| |
PCI Security Council Updates Requirements for Payment Card Devices
Computerworld (05/12/10) Vijayan, Jaikumar
The PCI Security Standards Council has issued version 3.0 of its PIN Transaction Security (PTS) standards, which are designed to fortify security on retail point-of-sale (POS) card readers and unattended kiosks and payment terminals. "Point-of-sale terminals are currently the security hot spot these days" in the payment arena, says council general manager Bob Russo. The latest PTS version features a trio of new modules for device vendors and their customers to safeguard card data. One module includes requirements that would facilitate the secure reading and encryption of cardholder data at the point where a card is swiped. The second module outlines the security standards that device vendors should follow while integrating the various elements comprising an unattended POS device that takes PIN-based debit card transactions. The third module features requirements pertaining to wireless-enabled payment card devices. The new PTS iteration also consolidates three separate sets of requirements for POS PIN entry devices, unattended payment terminals, and encrypting PIN pads so that device vendors can more easily deploy the requirements while removing some of the overlap, according to Russo.
HTC Files Patent Complaint to Block Apple IPhone, IPad in U.S.
Business Week (05/12/10) Decker, Susan
Taiwan-based HTC Corp., which makes phones that run on Google's Android operating system, has filed a patent-infringement complaint with the U.S. International Trade Commission against Apple Inc. designed to stop U.S. imports of the iPhone, iPad, and iPod. This complaint comes less than three months after Apple filed a similar complaint against HTC that claimed its phones violated five of its patents. Three of the patents that HTC cites in its complaints are related to telephone directories while two are related to power management. Intellectual property experts say that HTC could use its complaint to force a settlement with Apple, but only if its complaints turn out to be credible. As Rob Enderle, president of the consulting group Enderle, said "When you execute this kind of defense, it's to drive he two parties to each other for a cross license, but you have to have a credible threat." A hearing on Apple's case against HTC is scheduled for March 2011, with the judge's findings to be released in June 2011.
Freed Pirates May Have Drowned
Wall Street Journal (05/12/10) Childress, Sarah; Mohamed, Abdinasir; White, Greg
Ten pirates who hijacked the Russian-operated oil tanker, Moscow University, are thought to have drowned following their release by the Russian marines who apprehended them last week. Originally, Russian officials said they would attempt to prosecute the hijackers. However, after determining that it might be difficult to obtain a conviction, the pirates were allowed to board the skiff they originally used to attack the oil tanker 300 miles from the Somali coast after it had been stripped of all weapons and navigational equipment. The weapons removal is a common practice, but Russia offered no explanation for removing the navigational equipment. A Russian Defense Ministry representative reported that radio signals from the boat disappeared about an hour after the release. Somali pirates onshore confirmed that they lost contact with the boat after its separation with the Russian warship. "We will hold Russia responsible if any harm comes to them," said pirate commander Abdi Dhagaweyne. Pirates had already threatened to harm any Russian nationals found aboard hijacked ships in retaliation for the rescue of the Moscow University. This incident is not the first time pirates have threatened to target countries that fight back against hijackers. French and American sailors have faced similar threats after thwarting hijacking attempts. Normally, pirates do not harm their hostages in order to avoid forfeiting the potentially lucrative ransoms they bring in.
Over $50 Bln Lost to Software Piracy: Report
Agence France Presse (05/11/10) Abbugao, Martin
A recent report from the Singapore-based Business Software Alliance has found that more and more computer users are utilizing pirated software. According to the report, which was released on May 11, the percentage of computer software that is pirated has risen from 41 percent in 2008 to 43 percent in 2009. The report attributed the increase to the growth in the PC markets in Brazil, India, and China. Meanwhile, pirated software was also popular in the former Soviet republic of Georgia, where 95 percent of software was counterfeit. Yet despite the growing use of pirated software, losses from software piracy in 2009 fell 3 percent from 2008 to $51.4 billion. The biggest share of these losses, $16.5 billion, occurred in the Asia-Pacific region. Jeffrey Hardee, the vice president and regional director at BSA, noted that the report's findings underscore the need to educate government, businesses, and consumers on the risks and effects of software piracy. He added that reducing piracy by 10 percent would result in faster economic growth, increased tax revenue for governments, and lower unemployment rates.
French Court Condemns Security Driver to 3 Years in Jail in Heist Case
Wall Street Journal (05/11/10) Gauthier-Villars, David
The Loomis armored-car driver who disappeared with a truck containing more than 11 million euros last November was found guilty on theft charges in a French court on Tuesday and sentenced to more than three years in prison. In his remarks in court on Tuesday, the driver, Toni Musulin, said he drove off with the truck while two his colleagues were making their rounds collecting and delivering cash to banks and businesses in Lyon because he was angry at his boss. Musulin surrendered to police about a week after the theft. Although most of the money that was taken by Musulin was eventually recovered, the investigation into the heist and Musulin's one-day trial never determined what happened to the 2.5 million euros that was taken from the truck and is still missing. Musulin has denied keeping part of the money in the truck.
2 Held in Local Antiterror Raids
Boston Globe (05/14/10) Saltzman, Jonathan; Murphy, Shelley; Guilfoil, John
A series of raids tied to the investigation into the failed Times Square bombing attempt led to the arrest of three individuals on Thursday, two of whom are believed to have given money to the suspect in the botched attack. Pir Khan and Aftab Khan, both of whom are from Pakistan, were arrested in a raid on their home in Watertown, Mass., on Thursday on suspicion that they had given money to Times Square bombing suspect Faisal Shahzad before the attempted attack on May 1. However, it remains unclear whether the men knew that they were providing funds that were intended for a terrorist attack. In addition to arresting the two men, who are distant relatives, FBI crime scene workers gathered bags and boxes of evidence from the house. Meanwhile, an unidentified man was arrested after a related raid in Maine. According to Massachusetts State Police Colonel Marian McGovern, the Khans were arrested after being under surveillance for an unspecified period of time as a result of evidence gathered by U.S. Attorney Preet Bharara, who is leading the investigation into the failed Times Square bombing. In the aftermath of the raid in Watertown and a related raid at a gas station in Brookline, Mass., Boston Police Commissioner Edward Davis placed additional surveillance units at large public gatherings in order to boost security.
Times Square Plot Probe Widens to New Jersey
Philadelphia Inquirer (05/14/10) Shiffman, John; Simon, Darran; Osborne, James; et al.
The government is expanding its investigation into the Times Square bombing attempt as suspect Faisal Shahzad continues to cooperate with investigators. Thus far, Customs Enforcement agents have detained three Pakistani men. Two of the men, who were apprehended in Boston, were thought to have financial connections to Shahzad. The third man was apprehended in Maine. In addition to the arrests, FBI agents searched a home in Watertown, Mass., a gas station in Brookline, Mass., and an unidentified location on Long Island. Agents in Camden and Cherry Hill, N.J., also searched a printing business and a condominium. While conducting the search of the condominium, they questioned Muhammad Fiaez and his brother Iqbal Hinjhara. Both men were born in Pakistan and had been renting the condo for approximately six months. Hinjhara reportedly bought the property for the Camden printing business in September for $237,000. After being questioned for about an hour, the brothers were free to go. Fiaez noted that investigators did not ask him questions about the attempted Times Square bombing. However, Attorney General Eric Holder said noted the searches were the product of evidence that has been gathered in the investigation of the attempted Times Square bombing, though they were not related to any known immediate threat to the public or an active plot against the U.S.
Holder Wants To Update Rules on Miranda
Detroit Free Press (MI) (05/14/10) Spangler, Todd
In his testimony before the House Judiciary Committee on Thursday, Attorney General Eric Holder said that he hopes to make some changes to laws regarding Miranda rights for terrorism suspects. "We find ourselves in 2010 dealing with very complicated terrorism matters," Holder said. "We think with regard to…terrorism-related matters…that making more flexible the use of the public safety exception would be something beneficial." The Supreme Court has ruled that criminals must be told that they have the right to remain silent and the right to an attorney. However, under the public safety exception, law enforcement agents are permitted to question a suspect for an extended period of time before reading those rights-- as happened with the suspects in the recent attempted bombings of Times Square and a Detroit-bound airplane. Holder added that it would be helpful if there was more clarity on when and how long investigators can use that exception. But some Democratic lawmakers on the committee expressed opposition to making changes to the rules on Miranda warnings. Among them was Michigan Rep. John Conyers, who said that introducing legislation to change the rules would be "unnecessary and a mistake."
NYPD Weighs New Posts Abroad
Wall Street Journal (05/12/10) Stonington, Joel; Gardiner, Sean
New York City is planning to take several steps to improve security in the wake of the failed car bombing in Times Square on May 1. For instance, the New York Police Department is considering opening up at least three or four new posts for its officers overseas, according to police spokesman Paul Browne. Police Commissioner Ray Kelly has not said which countries the NYPD would open posts in, only saying that the location of the posts would depend on the willingness of the host nation to allow the officers to be stationed on its territory. Regardless of where the posts would be created, the process of deploying NYPD officers overseas will take time, since the department will first have to determine which locations make strategic sense and which officers meet the qualifications for being stationed overseas. In addition to stationing police officers in foreign countries, New York City is also planning to expand the Lower Manhattan Security Initiative into midtown Manhattan by 2015. By the time the expansion is complete, roughly 3,000 security cameras will be installed in the area. There are currently a few hundred police cameras and several hundred private cameras that are being used in the Lower Manhattan Security Initiative. In addition to adding more cameras to city streets, New York plans to begin using video analytics to alert officers to possible terrorist attacks.
Kagan Argued for Strong Counterterrorism Policies
Wall Street Journal (05/10/10) Bravin, Jess
Solicitor General Elena Kagan, President Obama's choice to fill the Supreme Court seat being vacated by retiring Justice John Paul Stevens, has a mixed record on counterterrorism issues. Kagan, a former dean at Harvard Law School, has taken several opportunities to criticize aspects of the Bush administration's policy of detaining terrorism suspects at Guantanamo Bay. For instance, she signed a statement with other law deans in 2007 criticizing a Bush administration official who suggested that private law firms should not represent Guantanamo detainees pro bono. Kagan also signed a letter with other law deans in 2005 criticizing legislation proposed by Sen. Lindsey Graham (R-S.C.) that denied Guantanamo detainees their habeas corpus rights. The legislation eventually passed but was ruled unconstitutional by the Supreme Court. However, Kagan did not criticize the Bush administration when it tried to exercise extraordinary counterterrorism powers. She has also spoken in favor of detaining suspected enemy combatants indefinitely, and has worked to advance the Obama administration's legal arguments for continuing to use some of the Bush administration's counterterrorism tactics.
Facebook Adds Locks to Log-In Process
ZDNet Asia (05/14/10) Kwang, Kevin
Facebook has implemented new security measures for its user log-in process in the wake of a series of security breaches that have affected the social networking site. One feature that Facebook has added asks users to answer a verification question to prove their identity when they attempt to log in from a device or computer that they do not normally use. Facebook is also testing a feature that allows users to approve devices they normally use to access the site. Users are then notified when a device that is not on this list is used to log into their accounts. The introduction of the new security measures comes several days after Facebook board member Jim Breyer fell victim to a phishing scam that resulted in an event invitation being sent out to all 2,300 of his friends. Anyone who responded to the message, which read "Would you like a Facebook phone number?", had the same message sent to their own friends. Facebook noted that the phishing scam occurred after Breyer's account was compromised, though it noted that the issue has been resolved and that it is taking steps to block malicious activity.
New DoS Attack Uses Web Servers as Zombies
CNet (05/12/10) Mills, Elinor
Security professionals have uncovered a botnet that utilizes compromised Web servers instead of personal computers to launch denial-of-service (DoS) attacks. Security firm Imperva says it discovered a botnet of approximately 300 Web servers after one of its "honeypot" servers was commandeered in an attack and based on a search of attack code via Google. Web servers were frequently used in similar attacks carried out years earlier but had been supplanted by the more popular Windows-based PCs, says Imperva chief technology officer Amachai Shulman. In the DoS attack Imperva witnessed, two Web servers were preying upon an unnamed Netherlands-based hosting provider, Shulman says. The hosting provider was aware of the situation, he notes. Using Web servers provides much more bandwidth for an attack and thus necessitates fewer zombies than when PCs are used and reduces the possibility that the compromise will be revealed because Web servers do not usually run antivirus software, Shulman says. "Instead of using 50 personal computers you can use a single server," he says. "To some extent, it's easier to maintain this kind of attack because there are fewer computers [involved] and there's less of a chance for the [attack] code to be detected."
New Attack Tactic Sidesteps Windows Security Software
Computerworld (05/11/10) Keizer, Gregg
Researchers at Matousec.com have discovered a method that attackers could use to bypass most of the security features of most Windows-based antivirus programs. When using the method, known as an "argument-switch attack," an attacker would first have to load some type of malware onto the victim's computer. Once this is done, the attacker could take advantage of the kernel driver hooks that most security applications utilize to reroute Windows system calls to check for potential malicious code before it is executed. In exploiting these hooks, the attacker would take out harmless code and exchange it for malicious code during the time after the security software determines that certain code is benign but before that code is actually executed. Security experts say the attack, which will likely target computers running the 32-bit version of Windows XP in part because that version of the operating system does not have PatchGuard kernel protection, is very serious because it can exploit practically any security product that runs on Windows XP. However, officials at some antivirus companies, including McAfee, say the threat from argument-switch attacks is not that serious because the technique is complicated and requires the attacker to have some sort of existing access to the victim's computer. In addition, some researchers say that on-demand scanning would likely block the malware that needs to be loaded onto the victim's computer before the argument-switch attack could be launched.
Microsoft Patches 2 Critical Security Vulnerabilities
eWeek (05/11/10) Prince, Brian
Microsoft released patches for two important security holes as part of May's Patch Tuesday. The release comes one month after the largest Patch Tuesday of 2010, which went after 25 bugs. The May 11 update tackles two bugs--one a weakness in Microsoft Visual Basic for Applications, and the other a weakness affecting Microsoft Outlook Express, Windows Mail, and Windows Live Mail. Both vulnerabilities have critical ratings and can expose users to remote execution code by hackers. "I've put the Visual Basic for Applications [VBA] vulnerability first on my list," says Joshua Talbot, security intelligence manager for Symantec Security Response. "Both vulnerabilities require social engineering to exploit, but the VBA vulnerability requires less action from a user. For instance, an attacker would simply have to convince a user to open a maliciously crafted file--likely an Office document--which supports VBA and the user's machine would be compromised. I can see this being used in targeted attacks, which are on the rise."
6 Ways Unified Identity Management Pays Off
Federal Computer Week (05/10/10) Zyskowski, John
There are a number of benefits associated with rolling out a unified identity system. The biggest one, increased security, directly correlates to a decrease in identity theft, data breaches, and trust violations. A second benefit is compliance with regulations, laws, and standards and the resolution of matters highlighted in U.S. Government Accountability Office reports of agency development. Improved interoperability is a third benefit, especially among agencies using their PIV credentials and other partners with PIV-interoperable or third-party credentials that meet federal trust framework requirements. A fourth benefit is enhanced customer service, both in agencies and with their business associates and voters. The elimination of redundancy through agency consolidation of procedures and personnel and delivering system-wide services to support the processes, with consequent reductions in the overall cost of the security framework, is another benefit of a unified identity system. A final benefit is heightened protection of personally identifiable information by consolidating and securing identity information, which is done by finding identity information, improving security controls, proliferating encryption tools, and automating provisioning processes.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment