Friday, January 29, 2010

Security Management Weekly - January 29, 2010

header

  Learn more! ->   sm professional  

January 29, 2010
 
 
Corporate Security

Sponsored By:
  1. "Security Scare at Australian Open as Fan Invades Centre Court"
  2. "Gun Bills Pass House Despite Antics, Argument for Safety at Workplace" Indiana
  3. "PCI QSAs, Certifications to Get New Scrutiny" Payment Card Industry Qualified Security Assessor
  4. "New Zealand Opts for Private Security at World Cup"
  5. "Suicides Inside France Telecom Prompting Sarkozy Stress Testing"
Homeland Security

  1. "New York Politicians Call for 9/11 Trial to be Moved"
  2. "Taliban Say No Decision Yet on Karzai Offer of Talks"
  3. "U.S. Still Unprepared for Major Biological Terrorist Attack, Report Says"
  4. "Christmas Bombing Try Is Hailed by Bin Laden"
  5. "U.S.-bound Fliers Required to Register"
Cyber Security

  1. "In Digital Combat, U.S. Finds No Easy Deterrent"
  2. "Attacks on Google Hit Friends of Employees"
  3. "US Urges Shared Cyberattack Defence"
  4. "To Beat Spam, Turn Its Own Weapons Against It"
  5. "80 Percent of Government Web Sites Miss DNS Security Deadline"

   

 
 
 

 


Security Scare at Australian Open as Fan Invades Centre Court
Herald Sun (Australia) (01/29/10) Harris, Amelia; Barry, Evonne

A 22-year-old Australian man is in custody after running on to center court during the Australian Open on Thursday night. Police say the man jumped over a perimeter fence onto center court after the end of the match between Andy Murray and Marin Cilic. The man then wove in and out between Murray and Cilic as they went to shake hands with the umpire. Security officials at the Rod Laver Arena then took the man into custody. According to Sen-Constable Wayne Wilson, the man said that he jumped the perimeter fence because he wanted to congratulate Cilic. The players' safety was never threatened. Nevertheless, the man will be charged with disrupting proceedings and unauthorized entry to the arena. This is not the first incident to take place at this year's Australian Open. During the first day of the tournament, a group of men intimidated other fans by setting off flares. The men also spit on and slapped a photographer for the Herald Sun.


Gun Bills Pass House Despite Antics, Argument for Safety at Workplace
Evansville Courier & Press (IN) (01/27/10) Coffin, Katie

The Indiana House officially passed a bill on Jan. 25 that would prevent employers from telling workers that they cannot bring their guns to work, provided they are left in the employees' locked cars. The bill would also prevent law enforcement from confiscating guns in an emergency, such as what happened in New Orleans during Hurricane Katrina. A similar bill already passed the Indiana Senate several days earlier. A second firearm bill, designed to keep the identities of those who apply for gun permits confidential, also passed the House.


PCI QSAs, Certifications to Get New Scrutiny
SearchSecurity.com (01/26/10) Westervelt, Robert

The PCI Security Standards Council (SSC) has boosted funding for its qualified security assessor (QSA) oversight program and currently has a five-person team reviewing PCI assessments for inconsistencies. The council announced its QSA remediation program two years ago to address grievances from merchants. More than 12 certified assessment firms have been placed in remediation since then. The assessment review process also depends on retailers' feedback to spur a review of an assessment company, and the quality of on-site evaluations may become even more crucial if on-site assessments are forced on Level 2 merchants. "I think we're doing what we set out to do and that is to improve the assessment process and make the payment process more secure," says PCI SSC general manager Bob Russo. "I've heard merchants saying that there's a major difference between two years ago and now." Starting in June 2011, MasterCard will mandate that merchants performing a self-assessment questionnaire have personnel attend PCI DSS merchant training programs and complete a PCI SSC accreditation program.


New Zealand Opts for Private Security at World Cup
Associated Press (01/26/10)

New Zealand Football has decided to hire a South African contractor to provide security for its players during this year's World Cup soccer tournament in South Africa. According to Michael Glading, the chief executive of New Zealand Football, the contractor will serve as a liaison between the team and the security provided by Federation Internationale de Football Association (FIFA). In addition to hiring the contractor, the New Zealand soccer team may also use several police officers to protect players, officials, and their families during the World Cup. Other countries, including Italy, Germany, and Australia, have also said they plan to use extra security in addition to the security FIFA will provide during the tournament.


Suicides Inside France Telecom Prompting Sarkozy Stress Testing
Business Week (01/25/10) Tomlinson, Richard; Viscusi, Gregory

Since January 2008, 34 employees of France Telecom SA committed suicide, reportedly due to work-related stress. This rash of suicides has prompted the French Labor Ministry to order France Telecom's CEO Didier Lombard to meet with unions to find ways to reduce workplace stress and to detect employees that could potentially pose a risk to themselves or others. France Telecom, however, is not the only French company troubled by workplace suicides. Between late 2006 and early 2007, three employees killed themselves at Renault SA, while there were 12 suicides that reportedly stemmed from workplace stress at French banks in 2008. Experts say the rash of suicides can likely be attributed to a combination of French workplace culture and human resources practices. For example, two-thirds of France Telecom's 103,000 employees cannot be fired because they're classified as civil servants. The company used to be able to avoid firing by relying on voluntary departures and buying workers out in order to decrease payroll expenses. Unfortunately, this strategy has not proved sufficient in the face of the recent economic crisis and managers have reportedly resorted to sidelining employees into menial jobs and even bullying workers into resigning. In order to address these issues, Lombard says he plans to develop a program for a more humane working environment. Such programs may not be sufficient without significant changes to France's educational system, says former French director general of health, William Dab. According to a report produced by Dab, the problems at the heart of work-related stress in France rest in a schooling system that teaches French executives to see everyone around them as rivals. "Our chief executives come out of a school system based on individual competition," Dab explains.




New York Politicians Call for 9/11 Trial to be Moved
Guardian Unlimited (UK) (01/29/10)

Obama administration officials said Thursday that they were considering moving the trial of Khalid Sheikh Mohammed, the alleged mastermind of the September 11, 2001 terrorist attacks, and his four alleged co-conspirators from Manhattan. Administration officials say the decision on where to hold the trial will be made by the Justice Department. The announcement comes as New York Mayor Michael Bloomberg, who was once supportive of the idea of holding the trial in New York, is expressing concern about the cost of providing security during the proceedings. According to city officials, security and logistical costs for the trial, which is likely to last several years, could total over $200 million a year. Some officials are also concerned that holding the trial in New York could make the city an even higher-profile target for al-Qaida. Meanwhile, a bipartisan group of lawmakers is calling on President Obama to abandon the idea of trying terrorist suspects in civilian courts altogether and instead prosecute them in military tribunals. However, Obama has said that he remains committed to trying Mohammed in civilian court.


Taliban Say No Decision Yet on Karzai Offer of Talks
Reuters (01/29/10) Shalizi, Hamid; Malek, Abdul

Reports indicate that Taliban leaders will soon decide whether to join peace talks with the Afghan government. Afghan President Hamid Karzai has called on Taliban leaders to take part in a "loya jirga" -- or large assembly of elders -- to initiate the talks. Although Western troops are not to be directly involved in the talks, a separate plan has been engineered to set up a fund designed to lure Taliban fighters away from the resistance with jobs and cash. Previously there has been little progress in negotiations between the Afghan government and the Taliban, as the insurgents have said they will not negotiate until Western troops have completely withdrawn from the country. Regional experts say these talks are not likely to be any different. Because Taliban leaders feel they are currently winning the war, they are expected to simply demand concessions such as the release of prisoners or the removal of leaders from blacklists. U.S. officials say they have no intention of granting such concessions.


U.S. Still Unprepared for Major Biological Terrorist Attack, Report Says
Washington Post (01/26/10) Warrick, Joby

The congressionally appointed Commission on the Prevention of Weapons of Mass Destruction released a report on Jan. 26 that gave the federal government a failing grade for its efforts to prepare for a major terrorist attack involving biological weapons. In its report, the commission said a number of presidential administrations and Congress deserved the "F" grades because they failed to develop a rapid-response capability for dealing with biological terrorist attacks, and because they failed to provide proper oversight for security and intelligence agencies. The commission, chaired by former Sens. Bob Graham (D-Fla.) and Jim Talent (R-Mo.), added that the government's poor response to the swine-flu outbreak was proof that it is unprepared for a major terrorist attack. However, the commission did praise government programs that secured dangerous viruses and bacteria, as well as President Obama's decision to reorganize the National Security Council so that it could better deal with the potential use of weapons of mass destruction by terrorists.


Christmas Bombing Try Is Hailed by Bin Laden
New York Times (01/25/10) Schmitt, Eric; Shane, Scott

Osama bin Laden released an audiotape over the weekend praising the attempted bombing of Northwest Airlines Flight 253 on Christmas Day. In his message, which was broadcast by Al Jazeera's Arabic news channel, bin Laden said that more attacks are coming and that the U.S. will continue to be threatened until it ends its support for Israel. Analysts say that bin Laden's focus on U.S. support for Israel in his message could be part of the al-Qaida leader's attempt to create a Palestinian branch of al-Qaida, an effort that has been ongoing for a decade but has made little progress. Meanwhile, analysts are trying to figure out why it took bin Laden the better part of a month to comment on the attempted bombing of Northwest Airlines Flight 253 as it prepared to land in Detroit on Dec. 25. Analysts say that bin Laden's statement was not a claim of responsibility, and that al-Qaida in the Arabian Peninsula, an affiliate of the broader al-Qaida network, is still believed to be behind the attack. Al-Qaida in the Arabian Peninsula issued a statement claiming responsibility for the attempted bombing on Dec. 28.


U.S.-bound Fliers Required to Register
USA Today (01/24/10) Frank, Thomas

Beginning March 21, Customs officials in the United States will fine airlines as much as $3,300 for each passenger they allow to board a U.S.-bound flight without first completing an online registration form. The requirement applies to the citizens of 35 countries who can enter the United States without a visa. The registration process asks travelers to provide biographical information and answer several background questions, and can be completed by passengers several hours before they board their flight to the United States. According to Customs spokeswoman Joanne Ferreira, asking passengers to complete the form will help keep convicted criminals and illegal immigrants out of the U.S. But the program has been criticized by some, including Geoff Freeman, the senior vice president of the U.S. Travel Association, who says that large numbers of people fail to complete the online forms because they are not aware of the program or because they do not have Internet access. The U.S. Travel Association is calling on the government to address this situation by launching a publicity campaign to get the word out about the registration program.




In Digital Combat, U.S. Finds No Easy Deterrent
New York Times (01/26/10) P. A1; Markoff, John; Sanger, David; Shanker, Thom

The U.S. government is exploring ways to combat and deter cyberattacks from abroad. After a recent Pentagon simulated cyberattack, it became clear that the enemy had all the advantages—stealth, anonymity, and unpredictability. The situation has led some in the government to compare it to that of the Cold War era, and there is intense debate inside and outside the government about what the United States can realistically threaten. Diplomatic demarche, formal protest, economic retaliation, and criminal prosecution have all been suggested as possible responses to increased cyberattacks. "We are now in the phase that we found ourselves in during the early 1950s, after the Soviets got the bomb," says Harvard University professor Joseph Nye. The Internet has blurred the line between military and civilian targets because an enemy can cripple a target without ever aiming at the government or military, which hinders the U.S. Department of Defense's authority to intervene. One major problem is determining the identity of the attackers. "It's the nature of these attacks that the forensics are difficult, the perpetrator can mask their involvement or disguise it as another country's," says a White House official. However, the White House maintains that "deterrence has been a fundamental part of the administration's cybersecurity efforts from the start." The government has responded to increasing cyberattacks by creating a new United States Cyber Command (USCC), run though the Defense Department. The USCC aims to develop a framework document that would describe the threat and potential responses, as well as the beginnings of a deterrence strategy.


Attacks on Google Hit Friends of Employees
Financial Times (01/26/10) Menn, Joseph

Security experts say that the friends of employees at Google, Adobe, and other companies were targeted in the cyberattacks that recently took place at those firms. In those attacks, hackers chose employees at the target companies who had access to proprietary data, then spied on them to learn who their friends were. The hackers then compromised the social networking accounts of the friends and used them to trick the employees into clicking on links that installed spyware on their machines. According to Joe Stewart, a researcher for the security company SecureWorks, the attack code used a formula that was only available on Chinese-language Web sites. In addition, some of the code had been assembled in 2006, which Stewart said was an indication that the cyberattacks were well organized and enduring. Experts say that the evidence suggests that the cyberattacks on Google and other companies were sponsored by a government, possibly the Chinese government. However, China has denied accusations that it was behind the attacks.


US Urges Shared Cyberattack Defence
Financial Times (01/26/10) Blitz, James; Menn, Joseph

After the alleged Chinese cyberattacks on Google, the United States and NATO allies are being asked to collaborate more closely to avoid the threat of future attacks. America and Britain are currently working together to counter the international danger of cyberattacks, according to a Financial Times interview with William J. Lynn, U.S. deputy defense secretary. However, Lynn noted that the U.S. and the U.K. need to deepen their collaboration if they hope to protect themselves from cyberattacks. "You can’t just protect the system by defending yourself from inside your own country," he said. "International co-operation is imperative for establishing the chain of events in an intrusion and quickly and decisively fighting back." Lynn's comments come as the U.S. and China engage in an almost daily exchange of rhetoric over the threat posed by hackers, as well as China's efforts to contain attempted cyberattacks that are launched from within its borders.


To Beat Spam, Turn Its Own Weapons Against It
New Scientist (01/25/10) Giles, Jim

Researchers from the International Computer Science Institute and the University of California, San Diego have developed a method for blocking the most common type of spam. The researchers employed a trick that spammers use to defeat email filters. Each spam message is generated from a template that specifies the message content and a slight variation used to bypass the filter. The researchers analyzed the messages to reveal the template that created them, and since the template describes all the emails a bot will send, possessing it might provide a method of blocking all spam from that bot. After testing, the team was able to block spam from a specific bot with 100 percent accuracy. In addition, the new system did not produce a single false positive in more than a million messages, says team member Andreas Pitsillidis. "This is an interesting approach which really differs by using the bots themselves as the oracles for producing the filters," says the Messaging Anti-Abuse Working Group's Michael O'Reirdan.


80 Percent of Government Web Sites Miss DNS Security Deadline
Network World (01/21/10) Marsan, Carolyn Duffy

A recent study has found that 80 percent of federal government agencies have missed the Office of Management and Budget's December 31, 2009, deadline to implement Domain Name System Security Extensions (DNSSEC) on all of their subdomains. Among the agencies who have failed to comply with the OMB mandate, are the Department of Homeland Security and the Treasury Department. However, the study found that the departments of Commerce and Interior have implemented DNSSEC. Experts cite several reasons why most federal agencies have not met the OMB deadline, including the failure on the part of the Obama administration to pay enough attention to cybersecurity issues, a charge that OMB denies. Others say that federal agencies have not devoted enough money or personnel to implementing DNSSEC, or have encountered technical glitches during their DNSSEC deployment efforts. But some security experts say the missed deadline is not that important, given the fact that DNSSEC will have marginal value until the DNS root is signed, which is not expected to happen until this summer. In addition, some security experts say the deadline was too aggressive, and that federal agencies will likely deploy DNSSEC on their subdomains by the end of this year.


Abstracts Copyright © 2010 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment