| |
New Version of ACTA Copyright Pact Gets Mixed Reviews
IDG News (2010) Gross, Grant
A near-final version of the international Anti-Counterfeiting Trade Agreement (ACTA) has been released. The latest draft has alleviated concerns for some groups, but others say issues with the trade pact remain. For example, the Computer and Communications Industry Association (CCIA), a tech trade group, said that it was pleased that the agreement will no longer hold Internet service providers accountable for any copyright infringement on the part of their customers. The CCIA also commended the fact that new version also took out "unclear" language about what kinds of circumventions to digital-rights-management technologies are allowed. However, the Business Software Alliance, a trade group that represents large software vendors, voiced concern that the agreement was "less specific" than previous drafts in some areas. Experts say that Congress will not need to make any changes to existing law to comply with the current ACTA draft. Therefore, President Obama's administration could approve the agreement by executive order. Other participating countries may need to strengthen their intellectual property laws.
Cops Arrest Suspect in NY Rehab Center Slaying
Associated Press (10/06/10) Esch, Mary
One person was killed and another was seriously injured following an altercation at the Renaissance Project drug rehabilitation center in Ellenville, N.Y., on Wednesday. Authorities say that the altercation between Richard Giga, a patient at the facility, and 60-year-old security guard Leland Wood took place around 3:30 a.m. and ended when Giga attacked Wood and killed him. It remains unclear why Giga attacked Wood. After killing Wood, Giga kidnapped a female employee at the rehab center forced her to drive him away from the scene, and repeatedly stabbed her as she drove. The employee was later taken to the hospital for surgery and is expected to recover. The car eventually flipped over, causing Giga to flee. He then barricaded himself in an house near Ellenville for more than an hour. The standoff ended after police launched tear gas canisters into the house. Giga was then taken into custody.
Man Accused of Offering Company Secrets to Foreign Government
Wall Street Journal (10/06/10) Kell, John
An employee of the Internet-infrastructure company Akamai Technologies was arrested and charged on Wednesday with allegedly providing some of the company's confidential information to a person who he believed was a foreign agent. Elliot Doxer, who worked as a senior collections analyst at Akamai, allegedly sent an e-mail to the Boston consulate of an unnamed foreign country in 2006 offering to provide that country with any information he had access to in exchange for $3,000. Doxer said in later communications that he wanted to provide the information to the country in order to "help our homeland and our war against our enemies." With the cooperation of the foreign government, the U.S. government launched an 18-month sting operation in which Doxer gave the confidential information to an undercover federal agent posing as a foreign agent. According to the indictment against Doxer, that information included broad descriptions of Akamai's physical and computer security systems, lists of the company's customers, and the contact information for Akamai employees. Doxer faces a maximum of 20 years in prison, a three-year term of supervised release, a $250,000 fine or twice the gain or loss, which ever is highest, and restitution if he is convicted.
An Intelligent System for Maritime Surveillance Has Been Created
Carlos III University of Madrid (Spain) (10/05/10)
Universidad Carlos III de Madrid (UC3M) researchers have designed a system for maritime surveillance that can integrate information from different types of sensors using artificial intelligence and data-fusion techniques. The various sensors provide complementary data, which can be combined to obtain better information about what is happening in maritime areas of interest. The objective is to guarantee security in an area by monitoring the different ships that are in a given maritime route. "For that, it is necessary to have a complete, accurate, and up-to-date picture, similar to that which is provided to air traffic controllers, of all the ships that are in the area of coverage to be able to adequately manage maritime traffic and to detect anomalies as much in advance as possible," says UC3M researcher Jesus Garcia. The system can monitor 2,000 identifiable objectives between large and small vessels, and can process the data of up to 10 sensors. "We are able to make it so these vessels never lose their position, thus avoiding collisions or any type of problem in information management regarding the movement dynamics of these ships," says UC3M researcher Jose Luis Guerrero.
Businesses Aren't Canceling European Trips
Wall Street Journal (10/04/10) Mattioli, Dana
Most major businesses report they are not canceling their employees' European travel plans, despite recent security warnings regarding a potential terrorist threat to the region. However, many companies did say they were cautioning employees and providing them with travel guidelines. For example, BASF Corp., the North American unit of Germany chemical maker BASF SE, sent an email to its 16,000 North American employees about the travel alert, says Clyde Miller, the company's director of corporate security. The e-mail told employees to make sure to book travel through company-approved travel agents and its corporate Web site. "This allows us to be able to locate travelers should an event occur," the e-mail said. Similarly, Progress Software Corp., a Bedford Mass.-based software company with 1,800 employees, frequently has employees travel to Europe. After receiving the State Department security warning, the company began sending e-mails to employees with trips scheduled to Europe, warning them about the travel alert and advising them not to broadcast the fact that they are Americans. The e-mails also give employees the option to cancel their trips without penalty if they are uncomfortable traveling now.
U.S. Contractors Employed Taliban
Wall Street Journal (10/08/10) Hodge, Nathan
A yearlong investigation by the Senate Armed Services Committee has uncovered problems with the private security guards the U.S. uses to protect its supply convoys and bases in Afghanistan. The investigation, which was based on interviews with military commanders and contractors and a review of more than 125 Department of Defense contracts, found that the security firms ArmorGroup and EOD Technology used local warlords who were also Taliban agents as labor brokers. ArmorGroup has acknowledged engaging workers from two Afghan villages, but said it did so only with the "recommendation and encouragement of U.S. Special Forces." EODT, meanwhile, said it has never been told by the U.S. military that there were problems with its hiring practices. The investigation also found that some of the private security guards, who are mostly Afghan, were criminals, drug users, and insurgents. Some security guards even shot and killed a U.S. Marine who was on a foot patrol in Farah province earlier this year, the investigation found. Finally, the Senate panel found that some of the guards were untrained and were equipped with unserviceable weapons. Doug Brooks, the president of International Peace Operations Associations, which represents security firms, said that the Senate investigation shows how difficult it can be for security firms to meet contract requirements to provide local guards. Brooks added that it can be difficult for security firms operating in Afghanistan to hire someone who has not used drugs in the past or someone who has never had any history with the Taliban.
Top House Dem Warns U.S. 'Unprepared' for Dirty-Bomb Attack
The Hill (10/07/10) Yager, Jordy
The chairwoman of a House Homeland Security subcommittee said Wednesday that the U.S. is not prepared to deal with either a radiological attack or a Mumbai-style small arms attack, even though both types of incidents are likely to happen. Speaking at a New America Foundation event, Rep. Jane Harman (D-Calif.), the chairwoman of the Homeland Security Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment, said that she was concerned that westerners who have received terrorist training will exploit the nation's visa waver program--which allows people from certain countries to come to the U.S. for tourism or business for as long as 90 days without having to obtain a visa--to enter the U.S. and launch an attack. Harman added that a terrorist attack like the one that took place in Mumbai nearly two years ago is more likely than a radiological attack, though both scenarios are real and serious threats to national security. She noted that it would be possible for terrorists to launch a radiological attack by stealing radiological materials from hospitals in order to build and detonate crude bombs before law enforcement officials could mount an adequate response. Harman said she hoped that Congress would allocate the $125 million that is needed to secure the 500 major metropolitan hospitals in the U.S. after the November midterms.
Terrorism Expert Says Las Vegas a Top Target
Las Vegas Sun (10/07/10) Coleman, Rich
Las Vegas is one of the top three targets for terrorists in the U.S., behind New York and Washington, D.C., according to FBI supervisory special agent Geoffrey Williams. Speaking at a University of Nevada, Las Vegas forum called "The Current Threat Posed by Domestic Terrorists," Williams said that Las Vegas is at risk of a terrorist attack because it is home to several high-profile targets, including the Las Vegas Strip, the Nellis complex, and the Hoover Dam. However, a majority of the domestic terrorist events that take place in Nevada occur in the northern part of the state, Williams said. He noted that most of these incidents involve sovereign citizens, or those who believe that state and federal laws do not apply to them. Also taking part in the panel discussion was Richard Beasley, an FBI supervisory special agent who is a member of the Las Vegas Joint Terrorism Task Force. Beasley noted that the most dangerous terrorists are not those who are members of terrorist organizations, but rather those who commit acts of terror in the name of a group or ideology without being told by any particular group to do so. Meanwhile, Las Vegas Metro Police Lt. Gregory Damarin discussed ways to prevent terrorists from recruiting new members. Damarin noted that parents can help prevent militants from recruiting their children by monitoring what their kids are doing on the Internet and by watching for any suspicious behavior.
Ruling Threatens Civilian Prosecutions of Terrorism Defendants
Los Angeles Times (10/07/10) Savage, David G.; Serrano, Richard A.
A ruling in the case against Ahmed Khalfan Ghailani, a Guantanamo Bay prisoner who is accused of being involved in the 1998 embassy bombings in Africa, could present an obstacle to the Obama administration's efforts to try so-called "high-value" detainees in civilian court, experts say. On Wednesday, U.S. District Judge Lewis Kaplan ruled that a government witness could not testify during Ghailani's trial that he had sold the defendant the explosives that were used in the bombing because the government only learned about the witness through coerced statements made by Ghailani while he was in custody in a CIA prison. Benjamin Wittes, an expert on terrorism law, said that if the ruling makes it impossible to convict Ghailani, it will be difficult for the Obama administration to argue that "high-value" detainees should be prosecuted in federal court. Critics of the Obama administration, meanwhile, say that Judge Kaplan's ruling shows that suspected terrorists should be prosecuted in military tribunals or held indefinitely at Guantanamo Bay as enemy combatants rather than being tried in civilian courts. The Justice Department, however, is undaunted by Judge Kaplan's ruling, saying that it will appeal the ruling or take Ghailani to trial without the witness's testimony.
U.S. Slams Pakistani Effort on Militants
Wall Street Journal (10/06/10) Entous, Adam; Gorman, Siobhan
The National Security Council has sent a report to Congress criticizing Pakistan's counterterrorism efforts. The report, which was written with the input of agencies such as the State Department, the Pentagon, and intelligence agencies, noted that Pakistan has been unwilling or unable to attack militants, thereby forcing the U.S. to increasingly rely on drone attacks to take out targets. In addition, the report noted that Pakistan's military has been unwilling to fight Afghan Taliban or al-Qaida forces in North Waziristan, the Pakistani tribal region that the U.S. believes is being used as a base from which terrorists plan attacks on European targets. The report said that Pakistan's decision not to send large numbers of troops into North Waziristan to fight terrorists is due to both political concerns and a lack of military resources. Meanwhile, Pakistani troops in South Waziristan have also chosen not to engage militants, choosing instead to stay close to the roads as terrorists flee into North Waziristan, the report said. Pakistan, for its part, has said that the report's claim that it does not have the will to fight terrorists is untrue, and that it has increased its counterterrorism efforts in response to U.S. requests. Nevertheless, the report could reduce support in Congress for additional aid to Pakistan, and could further strain relations between Washington and Islamabad.
White House Slow to Execute Cyber Policy
GovInfoSecurity.com (10/07/10) Chabrow, Eric
A recent report from the U.S. Government Accountability Office (GAO) has found that federal departments and agencies are slowly working to implement most of the 24 recommendations President Obama included in the cyber policy review that was issued in May of 2009. Since that time, only two of the recommendations have been fully implemented—the recommendation that calls for the appointment of a cybersecurity director, and another recommendation that calls for the naming of a privacy and civil liberties official. The remaining 22 recommendations, including one that calls for the development of a cybersecurity-based identity management vision and a strategy that addresses privacy and civil liberties, have been partially implemented. However, there are no milestones and plans for implementation for 16 of the partially-implemented recommendations, the report notes. The report attributes the slow progress in implementing the recommendations to the fact that the White House has yet to assign roles and responsibilities to officials from key federal agencies, which in turn is the result of not having a cybersecurity policy official in place for seven months. The report concludes that there is an increased risk that the recommendations will not be successfully adopted until federal officials understand their roles and responsibilities and milestones and plans for implementation are adopted. Failing to adopt the recommendations could place the nation's cyber infrastructure at risk.
Sick PCs Should Be Banned From the Net Says Microsoft
BBC News (10/06/10)
Microsoft researcher Scott Charney recently presented an Internet security proposal that requires users to present a digital certificate to prove that their computers have all of their software patches and are using a firewall that has been installed and configured correctly. Charney's "health certificate" also would verify that the machine is using up-to-date virus software and is not infected with malware. If the health certificate indicates that the computer has a problem, the user could be instructed to take remedial steps such as downloading a missing patch or updating virus software. More serious problems, such as a machine sending out malicious packets, could require the Internet user's bandwidth to be reduced. "We need to improve and maintain the health of consumer devices connected to the internet in order to avoid greater societal risk," Charney says. Sophos' Graham Cluely warns that the approach could create several problems, including preventing Internet users with insecure computers from downloading fixes. However, Internet security initiatives already exist in Japan, France, and Australia.
'Man in the Mobile' Attacks Highlight Weaknesses in Out-of-Band Authentication
Dark Reading (10/05/10) Chickowski, Ericka
Recent attacks that incorporate the increasingly ubiquitous Zeus Trojan are demonstrating that frequently used methods of out-of-band authentication may not be foolproof, experts warn. New attack strategies called "Man in the Mobile" (MitMo) are permitting malicious hackers to leverage malware placed on mobile devices to circumvent password authentication systems that send codes through text messages to users' phones for identity confirmation. In a transaction verification system, the customer gets a text message with details about the transaction and a code to enter back into the Web site—after they have checked to make sure the transaction details match the real transaction, says Trusteer CEO Mickey Boodaei. However, MitMo completely bypasses this, as it takes control of the mobile device and can send the verification text to the attackers and delete it from the device without the victims ever having been aware of it, Boodaei warns. The expansion of Zeus' abilities to implement MitMo attacks is one more step in a cat-and-mouse game that banking security experts continue to play with hackers to verify the identity of users. "[Banks] will need to adjust to the reality that two-factor authentication will always be challenged by hackers," says Fortinet's Derek Manky. "A compromised mobile phone is the same as a compromised PC." Manky stresses that banks must find ways to educate users and help them shield their authentication channels, while Boodaei thinks banks should employ technologies to secure communication between customers' computers and Web sites and between their cell phones and sites.
Web Apps and Governments are Most Cyber-Attacked in 2010
Government Technology (10/04/10) Collins, Hilton
Cybercriminals are increasingly attacking Web applications used by enterprises, according to a recent study. The study found that Web applications are a favorite target for cybercriminals because they can be corrupted. In addition, cybercriminals like to target Web apps because users are downloading corrupted Web apps at high rates while at work. The study notes that there were more attacks on Web apps than any other type of attack during the first half of 2010. There were 4,091 Web app vulnerabilities that had been recorded through June—a number that could balloon to more than 8,000 by the end of the year. The study also examined the security risks that come with using social networking sites or iTunes while on the job. The report found that governments experienced nearly 110,000 JavaScript-based attacks during the first six months of the year, which was more than the number of attacks against any private industry. The report also found that the United States experienced 170,000 JavaScript-based attacks during the first half, which was more than any other country in the world.
Trojans Dominate Malware, Security Firm Reports
PC World (10/03/10) Skinner, Carrie-Ann
Fifty-five percent of all new malware spotted between July and September 2010 were Trojans, according to PandaLabs. Researchers say the majority of these were banker Trojans intended to dupe users into perusing fake financial sites so cybercrooks can steal login names and passcodes. The use of email in disseminating malware, once the preferred method, has dropped. In its place, cyberthieves are turning to social media-related infections, including Clickjacking attacks on popular social-networking sites such as Facebook and compromised search results. PandaLabs also says 95 percent of all email received in the third quarter was spam, and 50 percent of this was distributed from India, Brazil, Russia, and seven other countries. For the first time, the United Kingdom does not make the list of the world's biggest spam-sending countries. PandaLabs also says in recent months it has seen a number of attacks directed at Google Android phones, which could be the beginning of an onslaught of new attacks against smartphones. "Android apps are being used as bait to infect computers with self-extracting files," PandaLabs warns.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment