| Pirates Seize Ship 'Nearer to India Than Somalia' BBC News (11/12/10) A Panamanian-flagged vessel carrying vegetable oil from Malaysia towards the Suez Canal was hijacked by pirates about 860 nautical miles east of the Horn of Africa, according to the European Union Naval Force. Navfor noted that the location where the vessel was hijacked is much closer to India than it is to Somalia, which has been the source of much of the piracy that has taken place over the last several years. The hijacking of the Hannibal II and its crew of 31 comes after the International Maritime Bureau said that the presence of naval forces in the waters off the coast of Somalia has brought about a drop in the number of piracy incidents there but has pushed pirates out into other areas. FCC Investigating Google Data Collection Wall Street Journal (11/11/10) Schatz, Amy; Efrati, Amir The Federal Communications Commission has become the latest regulatory agency to launch an investigation into allegations of privacy violations by Google's street-mapping service. The FCC began its investigation earlier this year after receiving a complaint from the Electronic Privacy Information Center asking it to look into whether or not Google's street-mapping service violated federal laws that ban electronic eavesdropping. Regulators around the world are also looking into whether Google's street-mapping service collected passwords, e-mails, and other personal information from unsecured wireless Internet networks. Meanwhile, several lawmakers have said that the privacy issues raised by Google's street-mapping service could be addressed by Internet privacy legislation that may be introduced next year. Google has declined to comment on the FCC's investigation but said that it did not intend to collect the data that it is charged with collecting and that it never used that information. The company has also said that the data will be deleted as soon as possible. Steps are also being taken to improve Google's internal privacy and security practices, including improving information-security awareness training for employees and requiring engineering project leaders to maintain a privacy design document for the initiatives they are working on. LimeWire Disavows New 'Pirate Edition' Wall Street Journal (11/11/10) Smith, Ethan The file-sharing service LimeWire has issued a cease-and-desist notice calling on anonymous computer programmers to stop distributing a pirated version of its software. The release of the pirated version of LimeWire's file-sharing software comes after a federal court ruled that the company could no longer distribute its software because it had engaged in copyright infringement. Damages in the case, which was brought by 13 record labels, have yet to be set. In a court filing made earlier this year, the record labels estimated that their damages could total $1 billion. Federal law allows for punitive damages of $750 to $150,000 per copyrighted work. Afren Reveals Nationalities of Nigeria Hostages Associated Press (11/09/10) Militants attacked an oil rig and a supply ship off the coast of Nigeria on Monday, taking seven people--including two Americans--hostage. Two other employees suffered gunshot wounds during the attack, though they were later evacuated to a medical clinic on land and are currently in stable condition. The Movement for the Emancipation of the Niger Delta, which launched a kidnapping and bombing campaign four years ago to protest pollution and poverty in the Niger Delta, has claimed responsibility for Monday's attack on the oil rig and supply ship. However, the message came from an e-mail address that MEND has not used before. In addition, the message did not include any details about the attack, such as how many people were taken hostage. Despite Monday's attack, it remains unclear whether MEND poses much of a threat to the Niger Delta, a region that supplies the U.S. with a large amount of oil. A gunrunner that has long been associated with MEND faces terrorism charges in South Africa in connection with an Oct. 1 car bombing in the Nigerian capital, while other former leaders of MEND have accepted amnesty offers from the Nigerian government and have distanced themselves from the bombing. Angry Customer Takes BMW Hostage at Gunpoint in France Agence France-Presse (11/08/10) A receptionist at BMW's offices outside of Paris was taken hostage on Monday by an armed man who was upset about problems with his car. During the incident, the man fired into the air twice with a pump-action shotgun and started a small fire. No one was hurt during the incident, as the 80 employees at the office were evacuated as soon as they heard that there was an armed man in the building. The man eventually surrendered to police. This is not the first time that the suspect is believed to have targeted BMW. In 2003, the man tried to set himself on fire outside the BMW dealership where he purchased his car. The suspect is also believed to have plotted to break into a BMW dealer's home and kill him and his family in 2006. The man is currently facing charges for assaulting an employee at a BMW dealership. Cameras to Catch Terrorists Triple in New York With Bomb Plots Bloomberg (11/12/10) Dolmetsch, Chris New York City is continuing to expand the Lower Manhattan Security Initiative, the network of cameras and other security technologies that it began implementing in 2005 as part of an effort to deter terrorist attacks. According to New York Police Department spokesman Paul J. Browne, the network currently consists of roughly 1,300 cameras. There were just 450 cameras on the network in June. Some of the cameras are installed at businesses and government buildings in Manhattan, while others are installed at subway stations in the area. The network will eventually include 3,000 cameras, which will be installed in both Lower Manhattan and Midtown. In addition to the cameras, the system will include automated license-plate readers and biological, chemical, nuclear, and radiation detectors. All of the equipment will be linked by a fiber-optic network to a command center located near Wall Street, where NYPD personnel and others will examine video from the cameras, alerts from the license-plate readers, and reports from emergency calls. Personnel can also use algorithms to sound an alarm in the event suspicious activity is detected, such as when someone leaves a package in a certain area for a long period of time. The system can also be used to search through video to find images of suspicious individuals. While some say that the system will not prevent a terrorist attack and that it cannot replace the presence of police officers on city streets, federal prosecutors say that cameras have been known to deter attacks in the past, such as a 2003 al-Qaida plot to attack the Brooklyn Bridge. Bomb Would Have Exploded Over Canada, Data Show Washington Post (11/11/10) P. A09 Finn, Peter; Tate, Julie New information in the recent cargo bomb plot indicates that the explosive device that was discovered on board a UPS cargo plane at Britain's East Midlands Airport on Oct. 29 would have gone off over a sparsely populated area of Canada had it not been defused. According to the London Metropolitan Police, which is leading the investigation into the plot, a forensic examination showed that the device would have detonated at 5:30 a.m. Eastern Time on Oct. 29. At that time, the UPS flight carrying the bomb would have been roughly 160 miles northwest of Quebec City, according to data from FlightAware, a group based in Houston that tracks flights. If the bomb had exploded while the plane was in that location, it would likely not have resulted in a catastrophe like the one that could have taken place had the aircraft crashed over a large American city like Philadelphia, where the plane was scheduled to land. Despite the findings of the London Metropolitan Police and FlightAware, officials still believe that the U.S. was the target of the plot. Although the bomb makers likely attempted to calculate when the bomb would be over the U.S., they may have based their calculations on the assumption that the cargo plane would have taken a slightly more direct route than it actually did. Activists Under State Watch in Pa. Urge End to Monitoring Philadelphia Inquirer (11/11/10) Hill, Miriam; Worden, Ann A group of activists monitored by the state of Pennsylvania have asked Gov.-elect Tom Corbett to prohibit state agencies from collecting information about people's political and religious beliefs. The proposal would allow for exceptions for criminal investigations based on evidence of illegal behavior. The groups behind the proposal were investigated by the Institute on Terrorism Research and Response, which had a $103,000 contract with Pennsylvania's Homeland Security Office to help monitor possible threats to the state's infrastructure. Under the contract, the institute published several bulletins that included the reports on citizen groups that were not an obvious threat to public safety, such as student protesters and opponents of natural-gas drilling. Homeland Security Director James Powers, who hired the institute, resigned last month amid the controversy over the monitoring of the groups. Corbett said he was aware of the proposal but had not examined it. No Charges to Be Filed in Destruction of CIA Tapes Washington Post (11/10/10) P. A01 Markon, Jerry The Justice Department announced Tuesday that it has no plans to file criminal charges against the CIA officers who destroyed tapes depicting the interrogations and waterboarding of two terrorism suspects. The 92 tapes, which were ordered burned on November 9, 2005 by Jose Rodriguez Jr., the head of the CIA's directorate of operations, depicted the interrogations of alleged terrorism facilitator Zayn al-Abidin Muhammed Hussein and Abd al-Rahim al-Nashiri, a suspect in the 2000 bombing of the U.S.S. Cole. Rodriguez will also not face charges in connection with the destruction of the tapes, which CIA officials said was done out of fear that the interrogators shown in the videos would be at risk if the tapes were released and their identities were revealed. However, a former senior CIA operations officer speaking on condition of anonymity said that the decision to destroy the tapes was not totally innocent and that the action violated an order from a federal judge. Meanwhile, Justice Department officials have reportedly not ruled out filing charges against officials who might have misled investigators looking into the destruction of the tapes. An investigation into whether CIA employees and contractors conducted illegal interrogations at so-called "black site" prisons is also continuing. Rep. King Would Increase DHS Oversight Federal News Radio (11/09/10) Cacas, Max Rep. Peter King (R-N.Y.) has said that he plans to take the House Homeland Security Committee in a different direction if he takes over as chairman of the panel when the new Congress convenes in January. In a recent interview, King said that he and the presumptive new speaker of the House, Rep. John Boehner (R-Ohio), have agreed to hold oversight hearings on the Department of Homeland Security in order to ensure that the department is operating efficiently and is working with the various agencies that comprise the counterterrorism and intelligence communities. King said he wants to hold these hearings because he is concerned that too much homeland security policy is being created by the White House, and that DHS is not being given the responsibilities that Congress intended it to have. In addition, King also said that DHS "should have been out front on" the "crisis in Yemen" and the attempted Times Square bombing last May. King also said that he wants to hold hearings on SBINet, the controversial high-tech fence that was planned for the U.S.-Mexico border. Construction on the fence has been suspended and the project is being reviewed amid reports of repeated delays and cost overruns. Finally, King said hearings will be held to determine whether or not DHS has enough funding to perform its responsibilities. Researchers Sound Alarm Over Critical Mac OS X Bug Computerworld (11/09/10) Keizer, Gregg Security researchers at Core Security Technologies have issued a warning about a vulnerability that exists in the Leopard version of Apple's OS X operating system. Core Security's Pedro Varangot says the vulnerability exists in how compact font format (CFF) fonts are parsed in Leopard. If an attacker exploits the vulnerability they could take over a Mac running the Leopard version of OS X. The newer version of OS X, known as Snow Leopard, does not include the vulnerability because Apple changed the FreeType library used in that version of the operating system, Varangot notes. The older version of the operating system still accounts for roughly a third of all installations of Mac OS X, despite the fact that the newer version was released more than a year ago. Core Security Technologies says the vulnerability is similar to one in iOS that could have allowed an attacker to jailbreak iOS 4 devices and take over or install malware in an iPhone, iPad, or iPod Touch. Apple has patched that vulnerability but has not yet released a patch for the Leopard flaw. Stage Set for Showdown on Online Privacy New York Times (11/09/10) Wyatt, Edward; Vega, Tanzina The U.S. Federal Trade Commission (FTC) and Commerce Department are planning to release separate and possibly conflicting reports regarding online privacy. Commerce favors letting the industry regulate itself, according to department officials, while the FTC prefers a stricter standard that requires a "do not track" option on a Web site or browser. "I hope they realize that what is good for consumers is ultimately good for business," says the Consumer Federation of America's Susan Grant. The major online companies prefer that the industry continue to regulate itself. "Targeted ads are helpful and ad competition is helpful," says Google CEO Eric E. Schmidt. The Obama administration wants to protect consumers while also making U.S. companies more competitive in the world market. The White House also wants to ensure that any restrictions do not impede law enforcement and national security efforts. Meanwhile, U.S. lawmakers from both sides of the aisle have recently contacted online companies to account for intrusions and consumer privacy breaches. A "do not track" system could be built into a Web browser or function as a plug-in, instructing Web sites, content providers, and advertisers that the user does not want to be tracked, says the Electronic Frontier Foundation's Lee Tien. Emerging Murofet Botnet Poses New Threat, Researchers Say Dark Reading (11/09/10) Wilson, Tim Murofet, one of the newest of the Zeus botnet variants to surface, is not new, but it could be more predatory than initially believed, say Damballa researchers. In a blog post, botnet analysts Sean Bodmer and Marshall Vandergrift say Murofet—assembled primarily through a version of the Zeus Trojan—has existed several months longer than previously thought, and could be more pernicious than its Zeus-based predecessors. "It's deadly, compared to previous versions," Bodmer says. Data amassed by Damballa's passive Domain Name System monitoring sensors reveals that a virus initially labeled by Damballa as a new Zeus variant was actually Murofet, and was spotted in the wild as early as August 2010. "After spending some time digging into historical data sets, we are able to positively identify Murofet's in-the-wild activity back to as early as August 11th, based on its domain generation algorithm output," according to the Damballa blog. Damballa also can link Murofet to some Zeus bot infections prior to Aug. 11, which could mean that the bots redirected to one another, the blog says. "It's important to note that we can see that the infected IPs associated [earlier] infections were initially infected by the Jabber Zeus group—and a few days later, the same victims started spewing Murofet," Bodmer says. Researchers See Real-Time Phishing Jump Dark Reading (11/09/10) Higgins, Kelly Jackson Phishers are increasingly using real-time, man-in-the-middle (MITM) methods to bypass two-factor authentication systems, researchers at Trusteer say. According to the researchers, 30 percent of phishing attacks against Web sites using two-factor authentication have involved the use of these methods. In these attacks, cybercriminals send targets an email that appears to come from their bank and contains a link to the real-time phishing site, which looks like the bank's Web site. When the victim tries to log on, the phishing site immediately sends their login credentials to the bank's Web site, which allows the cybercriminals to open an authenticated session with the bank, says Trusteer CEO Mickey Boodaei. When the victim enters his one-time password into the phishing site, the cybercriminals use the password before expires to finalize the authentication process and begin their own online banking session with the user's stolen login information. Boodaei notes that users can protect themselves by locking down their browsers, while financial institutions can protect their customers by using transact-verification tools that prevent fraudulent transactions from being carried out. Inside Enterprise Database Security Concerns eWeek (11/08/10) Prince, Brian Many database administrators are confident in their organization's ability to address insider attacks, patching, and the other numerous challenges of database security, according to a comprehensive survey by Unisphere Research and Application Security. The report highlights data from a poll of 761 members of the Professional Association for SQL Server. Although 20 percent of respondents said a network intrusion was either "inevitable" or "somewhat likely" during the next 12 months, roughly 66 percent described it as "highly unlikely" or "somewhat unlikely." Additionally, only 7 percent said they had either experienced one data breach or multiple data breaches in the last year. Among those who experienced one or more data breaches, 34 percent fingered outside sources as the culprit, while 21 percent cited insider attacks. However, many SQL Server experts cited human error as the primary threat to security, with 65 percent identifying it as the biggest challenge. Some of the frequently mentioned human errors include nonmalicious policy violations that result in data being exposed and mistakes that occur during the often manual processes of examining user rights. Application Security's Thom VanHorn says that database security must be given priority due to the potential repercussions of a breach. Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment