| |
Chicago Bears Fans Are You Ready for Pat-Ups?
Examiner.com (12/01/11) Hodges, Cynthia
New security measures are being implemented at NFL stadiums this weekend. Under the new security measures, fans will have to under go what is known as an "enhanced pat-up," which consists of a search of fans' bodies from their ankles to their knees in addition to the area above the waist. Fans were previously only searched from the waist up. Security personnel will be searching for weapons, as well as alcohol and other prohibited items. The new security measures come more than two months after a fan used a stun gun on another fan in a fight at MetLife Stadium in New Jersey, which is home to the New York Jets. The fan was able to bring the stun gun into the stadium in spite of the heavier security that had been in place for the tenth anniversary of the Sept. 11 attacks. NFL spokesman Greg Aiello said after that incident that it would be possible that the league would implement tighter security.
4 Steps Retailers Can Take to Combat Flash Robs
CSO Online (11/29/11) Goodchild, Joan
The phenomenon known as flash robs, in which groups of young people use social networking sites to organize large-scale thefts from retailers, has attracted the attention of the media. Among the flash robs that have made the news was an incident involving as many as 50 young people who stole from a 7-Eleven in Silver Spring, Md., earlier this month. The incident was the third flash robbery in the Washington, D.C., area so far this year. Retailers elsewhere are being affected by flash robs as well. A recent poll by the National Retail Federation found that 10 percent of the multiple-offender crimes retailers have experienced over the past 12 months have involved flash mob tactics. Despite the media attention, flash robs are not really a new phenomenon, experts say. What makes them different from similar incidents in the past is that they involve the use of social media and that those involved are stealing low-value items for fun and excitement, rather than stealing expensive items, said J.R. Roberts of J.R. Roberts Security Strategies. Meanwhile, LPT Security Consulting President Pat Murphy said that there has been too much hype over flash robs and that the few incidents that have occurred do not constitute a trend. Nevertheless, Murphy and others say that retailers should take steps to protect themselves from flash robs, including placing expensive items so that they cannot be easily accessed, using still cameras to capture images of suspects involved in flash robs, keeping staff members positioned in areas where high-value items are located, and refraining from physically trying to stop a flash rob that is in progress.
Fraud Scheme Hits Grocer
BankInfoSecurity.com (11/29/11) Kitten, Tracy
Reports of card reader tampering at Save Mart Supermarkets come as fraudsters are increasingly targeting retailers, according to consultant Robert Siciliano. He notes that retailers are easy targets for fraudsters because they are understaffed, which means that any tampering with card readers is likely to go unnoticed for a time. Save Mart Supermarkets says the compromised readers had been installed at self-service checkout lanes at 19 Lucky Supermarkets stores and one Save Mart location. Since the tampering was discovered, readers on the affected terminals have been replaced and additional security measures for point-of-sale card readers have been implemented at all of Save Mart's stores. There are no indications that whoever tampered with the card readers was also able to compromise any credit or debit card accounts. Other retailers who have had their card readers tampered with include Michaels, which discovered earlier this year that the card readers and PIN pads in 90 of its stores were sending card information and PINs to criminals.
Website Seizures Target Counterfeits
Minneapolis Star Tribune (MN) (11/28/11) Browning, Dan
U.S. Department of Homeland Security (DHS) officials have issued seizure warrants for 150 Web sites that have been accused of selling counterfeit products. Many of the sites were traced to servers in China or other overseas locations, meaning that the shutdown is unlikely to be permanent. Officials say the seizures are designed to alert consumers to "beware of what they're purchasing this holiday season." For this reason, the seizures were timed for the second year in a row to coincide with the Monday after Thanksgiving, a day commonly known as Cyber Monday. Brand protection company MarkMonitor released a study tracking 100 Web sites providing counterfeit products for a year, revealing a total of 53 billion individual visits to the sites. Most hits were for illegal music and/or movie downloads, although sites selling counterfeit medications received 51 million visits per year while other counterfeit products attracted 87 million visits. A separate National Intellectual Property Rights Coordination Center report found that there is no consensus about the losses caused by counterfeits, but it is estimated to run into the "hundreds of billions to trillions of dollars."
Black Friday Pepper Spray Suspect Surrenders
CBS News (11/26/11)
Several violent incidents took place as retailers opened their doors to shoppers for their after Thanksgiving sales. In California's San Fernando Valley, for example, a woman used pepper spray to clear away a crowd of people at a Wal-Mart on Thanksgiving night so that she could make her way to a crate of Xbox video game systems. Twenty people were injured in the incident, including 10 who suffered injuries as the result of the pepper spray and another 10 who were cut and bruised in the chaos that followed. The woman who used the pepper spray later surrendered to police but was released pending further investigation into the incident. A suburban Phoenix Wal-Mart was the scene of another violent incident on Thanksgiving night in which a 54-year-old man who was suspected of shoplifting suffered injuries after being subdued by police. The man's wife and witnesses said that he put a videogame into his waistband so that he could help his grandson, who was being trampled by shoppers. However, police said that the suspect was resisting arrest and that the officer involved in the incident acted reasonably. Police also noted that the man was injured after the officer performed a leg sweep to bring him to the ground.
Containing Nuclear Threats at Shanghai Port
Wall Street Journal (12/02/11)
A radiation detection system is set to be installed at the Yangshan port in Shanghai, China. The system, which will be commissioned and demonstrated next week, will consist of equipment that checks shipping containers for the presence of radiation when they arrive at the port and again when they are carried away on trucks. Hand-held monitors will also be used to check boxes that are deemed suspicious. The installation of the radiation detection system is part of a joint nuclear non-proliferation initiative between Washington and Beijing, as well as a worldwide U.S. program known as the Megaports Initiative. Under the initiative, a division of the U.S. Department of Energy is working to install radiation detection systems at 100 of the world's largest ports. A number of these systems are already up and running at ports around the world. The goal of the program is to scan half of the cargo that is shipped in containers on maritime vessels and 80 percent of the container traffic destined for the U.S. for nuclear-related items. The U.S. is making other efforts to detect the presence of radioactive material at ports as well. For instance, the U.S. and China agreed earlier this year to set up a center that would train port monitors in how to detect radiation. The port monitors trained at the center will be sent to a port near Beijing.
Embassy Assault in Iran Dramatizes Internal Feud
Wall Street Journal (11/30/11) Fassihi, Farnaz; MacDonald, Alistair
The British Embassy compound in Iran was stormed by hundreds of Iranian students on Tuesday in protest against the new sanctions that have been levied against Tehran. The demonstrators were able to gain access to the compound by climbing on a wall. Protesters also tried to break the lock on the compound's iron gate. Once inside the compound, demonstrators ransacked the embassy and a residence, causing large amounts of damage to both buildings. A diplomatic car in the embassy garden was also set ablaze. In addition, six non-Iranian embassy staffers were briefly detained by demonstrators. Iranian security forces and anti-riot police were eventually able to secure the area and clear the compound of protesters. However, tear gas had to be used to clear away demonstrators after they entered the embassy for a third time. The use of tear gas by Iranian security personnel sparked clashes between police and protesters. The storming of the British Embassy comes after the U.K. recently announced that it would sanction Iranian banks by preventing them from accessing the British financial system. The sanctions are similar to those implemented by the U.S. and Canada and are designed to cut off funding for Tehran's alleged nuclear weapons program.
Nigerian Terrorists Pose Threat to U.S.
Washington Times (11/30/11) Waterman, Shaun
Members of the House Homeland Security subcommittee on Counterterrorism and Intelligence have warned U.S. agencies not to underestimate the desire or capability of the Nigerian militant group Boko Haram to launch attacks against the United States. According to the subcommittee, Boko Haram leaders have increased ties with representatives of al-Qaida affiliates in the region, such as Somalia-based al-Shabab and al-Qaida in the Islamic Maghreb. They have also begun to use trademark al-Qaida tactics against Nigerian targets, including truck bombs and coordinated multiple suicide attacks. One such attack against the U.N. headquarters in the capital of Abuja used a suicide truck bomb. The resulting explosion killed 21 people, marking Boko Haram's first successful plot against an international target. Based on this evidence, subcommittee members charged U.S. intelligence with finding out more about the group's "membership strength and leadership cadre," as well as "the true nature of its ties to other groups."
