Search This Blog

Thursday, December 30, 2010

Security Management Weekly - December 30, 2010

header

  Learn more! ->   sm professional  

December 30, 2010
 
 
Corporate Security
  1. "Putin Supports Inquiry Into Alleged $4 Billion Transneft Fraud"
  2. "Sony Files U.S. Patent Infringement Complaint Against LG"
  3. "Khodorkovsky Found Guilty of Oil Theft, Lawyers Say" Russia
  4. "DVD Piracy to Hit Record Levels Over New Year Holidays" Ireland
  5. "PCI DSS 2.0 Security Standards Concerns Raised" Payment Card Industry Data Security Standard

Homeland Security
  1. "Securing New Year's Eve in Times Square"
  2. "Terrorism Threat Remains High, CSU Warns" Germany's Christian Social Union Party
  3. "Top Indonesian Terror Suspect Goes on Trial"
  4. "Britain Charges 9, Says U.S. Embassy Was Terror Target"
  5. "Study: Body Scanners' Effectiveness Limited"

Cyber Security
  1. "Concern at Governments' Moves to Control Web"
  2. "Apple No Longer Flying Under the Hacker Radar"
  3. "Tuesday Most Active Day for Malware Distributors"
  4. "National CSIRTs Want More Data on Cyber Attack Methods, Responses" Computer Security Incident Response Teams
  5. "Gadgets Bring New Opportunities for Hackers"

   

 
 
 

 


Putin Supports Inquiry Into Alleged $4 Billion Transneft Fraud
Bloomberg (12/30/10) Arkhipov, Ilya; Meyer, Henry

Russian Prime Minister Vladimir Putin on Wednesday called for a full investigation into claims that $4 billion was embezzled during the construction of an oil pipeline across eastern Siberia. Putin said such an investigation should focus on a report published by a minority shareholder of the oil pipeline operator OAO Transneft that noted that the costs for the pipeline--which opened in December 2009--were inflated. The inflation of the costs of the pipeline led to the embezzlement of the $4 billion, the report noted. The minority shareholder who published the report is planning to ask other minority shareholders of Transneft to take part in legal action against the company.


Sony Files U.S. Patent Infringement Complaint Against LG
Wall Street Journal (12/29/10) Lee, Jung-Ah

Sony has filed a patent infringement lawsuit in the U.S. against LG Electronics. The lawsuit alleges that LG broke U.S. trade rules by importing and selling mobile phones and modems that infringed on patents owned by Sony. The lawsuit seeks to prohibit LG from shipping mobile phones to the U.S. Sony's lawsuit against LG comes just weeks after LG was sued by the Taiwanese research company Industrial Technology Research Institute for allegedly infringing on 22 patents for mobile phones, liquid crystal display, and other consumer electronics products.


Khodorkovsky Found Guilty of Oil Theft, Lawyers Say
Bloomberg (12/27/10) Meyer, Henry; Shiryaevskaya, Anna

A Russian court on Monday found Mikhail Khodorkovsky, the former head of Yukos Oil Co., and his former business partner guilty of embezzling crude oil. According to prosecutors Khodorkovsky and Platon Lebedev stole roughly 219 million tons, or 1.6 billion barrels, of crude oil from Yukos. Prosecutors are hoping to send the two men to prison for 14 years when they are sentenced this week or after Russia's New Year holidays end on Jan. 10, though defense attorneys say that Khodorkovsky and Lebedev will likely get credit for the eight years they have already served on charges of fraud and tax evasion. An attorney for the defendants has said that the charges of embezzling crude oil are false. Khodorkovsky has said that the charges were filed against him in retaliation for his opposition to Prime Minister Vladimir Putin, who was serving as president of Russia in 2003 when Khodorkovsky was arrested. However, Putin has said that he was not involved in the filing of the charges.


DVD Piracy to Hit Record Levels Over New Year Holidays
Independent (Ireland) (12/27/10) Keane, Kevin

The piracy of copyrighted materials such as movies is a significant problem in Ireland. According to research by the Irish film industry, 100,000 movies are illegally downloaded each week in Ireland--a number that could grow between now and New Year's Day, when more people are at home. Research has also found that 80 percent of Irish adults who have downloaded movies from the Internet did so illegally. Meanwhile, half of all DVDs sold in Ireland are illegal, according to the Audiovisual Federation. To combat the problem of digital piracy, the Irish film industry is calling on the government to enact legislation that would penalize those who illegally download films. A similar system is already being used against those who illegally share music. Customers of the telecommunications company Eircom who are found to be illegally sharing music online are given warning letters. Those who receive three warning letters can be cut off from the Internet.  For additional information about this story, please click here.



PCI DSS 2.0 Security Standards Concerns Raised
Tech Watch (UK) (12/23/10) Turner, Brian

Concerns that online businesses are not sufficiently ready to comply with PCI Data Security Standards have been raised following news that the CitySights travel firm had its Web site penetrated by an SQL injection attack, exposing the banking details of 110,000 customers. An investigation of the breach by Imperva CTO Amichai Shulman has led to implications that CitySights could likely be in violation of PCI DSS. Meanwhile, 30 percent of IT managers and directors with major British retailers remain unaware, or only partly cognizant, of PCI DSS compliance regulation, according to a survey by Infosecurity Europe. Just 36.2 percent of poll respondents realized that PCI DSS 2.0 included substantial revisions with respect to an organization's network architecture and virtualization. "What we have from the results of this LogLogic poll is that some of the IT managers with largest retailers in the U.K.—i.e. those with more than 50 outlets—just don't 'get' what the PCI DSS 2.0 is all about, or the potential serious repercussions to their business of not being able to pass an audit," says Infosecurity Europe event director Claire Sellick. She notes that it is of "phenomenal concern" that most of these managers are proceeding apparently unaware of the PCI Security Standard Council's security requirements.




Securing New Year's Eve in Times Square
Associated Press (12/30/10)

Security will be tight in Times Square on Friday night when nearly a million people gather near the intersection of Broadway and Seventh Avenue to ring in 2011. Since the September 11, 2001 terrorist attacks, counterterrorism measures have been taken to keep the event safe, said Paul Browne, the New York Police Department's deputy commissioner for public information. These security measures will include the deployment of large numbers of counterterrorism and police officers--including officers in plainclothes, in uniform, and on horseback--in Times Square. Officers who are assigned to protect the New Year's Eve festivities will be equipped with radiation detectors the size of beepers. Bomb-sniffing dogs will also be used to detect the presence of explosives in garages and other locations. In Lower Manhattan, meanwhile, officials at a command center will monitor the security cameras that are part of the Lower and Midtown Manhattan Security initiatives for suspicious activity. According to NYPD counterterrorism chief James Waters, the security measures that are put in place in Times Square will take into account the lessons learned from recent terrorist plots, including the suicide bombing earlier this month in Stockholm.


Terrorism Threat Remains High, CSU Warns
The Local (Germany) (12/30/2010)

The threat of terrorist attacks in German cities remains high six weeks after authorities warned of an imminent danger, and tight security measures must remain in place, according to the country's conservative Christian Social Union party. In November, Germans were warned of “concrete” evidence that their country faced attacks, which triggered heightened security measures at the Reichstag and mass transit stations. The Reichstag has largely remained closed to visitors, but some officials support a more permanent security solution that would create a separate screening location that would allow tourists to be searched before entering the building.


