| |
Schools' Petty Cash Tapped for $640,000
Wall Street Journal (06/04/10) Martinez, Barbara
The Special Commissioner of Investigation for the New York City School District released a report on Thursday that showed that several people who did not work for the Department of Education were able to use the agency's petty-cash account to pay for $640,000 in personal expenses between October 2003 and February 2007. The report noted that theft was uncovered when an unidentified woman told J.P. Morgan Chase, the bank that handled the account, that someone was using the funds to pay a personal bill. In the wake of the theft, stringent controls and processes were put in place to secure other petty-cash accounts, said Department of Education spokesman Danny Kanner. In addition, the ringleader of the theft, Albert Attoh, has since been convicted and sentenced to one year in federal prison and ordered to pay more than $275,000 in restitution. The theft was not the first to take place at the Department of Education. Last year, a clerk at the department stole more than $60,000 to make personal purchases, including trips around the world with his family.
Taxi Driver Kills 12, Wounds 25 in England
Dallas Morning News (TX) (06/03/10)
Twelve people were killed and 25 others were injured when a taxi driver went on a shooting spree in a rural county in northwestern England on Wednesday. The mass shooting, which was the deadliest to take place in the U.K. since 1996, began when 52-year-old Derrick Bird drove his cab through the town of Whitehaven and opened fire, killing several people, including two of his colleagues. Bird then drove his cab through several other towns in the area and fired at a number of other people. Among the dead was a farmer's son, who was shot dead while in a field. Meanwhile, security was beefed up at the Sellafield nuclear processing plant as the events unfolded. Workers there were ordered to stay inside until police were able to capture the gunman. However, Bird shot and killed himself in a wooded area before he could be captured. The investigation into the shootings is ongoing. Police say they do not yet know what Bird's motive was, or whether the shootings were simply random acts of violence. Authorities are looking into reports that Bird had an argument with other cabdrivers the night before the shooting.
Steve Jobs: iPad Suicide Factory 'Pretty Nice'
InformationWeek (06/03/10) McDougall, Paul
Apple CEO Steve Jobs told attendees at the D tech conference in California earlier this week that the iPad production facility in Taiwan where 10 employees have committed suicide is not a sweatshop. Jobs says that the factory, which is operated by subcontractor Foxconn, is "pretty nice" because it is equipped with swimming pools and restaurants. But critics say that despite such amenities, Foxconn may have been pushing workers too hard in recent months to meet production demands for the iPad. Jobs says that Apple is investigating the suicides as well as worker conditions at the facility.
Keeping Control: Cutting Security Costs May Increase Risk
Controller's Report (06/10) Vol. 2010, No. 6,
The main challenge for controllers during an economic downturn is to identify the most successful cost-cutting strategies without making the organization more susceptible to burglaries, insider thefts, and other risks. In a recent survey, Security Budgets & Cost-Containment Strategies 2010, this publication asked security leaders about their organizations' total projected budget for physical and asset security in 2009, including planned capital expenditures and security operating budget. Most security executives believe an organization should allocate more than 0.75 percent of its annual revenue to security. When organizations set aside less, a majority of security leaders say that security resources are insufficient. Overall, nearly four in 10 organizations -- 39 percent -- spent less on asset protection last year than they did in 2008. Just 26 percent of organizations are spending more. The average change to the security budget in 2009 was a decrease of 2.1 percent, according to respondents. The survey also found that a majority of business and professionals services companies spend less than 0.5 percent of their overall revenue on security.
Surveillance Software Knows What a Camera Sees
Technology Review (06/01/10) Simonite, Tom
University of California, Los Angeles (UCLA) researchers have developed Image to Text (I2T), a computer vision system that can generate a real-time text description of what is happening in a surveillance camera video feed. The researchers put a series of computer vision algorithms into a system that accepts images or video frames as input and generates summaries of the input. I2T uses an image parser to break down an image by separating the background from objects in the picture. Next, the meaning of the objects is determined. "This knowledge representation step is the most important part of the system," says UCLA professor Song-Chun Zhu. I2T includes a database of more than two million images containing objects that have been identified and classified into more than 500 categories. The video-processing system uses algorithms that can describe the movement of objects in successive frames. Although the system demonstrates a step toward what Zhu calls a "grand vision in computer science," I2T is not ready for commercialization. Improving the system's knowledge of how to identify objects and scenes by adding to the number of images in the database will help I2T grow, Zhu says.
Los Angeles Police Ask Public's Help in Fighting Terrorism Threat
Los Angeles Times (06/04/10) Rubin, Joel
Police in Los Angeles have expanded a program that allows citizens to report suspected terrorist activity. During a news conference on Thursday, LAPD Police Chief Charlie Beck and Airport Police Chief George Centeno joined Los Angeles Mayor Antonio Villaraigosa and community leaders in announcing the expansion of the program, known as iWatch, into Los Angeles' airport. The move will allow travelers who observe suspicious activity to provide written descriptions, video, or photographs of what they saw through an online portal operated by the LAPD. The information--which can be audited by a third party in order to ensure that people are not being falsely accused of being involved with terrorism--is then given to the LAPD's counterterrorism analysts, who will try to determine whether there is a possible link to terrorism. If a terrorism connection is found, the data is given to a multi-agency, regional task force responsible for investigating suspected terrorist activity. Only a few reports have been filed through the system so far, though some of those have been significant, said Deputy Chief Michael Downing, the head of the LAPD's counterterrorism unit.
Hempstead Man Charged With Trying To Aid al-Qaida
Houston Chronicle (06/04/10) Schiller, Dane
A federal grand jury has indicted Barry Walter Bujol Jr. for attempting to provide al-Qaida with global positioning instruments, cell phones and a restricted publication on the effects of U.S. military weapons in Afghanistan. Bujol was arrested by federal agents while attempting to board a ship bound for the Middle East at the Port of Houston in Texas. A U.S. citizen, Bujol came under investigation by the FBI Joint Terrorism Task Force in 2008. The task force determined he was sending e-mail to Anwar al-Aulaqi, a known associate and propagandist for al-Qaida in the Arabian Peninsula. Al-Aulaqi provided him with a document titled “42 Ways of Supporting Jihad.” Bujol also allegedly sought al-Aulaqi for advice on how to provide money to the mujahedeen overseas. Al-Aulaqi is the native-born U.S. citizen who exchanged e-mail with the suspect in the 2009 Fort Hood shootings, Army psychiatrist Nidal Malik Hasan. In addition, Bujol made three unsuccessful attempts during February and March 2009 to leave the country and travel to Yemen or elsewhere in the Middle East, according to court documents.
Turkish Charity That Sent Aid Convoy To Gaza 'Has Links to Terrorism'
Times Online (United Kingdom) (06/03/10) Christie-Miller, Alexander
The Foundation for Human Rights, Freedoms, and Humanitarian Relief (IHH), which had 40 members aboard the ship recently raided by Israeli troops, has come under scrutiny for links to militant organizations. Israel now says that the IHH has links to the militant Palestinian group, Hamas, despite its claims to be completely peaceful. The Israeli claims are supported by French investigating magistrate Jean-Louis Bruguiere, who says that the IHH's leader, Bulent Yildirim, made efforts to "recruit veteran soldiers in anticipation of the coming holy war." Mr. Bruguiere testified at the U.S. trial of a suspect charged with the attempted bombing of Los Angeles airport, saying that the IHH played an important role in the plot. Additionally, a 2006 report by the Danish Institute for International Studies described the group as a front for funding terrorist organizations.
Al Qaeda Again Forced to Fill Risky No. 3 Post
Wall Street Journal (06/02/10) Gorman, Siobhan
Terrorism experts say that al-Qaida should not have a problem replacing Mustafa al-Yazid, who held the No. 3 post in the group until he was killed in a drone strike last month. According to Bruce Hoffman, a professor at Georgetown University and an expert on al-Qaida, seven different people have held al-Yazid's post since 2001. There are a number of reasons why al-Qaida has gone through so many operations chiefs, including the fact that the post is very dangerous since it requires regular contact with people from other organizations. As a result, the person who holds the post of operations chief can be more easily found by U.S. intelligence. But although al-Qaida should be able to easily find a replacement for al-Yazid, experts say that it will be difficult for the organization to find someone who is just as valuable. Al-Yazid was seen as an asset to al-Qaida because he provided links between the organization's leaders and others who were working with the group to execute attacks. Because al-Yazid was so valuable to al-Qaida, experts fear that whoever holds the No. 3 post next will feel pressure to show he can take operational control of the terror network by launching a major attack.
Firm Plans to Restart Airport Security Express Service
Los Angeles Times (05/31/10) Martin, Hugo
The express airport security service known as Clear is expected to become available again sometime in the summer. The service--which allows airline passengers who pay a subscription fee and submit to an identity check to pass through security lines more quickly--will be offered by New York-based Alclear, which purchased the assets of Clear's previous parent company out of bankruptcy. Alclear has hired Jim Smith, the former director of properties for JetBlue Airways Corp., to be Clear's chief operating officer and has brought on Mark Ahasic, a former aviation consultant and senior manager at JetBlue, as vice president of business development. The company has also assembled a board that includes former Homeland Security Secretary Michael Chertoff. Prior to the bankruptcy of its parent company, Clear operated in 18 airports nationwide. Memberships that were active before the bankruptcy will be reinstated.
Cyberattacks Seen as Top Threat to Zap U.S. Power Grid
Network World (06/02/10) Messmer, Ellen
A recent report from the North American Electric Reliability Corp. (NERC) has found that power-generation grids in the United States and Canada face three major risks. The report noted that the biggest of those risks was the threat of a coordinated cyber attack. An attacker launching such an attack could manipulate assets and provide misleading information to system operators that are working to address problems caused by the attack, making it difficult for the grid to operate. To defend against such attacks, power grid providers and the government should work towards achieving "graceful degradation" and survivability by deploying better forensics tools and network architecture, the report says. The report also calls for the implementation of a number of "preventative measures" that are built on the "inherent resiliency of the system," as well as preparatory steps that will make it possible for system operators to recognize and respond to attacks. In addition to the threat from cyber attacks, the report also discusses the risks posed by pandemics. The report notes that pandemics pose a threat to power-generation grids because widespread sickness would force power companies to use less experienced employees in the operation of their generation plants. NERC does not say in its report how to mitigate the threat posed by pandemics, but does say that federal agencies would have to work together closely to provide an effective response. Finally, the report notes that electromagnetic disturbances, either those that are natural or man-made, pose a threat to power grids. The report does not provide a clear answer on how to guard against this threat.
Unseen Security Risks Lurk in the Copy Room
InfoWorld (06/01/10) Grimes, Roger A.
Recent security reports reveal that documents stored on copy machines and other smart office devices' internal hard drives can generate security risks. The issue is that modern office-class multifunction printers, fax machines, and copiers often feature sophisticated computer systems that contain memory, hard drives, network interfaces, and software. If a user can access a printer/fax/copier using a Web browser, then the machine is running a Web server, most likely Apache or some other open source platform. Apache Web Server 2.2 has had 31 security weaknesses over the last few years, most of which are remotely exploitable. IT managers need to be aware of the risks and assess the vulnerabilities in their environment, write policy mitigations, and have top management and internal auditors okay the solutions and remaining exposures. Policy considerations may include scan networked office equipment for software weaknesses, disconnect unused technologies on the network, create a disposal policy for "smart" office equipment, and find out what software is running on new smart office equipment and who is responsible for patching it.
Macs Under Attack by High-Risk Spyware
InfoWorld (06/01/10) Samson, Ted
A new Intego report undermines the confidence of users who feel safer running Mac OS X instead of Windows. Intego announced that a high-risk spyware application called OSX/OpinionSpy is disseminating via "a number of freely distributed Mac applications and screen savers found on a variety of Web sites." Posing as a "market research program," the spyware—a malware variant that has been lurking around Windows since 2008—is built to amass a trove of data on accessible and local network volumes, then distribute it to its servers for likely nefarious purposes. Intego says that information could include user names, passwords, credit card numbers, Web browser bookmarks, and history. Analysts say that although Apple has a reputation for offering more secure platforms, increasing threats to its systems indicate that the main benefit had been Apple's smaller user base.
Botnets Target Websites With 'Posers'
Dark Reading (06/01/10) Higgins, Kelly Jackson
Botnets are increasingly setting up sham online accounts on legitimate Web sites and online communities in to steal data from companies. This emerging form of targeted attack by botnets is gaining popularity as botnet tools have made bots easier to buy and customize. Georgia Tech professor Merrick Furst says bots are popping up "en masse" on Web sites, posing as humans. "We are seeing tens of thousands of false registrations getting through existing defense-in-depth to get accounts on Web sites," says Furst. "If job listings are your valuable content, what if your competitors set bots to screen-scrape and take your content out the door? This screen-scraping is costing a lot of money and becoming way more prevalent." Botnet operators are exploiting weaknesses in CAPTCHA blockades. Pramana, a Georgia Tech security startup, uses what it calls "HumanPresent" technology to examine online activity in real-time in order to find fraud before it happens. The company observed 60 percent of bots storming through CAPTCHAS and other defenses on the Web site of one Fortune 100 client.
NIST Updates Specs for the Latest Version of SCAP
Government Computer News (06/01/10) Jackson, William
The National Institute of Standards and Technology is soliciting comments on a revised version of its Security Content Automation Protocol (SCAP) specifications. Version 1.1 of the protocol, which is designed to be used to support security automation activities and as a component of information security management and governance programs, includes several specifications that were not included in the previous version. For instance, version 1.1 includes Open Checklist Interactive Language and an upgrade to version 5.6 of the Open Vulnerability and Assessment Language. Version 1.1 also includes eXtensible Configuration Checklist Description Format, Common Platform Enumeration, and Common Vulnerabilities and Exposures. These and the other specifications included in SCAP will be used to support the automated checking of vulnerabilities and patches and compliance with both required and recommended technical control. This will allow information system security management to be standardized and will help promote the interoperability of security products. In addition, SCAP will help spur the use of standard expressions of security content.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment