| 
"Microsoft Lauds China Piracy Case"
Wall Street Journal (01/02/09) ; Kane, Yukari Iwatani A Chinese court has convicted 11 members of a counterfeiting syndicate that had been distributing high-quality fake versions of 19 Microsoft products in countries around the world According to the Redmond, Wash.-based company, the fake software--which included fraudulent versions of Windows XP, Windows Vista, and Office 2007--was distributed in at least 11 languages in 36 countries, including the U.S. Microsoft noted that the software was discovered in more than 300 different American cities. Microsoft praised the convictions of the 11 members of the syndicate, who will spend between a year-and-a-half to six-and-a-half years in prison for distributing the fake software. The company noted that the sentences were some of the harshest yet for individuals convicted of software piracy in China, a country which until now has been seen as being lenient with those who violate intellectual property rights. David Finn, the associate general counsel for world-wide antipiracy and anticounterfeiting at Microsoft, said he hoped the sentences were a sign that China and other countries would take a tough stand against software piracy. "I hope that this is an example of a continuation of increased international collaboration and commitment to protecting intellectual property," he said.
(go to web site) "Workplace Violence Is Most Worrisome Risk, Survey Reports"
Security Director News (12/30/08) ; Stelter, Leischen Security Director News' annual survey of security practitioners found that 49 percent were primarily concerned about the prospect of workplace violence in the coming year. Those concerns are well-founded, according to John Dowd, a senior account manager for Kratos Defense and Security Solutions. Dowd predicted workplace violence would spike in the U.S. over the next 12 to 18 months due to the slumping economy. He called on companies to take steps to protect themselves from this expected increase in workplace violence by training employees as to why they should implement security measures and conducting periodic background checks on all employees. Security Director News' survey also found that 27 percent of security practitioners were mainly worried about the prospect of intellectual property theft in 2009. Kevin Murray, the director of the technical counterespionage firm Murray Associates, said the theft of intellectual property should be a bigger concern for businesses than terrorism. Murray noted that companies need to be sure to educate their employees about intellectual property theft and train them about how they can protect the company from it.
(go to web site) "Wis. Officials Want More Nuclear Accident Training"
Chicago Tribune (12/29/08) ; Richmond, Todd Errors made during a practice drill at the Kewaunee nuclear power plant in Wisconsin last year have prompted calls for more rigorous nuclear accident training. Wisconsin Emergency Management officials say additional training is needed to address mistakes volunteer field teams made during last year's exercise, which included the teams failing to realize they had been exposed to too much radiation, relaying wrong information to the public, and inaccurate radiation readings. Bill Clare, planning section supervisor at Wisconsin Emergency Management, says the state needs $800,000 in funding to ensure nuclear disaster readiness. "We have to be able to provide a reasonable assurance we can protect the public," Clare says.
(go to web site) "Private Investigators Offer Tips on Thwarting Employee Theft"
MaineBiz (12/29/08) ; Rooks, Douglas Employee theft poses a major problem for both large and small businesses, as theft is expected to rise due to the struggling economy. The U.S. Chamber of Commerce estimates that as many as 75 percent of employees would steal from their employer given the opportunity. Employee theft can be especially damaging to small businesses with fewer reserves, with employee theft playing a role in 33 percent of all business bankruptcies. In order to minimize the risk of employee theft, businesses need to implement systems that discourage fraud and theft. Private investigators recommends that businesses conduct background checks of potential employees, especially those who are being considered for a position that involves handling money. Prospective employees should also fill out job applications, which can highlight gaps in employment better than a resume. Low-cost video surveillance cameras are also useful in deterring employee theft and identifying which employees are stealing from the business. All thefts should be reported to the authorities in order to create a pattern of theft that can be vital in winning a criminal case. Employers should implement a zero tolerance policy for any form of theft, including the theft of office supplies. Experts suggest that businesses review the policy with employees at least once a year and hire an independent party to conduct regular audits of the company's financial records.
(go to web site) "Security Trends for 2009"
Processor.com (12/26/08) ; MacKinnon, Chris A. There are several predicted security issues and trends for 2009 that could impact data centers. Cloakware chief technologist Robert Grapes states he regards compliance as a main driver for changes in the data center, particularly due to present economic problems. Meanwhile, TELUS Security Solutions national practice manager for governance, risk, and compliance Rafael Etges concurs that compliance will be of utmost importance in 2009, noting that "Compliance-driven technologies are expected to be deployed in large scale for obvious reasons, the most evident being encryption in communications and data storage." He adds that changes in the regulatory arena and risk trends will be affected as well by the economic downturn that will "severely impact 2009 strategic plans. The main question in 2009" is "will be 'Are we secure enough?', and finding the best spot between over-investing and under-investing while considering the risk appetite and unique culture of each organization." TriGeo Network Security CTO Michael Maloof notes the security-based technologies, standards, and general protocols that he expects to have the largest impact in 2009 include active response and automated remediation technologies. Grapes adds that data center and information technology should be proactively working with audit teams and dealing with compliance issues directly, instead of waiting for deadlines to draw near and depending on audit exceptions. Maloof cautions however, that IT managers should also concentrate on security and corporate continuity, and not just on compliance.
(go to web site) 
"Israel Discusses Cease-Fire Amid New Attacks on Hamas"
Wall Street Journal (01/02/09) P. A1 ; Coker, Margaret; Solomon, Jay; Mitnick, Joshua Bombing in the Hamas-controlled Gaza Strip continued on Jan. 1 as Israel discussed with Washington the possibility of a cease-fire and the establishment of an international monitoring system to prevent the rearmament of Hamas. The monitoring could make the security situation more palatable from Israel's point of view while also giving its leaders a way out of the quagmire as well as a victory amid approaching elections, without having to exacerbate the conflict. However, competing groups in the Israeli government have indicated their support for different negotiation strategies over a possible suspension of hostilities. The staff of Israel's Defense Minister Ehud Barak suggested a 48-hour cease-fire brokered by the French, but Israeli Prime Minister Ehud Olmert and Foreign Minister Tzipi Livni rejected the proposal. Livni stated on Jan. 1 that a temporary surcease of fighting to permit the shipment of humanitarian supplies to the Strip would be detrimental to Israel, denying the existence of any humanitarian crisis in the region. Israel's demand for a monitoring force in Gaza stems from the Prime Minister's desire for assurances that Hamas will be unable to rebuild its military might with the help of countries unfriendly to Israel once the current conflict has ended. Officials briefed on the negotiations say Israel would prefer that oversight of the monitoring system be led by the United States, the United Nations, the European Union, and Russia--the "Quartet" of Middle East peace brokers.
(go to web site) "Israeli Offensive Enters Seventh Day"
Associated Press (01/02/09) Israel's air raids on the Gaza Strip continued on Friday as jets attacked roughly 20 houses belonging to Hamas militants and members of other armed groups. The homes were targeted because they were being used to store missiles and other types of weapons, according to Israeli defense officials. In addition, Israeli jets dropped bombs on a mosque that was a Hamas stronghold and was used to store weapons. The latest attacks come one day after Israel destroyed the home of Nizar Rayan, a professor of Islamic law and one of Hamas' top five decision makers. The bombing killed a total of 20 people, including Rayan, his four wives, and his 10 children. Meanwhile, Israel began taking other steps to stop the Hamas rocket attacks, which were the cause of the air raids on the Gaza Strip. Israeli jets dropped leaflets east of Gaza containing a confidential phone number and e-mail address that Palestinians could use to report the locations of Hamas rocket squads. However, residents simply ignored the leaflets. The adoption of the new tactic came amid continued Hamas rocket attacks on Israel. The latest attacks on Friday struck apartment buildings in the southern Israeli city of Ashkelon early Friday. No injuries were reported.
(go to web site) "U.S. Hands Over Control of Green Zone to Iraq"
Associated Press (01/02/09) A number of the provisions of the new security agreement between Iraq and the United States took effect on New Years Day, including one that transferred control of the Green Zone in Baghdad to Iraqi authorities. The four-square mile area, which is home to the U.S. embassy, will continue to be heavily guarded. However, the U.S. troops stationed at checkpoints in the Green Zone will now serve as trainers instead of leaders. Meanwhile, Iraqi authorities now have a say over international troops stationed in the country. Under the security agreement between Washington and Baghdad, U.S. troops will remain under U.S. command but will have to have their operations authorized by a joint committee. Some fear that insurgent attacks on U.S. troops could increase now that the American military will no longer be able to take unilateral action. The implementation of the security agreement on Jan. 1 came on the heels of a year in which violence in Iraq declined. There were an average of 10 attacks a day in 2008, down from 180 a day in 2007.
(go to web site) "Pakistan's Probe Finds Local Links To Attacks On Mumbai"
Wall Street Journal (12/31/08) ; Hussain, Zahid; Rosenberg, Matthew Pakistan's investigation of last month's terror assaults in Mumbai, India, has started to reveal important links between the 10 gunmen and an Islamic militant organization that its formidable spy agency spent many years supporting, according to individuals who have knowledge about the situation. One or more leaders of the militant entity Lashkar-e-Taiba, or "Army of the Pure," captured during a raid earlier in December in Pakistani-held Kashmir, has acknowledged the organization's role in the attack as India and the United States have contended. In addition, Pakistani security officials claim a leading Lashkar commander, Zarar Shah, has acknowledged his role in the Mumbai attacks. Meanwhile, Shah has apparently informed Pakistani interrogators that he was one of the main planners of the attacks, and that he spoke with the terrorists during the event to offer them advice and keep them focused. Shah has also supposedly named other Lashkar members, and had verified the story told by the single captured gunman to Indian investigators--that the 10 assailants were instructed in Pakistan's section of Kashmir and then traveled by boat from Karachi to Mumbai. Shah said the attackers spent a minimum of a few weeks in Karachi, an Arabian Sea port, learning about urban combat to develop skills they would employ in their assault. The findings of the investigation could increase worldwide pressure on Pakistan to recognize that the attacks, which killed 171 people in India, began inside its borders and to prosecute or extradite the responsible individuals. This could in turn create challenging and possibly detrimental issues for the nation's new civilian government, its military, and the spy group Inter-Services Intelligence, which is performing interrogations on militants it formerly sought as partners.
(go to web site) "Tensions Rise as Pakistan Moves to Redeploy Troops"
Wall Street Journal (12/29/08) ; Hussain, Zahid; Rosenberg, Matthew Pakistan announced the redeployment of an unknown number of troops from the northwest section of the country, where they were taking part in the fight against Islamic militants. Although Pakistani military officials would not officially say where the troops are being moved to, it is believed they will be moved to the country's eastern border with India as a defensive measure. Although officials described the redeployment as modest and said it will not affect Pakistan's fight against the Taliban and al-Qaida, the move could increase tension with India. Experts believe that the redeployment of troops is intended to deter India from making any sort of retaliatory strike against the Pakistani militants behind the recent terrorist attacks in Mumbai. Pakistani President Asif Ali Zardari recently said that he is committed to the fight against terrorism and is not interested in a conflict with India.
(go to web site) 
"Researchers Hack Internet Security Infrastructure"
Washington Post (12/30/08) ; Krebs, Brian A team of computer security researchers from the United States, Netherlands, and Switzerland announced the discovery of a weakness in the Internet infrastructure that could allow hackers to intercept the secure information of consumers who visit bank and e-commerce Web sites. The researchers found a way to assume the digital identity and authority assigned to RapidSSL, a company that aids Internet users in identifying legitimate Web sites. RapidSSL is one of a number of companies that Internet browser creators trust to issue security credentials for a number of secure Web sites. These security certificates combine with secure sockets layer technology to ensure that information transmitted between the Web site and the visiting Web browser cannot be read by an outside party. RapidSSL and some other certificate authorities still use the MD5 cryptographic method to sign their certificates. This method can be exploited by networking together a large number of number-crunching machines, such as the PlayStation 3 gaming console. If a hacker was to obtain these credentials, they would have the ability to seize control of a large network and intercept the requests of Internet users. Verisign, which recently acquired Rapid SSL's parent firm, said that it expects to complete a shift from the MD5 method to more secure signing algorithms by January 2009.
(go to web site) "Security Wonks Find Gaping Hole in Trusted Site System"
TechNewsWorld (12/30/08) ; Haskins, Walaika An international group of independent security researchers has found a flaw in the Secure Sockets Layer (SSL) technology used by financial institutions, online merchants, and e-commerce sites to maintain the security of their transactions. The group says cybercriminals could exploit this flaw to generate bogus digital certificates, which would then be accepted and trusted by many widely used Internet browsers, enabling the hackers to launch phishing attacks that are virtually undetectable. Digital certificates allow browsers to confirm their signatures using standard cryptographic algorithms, but researchers learned that one such algorithm, MD5, can be used to make counterfeit certificates, rendering a critical part of the Internet's infrastructure unsafe. Gartner analyst Avivah Litan says this vulnerability has been known about for four years, and consumers should be aware that no site is truly trustworthy. She adds that criminals have successfully launched phishing attacks without the certificates. "They don't really need it, and they just keep making more methods that allow them to pose as a legitimate site," Litan says. "[Forging SSL certificates] is a lot of work for very little reward. But it's still not good news that the Internet's security structure is flawed."
(go to web site) "On Botnets, Encryption and Mega-Worms: Security Predictions for 2009"
Network World (12/30/08) ; Antonopoulos, Andreas M. Network World's Andreas M. Antonopoulos has made several predictions about what will take place in information security in 2009. Among his predictions is that host-based security will become the focus of IT security professionals during 2009, due to the upcoming release of Microsoft's Windows 7 and the continued interest in Mac OS and Linux as alternative desktops. Antonopoulos also predicts that there will be more mobile security issues in 2009 due to the growth of the Android and iPhone platforms. In fact, he says 2009 could be the first year in which there is a widespread security scare on a mobile platform. However, IT security professionals could find it increasingly difficult to get funding for security projects despite the growing threat to mobile platforms. There also will be a number of positive trends in IT security in 2009. For example, at-rest encryption of hard drives on all desktop systems will become the norm, and there will be no new, high-profile, fast-spreading mega-worms in 2009, he predicts. Nevertheless, Antonopoulos expects that malware will become increasingly stealthy and will spread further than ever before in 2009.
(go to web site) "Small Laptops Pose a Big Security Threat"
Computerworld (12/22/08) Vol. 42, No. 50, P. 27 ; Edwards, John Ultraportable computers have become one of the hottest mobile computing trends over the past year, but they also can be a security nightmare. Since ultraportables come equipped with limited processing power, internal memory, and storage space, they are unable to run the latest operating systems, which usually have the latest internal security safeguards. In addition, it can be difficult if not impossible to equip ultraportables with security software. Ultraportables also are very easy to lose since they are so small. Although the use of ultraportables can create security risks, organizations can mitigate these risks by extending and expanding existing laptop security practices. For example, organizations should require employees who use ultraportables to store sensitive data on a secure flash drive so that the data is not lost if the computer is lost or stolen. In addition, any data should be accessed from a secure remote repository in order to protect enterprise systems from infections.
(go to web site) "Report Finds Cybercriminals Winning in Losing Economy"
Access Control & Security Systems (12/22/08) As businesses and retailers focus on the gloomy economy, cybercriminals are taking advantage of lax oversight of network and Internet traffic, according to a new report from McAfee. McAfee Avert Labs' Dave Marcus says criminals are capitalizing on the fears of consumers, who are looking online for better prices and are increasingly duped by sham sites and get rich quick deals. One scam involves an advertisement for "international sales representatives." Respondents are unwittingly used as decoys for authorities, who have a difficult time tracking cybercriminal profits when multiple parties are involved. "They are ultimately lured into what they think is like an Internet sales marketer or an Internet sales manager position," says Marcus, who refers to the victims as "cybermules." Unfortunately, consumers should not expect much help from authorities who are busy focusing on economic problems, he adds. The McAfee report predicts that 2009 will bring more cybercrime incidents originating from Brazil, Russia, and China in particular.
(go to web site) Abstracts Copyright © 2009 Information, Inc. Bethesda, MD | 
No comments:
Post a Comment