Top Indonesian Terror Suspect Goes on Trial
Associated Press (12/29/10) Karmini, Niniek

A major terrorist suspect appeared in an Indonesian court on Wednesday to face charges of helping to establish a militant network that was allegedly plotting attacks on foreigners at luxury hotels and embassies in Jakarta that would be similar to the 2008 attacks in Mumbai. According to prosecutors, 32-year-old Abdullah Sunata--who was arrested last summer in a series of counterterrorism raids in Indonesia's Central Java province--help set up a training camp for jihadists in Ache province. In addition, Sunata helped obtain a variety of weapons--including M-16 assault rifles and revolvers--for the group, prosecutors said. Sunata has acknowledged that some of members of his group discussed plans to attack Westerners in Jakarta and to kill Indonesian President Susilo Bambang Yudhoyono for launching a crackdown on Islamic militants, though he said that the group never officially decided to move forward with these plots. Some of those members of the militant network have already been sentenced to prison terms of between five and nine years, while dozens of others have been killed or captured. Sunata could face the death penalty if he is convicted on the charges against him.


Britain Charges 9, Says U.S. Embassy Was Terror Target
Washington Post (12/28/10) P. A07 Adam, Karla

The nine men who were arrested in counterterrorism raids in Britain last week were allegedly planning to target the U.S. Embassy in London, State Department spokesman Mark Toner said Monday. Toner added that "suitable security precautions" were being taken at the embassy in the wake of the arrests. The men, who were charged on Monday with conspiracy to set off explosions and testing potential bombs in connection with their alleged involvement in the al-Qaida plot, were also planning to target the London Stock Exchange, the Houses of Parliament, and other British landmarks. The suspects were arrested on Dec. 20 after British police decided they needed to act quickly in order to prevent the plot from being carried out. Concern about possible terrorist attacks in Europe has been running high as a result of a number of recent terrorism-related incidents, including the Stockholm bombing earlier this month and the parcel bombs that exploded at several embassies in Rome last Thursday.


Study: Body Scanners' Effectiveness Limited
USA Today (12/27/10) Levin, Alan

Researchers at the University of California-San Francisco have released the results of a study that questions the effectiveness of some of the full-body scanners that are in use at airports across the country. The study, which was published in the "Journal of Transportation Security," found that the backscatter X-ray machines have trouble telling the difference between plastic explosives and human flesh. The study found that the machines were capable of detecting blocks of explosives, but were unable to detect substantial amounts of explosives that had been shaped into thin layers. The Transportation Security Administration, for its part, maintains that the scanners are highly effective at detecting non-metallic objects that could pose a threat on flights. But Clark Ervin, a former inspector general for the department of homeland security, said that the scanners are not foolproof and that DHS needs to invest money in making the technology more effective.




Concern at Governments' Moves to Control Web
Financial Times (12/29/10) Menn, Joseph

The continuing WikiLeaks disclosures are prompting governmental efforts to increase Web control, which is causing concern among those who see the Internet as a democratic, ungovernable entity. "This momentum toward securitization is helping legitimize and pave the way for greater government involvement in cyberspace," according to the OpenNet Initiative. For example, many U.S. lawmakers have scolded companies that assisted WikiLeaks, while the Obama administration has launched a high-profile pursuit of legal action against the group and its founder. "Free expression should not be restricted by governmental or private controls over computer hardware or software, telecommunications infrastructure, or other essential components of the Internet," according to the Internet Engineering Task Force. Meanwhile, a United Nations group recently moved forward with plans to set up a governmental group for advice on how to redesign the Internet Governance Forum, a move that has drawn criticism from the Internet Corporation for Assigned Names and Numbers and Google. "If they move to the mode that is proposed, that's the first step in trying to create a governance organization that takes actions--and while I can understand the appeal, especially for some governments, I don't think it bodes well," says Google's Vint Cerf.


Apple No Longer Flying Under the Hacker Radar
PC World (12/28/10) Bradley, Tony

McAfee's 2011 Threat Predictions Report predicts that Apple has reached a level of critical mass that makes it a conspicuous target. The report also predicts an increase in attacks directed at social networking platforms, exploiting geolocation-tracking data, and targeting mobile platforms such as smartphones and tablets. All of these factors make Apple an especially appealing target for attackers. Apple's Mac OS X has developed into a mainstream operating system that many businesses and consumers rely on. The common belief among Apple advocates that Mac OS X is practically impervious to attack is a significant component of what makes it so vulnerable. The Apple platform has never been as impenetrable as users believe—it has been breached and compromised by attacks at security conferences. Mac OS X has primarily flourished by being too small of a target to be worth investing the time and effort to hack, but the popularity of the platform, coupled with the introduction of new apps in the upcoming Mac OS X Lion, give hackers new interest in Apple.


Tuesday Most Active Day for Malware Distributors
eWeek (12/27/10) Rashid, Fahmida Y.

After examining the malware and online attacks of 2010, SonicWALL security experts have determined that Tuesday is the day of the week with the highest volume of attacks. Monday closely followed for threat-related traffic, says SonicWALL's Ed Cohen. It is not evident from the research why malware activity is highest on Tuesdays, but Cohen suggests a connection with Microsoft's Patch Tuesday releases. SonicWALL researchers noticed similar patterns in China, India, Mexico, South Africa, Taiwan, Turkey, the United States, and several European countries, Cohen says. The researchers also found that the busiest time for threat-related traffic in the United States was between 10 a.m. and 11 a.m. Pacific time. Cohen says this coincided with the start of the workday on the West Coast and the return from lunch breaks on the East Coast. The researchers also discovered that malware follows seasonal trends, with certain variants being more prevalent during certain times of the year. According to the study, Trojans tend to peak in September and December, in tandem with the proliferation of back-to-school offers and seasonal greeting cards. Adware threats spike during September, October, and December, as online advertisers disseminate more ads over the holidays.


National CSIRTs Want More Data on Cyber Attack Methods, Responses
Infosecurity (USA) (12/27/10)

Nearly all national computer security incident response teams (CSIRTs) want to receive more information about cyberattacks, according to a recent Internet Corporation for Assigned Names and Numbers survey. The 85 percent of CSIRTs surveyed who said they did not subscribe to any cybersecurity and response mailing lists for domain name system (DNS) registry operators were interested in receiving a variety of different types of information, including information about DNS attack method trends, incident response techniques, and DNS spoofing issues. These CSIRTs also said they were interested in receiving information about new vulnerabilities, case studies, and best practices. In addition, the survey found that 17 CSIRTs believed that a contact point database for cybersecurity response and information sharing is needed to improve international incident coordination on issues related to cybersecurity. Many of the CSIRTs that took part in the survey said they used the inaccurate Whois system to locate points of contact for cybersecurity issues. Finally, the survey found that six CSIRTs believed that an international coordination center would help improve incident response on issues related to cybersecurity.


Gadgets Bring New Opportunities for Hackers
New York Times (12/26/10) Vance, Ashlee

Consumer electronics makers are rushing to connect their products to the Internet and are ignoring security issues in the process, warns Mocana CEO Adrian Turner. As devices such as Internet TVs and smartphones become more popular, so do security threats that take advantage of the new products' unprotected features. "When it comes to where the majority of computing horsepower resides, you're seeing a shift from the desktop to mobile devices and Web-connected products, and inevitably, that will trigger a change in focus within the hacking community," says Layer 7 Technologies' K. Scott Morrison. Security companies are trying to develop new security technologies, such as fingerprint scanners and facial recognition systems, but these measures have thus far failed to become mainstream. One idea is to let consumers report security threats and have their data locked or erased until the problem is resolved. The new types of attacks will require a new approach to Internet security, says Symantec CEO Enrique Salem. For example, the many capabilities of today's smartphones present new security challenges. "The good smartphones have been pretty well designed," Morrison says. "The problem now is the flood of secondary phones that bring interesting diversity and also open up holes for hackers." Mocana researchers say a more immediate threat may be the vast number of new Internet-ready consumer electronics devices.


Abstracts Copyright © 2010 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: