Friday, May 28, 2010

Security Management Weekly - May 28, 2010

header

  Learn more! ->   sm professional  

May 28, 2010
 
 
Corporate Security

Sponsored By:
  1. "Pot Law: A Conundrum for the Workplace" Colorado
  2. "Australian Navy Stops Somali Pirates"
  3. "Are U.S. Museums Safe From Art Thieves?"
  4. "District Food Servers Charged in Theft of Patrons' Credit Card Numbers" Washington, D.C.
  5. "As Smartcards Loom, Magnetic Cards Made Safer"
Homeland Security

  1. "U.S. Keeps Watch on Iranian Shipping"
  2. "India Train Attack Kills Dozens"
  3. "Obama Security Strategy Focuses on Managing Threats"
  4. "Plot Highlights New Terror Worry"
  5. "Obama to Deploy National Guard, Boost Border Security Funding"
Cyber Security

  1. "Scientist Infects Himself With Computer Virus"
  2. "Major Step Ahead for Cryptography"
  3. "Twitter for iPhone Attracts Malware"
  4. "DARPA Builds Cyber Range to Test Security Measures" Defense Advanced Research Projects Agency
  5. "Cloud Computing Will Improve Security Says Survey"

   

 
 
 

 


Pot Law: A Conundrum for the Workplace
Grand Junction Free Press (05/28/10) Haupt Jr., Wyatt

The medical marijuana law that was approved by Colorado voters in 2000 does not address a number of issues related to the use of the drug. Although the law prohibits medical marijuana users from smoking the drug at work, it does not say how employers are allowed to respond to employees who come to work under the influence of pot or with trace amounts of THC in their system. If the issue ever made its way into the courts in Colorado, judges could look to a 2004 ruling by a U.S. District Court in Oregon that found that the state's medical marijuana law did not void a provision in a collective bargaining agreement that prohibited employees from coming to work under the influence of marijuana or with detectable amounts of the drug in their bodies. It also remains unclear whether medical marijuana users in Colorado could file a lawsuit against their employer for being fired for using the drug while off duty. Although Colorado employees are prohibited by state law from firing employees who engage in legal activities while off the clock, federal laws that ban marijuana would trump the state's laws, said Tobie Hazard, a Denver-based labor and employment opportunity. Meanwhile, few employers in Colorado have policies that specifically deal with the use of medical marijuana by employees. Some organizations in the aviation and law enforcement sectors have policies that prohibit workers from being under the influence of marijuana, regardless of whether it is used for medicinal purposes or not. In addition, some city governments in the state say that there are a number of circumstances under which they will fire employees who use medical marijuana.


Australian Navy Stops Somali Pirates
Sydney Morning Herald (Australia) (05/28/10)

Officials say that an Australian naval vessel intercepted a boat full of suspected pirates on May 25. According to Lt. Tony Nagle, the vessel's operating officer, the pirates were seen in a shipping lane in the Gulf of Aden throwing weapons overboard. Nagle noted that the pirates' actions and their location in an area that has been heavily plagued by pirate attacks seemed to be an indication that they were planning to carry out attacks on merchant ships in the area themselves. After seeing the suspected pirates throw the weapons overboard, the crew from the Australian vessel then boarded the pirate ship and took anything that could be used in a pirate attack. The suspected pirates were allowed to return to Somalia.


Are U.S. Museums Safe From Art Thieves?
Washington Post (05/25/10) P. C1; Trescott, Jacqueline; Zak, Dan

Most of the major art heists that have taken place over the last several years, including the theft of $123 million worth of paintings from the Museum of Modern Art in Paris, have taken place in Europe. However, there have been few if any art thefts of that magnitude at art galleries in Washington, D.C., or the rest of the U.S. There are a number of reasons why such large-scale thefts have not taken place in the U.S., including the fact that American art museums tend to be newer and less exposed. For example, Washington, D.C.'s National Museum of African Art and the Sackler Gallery are both underground. Other museums in the city, including the Smithsonian American Art Museum and the National Portrait Gallery, have visual deterrents to thieves, such as steps, cement planters, and fountains. Finally, art thieves may be deterred from attempting major heists in Washington because the city is not located near an international border, according to retired FBI special agent Robert K. Wittman. European museums, by comparison, are usually not far from international borders because countries on the continent are so close together. In addition, European museums are easy targets because they tend to be located in converted houses with windows that can easily be entered.


District Food Servers Charged in Theft of Patrons' Credit Card Numbers
Washington Post (05/24/10) P. B01; White, Josh

Federal officials have charged three servers at a Cheesecake Factory restaurant in Washington, D.C., with stealing their customers' credit card numbers between 2008 and 2009. According to investigators with the U.S. Secret Service, the fraud began when two men who are believed to be part of a larger fraud ring recruited one of the servers and provided her with a device known as a skimmer, which captures credit-card numbers. The server, Nicole L. Ward, then allegedly recruited two of her colleagues at the restaurant to steal credit-card numbers for the fraud ring as well. After stealing the credit-card numbers, Ward then allegedly passed the skimmers off to her contacts in the fraud ring, who used the data to create fake cards and purchase gift cards and other merchandise in the Washington, D.C., area. By the time the fraud was uncovered by investigators at Citibank, more than $117,000 in fraudulent charges had been made to the stolen accounts. Ward has been charged conspiring to commit bank fraud. The other two servers are cooperating with the investigation.


As Smartcards Loom, Magnetic Cards Made Safer
Computerworld (05/24/10) Vijayan, Jaikumar

Several efforts are underway to make magnetic stripe payment cards more secure. One promising effort uses a card authentication technique that employs data from the magnetic stripe to generate a unique digital fingerprint of each card. The technology is set up to spot and halt the use of fraudulent cards based on stolen payment card data at the payment terminal itself. MagTek's Tom Patterson says a major U.S. merchant will soon announce its support for the technology, and will outfit about 30,000 of its outlets with payment terminals featuring magnetic stripe fingerprint authentication. Patterson says such technologies allow retailers to maintain their support for existing cards more securely for the next several years. There are other efforts to test ways to enhance the security of magnetic stripe card transactions, including a challenge-response method at point-of-sale terminals, and card tokenization.




U.S. Keeps Watch on Iranian Shipping
Wall Street Journal (05/28/10) Fritsch, Peter; Solomon, Jay

In an effort to crack down on Iran's illegal arms trade as well as any expansion of its nuclear program, the U.S. and Israel have begun closely tracking Islamic Republic of Iran Shipping Lines (IRISL) via satellites and naval vessels. The U.S. Treasury has also attempted to cut of the company's ability to use international ports using several strategies, including a campaign asking foreign insurers to stop underwriting Iranian ships. That campaign has already succeeded in convincing both U.K. and Bermudan insurance organizations to freeze their business with IRISL. The majority of the cargo traffic between Iran and its trading partners has been found to be legitimate, and U.S. efforts do not affect the country's trade in petroleum products. Still, the increased pressure on IRISL has turned into an increasingly tense game between the company and Western intelligence agencies. U.S. officials accuse IRISL of repainting its ships and changing the names of its corporate units to avoid detection. These disingenuous actions have, in turn, aided U.S. efforts to gain U.N. approval for sanctions against Iran.


India Train Attack Kills Dozens
Wall Street Journal (05/28/10) Pokharel, Krishna; Beckett, Paul

As many as 65 people died on Friday when Maoist rebels in the eastern Indian state of West Bengal attacked a passenger train. According to Indian authorities, the rebels attacked the train by removing an 18-inch section of track so that it would derail and hit a train traveling in the opposite direction. Authorities also say that an improvised explosive device was used at the scene of the attack. The attack comes as Indian authorities say they are having a difficult time cracking down on the Maoist rebels, who are seeking to overthrow the Indian government. Authorities are having a particularly tough time in preventing the rebels from traveling to the area where Friday's train attack occurred from the neighboring states of Orissa and Jharkhand. According to Shubhanjan Das, the additional district magistrate for Paschim Medinipur, where the train attack occurred, the rebels are able to freely move across the border into West Bengal, launch attacks, and move back into Orissa and Jharkhand.


Obama Security Strategy Focuses on Managing Threats
New York Times (05/27/10) Sanger, David E.; Baker, Peter

The Obama administration on Thursday will release its first formal National Security Strategy, which will outline the approach it plans to take to threats such as terrorism. According to John Brennan, President Obama's homeland security and counterterrorism adviser, the document more clearly defines the nation's struggle with radicalism. Brennan noted that the document does not describe terrorism or terror as the enemy because terrorism is a tactic, while terror is a state of mind. The document notes instead that al-Qaida and its affiliated groups are the nation's enemies, Brennan said. However, the document notes that counterterrorism is no longer the primary focus of the nation's national security, as it was during the Bush administration. Instead, the document states that efforts to deal with violent extremists make up just one part of the U.S.'s national security strategy, and that the biggest national security threat to the U.S. comes from weapons of mass destruction, particularly nuclear weapons. Although much of the document details a national security strategy that is much different than the one outlined by the Bush administration, the two strategies are similar in some respects. For example, the Obama administration strategy hints at continued, albeit limited, use of the state secrets act to prevent courts from obtaining certain information in terrorist cases.


Plot Highlights New Terror Worry
Wall Street Journal (05/27/10) Johnson, Keith

White House counterterrorism chief John Brennan has announced that homegrown terrorism poses an increasing threat to the U.S., and says that the administration's new national-security strategy will address this rising threat. Brennan's comments came just as Hosam Smadi, a Jordanian teenager, pleaded guilty to trying to blow up a Dallas skyscraper in September 2010. In his comments, Brennan said that Smadi's case, as well as a number of other recent terrorism arrests involving Americans or naturalized Americans, are indicative of al-Qaida's new strategy of "relying on recruits with little training… attempting attacks with little sophistication." Brennan argues that the new strategy is the result of increased U.S. pressure on the terrorist organization that makes it difficult for it "to move, raise funds, recruit, train, and plot attacks."


Obama to Deploy National Guard, Boost Border Security Funding
BusinessWeek (05/26/10) Goldman, Julianna; Rowley, James

The Obama administration has announced that it is taking steps to boost security along the U.S.-Mexico border. Under the White House's plan, as many as 1,200 National Guard troops will be deployed to the border to help with surveillance and intelligence gathering to prevent drugs and weapons from being smuggled into the U.S. The administration is also hoping the troops will reduce illegal immigration from Mexico. In addition to deploying troops, the Obama administration is also planning to ask Congress for an additional $500 million in funding for security measures along the border. Lawmakers have praised the proposals, though some Republicans said they did not go far enough. Among them is Sen. John McCain (R-Ariz.), who is planning to introduce legislation that would provide funds to deploy 6,000 National Guard troops along the border. McCain said the 1,200 troops that would be deployed under Obama's plan is not enough to secure the border. In response to McCain's plan, the White House said in a letter that there is no precedent for Congress telling a president how to deploy troops. Meanwhile, Republicans are also planning to divert $2 billion from the stimulus package that was enacted last year to border security efforts.




Scientist Infects Himself With Computer Virus
Financial Times (05/26/10) Palmer, Maija

University of Reading scientist Mark Gasson has deliberately infected himself with a computer virus in order to study the potential risks of implanting electronic devices in humans. Gasson implanted a radio frequency identification chip into his left hand last year. The chip, which is about the size of a grain of rice, gives him secure access to Reading's buildings and his mobile phone. Gasson then introduced a computer virus into the chip. He says the infected microchip contaminated the system that was used to communicate with it, and notes that it would have infected any other devices it was connected to. Gasson says the experiment provides a "glimpse at the problems of tomorrow," considering devices such as heart pacemakers and cochlear implants are essentially mini-computers that communicate, store, and manipulate data. "This means that, like mainstream computers, they can be infected by viruses and the technology will need to keep pace with this so that implants, including medical devices, can be safely used in the future," he says.


Major Step Ahead for Cryptography
University of Bristol News (05/26/10) Fryer, Joanne

Researchers at the University of Bristol (UB) and Katholieke University have developed a new system for encrypted data computing that they say could have a broad impact on areas such as database access, electronic auctions, and electronic voting. "Our scheme allows for computations to be performed on encrypted data, so it may eventually allow for the creation of systems in which you can store data remotely in a secure manner and still be able to access it," says UB professor Nigel Smart, who developed the system along with Katholieke's Frederik Vercauteren. Many encryption schemes have been proposed that either have the "add" operation or the "multiply" operation, but not both. In 2009, IBM researcher Craig Gentry developed the first scheme that simultaneously allows users to add and multiply ciphertexts. However, Gentry's scheme was only theoretical. Smart and Vercauteren's scheme is a simpler version of Gentry's scheme. Although the new system is not fully practical, it is a key step toward forming a system which is truly practical.


Twitter for iPhone Attracts Malware
InformationWeek (05/25/10) Schwartz, Matthew

Recent topics trending on Twitter may sound innocuous, but hackers are increasingly using them to deliver malware to unwitting users. One recent attack, which aims to download users' online banking information, is taking advantage of the release of the first official Twitter iPhone application. Click a URL in a hacker's Twitter post and get rerouted to a Web site carrying a Trojan infection. Run it, and the user's Windows PC can end up compromised by a virus that is seeking out online banking credentials. Kaspersky Lab's Dmitry Bestuzhev says the Trojan also can implant itself on USB devices, disable Windows' task manager, and quell Windows Security Center alerts. This attack does not resemble another popular attack on Twitter users—namely, through Rogue AV malware, which uses a "tweet" link to direct a user to a Web site with a fake video. Click on it, and the Web site asks you to download an application loaded with malware. "The Twitter security team is trying to do its best," Bestuzhev says. "Once a malicious URL is detected, it gets reported to be blocked."


DARPA Builds Cyber Range to Test Security Measures
Government Computer News (05/24/10) Rosenberg, Barry

The U.S. Defense Advanced Research Projects Agency (DARPA) is working with industry to develop the National Cyber Range (NCR), a cyber security testbed for researching network attack-and-defend strategies on a wide scale. The goal is to accelerate government research and development in high-risk, high-return areas and jumpstart technical cyber transformation in the private sector. The NCR will provide a real-world simulation environment that companies and research organizations can use to develop and test advanced concepts and capabilities for defending U.S. communications networks against cyber threats. "We want to create a test range that is fully automatic and rapidly configured so that we can get the results back out to the community," says DARPA's Michael VanPutte. NCR is part of the Comprehensive National Cybersecurity Initiative (CNCI), a government-wide effort to increase the U.S.'s defenses against electronic attack. For CNCI to be successful, the government must develop technologies that dramatically improve cyber security. "We need better solutions, so what we ask is for the community to bring their ideas to NCR, test them, and see what works and what doesn't work in a quick fashion," VanPutte says. During the second phase of the NCR program, which began in February 2010, DARPA, Lockheed Martin, and Johns Hopkins University will build and evaluate prototype ranges and their corresponding technology. "By bringing nation-state-level offensive capability into the NCR, we can test out defensive tools in a more realistic fashion and get more realistic results out to the community," VanPutte says.


Cloud Computing Will Improve Security Says Survey
Infosecurity (USA) (05/24/10)

Instead of creating security problems, cloud computing actually enhance security for most organizations, according to a survey conducted by the organizers of the 360 Degree IT Event. The survey found that more than 50 percent of organizations believe that cloud computing can deliver more resilient security solutions. The survey of 271 IT professionals also found that 20 percent of respondents thought they would see no improvement and 25 percent of organizations said that it would be infinitesimal. CloudOrigin CEO Richard Hall says the organizational exodus to cloud computing does not mean a reduction in security defenses. On the contrary, he says cloud technology actually brings security standards to a new level. "After decades performing forensic and preventative IT security reviews within banking and government, it was already clear to me that the bulk of security breaches and data losses occur because of a weakness of internal controls," he says. "That's why solutions built on commodity infrastructure ... have already achieved the highest standards of operational compliance and audit possible."


Abstracts Copyright © 2010 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment