Search This Blog

Friday, May 21, 2010

Security Management Weekly - May 21, 2010

header

  Learn more! ->   sm professional  

May 21, 2010
 
 
Corporate Security

Sponsored By:
  1. "Thief Makes Off With $100 Million in Art From Paris Museum"
  2. "Heartland, MasterCard Reach Settlement"
  3. "South Africa Seeks to Reassure Fans With Security Show" World Cup Security Measures Demonstrated
  4. "Pressure Grows on Spain to Curb Digital Piracy"
  5. "Corporate Safe Rooms: What Lies Beneath?" Safe Rooms Widely Seen as Necessary Part of Executive Protection Plan
Homeland Security

  1. "Dennis C. Blair to Resign as Director of National Intelligence"
  2. "Report: Airport Watchers Miss 16 Linked to Terror" Government Accountability Office
  3. "'Modifying' Miranda Modified the Political Debate"
  4. "Taliban Planning Attacks in Washington"
  5. "Vt. Farmer Draws a Line at US Bid to Bolster Border"
Cyber Security

  1. "Latest Computer Threat Could Be Worst Yet"
  2. "NASA Security Chief Orders Bold Change to Secure Networks"
  3. "Skype Worm No Cause for Panic, Says Expert"
  4. "Seattle Is Riskiest City for Cybercrime, Report Says"
  5. "P2P Networks a Treasure Trove of Leaked Health Care Data, Study Finds" File-Sharing Programs

   

 
 
 

 


Thief Makes Off With $100 Million in Art From Paris Museum
Los Angeles Times (05/21/10) Lauter, Devorah; Finkel, Jori

Authorities in France are investigating the theft of five paintings worth at least $100 million from the Museum of Modern Art in Paris. The theft took place early in the morning on Thursday, when an individual wearing black clothes and a mask managed to get in the building by slipping through a broken window. The thief, who was recorded in the act by the museum's surveillance system, managed to get in and out of the building without being detected because the alarm system had been broken since March 30. The three security guards who were on duty at the time also did not see the thief. By the time the theft was over, five paintings--including one by Pablo Picasso that is worth roughly $28.5 million--were gone. Experts say the theft was likely carried out by ordinary criminals and was probably not a theft-for-hire that was organized by a wealthy art collector. Experts also say that the art will likely be recovered at some point, though that could take a number of years.


Heartland, MasterCard Reach Settlement
BankInfoSecurity.com (05/19/10) McGlasson, Linda

Heartland Payment Systems and MasterCard have reached a proposed settlement of $41.4 million to resolve claims from MasterCard and its issuers stemming from the processor's 2008 card data breach. The settlement requires that financial institutions representing 80 percent of the claimed-on MasterCard accounts accepting their alternative recovery offers by June 25. Also included in the settlement are mutual releases between Heartland and its sponsoring bank acquirers and MasterCard and the accepting issuers. According to the settlement, issuers who accept their alternative recovery offers must forgo rights to any other recovery of alleged intrusion-related losses from Heartland and its sponsoring bank acquirers via litigation or other measures, and discharge MasterCard, Heartland, and its sponsoring bank acquirers from all legal and financial obligation related to the breach. With this settlement, Heartland has now resolved its legal difficulties with all three major card brands.


South Africa Seeks to Reassure Fans With Security Show
New Zealand Herald (05/18/10)

Security forces in Johannesburg, South Africa, conducted a security show to demonstrate security equipment and measures to be taken for the June 11-July 11 World Cup. Police have trained about 44,000 officers and purchased vehicles, water cannons, and other equipment. The security show and parade displayed about 200 vehicles, two helicopters, and special police squads that parachuted from aircraft and rappelled down the sides of buildings. South Africa's security preparations include seeking training from other countries. Interpol, the agency formed to help police cooperation around the world, will send 200 experts, and each of the 31 visiting teams will send up to eight officers to work with South African police. On the same day as the show, Maj. Gen. Qassim al-Moussawi, spokesman for Baghdad security services, reported that Abdullah Azam Saleh al-Qahtani, an officer in the Saudi army and al-Qaida militant, had been detained on suspicion of terrorism planned for the World Cup.


Pressure Grows on Spain to Curb Digital Piracy
New York Times (05/16/10) Minder, Raphael

Spain is taking steps to curb digital piracy, a problem that has grown so big that some entertainment companies are threatening to stop selling their products in the country. Later this year, lawmakers in Spain will vote on a bill that will create a commission that will shut down Web sites that are suspected of being used for illegal file-sharing. The legislation is being opposed by groups like the Spanish Internet Users Association, which says that it violates consumers' right to privacy and freedom of expression. If the legislation becomes law, the group says it will fight the new rules all the way to Spain's constitutional court if necessary. But even if the legislation does become law, it may not have much of an impact on the problem of digital piracy in Spain, since Web sites containing illegal content are very popular with Spanish consumers. In addition, many in Spain do not see piracy as being a crime. Even the Spanish government has taken a liberal position on the issue. In 2006, Spain's attorney general argued that peer-to-peer downloading should be considered a crime only if it is done for profit.


Corporate Safe Rooms: What Lies Beneath?
SecurityInfoWatch.com (05/04/10) Frankel, Jordan

Corporate safe rooms are secured environments for executives that act as safe havens in the event of an emergency. The use of safe rooms is not new, and is widely seen as a necessary component of a firm's executive protection plan. In fact, the absence of corporate safe room could be a potential liability. The demise or capture of a company's leaders could hurt shareholders, insurers, and the well-being of other companies. Companies usually do not discuss safe rooms to because they do not want to alert adversaries or scare employees and disrupt operations. However, counterterrorism experts often advise companies to be wary of extremist groups that attempt to seize executives. Ideally, a corporate safe room should have reinforced walls, floors, and ceilings that are resistant to bullets and explosives. It should also have wireless communications, surveillance cameras, survival items like food and water and a backup generator, a kitchen, a bathroom, a secure air supply, and coatings that block eavesdropping. Some underground safe rooms may contain a secret tunnel that measures at least four blocks and leads to the street. The aim is to facilitate the rescue or exit of executives if needed, ideally via in an armored vehicle.




Dennis C. Blair to Resign as Director of National Intelligence
Washington Post (05/21/10) P. A01; Miller, Greg

Director of National Intelligence Dennis C. Blair will resign his post on Friday after completing just 16 months in the position. According to officials, Blair offered to resign on Thursday after President Obama told him in a phone conversation that he wanted to replace him with someone else. Although President Obama said he wanted Blair to stay on until a replacement was named, officials said, Blair decided to leave immediately after learning that Obama had decided to start looking for new director. Some say that the timing of Blair's resignation could suggest that the Obama administration had lost confidence in him after the intelligence agencies he is charged with overseeing failed to uncover two relatively unsophisticated terror plots: the attempted bombing of Northwest Airlines Flight 253 last Christmas and the attempted car bombing in Times Square on May 1. Meanwhile, Blair's resignation has sparked a debate over whether there are problems with the director of national intelligence position. Many say that the position does not have enough authority to oversee the nation's intelligence community, which is made up of 16 spy agencies that often compete with one another.


Report: Airport Watchers Miss 16 Linked to Terror
Associated Press (05/21/10) Sullivan, Eileen

The Government Accountability Office (GAO) reports that at least 16 people later linked to terror plots passed through U.S. airports undetected by federal officials who were on duty to spot suspicious behavior. The airport-based officials were part of a federal behavior detection program designed to spot potential terrorists and others who pose a threat to aviation. The Screening Passengers by Observation Techniques program was instituted by the Transportation Security Administration "without first validating the scientific basis for identifying passengers in an airport environment," according to the GAO, noting that "a scientific consensus does not exist on whether behavior detection principles can be reliably used for counterterrorism purposes." "TSA has bungled the development and deployment of a potentially important layer of aviation security," said Rep. John Mica (R-Fla.), who requested the report. Mica, the top Republican on the House Transportation and Infrastructure Committee, called on the Obama administration to reorganize the TSA so it can better carry out its mission.


'Modifying' Miranda Modified the Political Debate
Associated Press (05/20/10) Yost, Pete

Criticized for months by Republicans as not being tough on terrorism, the Obama administration is offering to work with Congress to modify the public safety exception on Miranda warnings. The shift would give investigators greater flexibility in the critical early phases of terror investigations. It is still uncertain how a change to the public safety exception in Miranda would work and how long it could delay providing the warnings. Federal officials will not talk about their options, but seasoned constitutional lawyers and former prosecutors suggest such a terrorism exception could last up to 48 hours - longer than a court-mandated public safety exception that already allows law enforcement to hold off Miranda warnings for several hours during emergencies to save lives. Syracuse University law professor William Banks sees a range of possible approaches in any Miranda proposal that the Obama administration sends to Congress - for example, delaying for some reasonable period of time informing someone of the right to a lawyer and a right to remain silent, and possibly delaying delivering a suspect before a magistrate. While the issue of Miranda warnings has warmed up, two terrorism issues troubling the Obama administration have faded, at least for now. They are questions of where to try the 9/11 terrorism suspects and where in the United States to relocate detainees from the military-run prison at Guantanamo Bay, Cuba, which the president has promised to close.


Taliban Planning Attacks in Washington
WTOP News (05/19/10) Green, J.J.

The investigation into the failed Times Square bombing attempt has uncovered evidence that the busy tourist spot in midtown Manhattan was not the only location being targeted by suspect Faisal Shahzad. According to reports from a New York television station, Shahzad told investigators that he also wanted to attack Rockefeller Plaza, Grand Central Terminal, the World Financial Center, and defense contractor Sikorsky's Connecticut headquarters. The findings come amid concerns in the U.S. counterterrorism community that the Taliban--which authorities believe was behind the botched car bombing in Times Square--could launch attacks in New York City and Washington, D.C., within the next five or six months. Fred Burton, the vice president of intelligence at Stratfor Global Intelligence, said officials have not identified any likely targets for attacks in Washington, D.C., though he noted that public transportation and busy tourist areas are at the highest risk of attack. However, some experts say that Taliban lacks the money and the ability to launch an attack on the U.S.


Vt. Farmer Draws a Line at US Bid to Bolster Border
Boston Globe (05/17/10) Filliped, David

The Department of Homeland Security is finding it difficult to move forward with its plans to upgrade the border crossing facility at Morses Line, Vt., which sits on the U.S.-Canadian border. In order to improve the outdated facility, which was built in 1934 and is only lightly used, the U.S. government would need to acquire nearly five acres of land from a nearby dairy farm. The government has offered to purchase the land for $39,500, but the family that owns the farm, the Rainvilles, say that the property is worth far more than the government's offer. However, the government has said that it will assert eminent domain over the land if the Rainvilles refuse the offer. Meanwhile, several government officials are wading into the dispute. Among them is Sen. Patrick Leahy (D-Vt.), who supports the Rainvilles and says that the Morses Line facility could be closed. The Rainvilles have also said that the Morses Line facility should be closed and that the nearby Highgate Springs border crossing, which is used by hundreds of thousands of vehicles each year, should be upgraded instead. Although the government has already hired a contractor to modernize Morses Line, it will hold a public meeting in Vermont on Saturday to consider all options for securing the border, including closing Morses Line.




Latest Computer Threat Could Be Worst Yet
University of Texas at Dallas (TX) (05/20/10)

Researchers at the University of Texas at Dallas (UTD) are studying the potential threat of "reactively adaptive" malware. UTD computer scientist Kevin Hamlen and data-mining expert Latifur Khan are developing ways to thwart such attacks, which are still hypothetical. "Today's malware mutates randomly in order to avoid detection, but reactively adaptive malware is more intelligent, learning and adapting to new computer defenses on the fly," Hamlen says. "What we've realized is that the same technology that goes into antivirus software could be turned on its head to make some viruses nearly unstoppable." Reactively adaptive malware would use the same algorithms that antivirus software uses to detect software, but would use them to stay a step ahead of antivirus defenses. The researchers plan to use data-mining techniques to enable antivirus software to update their databases quicker, which would allow the software to adapt before the malware can mutate.


NASA Security Chief Orders Bold Change to Secure Networks
NextGov.com (05/19/10) Aitoro, Jill R.

An information technology (IT) security official at NASA has issued a memo that outlines a new approach to IT security at the agency. Under the new approach, which was developed by Jerry Davis, NASA's deputy chief information officer for IT security, the agency's information system managers will stop certifying that their networks are compliant with the 2002 Federal Information Security Management Act (FISMA) every three years and instead use systems that continuously monitor whether their networks have vulnerabilities that attackers could exploit. This process will be used as long as NASA and other agencies have to submit annual status reports for networks and vulnerabilities uncovered during the monitoring process. Although information system managers will no longer have to certify that their networks are FISMA compliant every three years, new information systems will be required to meet the legislation's certification and accreditation requirements when they go online for the first time. Security professionals are applauding the new approach, saying that it will result in better security for NASA's computer systems. Others point out that the new approach will save NASA money and will give officials more time to deploy automated security tools, since they will be spending less time writing reports in order to comply with FISMA. But experts say that other agencies may not follow in NASA's footsteps anytime soon. Although the U.S. State Department has adopted a similar approach to IT security, other agencies will likely be reluctant to follow suit because they feel that their security strategy is the right one since they have been using it for so long, says SANS Institute research director Alan Paller.


Skype Worm No Cause for Panic, Says Expert
CSO Online (05/18/10) Goodchild, Joan

Security research company BKIS warned in early May of a nefarious virus targeting both Skype and Yahoo Messenger. BKIS said in a blog post that the attack spread by inserting malicious URLs into chat windows with highly advanced social engineering hooks. Each message sent contains different content, said BKIS researchers. Some examples include "Does my new hair style look good?" and "My printer is about to be thrown through a window if this pic won't come our right. You see anything wrong with it?" The message contains a URL to a Web site that appears to contain a JPEG or image file. "The users are more easily tricked into clicking the link by these messages, because users tend to think that 'their friend[s]' are asking for advice," BKIS said in the blog post. "If a user clicks the link, his browser will immediately load to a Web site with Rapidshare-like interface, and a .zip file will be available for download."


Seattle Is Riskiest City for Cybercrime, Report Says
AmericanCity&County.com (05/17/10)

Seattle has the highest rate of cybercrime of any U.S. city, according to a report from Symantec and BestPlaces. The rankings were formed by analyzing Symantec Security Response's information on cyberattacks and potential malware infections, in addition to third-party data on online behavior, such as online shopping logging in at Wi-Fi hotspots. Seattle placed near the top in categories such as cyberattacks and possible infections, online behaviors that can make people more vulnerable to cybercrime such as online shopping and banking and wireless Internet access. Boston and Washington, D.C., came in at second and third place, respectively, with both cities dealing with a high volume of cyberattacks. Coming in at number four, San Francisco heads the category for riskiest online behavior and highest number of Wi-Fi hotspots per capita. The other six cities in the top 10 are Raleigh, Atlanta, Minneapolis, Denver, Austin, and Portland.


P2P Networks a Treasure Trove of Leaked Health Care Data, Study Finds
Computerworld (05/17/10) Vijayan, Jaikumar

Dartmouth College researchers have found that health care data is as easily accessible on peer-to-peer (P2P) networks now as it was before the enactment of a new U.S. data security law last September. The study found that more than 20 percent of the documents researchers discovered after performing keyword searches on P2P networks contained information that would be protected under the law, known as the Health Information Technology for Economic and Clinical Health (HITECH) Act. The study found that much of the sensitive data found on P2P networks--such as insurance information, sensitive patient communications, and personally identifiable information--was contained in insecure spreadsheets and Microsoft Word documents. Dartmouth professor Eric Johnson says this indicates that many organizations are not taking steps to adequately protect data as they are required to do under the HITECH Act. The study also found that many organizations were not even aware that they were leaking information over P2P networks, Johnson says.


Abstracts Copyright © 2010 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: