| Police: Hospital Suspect Killed Self, Mother Associated Press (09/16/10) Two people were killed and one person was wounded during a shooting at Johns Hopkins Hospital in Baltimore on Thursday. Police say that the shooter, 50-year-old Paul Warren Pardus of Arlington, Va., was visiting his mother in the hospital and was being briefed on her condition when he became overwhelmed and emotionally distraught. Pardus then pulled out a semiautomatic handgun and shot the doctor once in the abdomen. After a two hour standoff with police, Pardus shot and killed his mother and himself. As the incident was unfolding, classes at the massive facility were put on lockdown, as was a small part of the hospital. In addition, security personnel at the facility tried to keep everyone calm and informed them what steps could be taken if the gunman was roaming the halls. However, most of the hospital, as well as the research and medical education complex, remained open during the standoff and shooting. Experts: No Need for Metal Detectors at Hopkins Baltimore Sun (09/16/10) Calvert, Scott; Scharper, Julie; Roylance, Frank Despite being located in a crime-ridden neighborhood in Baltimore, Johns Hopkins Hospital's Nelson Building--which was the scene of a shooting on Thursday that left two people dead--does not have metal detectors located at its entrances. That allowed the suspect in Thursday's shooting, Paul Warren Pardus, to easily carry a handgun to eighth floor of the building. Although officials at Johns Hopkins have said that Thursday's shooting could prompt further discussions about installing metal detectors at the hospital, they also said that it would be impossible to force the 80,000 patients and visitors who enter the facility each week to go through such security screening. Security experts agree that using metal detectors at hospitals is impractical, saying that the facilities need to remain places where visitors and patients feel welcome. Instead of metal detectors, Johns Hopkins will likely continue to rely on the security measures that it has already put in place, including the use of searches and magnetometer wands in the emergency department. In addition, the hospital has 400 unarmed security guards at its campus, as well 150 armed off-duty police officers. Baltimore City Police also monitor the facility's 136 security cameras at its surveillance office. Google Fired Worker After Customer Breach Wall Street Journal (09/15/10) Efrati, Amir Google has announced that it has fired a software engineer at its Seattle office for allegedly violating its internal privacy policies. In a blog post announcing the decision, Google's senior vice president of engineering, Bill Coughran, said that engineer David Barksdale accessed the private information of several underage users. Coughran noted that Google is taking several steps to ensure that a similar breach does not take place again, including conducting more frequent audits of its logs to ensure that its security controls are effective. Coughran also said that Google already carefully controls the number of employees who have access to its systems. News of the security breach comes in the wake of several other controversies over Google's privacy practices. For example, Google is being investigated by authorities in the U.S. and overseas for accidentally collecting personal data on unsecured Wi-Fi networks as its vehicles drove around city streets taking pictures for Google Maps. In addition, Google was recently sued by several users of its social networking service Buzz for exposing their contact lists to others without their permission. That lawsuit has since been settled, and Google has taken steps to change the way contacts are displayed on Buzz. Medical Marijuana Laws Create Workplace Gray Areas Missoulian (MT) (09/14/10) Moore, Michael Montana's Medical Marijuana Act, which makes it legal for patients to use the drug to control pain or other symptoms, creates some gray areas for the state's employers. Companies are not required to accommodate the use of the drug in the workplace, but there are a number of questions that remain at issue. These include whether employers should test for the drug, how they should determine if an employee might be impaired while on the job, what to do if an employee is allowed to use medical marijuana, and what action to take if that employee is impaired and creates a dangerous situation. Members of the Montana legislature say they hope to clear up some of these questions by revamping the Marijuana Act, which was passed by initiative in 2004, when they return to session in January. Most of the proposed changes to the statute are based on Colorado's medical marijuana law. One key change would require the state Board of Medical Examiners to institute guidance for physicians who see medical marijuana patients. Dealing With Emotions After Violence Comes to the Workplace Philadelphia Inquirer (09/13/10) Von Bergen, Jane M. Companies must be prepared to deal with the wide array of emotions employees are likely to experience following violence in the workplace. In the immediate wake of an incident of workplace violence, it will would be appropriate to close the business for a short period of time. However, experts recommend that employees return to work as soon as possible so that they can be close to their peers who are going through similar emotions. The company should also expect employees to need extensive information on the incident, which management should be prepared to provide as often and as accurately as possible. Supervisors should work to normalize employee reactions, to let them know what they are feeling is okay. Additionally, management should not try to set up a rigid routine. Instead, they should make counseling available to all employees so they can determine what else they may need to cope with the trauma they have faced. Employers should be sympathetic that their workers' reaction to trauma may cover a broad spectrum ranging from physical symptoms, lack of concentration, and increased substance abuse to a reluctance to return to work or stay at work and changes in interactions with coworkers and supervisors. U.K. Spy Chief Warns of Somalia Terror Threat Associated Press (09/17/10) In a rare public speech on Friday, Jonathan Evans, the director-general of Britain's MI5 spy agency, said that drone attacks on al-Qaida leaders in Pakistan could cause terrorists to attack the U.K. from other countries. Among the countries that is being increasingly used as a base for terrorists is Somalia, Evans said. He noted that terrorists from around the world are traveling to the North African country to train in camps run al-Shabaab, a Somali terrorist group that is affiliated with al-Qaida. Yemen could also increasingly become a source of attacks against the U.K., since the radical Muslim cleric Anwar al-Awlaki is based in the Middle Eastern country, Evans said. According to Evans, al-Awlaki's call for his followers to launch attacks of any kind against the West could result in a lone-wolf attack against the U.K. Evans also expressed concern about the threat from Irish terrorists. So far this year there have been 30 terrorist attacks in Northern Ireland, up from 20 in 2009. Evans noted that there is a risk that terrorists from Northern Ireland, as well as extremists from Yemen and Somalia, could attack the 2012 Olympics in London. Govt Warns of Bali Terror Threat Sydney Morning Herald (Australia) (09/17/10) The Australian government has issued a warning to any citizens who have scheduled travel to Bali to commemorate the 2002 and 2005 Bali bombings of the possibility of fresh terrorist attacks. The bombings killed 202 people, including 88 Australians, while the 2005 bombings claimed the lives of 26 people, including four Australians. The Australian consulate in Bali is planning commemoration ceremonies. However, Australian security officials say they "continue to receive credible information that terrorists could be planning attacks in Indonesia which could take place at any time." Based on this information, the government asks that Australians choosing to travel to Indonesia to avoid places likely to be targeted. Man Accused of Moving Cash for Bomb Plot Wall Street Journal (09/16/10) Rothfeld, Michael A Centereach, N.Y., man was arrested on Wednesday and charged with using an illegal money transfer business known as a hawala to fund the botched Times Square bombing plot. Prosecutors say that associates of the Pakistani militant group Tehrik-e-Taliban arranged to have Mohammad Younis transfer thousands of dollars to Faisal Shahzad, the man who has admitted to carrying out the failed Times Square bombing. In addition, prosecutors say that Younis called Shahzad on April 10 to arrange to give him the money. Younis then met Shahzad later that day in Long Island in order to give him the funds. Younis has pleaded not guilty to charges of conspiracy and running an unlicensed money transfer business. He has also denied being involved with terrorism. Prosecutors have conceded that they have no evidence that Younis knew that Shahzad planned to use the funds to carry out a terrorist attack. The indictment of Younis comes as U.S. authorities try to crack down on the use of hawala, in which money is transferred not through banks but through a broker who arranges payments to the intended recipients. Several people have been charged with using hawala to transfer funds to terrorist groups like al-Qaida and Hamas over the last several years. Rendell 'Appalled' by State's Tracking of Activists Philadelphia Inquirer (09/15/10) Couloumbis, Angela Pennsylvania Gov. Ed Rendell announced Tuesday night that he was terminating a contract with a company that was hired by the state Office of Homeland Security to collect information about possible security threats, but instead gathered information about legitimate protests. Rendell noted that the firm, Philadelphia-based Institute of Terrorism and Research Response, collected information about gay and lesbian groups, antiwar and antinuclear activists, animal rights groups, and others, and passed the data on to the state Homeland Security Office. The office then disseminated the information in an intelligence bulletin that is published three times per week, Rendell said. State officials say that the bulletin is sent to law enforcement officials as well as representatives of companies whose industries are mentioned in the memo. A bulletin released in August, for example, noted that public hearings on natural-gas drilling in the Marcellus Shale would be attended by anti-drilling protesters. Such memos have been criticized by anti-drilling and other groups, who said that Pennsylvania should not be acting as a security agent for private companies. Rendell, meanwhile, said the collection of the information on non-threatening groups distorted and mocked the state government's responsibility to protect its critical infrastructure and collect and share information on credible threats. Legislation Would Federalize Private Guards Who Protect U.S. Government Buildings Washington Post (09/14/10) P. B03 O'Keefe, Ed Members of the House Homeland Security Committee introduced legislation on Monday that would federalize the security force that guards U.S. government buildings. Under the bill, which was introduced by Rep. Sheila Jackson Lee (D-Texas) and co-sponsored by Rep. Bennie Thompson (D-Miss.), the Federal Protective Service--the private company that is currently charged with guarding federal buildings--would be required to hire 550 new federal inspectors. Jackson Lee noted that while that number is "not enough," it is all that the FPS can currently handle. She added that the new inspectors would help FPS federalize most, if not all, of its security guards. In addition, the bill calls for the creation of a set of nationwide training and certification standards for private security guards. FPS would also be required to hire contract oversight staffers to monitor the companies that hire private guards. Finally, the bill would allow the Government Accountability Office to take one year to determine whether a federalized security force would do a better job at protecting government buildings than private guards. If the GAO determines that the federalized security force is a success, the security guards would be placed on the government payroll permanently. The introduction of the bill comes more than a year after government auditors were able to smuggle bombmaking materials into 10 major federal facilities, despite the presence of FPS guards. Protection Needs to Go Beyond the Network, and Focus on Data Computer Weekly (09/16/10) Ashford, Warwick Of the 1,000 IT security professionals who took part in a recent Securosis survey, 73 percent said that the number of security incidents their organizations experienced has either stayed the same or declined. That finding could be an indication that data security has finally penetrated the mainstream of the security industry. However, the survey also found that IT security professionals are not getting what they expected from the security technologies their companies are using. Between 40 percent and 50 percent of the IT security professionals who took part in the survey said their security technologies either eliminated or significantly reduced the number of security incidents their organizations experienced, though fewer said that these technologies reduced the severity of security incidents and reduced compliance costs. Among the best technologies for reducing the number of security incidents, the severity of those incidents, and the cost of compliance is network data loss prevention, full drive encryption, and endpoint DLP, respondents said. Web application firewalls were rated highly for reducing the number and severity of security breaches, but not for reducing compliance costs. Anticensorship Tool Proves Too Good to Be True Technology Review (09/15/10) Naone, Erica Security experts led by Jacob Appelbaum have uncovered serious vulnerabilities in the Censorship Research Center's Haystack software program, which is designed to help dissidents bypass government Internet censorship. Appelbaum warns that Haystack's privacy safeguards could be easily broken by government authorities, who could use the tool to track down users and identify the content they have accessed. It took Appelbaum and colleagues less than six hours to penetrate Haystack's privacy protections. University of Cambridge professor Ross Anderson says it is extremely tough to design censorship circumvention tools that function properly. He notes that such tools not only must provide access to restricted Web sites, but also shield users' anonymity and avoid generating clues that government officials could use to identify users. Ross finds it distressing that Haystack's creators did not accept more assistance from established censorship circumvention experts. New Wave of DDoS Botnets Emerge Dark Reading (09/14/10) Higgins, Kelly Jackson A new breed of defiant distributed denial-of-service (DDoS) botnets are propagating. One from China operates openly on the Web, enlisting 10,000 new compromised machines as bots every day. Damballa Research's discovery in mid September of the IMDDOS, a commercial service specializing in DDoS attacks, is now one of the largest active global botnets. The botnet is comprised mostly of compromised computers in China, but U.S. machines are in the top 10 nations with infected IMDDOS machines, many of which are from North American Internet service providers and large corporations. Damballa's Gunter Ollmann says IMDDOS increased in activity to about 25,000 unique recursive DNS lookups every hour, and notes that the botnet is going after named Web servers. Arbor Networks researchers are probing IMDDOS' possible relation to YoyoDdos, another Chinese DDoS botnet that has attacked about 200 sites in both China and the United States. Shadowserver's Andre' Di Mino reports that DDoS as a business is prospering and showing signs of continued evolution, and notes that there are plenty of groups willing to execute attacks for a price. Furthermore, demand for such services is rising. The most significant shifts in DDoS have been attackers targeting the application layer instead of the network layer, at HTTP and DNS. Ollmann observes that DDoS botnets are usually constituted from hand-me-down or recycled botnets, while the commercial black market for DDoS is expanding and growing in visibility. Security Experts Warn of Hot-Spot Dangers Computerworld (09/13/10) Pratt, Mary K. Employees are unwittingly exposing their personal and professional data as they access public Wi-Fi hot spots at hotels, airports, and coffee shops, according to security experts. Ryan Crum, former director of information security at PricewtaerhouseCoopers Advisory Services, says he has noticed unencrypted Social Security numbers, corporate financial data, and information about mergers and acquisitions making the rounds on public Wi-Fi networks, especially in emails. Security professionals recommend that IT executives take a number of steps to insulate information in a public hot-spot environment. They should establish and enforce secure authentication policies for devices attempting to access corporate networks, and mandate that employees use a corporate VPN and encryption when making connections and sharing information. IT executives also should make an effort to ensure all devices and software applications are current on their patches and configurations, and guarantee that corporate security policies prohibit workers from accessing sensitive information on mobile devices or unauthorized computers. In addition, IT executives should distribute broadband air cards, which require a service plan, so employees do not have to depend on public hot spots. CMU Researchers Work on Web Security, Access Pittsburgh Tribune-Review (PA) (09/13/10) Cronin, Mike The U.S. National Science Foundation (NSF) is funding studies at more than 30 institutions across the United States in an effort to make Web surfing safer. For example, Carnegie Mellon University researchers, in collaboration with researchers at Boston University and the University of Wisconsin, are building an Internet framework to accommodate yet-to-be developed technologies. Meanwhile, a University of California, Los Angeles team is focusing on securing data no matter where it exists, instead of securing host computers. Rutgers University researchers are examining improving the security and reliability of information produced by mobile devices, instead of desktop computers. And University of Pennsylvania scientists are analyzing ways to increase the speed, availability, and security of cloud computing. "We hope to have a collaboration among the project researchers," says NSF's Darleen Fisher. Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment