| |
Judge Tosses Oracle Award
Wall Street Journal (09/02/11) Worthen, Ben; Jones, Steve D.
Judge Phyllis J. Hamilton of the U. S. District Court in Oakland threw out a $1.3 billion jury verdict in a case Oracle brought against rival SAP AG. The ruling is expected to result in a new trial to set damages, unless Oracle accepts the judge's suggested figure of $272 million. Oracle's court battle against SAP captured Silicon Valley's attention late last year and resulted in one of the biggest awards of all time in a case involving intellectual property. At the time, Oracle CEO Larry Ellison publicly accused his counterpart at Hewlett-Packard, Leo Apotheker, who previously held the top job at SAP, of masterminding an intellectual property theft ring. Meanwhile, U.S. authorities are investigating whether Oracle violated anti-bribery laws in some of its overseas deals.
15 Arrested in N.Y. Playland Melee Over Head Scarves
Westchester Journal News (NY) (08/31/11) Baker, Rebecca; Bandler, Jonathan
More than a dozen people were arrested on Aug. 30 following a melee involving 30 to 40 people at Playland Amusement Park in Rye, N.Y. Witnesses said that the violence broke out after Muslim women who were visiting the park were told that they could not wear their head coverings on some rides. The ban on headgear was put into place following the deaths of two children and a Playland employee on two rides between 2004 and 2007. One witness said that members of a group of Muslims who were at the park got into a scuffle with one another while park officials were in the process of arranging refunds for them. Another witness said that the fighting broke out after security officials pushed several Muslim women and girls to the ground and handcuffed them. A number of men then tried to intervene. Police from at least nine different agencies had to be called in to break up the scuffle. Two police officers were injured in the violence.
Montgomery County Proposes Flash-Mob Law
Washington Times (08/28/11) Noble, Andrea
Lawmakers in Montgomery County, Md., are in talks with the state delegation about the possibility of introducing legislation in next year's session of the Maryland General Assembly that would address the problem of flash mobs. The Montgomery County Council is also considering a youth curfew, which police say could have prevented an incident at a Germantown, Md., 7-Eleven in which dozens of young people entered the store in the early hours of the morning one day earlier this month and stole $450 worth of goods. The individuals who are believed to be involved in the incident have been charged with theft, conspiracy to commit theft, and disorderly conduct. However, the incident is not believed to have been committed by a flash mob because it was not organized online or through social networking sites like Twitter or Facebook.
Richard Giga Pleads Guilty to Murdering Rehab Center Security Guard
Times Herald-Record (NY) (08/30/11) Novinson, Michael
A former patient at a rehab facility in Wawarsing, N.Y., has pleaded guilty to killing a security guard and injuring a nurse on last October. Richard Giga will likely receive the maximum sentence of 25 years to life in prison for stabbing guard Lee Wood and nurse Keri Reynolds at the Renaissance Project. District Attorney Holley Carnright said Giga committed the attack because he was trying to obtain a vehicle to drive to the home of his girlfriend, who had broken up with him several days before. Giga was on the loose for 14 hours before police finally caught up with him in an empty home 1.5 miles from the Renaissance Center. An attorney for Giga, Andy Kossover, said his client pleaded guilty because he did not want to go to trial out of sensitivity for the victim's families. Carnright said Giga confessed without any sort of plea arrangement. He will be sentenced on Nov. 21.
Security Lessons From a Strike
Security Director News (08/16/11) Richardson, Whit
Verizon has experienced a wave of sabotage inflicted on its expansive telecommunications network since August 7, when 45,000 of the company's union employees went on strike. Unfortunately for Michael Mason, Verizon's chief security officer, there is little he can do about it. With thousands of vulnerable spots among its infrastructure throughout the Northeast and mid-Atlantic regions, it is impossible to secure every spot, said Mason, a 25-year veteran of the FBI who joined Verizon in 2008. "The game favors the offender," he said. "I think one of the biggest challenges is trying to communicate the message that acts of sabotage, acts of verbal or physical assault against management employees, do nothing to advance the cause of the items being negotiated at the table." Verizon is engaged in a number of initiatives to help the company identify the perpetrators, Mason said. Because the targets of opportunity far exceed the company's ability to cover all of them, Mason said they rely on honest citizens to report vandalism through neighborhood watches. Enlisting the help of the public is important, the CSO said, "because after all the public is impacted as much as Verizon–actually more than Verizon." Mason said he is keeping a running list of lessons learned from the Verizon strike of 2011 so he and his team can do a better job next time. For one, when preparing for security details, make it a bottom-up process, not a top-down one. "Often times when you operate from the top down you take a solution and apply it enterprise-wide when, in fact, it’s not applicable enterprise-wide and it would be a lot better to drive those kinds of solutions from the bottom up," Mason said. Another fundamental, he added, is understanding where the facilities are located, what the relative employee populations are at each location, and the criticality of each location.
City's Curfew Center Rounds Up Wandering Youths
Baltimore Sun (09/01/11) Fenton, Justin
Baltimore opened a curfew center in 2007 — a collaborative effort among police, the school system, and social services — to get kids off the street and away from potential harm. The effort has taken on a new urgency as other cities grapple with so-called "flash robs," large, roving groups of young people who caused mayhem there. The term is a play on "flash mobs," a phrase that originally referred to people who used social media to flood an area and break into spontaneous song or dance — innocuous pranks. This summer, pranks have evolved into something more serious, with authorities saying that social media tools may have been used to coordinate crimes in Philadelphia, Milwaukee, Chicago, and the Washington area. The reports appear to indicate a trend of a youth crime involving large groups who use their numbers to overwhelm retailers and law enforcement officers. Records show that on successive nights, groups of 10 and 15 youths robbed a 7-Eleven on Hanover Street in Baltimore's Federal Hill neighborhood in July. Retailers who have been targeted say they are trying to figure out how to weather such attacks. "We are known for a comprehensive training on what to do when there is a robbery, but this is a little different than a robbery," 7-Eleven spokeswoman Margaret Chabris said regarding the Federal Hill incidents. "This kind of mass theft is relatively new." Baltimore Mayor Stephanie Rawlings-Blake has talked to Police Commissioner Frederick H. Bealefeld III about making sure officials are monitoring camera footage for swelling groups of young people, while Sheryl Goldstein, director of the mayor's office on criminal justice, said there have been discussions with prosecutors about whether authorities could preemptively pursue charges against someone attempting to stage a "flash mob." At the curfew center, officials hope to get to the heart of the issues that drive juvenile crime. Records are kept for the number of times youth are brought there, and new arrivals are checked for juvenile warrants or prior contacts with the city's social services agency.
CIA Strikes Strain Ties With Pakistan Further
Wall Street Journal (08/29/11) Entous, Adam; Gorman, Siobhan
U.S. officials announced over the weekend that Attiyah Abd al-Rahman, al-Qaida's second-in-command, was killed in a C.I.A. drone attack in the mountains of Pakistan's Waziristan province on Aug. 22. Officials say that Rahman will be difficult to replace now that he is dead. Rahman is believed to have supervised the planning of attacks for al-Qaida, and is thought to have played a more hands-on role in the group's operations than Osama bin Laden did. In addition, Rahman's close relationships with affiliated groups will make him difficult to replace, officials said. According to Seth Jones, a specialist on al-Qaida at the think tank the Rand Corp., the death of Rahman will seriously weaken al-Qaida and will likely push it closer to "strategic defeat," though the group is still not irrelevant. Meanwhile, the strike appears to have exacerbated tensions between the U.S. and Pakistan. A Pakistani defense official expressed dismay that the U.S. did not consult Pakistan before launching the attack against Rahman, and said that the attack would further hurt the relationship between Washington and Islamabad. The C.I.A. drone attacks have also been criticized by the Pakistani public, which could put pressure on the country's leaders to limit the strikes, some U.S. officials said. However, at least one U.S. official does not believe that the attack against Rahman will result in Pakistan shutting down counterterrorism operations or ending its cooperation with the U.S.
