security and Emergency Management division said the incident management system kept responders on the same page as they reacted to the disaster. Indeed, the response proceeded in an orderly fashion, with local police officers securing the scene of the collapse, the fire department managing efforts on the ground, and the sheriff's department overseeing operations in the Mississippi River. Some 75 federal, state, and local agencies participated in the response, and they communicated via one of the best emergency communications radio systems in the country. The radio system did experience some periodic jamming due to heavy use, forcing some responders to use cell phones as a backup. The cell phones also experienced some problems, due to the large volume of calls.
(go to web site) "Experts: Internal Locks on Classroom Doors Could Save Lives"
Dothan Eagle (07/30/07) ; Potter, Dena School security experts say that schools and colleges across the country can prevent another Columbine or Virginia Tech massacre with one simple step: equipping classroom doors with internal locks. Colorado, scene of the infamous Columbine High School massacre, is at the forefront of a movement to equip classroom doors with locks that lock from the inside, according to Vincent Wincelowicz, vice president of the Foundation for the Prevention of School Violence at Denver-based Wales University. Most schools, including Virginia Tech, have doors that lock from the outside, but Virginia Tech and schools in other states are considering implementing internal locks. During the Virginia Tech massacre this April, students in at least one classroom desperately struggled to block a classroom door with their bodies to prevent gunman Seung-Hui Cho from entering. Security experts say that, given the number of classroom doors on some college campuses, colleges should expect to shell out a hefty sum of money when installing internal locks. The cost could be about $200 per door, but the locks "add a layer of protection that a security camera that's being remotely monitored may not afford," says PublicSchoolSecurity.com CEO Robert Siciliano.
(go to web site) "Spies Watch Rise of Virtual Terrorists"
Australian (07/31/07) ; O'Brien, Natalie Terrorism is on the rise in the Web-based virtual reality game Second Life (SL), where players create characters known as avatars that interact with other avatars in a virtual world modeled on the real one. Real-life anti-terrorism experts are warning that these virtual terror groups could have implications in the real world, noting that the Sept. 11 hijackers used virtual plane simulators to practice their attacks. In fact, some Australian officials believe that some of the terrorist avatars in SL are actually controlled by real-life terrorists in Australia who are using the game to conduct terrorist dry-runs. "They are rehearsing their operations in Second Life because they don't have the opportunity to rehearse in the real world," says Rohan Gunaratna, author of Inside al-Qaeda. Terrorist avatars in SL can practice attacks against replicas of real-life targets using replicas of real-life weapons, experts say. SL and other games based on virtual environments, including World of Warcraft, also allow real-life terrorists to disseminate propaganda and attempt to recruit other players for real-life attacks. In SL, avatars can even transfer virtual money between each other, and this currency can then be translated into real-world money. An examination of SL shows that one virtual terrorist group, the Second Life Liberation Army, has been conducting atomic bombings of virtual stores, while other groups have crashed a helicopter into a Nissan building and bombed a Reebok store.
(go to web site) "Robotic Insect Takes Off for the First Time"
Technology Review (07/19/07) ; Ross, Rachel Harvard University researchers have created a life-size robotic fly that could one day be used as spies or to detect harmful chemicals. The robotic fly weighs only 60 grams, has a wingspan of three centimeters, and has its movements modeled after those of a real fly. The U.S. Defense Advanced Research Projects Agency is funding the research on the robotic fly, which still has a significant amount of work left to be done, in the hope that it will lead to stealth surveillance robots. Recreating a fly's efficient movements in a robot about the same size was difficult because existing manufacturing processes do not make the sturdy, lightweight parts necessary. The research team developed its own fabrication process, using laser micro-machining to cut thin sheet of carbon fiber and polymers into two-dimensional patters. After more than seven years of working and improving parts, the robotic fly finally flew this spring. The robot still needs significant work, as it is currently held on a tether that keeps it moving in a straight, upward direction. The researchers are working on a flight controller so the robot can fly as instructed. The fly is also currently connected to a external power source, so an onboard power source needs to be developed. Leader of the robotic fly project Robert Wood said a scaled-down lithium-polymer batter would provide less than five minutes of flight time. Tiny sensors and software routines need to be developed and integrated as well so the fly can detect dangerous conditions and be able to avoid flying into obstacles.
(go to web site) "Academics Seek UAVs That Think for Themselves"
Defense News (07/16/07) Vol. 22, No. 28, P. 42 ; Kington, Tom Researchers in Europe and Israel are working on creating unmanned aerial vehicles (UAVs) that use artificial intelligence to "think" independently without being controlled by humans on the ground. For example, researchers at the Technion Israel Institute of Technology are using "genetic algorithms" to develop UAVs that can communicate and coordinate with one another while in the air. Under this model, a group of three UAVs would be able to constantly track a suspicious or enemy vehicle driving through a city, even if the vehicle disappears behind a tall building. "Each UAV will know the city map, and if one calculates it is about to lose sight of the target, it will position another UAV to maintain sight while it is blocked," explains Technion researcher Tal Shima. Similarly, a team of researchers at U.K.-based Cranfield University is developing a system in which a UAV flying 500 feet above a town can spot suspicious vehicles or gunmen. When the UAV spots such a target, it commands a smaller UAV hovering at rooftop level to swoop closer to the suspicious target; the detailed information from the smaller UAV is then sent to an unmanned ground vehicle in the town below, which navigates its way to the target. The Israeli and U.K. teams of researchers will participate along with 21 other teams in the U.K. Ministry of Defense's 2008 Grand Challenge contest for autonomous, unmanned vehicles.
(go to web site) "Deconstructing Tragedy"
Claims (07/07) Vol. 55, No. 7, P. 17 ; Quinley, Kevin M. The April 16 shootings at Virginia Tech raised concerns about the ability of colleges and universities to effectively alert students about gunmen and other criminals on campus, as well as the facilities' abilities to protect students from harm. Virginia Tech officials failed to send emails to students regarding the presence of a shooter on campus until mid-morning--about two hours after the initial shootings--and critics have contended had law enforcement and students been warned earlier, some of the shootings may not have occurred. Risk management officials also raised concerns about the university's ability to identify potential threats and execute plans to protect the general student body and faculty from those threats. Virginia Tech officials were well aware of the April 16 shooter's antisocial and hostile behavior before the shootings, but the shooter was not expelled or suspended. Risk managers contend these students should be expelled or suspended until two independent psychological evaluations can be performed to determine the risks they pose to themselves and others. Critics note these steps would not guarantee that the student would not return to campus and commit crimes anyway. Meanwhile, experts indicate negligent security litigation claims are likely from the victims' families, while Virginia Tech could face reputational damages in terms of lower enrollments as a result of the shooting.
(go to web site) 
"Apps Security to Dominate Black Hat"
InfoWorld (07/31/07) ; Hines, Matt Organizers of the Black Hat Conference being held this week in Las Vegas are planning to shift the focus of the event away from Internet viruses and toward application security. The shift in focus is a result of the fact that malware attacks have morphed from generic Internet viruses into targeted attacks aimed at vulnerabilities in proprietary business IT systems. The changing threat convinced the conference's organizers to dedicate at least four scheduled sessions to Windows flaws and other Microsoft-based hacks on botnets, as well as "mass market threats" that are designed to take advantage of unsuspecting Web users. Meanwhile, breakout sessions at the conference will detail attacks that can be carried out on software applications. One of those presentations will be hosted by SPI Dynamics' Billy Hoffman and Bryan Sullivan. The two will present their findings on the common vulnerabilities found in applications based on AJAX. Hoffman and Sullivan plan to demonstrate commonly-found AJAX application design flaws that they say are the result of the use of substandard coding, including client-side XSL (Extensible Stylesheet Language) transformations, erratic server-side APIs (application programming interfaces), and methods by which data is unintentionally stored in the client-side code of a number of programs.
(go to web site) "Black Hat: How to Hack IPS Signatures"
Dark Reading (07/30/07) ; Higgins, Kelly Jackson Researchers from Errata Security have discovered that attackers can easily reverse-engineer the zero-day filters that intrusion prevention system vendors distribute and use them to leverage an attack. Errata CEO Robert Graham and CTO David Maynor demonstrated the finding at Black Hat USA by using TippingPoint's signatures, though Graham noted that it is possible to reverse-engineer any IPS vendor's zero-day signatures. Graham says TippingPoint's signatures were easy to decrypt because the company shipped the decryption key hidden within the signature update. After the decryption key is found and the signatures are decrypted, attackers then have the ability to do damage by using bugs that would not have otherwise been known about yet, Graham and Maynor demonstrated. In response to the finding, TippingPoint in late June temporarily removed its Zero Day Initiative signature updates for its IPSes. The company then added more secure storage and delivery to its software and released an update with those changes. TippingPoint also now allows its customers to choose to "opt in" to receive future ZDI filters.
(go to web site) "Prototype Software Tools Plugs Security Leaks"
LinuxElectrons (07/31/07) ; Tommy University of Illinois at Chicago computer security expert V.N. Venkatakrishnan says that despite assurances from Web browsers that online transactions are secure and will not be intercepted by a third party, often the information is accessible after it enters a merchant's or a bank's computer. Venkatakrishnan, an assistant professor of computer science and co-director of UIC's Center for Research and Instruction in Technologies for Electronic Security, is developing software that will help keep sensitive information private. Venkatakrishnan's software breaks up private, protected data entering programs written in C to separate it from the information that is open to public access. The tool automatically identifies the private and public information, and monitors the program and information flow, like a watchman monitoring two different areas. "Taken together, the public and private zones replace the original functionality of the program," Venkatakrishnan says. "It enables you to enforce different policies on these zones." A prototype of the system has been successfully tested on medium-scale software programs, and Venkatakrishnan received a two-year, $250,000 single-investigator grant from the National Science Foundation to develop a way to scale-up the tool for use on large-scale programs such as mail readers and Web browsers. Venkatakrishnan expects the tool to be tested and ready for public release within two years.
(go to web site) Abstracts Copyright © 2007 Information, Inc. Bethesda, MD |
No comments:
Post a Comment