Afghans Say Commando Unit Was Attacked Before Airstrike Was Called on Pakistan
Washington Post (11/29/11) P. A1 DeYoung, Karen; Partlow, Joshua
A high-ranking Pakistani defense official conceded on Monday that his country's troops fired first in the deadly encounter between coalition forces and Pakistani soldiers on Saturday. The official noted that the incident began when a Pakistani military post along the Afghan border detected suspicious activity in the area. Troops stationed at the post responded by firing several flares and mortar rounds, as well as one or two bursts of heavy machine-gun fire, in the direction of the activity, which they thought may have involved insurgents, the official said. The official added that there was no return fire in response to the action taken by the Pakistani troops. However, U.S. and Afghan forces that were operating together in the area thought that they were being fired on by insurgents. An air strike was subsequently called in, and the Pakistani border post was bombed because the coalition forces believed that the insurgents had retreated to the base. The air strike, which the Pakistani official said took place in spite of warnings from Pakistani officials that its troops were being attacked, resulted in the deaths of at least 24 Pakistani soldiers. The Pakistani defense official noted that the attack on the border post did not take place because coalition forces believed that Taliban fighters were in the area, and added that even if the attack began that way, the Americans should have known that they were attacking Pakistani forces after about 10 to 15 minutes. U.S. officials have not apologized for the air strike, which has strained relations between Islamabad and Washington. An investigation into the incident is ongoing.
Phone Hacking Tied to Terrorists
New York Times (11/26/11) Sengupta, Somini
Investigators from the Philippines Criminal Investigation and Detection Group have arrested three men and one woman who allegedly hacked into the accounts of AT&T business customers in the United States and diverted funds to Jemaah Islamiyah, a group responsible for terrorist attacks throughout Southeast Asia. The FBI reports that it is working with their counterparts in the Philippines to investigate the hacking scam, which may have begun as early as 2009. Thus far they have determined that the hackers gained access to telephone operating systems of an unspecified number of AT&T clients and used them to call telephone numbers that transferred revenues totaling $2 million to the suspects. AT&T, meanwhile, says its network was not breached and that it has reimbursed all affected customers.
Tracking-Software Maker Stirs Phone-Privacy Fears
Wall Street Journal (12/02/11) Sherr, Ian; Troianovski, Anton
Security researchers have published blogs and videos that show software- from a company called Carrier IQ collecting information on an HTC smartphone using Google's Android operating system. The software, which remains hidden from most users, tracks which buttons are pressed and collects personal data, including the content of text messages. In response to concerns raised by users and regulators, HTC said that it is not a customer but that some carriers require it. Apple, for its part, said it is phasing out the software and Nokia claims it has not used it. Google added that it has no affiliation with Carrier IQ and that it has no control over how mobile carriers or handset makers customize Android. Sprint Nextel, AT&T, and T-Mobile USA all ask some of their manufacturers to place Carrier IQ on their devices, which they say they use to monitor their networks and improve service. This is just the latest in a series of privacy issues raised by smartphones that are able to track users' location histories and apps that access and transmit users' personally identifying information. Sen. Al Franken (D-Minn.) has asked Carrier HQ to answer questions about the data it collects as well as where it is sent and how it is handled. Carrier responded that its software does not record, store, or transmit the contents of text messages, e-mails, photographs, audio, or video. Instead, the company claims that it tracks whether text messages are sent accurately and whether applications are causing undue stress on a handset's battery.
RIM Looks Into Hacking Claims
Wall Street Journal (12/01/11) Connors, Will
Several hackers this week claimed that they have been able to jailbreak Research in Motion's (RIM) BlackBerry PlayBook tablet computer, which is the first tablet to have been granted the federal government's top security certification. RIM said that it is looking into the claims, which were made in posts on social networking sites. RIM also noted that it has been in touch with one of the individuals that claimed to have cracked the PlayBook and gained access to some of the proprietary systems, software, and tools that are used to operate the device. Information about the PlayBook's systems is then made available to others who use it to create unauthorized code or to develop custom applications for the devices. Jailbreaking does not typically pose a threat to the security of data on a device. RIM's products have generally not been a target for jailbreakers, in part because they have a reputation for being secure. In addition, RIM's products are not as popular as Apple's iPhone and iPad, which have been more frequent targets for jailbreakers.
Unprotected SCADA Systems an Avoidable Risk
Dark Reading (11/30/11) Wisniewski, Chester
The recent system failure at a water-processing plant in Springfield, Ill., has called attention to the security of the supervisory control and data acquisition (SCADA) systems used by U.S. businesses and utilities. In the Springfield incident, a water pump burned out after the SCADA system repeatedly turned it on and off. An initial report on the incident from the Illinois Statewide Terrorism and Intelligence Center determined that the SCADA system had been hacked, although the Department of Homeland Security has said that there is not sufficient evidence yet to come to that conclusion. However, consultant Ira Winkler says that SCADA systems can be vulnerable to cyberattacks because businesses and utilities have connected SCADA systems to their enterprise networks, despite the fact that these systems were intended to be isolated. As a result, Winkler says hackers that are able to break into enterprise networks through the Internet also are able to hack into SCADA systems. Compounding the problem is the fact that there are no legal means to force the owners of SCADA systems to properly secure them, Winkler notes.
Millions of Printers Open to Devastating Hack Attack, Researchers Say
MSNBC (11/29/11) Sullivan, Bob
Columbia University researchers have found a new class of computer security flaws involving printers that could impact millions of businesses, consumers, and government agencies. The researchers say that certain Hewlett-Packard (HP) LaserJet printers can be remotely controlled over the Internet, enabling computer hackers to steal personal information, attack normally secure networks, and cause physical damage to hardware. HP's Keith Moore says the initial research suggests the likelihood that the vulnerability can be exploited in the real world is low. However, the Columbia researchers claim the security vulnerability is so fundamental that it could affect tens of millions of printers and other hardware that use flawed firmware. The firmware flaw runs embedded systems such as computer printers, which increasingly include functions that make them operate more like computers. "These devices are completely open and available to be exploited," says Columbia professor Salvatore Stolfo. For example, the researchers showed how a hijacked computer could be given a command to continuously heat up the printer's fuser, eventually causing the paper to turn brown and smoke. The researchers also found that printers automatically accept software updates from unknown sources, making them vulnerable to viruses that can be remotely installed.
Two-Thirds of Firewall Managers Lack Confidence in Their Security Posture
Network World (11/28/11) Musthaler, Linda
Three-quarters of 100 surveyed network security professionals believe their change management processes might expose them to a security breach, according to a Tufin Technologies annual study. This is distressing for organizations, considering that firewalls are the first line of defense for most networks. Less than 40 percent of firewall managers use an automated tool to manage configuration changes. Performing this function manually can be time consuming and prone to error. Thirty-three percent of survey respondents say they handle 50 or more firewall changes per week, and half of all respondents say it takes an hour or longer to design each firewall change. Eighty percent of the managers say they must take up more than one management console to carry out their tasks. The lack of time is a major issue. Nearly 60 percent of the respondents cited a lack of time as the weak link in their network security. Eighty-five percent of the survey respondents say they currently or will soon manage next generation firewalls, which provide a much finer level of granularity in detailing rules but means there are more firewall rules to write and enforce. For security professionals that are already stretched thin, more rules to follow might be a tipping point to where a firewall management tool becomes a must.
Abstracts Copyright © 2011 Information, Inc. Bethesda, MD |
No comments:
Post a Comment