| |
China Joins Three Nations in Mekong River Patrols
Wall Street Journal (12/09/11) Spegele, Brian
China has announced that it will work with Thailand, Laos, and Myanmar to conduct joint patrols along the Mekong River. Those patrols are scheduled to begin on Saturday and will be carried out by more than 200 police officers from the border defense force in China's Yunnan province. The patrols come in response to the murder of 13 Chinese sailors during attacks on two cargo ships sailing along the Mekong River earlier this year. Nine Thai soldiers have been accused of carrying out the attack, which took place in the area of the Mekong River where the borders of Myanmar, Thailand, and Laos come together. That region is rife with drug-smuggling gangs, as it is a major production site for opium. China suspended shipping along the Mekong River in the aftermath of the attack.
94 Indicted in Scheme Exploiting a Bank
New York Times (12/07/11) Rosenberg, Noah
An electronic crime was recently prosecuted in New York and led to the indictments of 94 individuals for stealing at least $450,000 from TD Bank, and possibly as much as $1 million. The suspects exploited a loophole in TD Bank's system that allowed new account holders to transfer money deposited into savings accounts to a checking account without a waiting period for the deposited checks to clear. Once the money was transferred, the participants quickly withdrew the money as cash at Western Union branches and casinos.
Piracy Legislation Pits Hollywood Against Silicon Valley
Los Angeles Times (12/05/11) Verrier, Richard; Puzzanghera, Jim
Congress is currently considering a controversial bill that aims to crack down on online piracy. Under the legislation, the U.S. Justice Department would be given wide latitude in shutting down Web sites that are being used to host pirated material. That authority would include seeking court orders asking U.S.-based search engines and Internet sites to block access to Web sites that engage in piracy and are hosted overseas. In addition, copyright holders such as music companies and film studios would be allowed to ask for court injunctions against Internet companies that are suspected of participating in copyright theft. Such injunctions would prevent suspected piracy sites from receiving ads and payment services from the U.S. The legislation is supported by the film industry, which says that copyright theft costs it $16 billion in lost earnings and cuts economic output by $58 billion each year. However, the legislation is opposed by Internet entrepreneurs and Internet companies such as Google, Yahoo, and Facebook, which say that the bill will hurt online innovation, impair free speech, and pose a threat to the technological stability of the Web. The bill, which enjoys the support of both Democratic and Republican lawmakers, could be altered in order to address the concerns raised by the technology companies.
Greenpeace Activists Break Into French Nuclear Plant Near Paris
Wall Street Journal (12/05/11) Amiel, Geraldine; Landauro, Inti
Four Greenpeace activists were arrested on Monday after breaking into a nuclear power plant near Paris. Greenpeace noted that the activists entered the Nogent-sur-Seine plant compound and climbed onto the roof of one of the plant's reactors in order to show that safety and security at the plant are not up to par. France's energy minister, Eric Besson, has said that an investigation into the incident would be conducted in order to determine where security measures broke down. Any issues that are found would then be addressed, Besson said. However, Besson noted that nuclear power plants in France are already well guarded.
Fort Worth City Council to Look at Tougher Rules for Apartments
Fort Worth Star-Telegram (12/04/11) Hanna, Bill
At many of Fort Worth's problem-plagued apartment communities, city officials have had a hard time removing residents who are engaging in criminal activity. In addition, electric meters have continually been either stolen or hot-wired. To deal with these issues, the city's Code Compliance Department has recommended modifying rental registration rules to give officials more tools to deal with apartments where crime and dangerous code violations continually occur. The crime-free multihousing ordinance would include a lease addendum requiring apartment residents to sign a prohibition against criminal conduct. This addendum would make it much easier to evict those who commit crimes or allow criminal activity to take place on the premises. In addition, apartment owners would be permitted to use standard leases from the Texas Apartment Association that include this language.
Killings Rattle Virginia Tech
Wall Street Journal (12/09/11) Martin, Timothy W.; Campo-Flores, Arian
A shooting at Virginia Tech on Thursday brought back memories of the 2007 massacre at the university that left 32 people dead, though faculty members say that the school responded much more quickly to this latest incident than it did to Seung-Hui Cho's shooting rampage more than four and a half years ago. The incident on Dec. 8 began when a Virginia Tech university police officer, 39-year-old Deriek W. Crouse, was performing a routine traffic stop on the Blacksburg, Va., campus at around 12:30 p.m. While Crouse was in the middle of the traffic stop, a man walked up to him and opened fire, killing him. The suspect then fled. A second body and a weapon were found in a parking lot a short distance away, though authorities have refused to say whether that body belonged to another victim or the killer. However, a law enforcement official speaking on condition of anonymity said that the gunman had died. Seven minutes after the shooting, university officials sent out warnings to students and faculty via the VT Alerts text messaging system warning them to stay indoors. Classes were not in session as students were preparing for finals. The lockdown was eventually lifted at 4:30 p.m. The quick response to the shooting by university officials was praised by faculty members who said that it was much better than the school's response to the 2007 massacre. The U.S. Department of Education says that Virginia Tech administrators waited more than two hours to notify students about that shooting.
Package Sent to Banker Was Bomb - German Police
Reuters (12/08/11) Sheahan, Maria
Authorities in Frankfurt, Germany, intercepted a suspicious package that was addressed to Deutsche Bank Chief Executive Josef Ackermann late Wednesday. After examining the package, authorities determined that it contained a bomb that was capable of exploding. The discovery of the letter bomb has raised concerns that the protests against bank executives could begin to take on a violent tone. However, Occupy Frankfurt--which, like the Occupy Wall Street protest, has criticized banks--said that it was not behind the attempted attack on Ackermann. A representative from Occupy Frankfurt also said that his movement condemned any violent actions. In the aftermath of the incident, security has been beefed up at Deutsche Bank offices across the globe. Other banks in Europe have also been warned to be cautious. Before Wednesday's attempted bombing, Deutsche Bank had already been scanning every piece of mail that was sent to its executive committee. Deutsche Bank executives have been targeted in the past. In 1989, Deutsche Bank head Alfred Herrhausen was killed in car bombing committed by members of the leftist Red Army Faction.
Drone Crash in Iran Reveals Secret U.S. Surveillance Effort
New York Times (12/07/11) Shane, Scott ; Sanger, David E.
Foreign officials and American experts say that the RQ-170 Sentinel drone that recently crashed in Iran was being used to map suspected nuclear sites. The use of the drone in Iran has been a topic that American officials have refused to discuss. On Sunday, the U.S.-led International Security Assistance Force in Afghanistan said in a statement on the crash that the drone was flying a mission over western Afghanistan when it was lost. However, a number of experts have said that the fact that the drone was using stealth technology likely meant that the aircraft was being used to fly operations over Iran, as the Taliban in western Afghanistan does not have the means to detect such flights. Experts say that drones have a vital role to play in conducting surveillance on Iranian nuclear facilities, as they can hover overhead for hours and send video feeds showing people moving around the sites. The drones are also likely equipped with sensors that can detect small amounts of radiation and other chemicals that can be indicative of a nuclear research facility. Whatever technology has been included on the RQ-170 drone, it has now fallen into the hands of the Iranians, who could sell the equipment to Russia, China, or other countries. These countries would likely be most interested in the sophisticated radar used by the drone. Reverse-engineering the drone is also an option, though some missile and drone experts say that doing so would be difficult.
Elderly Complain About Pants Search at NY Airport
Associated Press (12/06/11) Kennedy, Kelli
Two elderly women are complaining about the way they were treated by Transportation Security Administration (TSA) personnel during security screenings at New York City's John F. Kennedy International Airport. One woman, 88-year-old Ruth Sherman, was pulled aside for additional screening before she boarded a flight to Fort Lauderdale, Fla., on Nov. 28. Security personnel were concerned about Sherman because of the bulge in her pants, which was caused by a colostomy bag. Sherman was taken into a separate room where two female TSA agents asked her to lower her sweatpants so that they could see what was causing the bulge--a process that she said made her feel "very humiliated." On Nov. 29, 85-year-old Lenore Zimmerman was forced to raise her blouse and drop her pants and underwear for a female TSA agent in a private room so that the agent could inspect her back brace. Zimmerman was unable to go through a scanning machine because she uses a heart defibrillator. TSA has said that it is investigating both cases and that it is committed to treating airline passengers respectfully and with dignity. However, the TSA also noted that the security measures are needed because terrorists and their targets can be of any age. Nevertheless, TSA has created an advisory committee of 70 disability groups so that security screenings can be adapted to people who use medical devices that could arouse suspicion.
Postgame Melee Puts Security Under Scrutiny
Wall Street Journal (12/05/11) Koppel, Nathan
Oklahoma State fans celebrating the team's victory over rival Oklahoma University on Dec. 3 poured onto the field after the game, with the resulting melee causing about a dozen people to get hurt, including at least one who was transported by helicopter to an Oklahoma City hospital in critical condition. He was in guarded, stable condition by Sunday afternoon. The event has prompted new scrutiny of the security measures taken to prevent potentially dangerous postgame celebrations. "Our policy is that no unauthorized persons are allowed on the field at any time," Oklahoma State's statement said. "It is clear. We stated the policy in a public address announcement toward the end of the game. Despite the efforts of the security team, fans rushed onto the field causing several injuries." The school nevertheless praised the efforts of medical and security personnel. It has become commonplace for fans to pour onto a playing field following a dramatic victory, occasionally resulting in serious or even fatal injuries. Besides adopting enhanced security measures for big games, such as additional police on the field, universities need to do a better job of educating their fan base and conveying the need for restraint in celebration, security experts said.
Java Apps Have Most Flaws, Cobol Apps the Least, Study Finds
Computerworld (12/08/11) Thibodeau, Patrick
Poorly written software, or software that does not adhere to good architectural and coding practices, comes with hidden costs known as "technical debt." This debt is the cost that comes from fixing lines of poor quality code, or code that can contribute to security breaches and the corruption of data, among other things. Software quality tool maker Cast Software recently conducted an analysis of 745 applications written in a variety of different programming languages, as part of an effort to quantify this technical debt. In its analysis, Cast counted the number of development violations in applications written in Java EE, Cobol, .Net, C, C++, and other programming languages, and determined that the average technical debt to repair each line of poor quality code was $3.61. Cast arrived at that figure by determining what it would cost to fix each line of poor quality code at a rate of $75 per hour. However, some programming languages came with a technical debt that was better than the average, while others were worse. The technical debt associated with fixing poor quality code written in the Java EE programming language was $5.42 per line, which was the highest amount of technical debt among the languages Cast analyzed. Cobol had the lowest amount of technical debt, at $1.26 per line of code. Cast chief scientist Bill Curtis said that Cobol likely had the lowest amount of technical debt because it is an older programming language that has undergone a number of fixes. As for Java, it likely had the highest amount of technical debt because many of the people who are using that programming language do not have strong backgrounds in computer science, Curtis said.
Cross-Site Scripting Flaws Plague Web Applications, Report Says
IDG News Service (12/07/11) Kirk, Jeremy
Cross-site scripting flaws are the most common type of vulnerability in Web applications, according to a Veracode study, which found that such flaws allow attackers to run scripts from other Web sites. This in turn could allow attackers to steal information or run other types of malicious code. In addition, Veracode found that 32 percent of the Web applications it examined had SQL injection problems, which allow attackers to execute commands entered into Web-based forms. Such attacks can enable cybercriminals to steal sensitive data. Meanwhile, the Veracode study found that error-handling flaws were the most common type of vulnerability found in non-Web applications, followed by buffer management issues and buffer overflow problems. Veracode also found that nearly one third of these applications transmitted at least one piece of sensitive information, although it was difficult to determine whether these transmissions were made on purpose or not.
Password Apathy Common Among IT Workers, Survey Finds
Federal Computer Week (12/07/11) Tuutti, Camille
IT professionals are lax when it comes to IT security, according to a recent survey by Lieberman Software. Of the more than 300 IT professionals who attended HP Protect 2011 in Washington, D.C., 48 percent said that at least one privileged password in their organization goes unchanged for more than 90 days. Another 42 percent of respondents said that two or more IT staff members in their organizations had a password in common for a system or application. Many IT professionals also said that they had a large amount of passwords to remember. More than half said that they had to memorize at least 10 passwords for various systems and applications. In addition, more than one in four respondents said that abuse of a privileged login used for accessing information had been committed by at least one IT staff member in their organizations. Security breaches were fairly common at the organizations where the respondents worked, with nearly half saying that their employer's systems had been breached by hackers. As for members of senior management, many seem to be lax in enforcing IT security policies, says Lieberman Software CEO Philip Lieberman. He notes that members of management need to pay more attention to basic security measures or face the consequences that result from data breaches.
Homeland-Security Bill Seeks to Clarify Who's in Charge of Cybersecurity
National Journal (12/06/11) Gruenwald, Juliana
House Cybersecurity, Infrastructure, Protection and Security Technologies Subcommittee Chairman Dan Lungren (R-Calif.) has announced that he is planning to introduce a bill that would identify the Department of Homeland Security (DHS) as the primary federal agency in charge of national cybersecurity. The bill would provide an alternative to legislation approved by the House Intelligence Committee that would require the director of national intelligence to create guidance for the intelligence community to share with the private sector classified intelligence about cyber threats. Lungren's bill, on the other hand, proposes the creation of a nonprofit National Information Sharing Organization for exchanging details on cyber threats between the public and private sector. Privacy advocates have praised Lungren's proposal, because it places civilian-run DHS in charge of data-sharing instead of an agency run under the Department of Defense. However, some advocates have suggested Lungren add limitations regarding the kind of information companies can share with the government. Cheri McGuire, vice president of global affairs for security provider Symantec, agrees that DHS should be the agency in charge, adding that she does not favor one bill over the other. Instead, her priority is to ensure that the private sector has access to necessary government information on cyber threats.
Should Homeland Security Control the Electrical Grid? Maybe
CNet (12/05/11) Reisinger, Don
MIT researchers have released a report on the security of the U.S.'s electric power grid. The report says the federal government should designate a single agency as being responsible for protecting the electric power grid from cyberattacks. The current security regime is untenable, the report says, because those that are in charge of maintaining the electric power grid are not working together. This is despite the fact that that the NERC Critical Infrastructure Protection reliability standards include cybersecurity regulations for bulk power systems. However, these standards do not apply to the distribution system, which makes it almost impossible to manage the entire electric power grid, according to the report. In addition, the lack of a single agency in charge of protecting against, responding to, and recovering from cyber attacks has created a security vulnerability, the report says. The researchers say that whatever agency is chosen for this task should work with the electric power industry and have the necessary regulatory authority to improve cybersecurity preparedness efforts, response, and recovery throughout the electric power industry. They added that government agencies involved in protecting the electric power grid from cyberattacks should support research that aims to develop best practices for response to and recovery from them on electricity distribution systems.
Abstracts Copyright © 2011 Information, Inc. Bethesda, MD |
No comments:
Post a Comment