Holes Remain in Flight School Scrutiny After 9/11
Associated Press (08/30/11)
Following the Sept. 11 terrorist attacks, tighter security measures were put in place to make it more difficult for foreigners to enroll in U.S. flight schools as several of the 9/11 hijackers did. Among the security measures that have been implemented since 2001 is a more stringent visa process for foreigners who want to come to the U.S. to take flight training. In addition, foreigners cannot begin flight training until the Transportation Security Administration runs their fingerprints and names to determine whether they have a criminal history or any terrorist connections. Flight schools that are certified by the Federal Aviation Administration (FAA) are audited by TSA inspectors at least annually to ensure that students have proper identification and that they have not overstayed their visas. However, the increased security has not been implemented in a uniform manner, nor is it seen as being foolproof. For instance, not all flight instructors with access to planes and flight simulators receive an annual visit from a TSA inspector. In addition, the TSA says that U.S. citizens do not have to submit to the fingerprinting and criminal background checks that foreign students do. But flight schools such as Phoenix East Aviation in Daytona Beach, Fla., are taking steps to ensure that potential terrorists are not taking flight lessons, including paying attention to inconsistencies in the information applicants provide. Despite the increased security at flight schools, the owner of the flight school where two of the 9/11 hijackers trained said that he is not convinced that the same thing could not happen again today at a different school.
Nigeria Arrested Suspects in U.N. Bombing
Associated Press (08/31/11)
Nigeria has announced that it arrested two men with connections to the militant group Boko Haram two days before the recent bombings of the United Nation's headquarters in Abuja. The two men are suspected of organizing the attack. The State Security Service said it is also seeking a third man who it believes has ties to al-Qaida and recently returned from Somalia. The men were arrested after the government received word about a possible car bomb in Abuja, but this information did not stop a suicide bomber from ramming through the gates of the U.N. building to reach its glass reception hall, where the bomber set off his explosives. The Security Service has refused to comment on why it was unable to prevent the attack. The suspects are currently being held by at a military base for further questioning.
Security on Rise Nationwide for 9/11 Anniversary
Associated Press (08/31/11) Sullivan, Eileen
Although there is no specific indication that a terrorist plot against the U.S. is being carried out, security is being beefed up across the country ahead of the tenth anniversary of the Sept. 11 terrorist attacks. Security is being tightened at a variety of different locations, according to an intelligence official who spoke on condition of anonymity, including airports, mass transit stations, and U.S. borders. Meanwhile, the FBI and the Department of Homeland Security have been holding routine briefings for state and local law enforcement agencies about possible terrorist threats and ways in which security can be tightened in their communities. In addition, John Brennan, President Obama's homeland security and counterterrorism adviser, has had senior-level meetings over the last several months about terrorist threats to the U.S. and the possible responses that could be taken ahead of the anniversary of the Sept. 11 attacks. A White House spokesman said that those meetings will continue even after the anniversary of Sept. 11. The preparations are being made because of concerns that someone with terrorist sympathies could attack the U.S. on the anniversary of 9/11. Information gathered during the raid on Osama bin Laden's compound in May indicated that al-Qaida was considering such an attack, but that planning never got beyond the initial stages.
Facebook Pays $40G to Hackers in New 'Bug Bounty' Scheme
Fox News (08/31/11)
Facebook recently launched a program which rewards hackers for finding security flaws on its site. Under the program, Facebook has paid out $40,000 in rewards to roughly 50 white hat hackers who have discovered the vulnerabilities. One such hacker was given a $7,000 reward for identifying six security issues, plus another $5,000 for uncovering a particularly bad vulnerability. The hackers who have taken part in the program have been promised protection from legal action if they have to use illegal techniques to identify a security problem on Facebook. Google and Mozilla, meanwhile, are using similar programs to identify security problems.
Feuding Agencies Agree to Disagree on Cybersecurity
MSNBC (08/31/11) Emspak, Jesse
In the 10 years since Sept. 11, a number of federal agencies, including the Department of Homeland Security (DHS) and the National Security Agency (NSA), have developed working relationships designed to provide national cybersecurity. It is often difficult to tell which agency should handle a specific attack, because it can be tough to determine who is behind it. While an attack by another country on Department of Defense networks might be considered an act of war, an attack from within the United States is more likely to fall under criminal statutes. In order to solve these problems, the NSA has asked to take a lead role in all cybersecurity cases, but some government officials are wary because of the agency's record of violating privacy rights and civil liberties. Thus far, the Obama administration appears to be more interested in letting DHS lead cybersecurity efforts. The Department of Defense, the State Department, and the FBI are also likely to get involved, depending on the case. And all of them are supposed to coordinate with "cybersecurity czar" Howard Schmidt. While Schmidt's office, which was established in 2009, does not have the budget or staff it would like as of yet, it has been found to have a positive effect. Additionally, some experts note that it would be detrimental for Schmidt to have too much power, because the government does not want their efforts to become too centralized. That is due to the nature of the Internet, which is inherently decentralized. To cope with those conditions, agencies have empowered lower-level operatives to make quick decisions, an arrangement that comes with both advantages and pitfalls.
One Third of Security Pros Not Practicing What They Preach
Dark Reading (08/29/11) Higgins, Kelly Jackson
More than 90 percent of those who attended the recent Gartner Security & Risk Management Summit had spoken with members of upper management about the security breaches at Sony, RSA, and Citigroup, according to a recent survey by Tenable Network Security. However, only 23 percent of attendees reported making any changes to their security infrastructure or taking any additional steps to improve security following their conversations with senior managers. Tenable CEO Ron Gula attributes the findings to the fact that organizations find it easier to keep using the traditional security tools that they are comfortable with even in the face of security threats. In addition, implementing new security measures such as changing access control for employees is not something that is feasible to do every time there is a security breach, Gula says. The survey also found that nearly half of organizations had been the victim of some type of insider threat. In addition, one-third of the security professionals who were surveyed said that they had placed productivity or convenience ahead of complying with internal security policies. Finally, the survey found that the biggest security priority for the second half of the year is securing mobile devices, followed by mitigating the threat from advanced persistent threats and zero-day attacks.
Rogue Web Certificate Could Have Been Used to Attack Iran Dissidents
Guardian Unlimited (UK) (08/30/11) Arthur, Charles
Cybersecurity experts are warning that a fraudulent SSL certificate could be used to launch a man in the middle attack against Iranian dissidents, among others. The certificate was issued by the Netherlands-based firm DigiNotar on July 10 and has been used to digitally sign encrypted connections on Google Web sites. It remains unclear who the certificate was issued to. However, security experts say that the use of the fraudulent certificate to digitally sign HTTPS connections on Google.com Web sites could result in users being tricked into thinking that they are logged in securely and that they are using an encrypted connection, though attackers controlling the network could monitor their keystrokes. That could allow hackers to steal passwords and data from Iranian dissidents and others using secure connections on Gmail and other Google sites. Since the discovery of the problem, the certificate has been removed from Microsoft's list of certificates that are allowed by its browsers. As a result, users should receive a warning when they attempt to log into a Google site that uses the fraudulent certificate. The threat has highlighted weaknesses in the Web certification system, particularly the ability of any company that is authorized to issue certificates to do so and have their certificates recognized as being valid by nearly every Web browser.
Top Cybersecurity Concerns: Malicious Code, Employees Run Amok
Network World (08/31/11) Messmer, Ellen
Malicious code attacks were the most prevalent kind of cyberattack faced by organizations during the past year, while internal unintentional actions by unwitting insiders also wreaked havoc, according to a recent Symantec-sponsored survey of 3,300 IT professionals. Although roughly 75 percent of respondents said cyberattack incidents were minimal, 21 percent said they occurred "on a regular basis," and 6 percent indicated they have endured "a large number" over the past 12 months. When cyberattacks happened, the main costs incurred were related to "downtime of our environment" and "lost productivity," according to IT experts in the financial, manufacturing, tech, healthcare, real estate, energy, and other sectors who responded to the survey. Respondents also said they considered targeted attacks, hackers, and industrial espionage to be critical security threats to their organizations, although "well-meaning insiders" who inadvertently cause security problems also received such mention.
Abstracts Copyright © 2011 Information, Inc. Bethesda, MD |
1 comment:
This post is very useful and very interesting to read.
Really, this post is providing nice information, Keep it up!!!!!
doughkelly
Post a Comment