| |
Disgruntled Plant Worker Kills 3, Injures 5 in St. Louis
Associated Press (01/08/10) Salter, Jim
An employee at an ABB Group factory in St. Louis opened fire on his coworkers at the facility on Jan. 7, killing three people and injuring five more before killing himself. The shooter, 51-year-old Timothy Hendron, was reportedly involved in a pension dispute with the company, but it is unknown if that dispute motivated the shooting. According to police officials, the shooting began at 6:30 am at the plant, where the Swiss-owned ABB makes electrical transformers. In 2006, Hendron and other workers sued ABB for retirement losses due to "unreasonable and excessive" undisclosed fees for their 401(k). The trial for the lawsuit began in Kansas City several days prior to the shooting. The plant where the shooting occurred employs approximately 270 people. The shooter was found inside the plant with an assault rifle, a handgun, and a shotgun. Two of the three dead where found in the parking lot outside the plant, and one victim was found inside.
ABB Shooting: Economy May Play Role in Workplace Violence
Christian Science Monitor (01/07/10) Guarino, Mark
Workplace violence experts say that the recession may be creating the circumstances that lead to violent incidents such as the Jan. 7 shooting at ABB Group in St. Louis, which left four people dead, including the shooter. The shooter, Timothy Hendron, had been at the company for 23 years and was one of several employees who were suing it and its trustee for an unspecified amount of money because of the "unreasonable and excessive fees" related to their retirement benefits. "There's more pressure put on people because of the economy," said workplace violence expert Larry Chavez. "More people have faced a dissolving of their whole career. It's too hard to face for some people. When you have 23 years invested, that's a lot." However, there is no hard data that shows a connection between violence and economic recessions. Nevertheless, the Occupational Safety and Health Administration is urging companies to take several steps to prevent violent incidents such as the shooting at ABB Group, including implementing a zero-tolerance policy for threats made by employees, implementing a workplace violence protection program, and installing security technology such as video cameras and alarm systems.
Florida Lawyer to Plead Guilty in $1 Billion Ponzi Case
Reuters (01/06/10) Brown, Tom
Former Florida attorney Scott Rothstein on Wednesday decided to plead guilty to charges that he ran a $1 billion Ponzi scheme. Rothstein initially pleaded not guilty to charges of racketeering and fraud conspiracy. Investigators say that Rothstein's Ponzi scheme, which rivals the scheme ran by Bernard Madoff, involved the sale of shares in fraudulent legal settlements to investors. When new investors bought those shares, Rothstein allegedly used the money to pay off old investors. One group of clients were told that they had won a $23 million judgment in a lawsuit, but that they needed to come up with more than $46 million in bond money before they could receive the funds. After the clients came up with the money, Rothstein used the funds to run his law firm and buy cars and yachts. Rothstein faces up to 100 years in prison if he is convicted on the charges against him. Additional defendants could be charged at some point in the future.
China Faces U.S. Piracy Suit for Web-Filter Software
Business Week (01/06/10) Pettersson, Edvard; Lee, Mark
California-based Cybersitter LLC has filed a $2.2 billion suit against China that accuses the country of unfair competition, copyright infringement, civil conspiracy, and stealing its trade secrets to create the Green Dam Youth Escort filtering program. The suit also names several computer makers, such as Lenovo, Acer, Sony, Toshiba, and Asustek, whose products include the Green Dam program. According to Cybersitter, the Green Dam program, which the Chinese government has promoted as a way to prevent children from viewing pornographic or violent Web content, illegally uses 3,000 lines of code from a program Cybersitter created for a similar purpose. The Chinese program has also come under attack for its possible use as a government censorship tool. Technology companies have also warned that Green Dam could undermine a computer's security. The Cybersitter complaint cites Chinese research that found Green Dam contains more than 6,500 political keyword filters, including words related to China's control of Tibet, the 1989 Tiananmen Square massacre, and the government-banned Falun Gong religious group.
User Authentication Strategies
Health Data Management (01/10) Anderson, Howard J.
Experts say a provision in the American Recovery and Reinvestment Act to enhance HIPPA enforcement will require healthcare organizations to beef up data security. The new rules allow state attorney generals to enforce HIPPA regulations and victims of security breaches to sue for financial damages. Organizations that do not comply will not be eligible for Medicare/Medicaid incentive payments for meaningful use of electronic health records. Experts say hospitals and other facilities should first conduct a risk assessment, which federal law requires, and then take steps to ensure that patient information is accessible only to authorized individuals. Hospitals likely will invest in such user authentication technologies as fingerprint scanners and other biometric systems; key fobs and other hardware tokens; proximity; phone-based authentication; and adaptive authentication, or special software to gauge users' risk potential. Additionally, the new rules require hospitals to revamp their training programs and privacy and security policies and assemble rapid response teams to immediately investigate security breaches.
Obama Orders Improvements in Security Policies
New York Times (01/08/10) Zeleny, Jeff; Cooper, Helene
President Obama on Thursday released an unclassified version of a report on the attempted bombing of Northwest Airlines Flight 253 on Christmas Day. The report, which was conducted by President Obama's chief counterterrorism adviser, John O. Brennan, said the plot to bomb the flight from Amsterdam to Detroit was not detected because of a number mistakes that had been made, including a misspelling of the name of suspect Umar Farouk Abdulmutallab. The misspelling of Abdulmutallab's name led State Department officials to believe that he did not have a visa to travel to the U.S., when in fact he did. In addition, the report noted that intelligence officials were not aware that al-Qaida in the Arabian Peninsula, the terrorist group that is believed to be behind the botched bombing, was organized enough to carry out an attack on a U.S. target. The release of the report comes as new security measures are being implemented to ensure similar attacks are not successful in the future. For example, President Obama has ordered the Department of Homeland Security to speed up efforts to install $1 billion in airline security screening equipment, including body scanners. The CIA, meanwhile, has promised to share information on terrorism suspects within 48 hours of receiving it. Some of those measures have been criticized by some in the intelligence community, including Mark M. Lowenthal, the CIA's former assistant director of analysis. Lowenthal noted that CIA analysts cannot be asked to "think faster," and that President Obama's plan to have analysts share more information sooner "is only going to exacerbate the problem that got us into this flap in the first place."
Yemen Official Minimizes Nation's Link to Jetliner Bombing Suspect
Los Angeles Times (01/08/10) Edwards, Haley Sweetland
Yemeni Deputy Prime Minister Rashad Alimi attempted to downplay his country's connection to Umar Farouk Abdulmutallab, the Nigerian man who allegedly attempted to blow up a flight bound for Detroit on Christmas day. According to Alimi, Yemen has gained intelligence that Abdulmutallab joined al-Qaida in London, and says after that time Yemen did not allow him to reenter the country. Alimi also reports that that Abdulmutallab did not receive the explosives he allegedly used in the attack in Yemen and noted that he passed through Nigeria, Ethiopia, Ghana, and the Netherlands undetected before boarding the flight to Detroit. However, Alimi did acknowledge that Abdulmutallab studied Arabic in Yemen's capital of Sana from 2004 to 2005. To prevent similar cases in the future, Alimi said the government plans to put in place regulations that would require any foreign nationals who come to the country to study Arabic to register with security forces. Alimi also maintains that Yemen has made al-Qaida its primary security concern. That being said, he downplayed the possibility of a growing American military presence in Yemen.
Slovak Airport Security Test Assailed
Associated Press (01/07/10) Oleksyn, Veronika; Janicek, Karel
Irish authorities are expressing outrage over a security test conducted by Slovakia on Jan. 2. In that test, Slovak security officials placed actual bomb parts in the luggage of a man who was flying to Dublin. However, the man did not know that the bomb parts were in his baggage. The man was able to get through security with the bomb parts in his luggage and board the plane to Dublin. Slovak officials did not inform their counterparts in Ireland until Tuesday. Irish authorities responded by shutting down a major intersection in Dublin on Tuesday and evacuating a number of apartment buildings while they examined the explosive. The man used in the test, a 49-year old Slovak electrician who lives and works in Ireland, was also detained by police for several hours before being released. Irish officials said they are angry because Slovak authorities placed actual bomb parts in the luggage of an unwitting passenger. Security experts say that such tests are dangerous because the explosive could get lost. Irish officials also say they are angry because it took Slovak officials three days to notify them about the incident, and because the pilot of the plane flew to Dublin even after he was told that there was an explosive device on board.
Gunman, Security Officer Killed in Las Vegas Courthouse Shooting
Los Angeles Times (01/05/10) Powers, Ashley; Serrano, Richard A.
Two people were killed and one person was wounded when a gunman upset about losing a lawsuit related to cuts to his Social Security benefits opened fire in a courthouse in Las Vegas on Jan. 4. The incident began at around 8 a.m. when the gunman, 66-year-old Johnny Lee Wicks, walked into the Lloyd D. George Federal Courthouse, which was the same courthouse where his unsuccessful lawsuit against a regional Social Security Administration commissioner had been heard. As he walked into the entryway of the courthouse, Wicks pulled a shotgun from his jacket and began shooting, hitting court security officer Stanley W. Cooper and a deputy U.S. Marshal. Cooper was killed during the shooting, while the deputy U.S. Marshal was wounded. Wicks eventually ran out of the building and across the street, though he was also shot and killed by security officers.
Stepped-Up Screening Targets Fliers From 'Terror-Prone' Lands
Washington Post (01/04/10) P. A03; Leonnig, Carol D.
The Obama Administration has announced new airport security measures that will affect all travelers flying into the U.S. from other countries beginning Jan. 4. Under those rules, travelers flying from any country to the U.S. will be forced to undergo increased random screening. Meanwhile, those who are flying from or through countries with significant terrorist activity will have to undergo full-body pat-downs and have their property physically inspected. The rule also applies to people who are citizens of countries in which there is significant terrorist activity. Officials have refused to name all of the countries that the new rule applies to, though they did say that the directive applies to the State Department's list of state sponsors of terrorism, which includes Cuba, Iran, Sudan, and Syria. Among the other countries that the new rule may apply to are Afghanistan, Iraq, and Yemen. All of the new rules are being implemented in response to the botched attempt to bomb a Northwest Airlines flight from Amsterdam to Detroit on Christmas Day.
Cyber Attack Simulation Planned Next Month
InformationWeek (01/06/10) Claburn, Thomas
The Financial Services Information Sharing and Analysis Center (FS-ISAC) is planning a series of simulated cyberattacks in February to assess the coping strategies of banks, payment processors, and retailers. FS-ISAC has enlisted financial institutions, retailers, card processors, and businesses of all sizes to participate in its Cyber Attack against Payment Processes (CAPP) exercise. "When cybersecurity threats occur, swift and well-planned reactions can mean the difference between business continuity and business catastrophe," says FS-ISAC CEO Bill Nelson. "This is especially true with cyberattacks against payment processes. FS-ISAC is eager to provide payment systems participants with this unique opportunity to test their readiness to respond to major cyberattack incidents." Participants in the CAPP event, which is slated for Feb. 9 through Feb. 11, will be expected to trigger their incident response procedures according to the scenario presented and to fill out an anonymous survey to rate their organization's response. FS-ISAC's Web site says the three-day event will challenge participants with a different simulated attack scenario each day, while the detailed result collection will be kept strictly confidential. Cyberattack incidents have been on the rise, with the Internet Crime Complaint Center reporting in November that the FBI had witnessed a substantial uptick in online banking fraud.
Energy Set to Form New Group to Protect Electric Grid From Cyberattacks
NextGov.com (01/05/10) Aitoro, Jill R.
The U.S. Energy Department is starting a public-private group to better protect the country's electric grid from cyberattacks. Security experts say that this group will need to be invested with strong regulatory and budgetary clout so that sweeping changes to computer networks can be implemented. The fiscal 2010 appropriations bill says the goals of the group will be to set up "policies and protocol to ensure the effective deployment of technology and software controls to protect the bulk power electric grid." Congress mandated that within 60 days of the enactment of the appropriations law, U.S. Energy Secretary Steven Chu would be required to invite qualified individuals from the power and security sectors to promulgate best practices in cybersecurity; organize the collection, analysis, and dissemination of the vulnerabilities and threats faced by the networks; and work cooperatively with Energy and other federal entities supervising initiatives to augment electric grid security. Former Department of Homeland Security (DHS) assistant secretary of cybersecurity and telecommunications Greg Garcia says the new Energy group is not the first organization founded for the purpose of addressing cybersecurity in the energy sector. For example, DHS founded the Critical Infrastructure Partnership Advisory Council to enable coordination among federal, state, and local government and critical infrastructure organizations. "If the Energy Department would light a fire under [these organizations] to drive the kinds of cyber priorities envisioned in this legislation and provide funding as appropriate, I think we could move much more quickly with existing resources," Garcia says.
K-State Computer Scientists Developing Techniques to Strengthen the Security of Information Systems for Health Care, Military Data
Kansas State University News (01/05/10) Hatcliff, John
Kansas State University (KSU) researchers, in collaboration with Princeton University (PU) computer scientists, are developing tools to secure information systems spanning large distances. The research team, led by KSU's John Hatcliff and PU's Andrew Appel, received a five-year, $3 million grant from the Air Force Office of Scientific Research. The new tools involve creating mathematical and logical models that can be used by special auditing programs to make sure that information systems are secure. "We're doing foundational research on novel forms of mathematical models and logics that enable designers and analysts to precisely state what information is allowed to flow from one point to another and under what conditions," Hatcliff says. The researchers also are working with Rockwell Collins, a company that creates communications and aviation electronics. Rockwell Collins wants to apply the KSU research to several systems currently in development at the U.S. Department of Defense. The new tools also have the potential to be integrated into the health care system for use with patients' medical records, Hatcliff says. The researchers say the tools already have been used by several academic research groups and various industries from around the world.
Wanted: Cyber Ninjas
New York Times (01/04/10) Drew, Christopher
In recent years, the need for cybersecurity experts has increased significantly as military contractors, federal agencies, software companies, and other industries look for ways to keep their networks safe from hackers. This rising demand has led to a shortage of these experts. Fortunately, a number of schools are now offering cybersecurity programs, including the Polytechnic Institute of New York, Georgia Tech, Carnegie Mellon, Purdue, George Mason, and Cal Poly. As the availability of these jobs continues to grow, cybersecurity will become increasingly lucrative. Nasir Memon, a professor at N.Y.U. Poly reports that pay for cybersecurity experts starts at $50,000 with a bachelors and $60,000 and $80,000 for candidates with a Master's.
Researcher Uncovers Twitter, Google Calendar Security Vulnerabilities
eWeek (01/02/10) Prince, Brian
A security expert has exposed weaknesses in Twitter and Google Calendar that could potentially reveal users' data. In a demonstration, researcher Nir Goldshlager pointed out cross-site scripting (XSS) weaknesses in Google Calendar and Twitter that he said could be manipulated to view cookies and authentication information. He also exposed an HTML injection problem pertaining to Google Calendar that he said could be used to redirect an unsuspecting user to an attack site any time the user opened his or her agenda events using Google Calendar. Twitter has subsequently released a patch for the problem and Google says it will examine Calendar's input validation process to help address the weakness. "We do not believe this report contains evidence of substantial security issues," a Google spokesperson says. "Trying to trick someone into copying unfamiliar, suspicious code into a Google Calendar text field is neither a likely attack vector nor one that we are seeing being exploited."
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment