| |
Discovery Communications Crisis a Reminder to Review Emergency Plan
Washington Business Journal (09/03/10) Nycz-Conner, Jennifer
In the wake of Wednesday's hostage crisis at Discovery Communications in Silver Spring, Md., companies and building owners should take the time to review their emergency evacuation and continuity of operation plans, experts say. During this review, companies and building owners should ensure that they are keeping track of any communications with people who seem to be harboring animosity towards the company or its employees. Doing this can allow companies to be aware of possible threats, according to Andrew Milne, the senior counsel at Garson Claxton in Bethesda, Md. In addition, companies and building owners should ensure that employees know who to call in what situation. Companies and building owners should also develop ways to communicate with employees that are appropriate for different situations, such as e-mail or the use of area-selective public address systems. If building owners and companies do not have plans in place to deal with a crisis like the one that took place at Discovery Communications, they should begin work on one immediately and educate themselves about potential threats to their staff members.
Cops: No More Bombs Found After Discovery Hostage Standoff
MSNBC (09/02/10)
A four hour long hostage situation at Discovery Communications' headquarters in Silver Spring, Md., came to a violent end Wednesday afternoon when Montgomery County SWAT officers shot and killed the gunman out of fear that his four captives were in danger. The incident began about 1 p.m., when James J. Lee--who had protested Discovery Communications for the past several years because he said it was not doing enough to address global warming and other environmental issues--entered the lobby of the building armed with a gun and a bomb strapped to his body. Employees at the building were notified of the incident by an announcement over the P.A. system that urged them to go back to their desks. Workers responded by hiding in offices until they were told to evacuate. Meanwhile, Lee had taken two hostages--two Discovery Communications employees and a security guard--and threatened to detonate his explosives. At about 4:50 p.m., officers from the SWAT team shot Lee in order to protect the hostages, who eventually made it out of the building unharmed. However, the shooting detonated one of the explosive devices that had been attached to Lee's body. After the situation was resolved, police officers searched the building for more explosives, but did not find any. Discovery's headquarters was closed overnight Wednesday as police continued their investigation. It remains unclear whether employees would be allowed to return to work on Thursday.
Nashville Server's Lawsuit Says Guns in Bars Create Unsafe Workplace
Tennessean (TN) (08/31/10) Rau, Nate
A server at a Nashville bar has filed a lawsuit challenging a Tennessee law that allows customers to bring guns into establishments that serve alcohol. According to the lawsuit, the law violates Tennessee Occupational Safety and Health Administration regulations, which require employers to take steps to protect their employees from dangers to their health, safety, and life. The server alleged in his lawsuit that allowing guns to be brought into establishments where alcohol is served creates an unsafe work environment. But John Harris, a Nashville attorney and the executive director of the Tennessee Firearms Association, said that he did not believe that a court would strike down the law on the grounds that it creates unsafe workplaces. He added that the General Assembly has the authority to create firearms regulations for the state. Should the lawsuit fail at the state level, the server could file another lawsuit in federal court, an attorney for the complainant said.
Universities Must Halt Digital Piracy on Campus or Risk Losing Federal Funding
Dayton Daily News (OH) (08/30/10) Magan, Christopher
Many U.S. colleges and universities are at risk of losing federal funding unless they step up efforts to curb the piracy of music and movies. The 2008 reauthorization of the Higher Education Opportunity Act says that schools may lose their eligibility for federal student aid and research dollars if they do not implement plans to "effectively combat" the piracy of copyrighted materials by students. "They put teeth behind the need to address file-sharing on college campuses," said Thomas D. Skill, associate provost and chief information officer for the University of Dayton. "The safest harbor is to block traffic. We have tried every other avenue out there." The University of Dayton is blocking the use of peer-to-peer sharing programs, including BitTorrent and Kazaa, but other schools are taking a lighter approach. For the past five years, Wright State University, for example, has fought piracy with a combination of software and education. "I can't remember the last time we had a repeat offender," said Mike Natale, WSU manager for Internet security.
In China, Western Firms Keep Secrets Close
Wall Street Journal (08/30/10) Mattioli, Dana
Under Chinese law, Western companies that want to enter the Chinese market are required to form a joint venture with a Chinese company and share their technology or intellectual property with them. Although these technology and intellectual property transfers were seen as the cost of doing business in China in the past Western firms are growing increasingly hesitant about sharing sensitive information with their Chinese partners due to fears that they may become competitors. As a result, more and more companies are adopting strategies to protect their intellectual property and technology. For instance, some companies are splitting up the manufacturing process so that some components of a product are made in China but are actually assembled in another country. Mark Gottfredson, a senior partner at Bain & Co., noted that this strategy can help prevent companies in China from obtaining the capabilities to make a product and start selling it themselves. Other Western companies are sending more employees to China to oversee the manufacturing process, while still others are forming joint ventures with smaller companies that are not as likely to become rivals. Finally, some companies are using technology that encrypts and automatically deletes files containing sensitive information.
Ont. Terror Suspect Linked To Pakistan: Police
CBC News (Canada) (09/03/10)
Police in Ontario, Canada, say that they have reason to believe terror suspect Hiva Alizadeh traveled to Pakistan to seeking terrorist training. Alizadeh is one of three men in the province charged in connection with a potential terrorist plot. Police also say they believe Alizadeh was the leader of the group, which also included Misbahuddin Ahmed of Ottawa and Khurram Syed Sher of London, Ontario. In addition to charges of facilitating terrorism in Canada and abroad, Alizadeh is also charged with possessing an explosive substance with intent to harm and providing property or financial services for the benefit of a terrorist group. Investigators say they seized more than 50 improvised bomb detonators stashed in the closet of his Ottawa apartment. Police have also accused Alizadeh of providing support to terrorism with co-conspirators in Iran, Afghanistan, Dubai and Pakistan. During a news conference last week, police alleged one of the suspects had training in improvised explosive devices (IED) and singled out Alizadeh, accusing him of being a member of a terrorist group with links to the conflict in Afghanistan. Pakistani newspapers, citing their own sources, believe the group in question is the Tehrik-e-Taliban — the same group behind the attempted bombing of New York's Times Square in May.
Gates Says Pakistan Havens Still Threaten Afghanistan
Reuters (09/03/10) Stewart, Phil
Defense Secretary Robert Gates said Friday that Taliban militants in Pakistan's Federally Administered Tribal Areas (FATA) still pose a threat to the United States' attempt to restore stability and security to Afghanistan. Because of the serious flooding faced by Pakistan, the country's military does not have the resources to continue its pursuit of militants in the FATA. However, Gates and Afghan President Hamid Karzai have agreed that there needs to be more cooperation between the U.S.-led troops in Afghanistan and the Pakistani military in coming months in order to ensure militants are not able to maintain a foothold in Pakistan. Gates said that cooperation between the two countries is already increasing and that "everybody understands that the sanctuaries on the other side of the border are a big problem." That said, Gates acknowledged that it is highly unlikely U.S. troops will be permitted to cross the Pakistani border in order to pursue militants.
Dutch Release Two Yemeni Men
Wall Street Journal (09/01/10) Miller, John W.
The two Yemeni men who were arrested in Amsterdam earlier this week on suspicion that they were planning to carry out a terrorist attack were released without being charged on Wednesday. One of the suspects, Ahmed Mohamed Nasser al-Soofi, initially aroused suspicion when airport security screeners found a knife, a box cutter, and a cell phone taped to a bottle inside his checked luggage. In addition, Soofi and the other suspect, Hezam al-Murisi, opted to fly to Yemen via Amsterdam instead of stopping in Washington, D.C., where Soofi's luggage was sent. However, authorities eventually determined that it was the airline's fault that Soofi's luggage was sent to Washington without him. In addition, no traces of explosives were found on either men or the suspicious items in Soofi's bag.
Yemeni Passengers Expose Strengths, Weaknesses of Airport Security
Chicago Tribune (08/31/10) Hilkevitch, Jon; Skiba, Katherine
Security experts say that the case of the two Yemeni-American men who were arrested in Amsterdam earlier this week on suspicion of terrorism has shown the strengths and the weaknesses in the United States' aviation security system. According to Homeland Security officials, the system worked as it should have because airport screeners closely examined the suspicious items in one of the men's suitcases, which included a Pepto-Bismol bottle with a cell phone attached to it and bundles of wristwatches and cell phones. In addition, the two men were closely monitored as they continued their trip to Yemen via Amsterdam, officials said. However, counterterrorism experts have said that U.S. authorities should have taken more time in their searches and questioning of the men after the suspicious items were discovered. U.S. authorities instead allowed the men to fly on to Amsterdam, where they were arrested after their flight landed. Some have also said that screeners should have paid more attention to the fact that one of the men had an expired U.S. visa, though a U.S. official said that the fact that the man's visa was expired was not enough for screeners to prevent him from boarding his flight.
Suit Challenges Reach of U.S. 'Targeted Killings'
Wall Street Journal (08/31/10) Perez, Evan
The American Civil Liberties Union and the Center for Constitutional Rights have filed a lawsuit challenging the federal government's targeted killing program. Under that program, individuals who are deemed to be terrorist threats are killed by CIA-operated drones. Among those being targeted by the program is Anwar al-Awlaki, the radical Islamic cleric who is believed to have inspired last November's shootings at Fort Hood and the attempted plot to blow up a Northwest Airlines flight as it landed in Detroit on Christmas Day. In their lawsuit, the ACLU and the CCR say that the U.S. government cannot target al-Awlaki because he is believed to be hiding in Yemen, which is far from the war zones in Pakistan and Afghanistan. In addition, the federal government has not shown that al-Awlaki is an imminent threat to the U.S. in order to justify plans to assassinate him, said CCR Executive Director Vincent Warren. However, Obama administration officials say plans to kill al-Awlaki are legal, since Congress has approved the use of "necessary and appropriate force" against al-Qaida and those associated with the terrorist group.
Spammers Stay Busy Despite Pushdo Botnet Hit
eWeek (09/01/10) Prince, Brian
Despite the shutdown of McColo and the late-August disruption of Pushdo, spammers have continually found opportunities to stay active. Nearly two-thirds of the 30 command and control (CnC) servers tied to Pushdo were moved offline in August thanks to efforts by LastLine, a security vendor. The servers were backed by eight hosting providers, a handful of which did not comply with the vendor's request for action. According to LastLine analyst Thorsten Holz, the intent of the company's investigation was not to completely drive off the botnet, but to glean insight into Pushdo's CnC infrastructure. At its peak, the botnet was believed to be behind as much as 10 percent of all spam. "We worked with different hosting providers and [got] a quick response from many of them, but unfortunately not all providers reacted on our abuse requests," Holz says. "Especially the hosting providers from China did not react at all, which is kind of disappointing." While approximately two-thirds of Pushdo's servers were pushed offline, spam from the botnet is one the rise, according to M86 Security.
Cybersecurity Research Finds Scanning Flaw in HP Printers
USA Today (09/01/10) Acohido, Byron
Michael Sutton, the vice president of security research at Zscaler Labs, recently found that the WebScan function on HP Photosmart and Officejet printers could allow rogue employees to transmit scanned documents over the Internet. According to Sutton, the WebScan function, which is enabled by default on most HP all-in-one printers sold over the past several years, could be used to write a script that would detect documents on the scanner every five minutes. Sutton said that he finds this vulnerability extremely concerning because many companies likely do not even know the function is exposing them to these risks. In order to correct the oversight, he recommends HP disable the WebScan functionality by default or at least force users to enter an administrative password before it becomes functional. "Unfortunately," he laments, the change "will do little to assist the millions of owners that have already deployed an HP scanner that is remotely accessible."
Surge of Cybersecurity Bureaucracies Sparks Lucrative Opportunities for Industry
National Defense (09/10) Erwin, Sandra I.
A spate of new cyber security legislation has fostered widespread uncertainty about how the federal government will oversee initiatives to safeguard U.S. cyber infrastructure. The uncertainty is fueling an industry rush to capture a slice of an $80 billion-a-year information technology funding base that is projected to grow over the next five years. A great deal of the bills pending in Congress will enlarge the Department of Homeland Security's cyber warfare role, which should propel contracting opportunities. Industry also forecasts that business will grow because a greater number of federal agencies will be involved in cyber security, often with intersecting responsibilities. A recent report by the Center for Strategic and International Studies found that the U.S. government has a "desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate, and reconstitute systems after an attack." White House cyber security coordinator Howard Schmidt recently hosted a conference with industry executives in which he urged public-private partnerships to better shield U.S. networks. However, CSIS analyst James Lewis says the industry's bottom line may in reality be ill-served by the government's best interests. INSA President Ellen McCarthy says the public and private sectors will have to find a way to bring their competing interests into alignment, and notes that only the government is empowered to offer incentives to industry.
Delaware Contractor Mistakenly Posts Personal Data of 22,000 Employees
Dark Reading (08/31/10) Wilson, Tim
The sensitive information of roughly 22,000 retired Delaware state employees was accidentally posted online by a contractor in mid-August. The contractor posted the Social Security numbers, gender, and birth dates of the retirees on a state procurement Web while soliciting bids from insurance companies who wanted to provide vision benefits to Delaware state employees and retirees. However, the retirees' names were not posted online. All of the information was deleted from the Web site when the breach was discovered four days later. Those who may have been affected by the breach will be notified by the contractor and will receive a free year of credit monitoring.
Vulnerability in Commercial Quanto Cryptography
Norwegian University of Science and Technology (08/29/10)
Researchers at the Norwegian University of Science and Technology (NTNU), the University of Erlangen-Nurnberg, and the Max Planck Institute for the Science of Light have developed a way to remotely control the photon detectors in quantum cryptography systems. "Unlike previously published attempts, this attack is implementable with current off-the-shelf components," says NTNU's Vadim Makarov. "Our eavesdropping method worked both against MagiQ Technology's QPN 5505 and ID Quantique Clavis2 systems." Quantum cryptography is used to distribute a cryptographic key across an optical network, using the laws of quantum physics to guarantee its secrecy. However, Erlangen-Nurnberg professor Gerd Leuchs notes that the technology's security depends on quantum physics as well as its proper implementation. The labs will work with ID Quantique on countermeasures for the vulnerability.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment