| Deadly Labor Wars Hinder India's Rise Wall Street Journal (11/24/09) P. A16; Wonacott, Peter Labor disputes in India are taking a violent turn as managers attempt to cut costs and remove defiant workers and unions try to prevent them. At the same time, workers are demanding a share of India's recent prosperity, their passions raised by labor leaders who want to add members and increase their influence, companies say. Many workers and companies agree that India's decades-old labor codes are in need of an overhaul, an issue that has been contributing to the current tensions. Strikes at India's manufacturing and service companies rose 48 percent in 2008 from the year before, and this year has seen more strikes and other labor actions that range from sit-ins to physical violence. In September, irate workers entered the office of Roy George, human-resources boss for Pricol Ltd., and beat him to death with iron rods. Security video cameras were intentionally disabled, though another had recorded several workers fleeing the building. Police have arrested 50 union members in connection with the death, with 20 still detained, although charges have not yet been filed. Shady Shoppers Beware Wall Street Journal (11/24/09) Maltby, Emily Merchants are taking a number of steps to fight back against so-called "friendly fraud" schemes, which can include dishonestly disputing a charge made to a credit card or taking advantage of a retailer's return policies. The Bountiful, Utah, auto accessories store Sun Tints, for example, has begun using a site called BadCustomer.com, which alerts merchants when a credit card has had a chargeback at their store or at a nearby retailer. Merchants can then choose to deny the card. Jamon Robinson, the president of Sun Tints Inc., says the service could save his business 20 chargebacks on items costing anywhere from $100 to $1,000 during the upcoming holiday season. Meanwhile, the Estes Park, Colo., clothing store Indigo has implemented stricter return policies in order to prevent "serial return artists" from buying clothes, wearing and washing them, and trying to return the items for cash refunds. The shop's owner, Sandra Petrie, says Indigo will now only accept returns in exchange for store credit within two weeks of the purchase, and all tags must still be attached to the items. Signature Makes Cards 'Less Secure' ZDNet Asia (11/23/09) Kwang, Kevin Countries around the world are increasingly moving away from using signature-based credit cards and toward using more secure alternatives. Since the United Kingdom began using chip-based cards in 2005, it has seen a 24 percent decline in counterfeit cards and fraud from lost and stolen cards. France also has adopted chip-based cards. In Asia, Singapore is planning to move away from signature-based cards to Dynamic Data Authentication chip cards, which have a latent PIN function that can be activated when needed. Singapore also is planning to use dynamic authentication for card-not-present transactions, which will include transaction alerts, customer activation of new or replacement cards, and more rigorous detection and prevention of fraudulent transactions. Finally, Visa Australia has decided to stop using signature-based cards and will start using chip-and-PIN systems by 2013. The move is part of a seven-point security initiative that also aims to improve the security of online transactions, says Chris Clark, Visa's general manager for Australia and New Zealand. Marine Insurers to Face Rising Tide of Pirates, Theft, and Trade Restraint BestWire (11/19/09) Hemenway, Chad At a recent meeting of the American Institute of Marine Underwriters in New York, Chair Dennis Marvin indicated that increases in piracy, cargo theft, and trade protection practices are some of the most significant issues facing the marine insurance sector. Moreover, the costs of kidnap and ransom insurance premiums are expected to increase significantly, particularly for ships and crews traveling the Gulf of Aden. The gulf has been the target of piracy, and insurance premiums already have increased tenfold since October 2008. About 200 hostages are still being held by pirates currently, and pirates have garnered about $3.3 million in ransom. Marvin cautioned, "The idea that insurance coverage may act as an incentive for a shipowner to pay ransom is the cause of some controversy. There are also those that believe the payment of ransom to pirates violates the principle of not negotiating with terrorists." Marine insurers continue to support free trade, and with the rise in protectionist trade measures, carriers and their trade groups have a long road ahead to ensure free trade continues to exist. 'Fingerprinting' RFID Tags: Researchers Develop Anti-Counterfeiting Technology University of Arkansas (11/19/09) McGowan, Matt University of Arkansas researchers have developed a new method for preventing the cloning of passive radio frequency identification (RFID) tags. The method prevents the production of counterfeit tags by focusing on one or more unique physical attributes of individual tags, instead of the information stored on the tags. "It is easy to clone an RFID tag by copying the contents of its memory and applying them to a new, counterfeit tag, which can then be attached to a counterfeit product--or person, in the case of these new e-passports," says Arkansas professor Dale R. Thompson. "What we've developed is an electronic fingerprinting system to prevent this from happening." The researchers determined that all RFID tags have a unique fingerprint due to variances in radio frequency and manufacturing. By using an algorithm that repeatedly sent reader-to-tag signals, the researchers found that radio frequencies in RFID tags ranged from 903 MHz to 927 MHz, and increased in increments of 2.4 megahertz. The measurements showed that each tag had a unique minimum power response at multiple radio frequencies, and that power responses were significantly different even in same-model tags. Thompson says the different minimal responses are just one of several unique physical characteristics that enabled them to create an electronic fingerprint to identify tags with a high probability of detecting counterfeit tags. Probe in Fort Hood Intensifies Wall Street Journal (11/25/09) P. A2; Gold, Russell The Pentagon is continuing to investigate whether military officials could have done more to prevent the Nov. 5 shootings at Fort Hood, Texas, which claimed the lives of 13 people. That investigation intensified on Tuesday when the two former officials who are leading the probe arrived in Fort Hood. Among the officials leading the investigation is former Army Secretary Togo West, who said Tuesday that the probe will examine policies and procedures dealing with service members that could pose a threat to their colleagues. The investigation will also look at whether suspected shooter Maj. Nidal Malik Hasan, an Army psychiatrist, was a potential threat and whether the care he provided to his patients was acceptable. Those who worked with Hasan in the past said he expressed fervent Islamic beliefs and that he was deeply opposed to the wars in Iraq and Afghanistan. Others have said that his work as an Army psychiatrist was sub par. Hasan Wire Transfers Not Terror-Related United Press International (11/24/09) A federal law enforcement official speaking on condition of anonymity told The Dallas Morning News on Tuesday that the wire transfers made by suspected Fort Hood shooter Maj. Nidal Malik Hasan to Pakistan in the months leading up to the shooting rampage were not related to terrorism. The official also noted that the transfers were unrelated to the Nov. 5 shooting at Fort Hood. The transfers initially attracted the attention of investigators because Hasan has no family in Pakistan. Hasan's lawyer, John Galligan, said it was likely that his client made the transfers to Muslim charities. Toll Rising in Philippines Massacre New York Times (11/25/09) Conde, Carlos Philippine authorities report the death toll in election violence on November 23 has increased to 57, as 11 more bodies were recovered. The bodies were dug out from a shallow pit near a grassy hilltop where police officers and troops had found 46 others after Monday's attack, with the victims including the family of a gubernatorial candidate and 18 Filipino journalists who accompanied his relatives in filing his election papers. President Gloria Macapagal Arroyo has declared a state of emergency in the contiguous provinces of Maguindanao and Sultan Kudarat and in the city of Cotabato on the southern island of Mindanao. The measure gives the police and army the authority to apprehend and detain those who carried out the slaughter. The southern Philippines has been plagued for years by secessionist and Islamist insurgencies. The United States sends $1.6 billion annually in military and economic aid to the Philippines, with much of it aimed at a shadowy Islamist group, Abu Sayyaf, which has ties to Al Qaeda. The authorities say that this week's election violence had nothing to do with those groups, but that it is rooted in rivalries among local clans that the government has empowered as a way of combating the insurgents. One clan, the Ampatuans, is considered the closest political ally of Arroyo in that part of the southern Philippines. Govt. Report: Air Cargo Still Vulnerable to Terrorists USA Today (11/24/09) Frank, Thomas A report from Homeland Security Inspector General Richard Skinner has found that the Transportation Security Administration is not doing enough to ensure the security of boxed cargo in passenger planes. According to the report, which was released Nov. 25, investigators were able to make their way into supposedly secure warehouses where cargo is stored before it is put on airplanes and move around unchallenged. In addition, the report found that some workers who handled the cargo at those warehouses had not undergone the required background checks or training. The report concluded that TSA--which is charged with overseeing the freight handlers and manufacturers who pack and transport cargo and ensure that it is secure--has failed to be effective in making airlines and freight-handling companies comply with cargo security rules. Skinner also noted that TSA does not have enough personnel to meet a congressional mandate to improve security on the millions of pounds of cargo that is transported in passenger planes every day. For its part, the TSA acknowledged that there are problems with cargo security that need to be addressed, and that it will follow the recommendations included in Skinner's report. Terrorism Trial May Point Way for 9/11 Cases New York Times (11/23/09) Weiser, Benjamin The trial of Ahmed Khalfan Ghailani in federal court in Manhattan is expected to set precedent for the trials of the Sept. 11 terrorists. Ghailani, who is accused of aiding the bombing of the American Embassies in Kenya and Tanzania in 1998, has been in detention in Guantanamo Bay as well as other secret CIA facilities since his capture in Pakistan in 2004. During that time, Ghailani's lawyers say he was confined in harsh conditions, abused during interrogation, and denied a lawyer. Ghailani has filed a number of motions that could have bearing on the trials of the 9/11 hijackers. He has argued unsuccessfully to keep the military lawyers who represented him at Guantanamo and to have his case thrown out on the basis that his constitutional rights had been violated by the trial's long delay. However, his lawyers were successful in their request to have prosecutors preserve evidence from the secret CIA facilities where Ghailani was reportedly held. In order to honor court rules of discovery, Ghailani's lawyers will be provided with classified information regarding Ghailani's time in detention. To ensure the security of this information; Judge Lewis A. Kaplan, who may also preside over the trials of the 9/11 suspects, has issued a protective order that allows the defense to review the documents only at an unnamed secure location. The defense lawyers, who had to obtain security clearance, cannot disclose that information to Ghailani without permission of the court or the government. Any motions they write based on that material must be prepared in the secure location and may not be filed publicly without government permission. In addition to these guidelines, David Raskin, chief of the terrorism unit in the United States attorney's office in Manhattan said that he would not introduce into evidence statements that Ghailani made while he was detained, an approach that could be indicative of the prosecution's strategy for the trial of Khalid Shaikh Mohammed and the other 9/11 suspects. Feds to Sharpen Cybersecurity Job Policies InformationWeek (11/24/09) Hoover, J. Nicholas Office of Personnel Management (OPM) Director John Berry recently sent a memo to federal human resources directors that outlines plans aimed at ensuring that the federal government has an adequate cybersecurity workforce. Under the plan, federal agencies will develop policies and guidance on job classification, performance management, and workforce education and development. In addition, federal HR directors will send OPM information about the job descriptions of cybersecurity positions, as well as information about vacancies, accreditation, training, performance management, governance frameworks, and any challenges they face. It remains unclear when final policies will be released, though OPM is planning to organize the models around three different types of cybersecurity professionals: IT operations, law enforcement, and specialized operations such as classified work on "collection, exploitation, and response." Berry's memo comes in the wake of the release of a report earlier this month that raised questions about the competency of cybersecurity professionals at the Department of Interior. That report found that only 13.5 percent of cybersecurity pros at the Department of Interior had relevant and complete self certifications. The Department of Interior only requires its cybersecurity staff members to complete self-certified training. Third iPhone Worm Targets Jailbroken iPhones PC World (11/23/09) A third worm that targets jailbroken versions of Apple's iPhone has been discovered. This latest worm replaces the phone's copy of the SSH remote login software, changes the root password, skims the SMS database, connects with the Lithuania-based cybercriminals who created it, and begins running an application that searches for other jailbroken phones on local area networks and on the IP addresses of a number of Internet service providers. In addition, the worm is capable of changing the routing information on the phone so that customers of one Netherlands-based bank are redirected to a fraudulent Web site when they try to access their accounts online. The Web site asks users for their log in information, and sends that data to the worm's creators. The worm is also able to download other files over the network that can allow it to attack the phone in other ways. The worm does not affect iPhones that have not been jailbroken. IPhone users who have jailbroken their phones are being urged to change their root passwords in order to protect themselves. New Attack Fells Internet Explorer IDG News Service (11/22/09) McMillan, Robert An attacker has released pernicious code that could be manipulated to hack into a PC carrying older versions of Microsoft's Internet Explorer. An unidentified hacker posted the code on Nov. 20 to the Bugtraq mailing list. Security vendor Symantec says the code does not always run properly, but it could be used as a vehicle for putting unauthorized platforms on a victim's machine. "Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7," the vendor wrote on its Web site Nov. 21. "We expect that a fully-functional reliable exploit will be available in the near future." The vulnerability lies in the way the browser takes hold of certain Cascading Style Sheet objects that are used to create standardized Web site layouts. For an attack to be successful, the hacker would have to divert a user to a Web site loaded with malicious JavaScript code, Symantec notes. Tech Insight: 3 Factors to Assess Before Doing Your Own Penetration Testing Dark Reading (11/20/09) Sawyer, John Enterprises are gradually realizing how a quality, in-depth penetration test can enhance their security efforts and find vulnerabilities before hackers do, with the additional benefit of adhering to PCI Data Security Standard requirement 11.3. Choosing whether to penetration test in-house or work with a contractor is a decision to be made carefully considering it can cost between $5,000 and $50,000, depending on the size of the institution, scope, and reputation of the outside vendor. The investment in human resources, staff education, and software must be examined against the possible savings from paying big money for an outsourced pen test. Human resources is the first and most conspicuous cost. If there are personnel already present in the organization with the expertise and experience to carry out an in-depth penetration test, the next step is to decide whether they can perform the test on top of their existing responsibilities. Training the tester—or, in best cases, the testing team—is the next budgetary consideration. The third and final expense is for testing software, which varies widely between such free platforms and sophisticated commercial products. Once the question has been answered as to whether in-house testing is financially feasible, the team must still ask whether it can distance itself enough from the organization to perform a test that is objective. Cyberattacks on U.S. Military Jump Sharply in 2009 IDG News Service (11/19/09) McMillan, Robert The U.S.-China Economic and Security Review Commission has found that there were 43,785 cyberattacks on Pentagon systems during the first half of 2009, compared with 54,640 during all of last year. If that pace is maintained, the number of cyberattacks this year will be 60 percent higher than they were in 2008. The increase in the number of cyberattacks, which cost the military $100 million between September 2008 and last March, is the result of a number of factors, including an increase in the number of cyberattacks originating from China, the commission notes. However, the decentralized nature of the Internet makes it difficult to tell whether the attacks are being generated in China or are just using Chinese servers as stepping stones. Cyberattacks also appear to be coming from North Korea and the Middle East, says Chris Poulin at Q1 Labs. Poulin says the increase in the number of cyberattacks also is due to the fact that the U.S. military is more capable of identifying cyberthreats than it used to be. Abstracts Copyright © 2009 Information, Inc. Bethesda, MD |
No comments:
Post a Comment