| Major Data Firm in Security Pinch Wall Street Journal (06/06/12) Sidel, Robin Florida-based Fidelity National Information Services (FIS) is fortifying its security after regulators released a report critical of its risk practices, and in the wake of a 2011 breach involving prepaid cards. FIS was ordered by regulators to resolve eight issues after they determined that actions taken by the company "are insufficient to address regulatory concerns or identify the root causes of the weaknesses discovered." The firm is one of the largest among the more than 1,000 third-party service providers that banks and credit unions hire to handle mundane but critical work, from processing prepaid-card transactions to providing software for deposit systems. Pharma Sector's War Versus Counterfeit Drugs Intensifies PRWeek (06/01/12) Dickson, Virgil Counterfeit drugs are increasingly showing up around the globe as more complex drug supply chains have opportunities in several phases of drug development. Between 2005 and 2010, worldwide sales of counterfeit medications rose 90 percent to $75 billion. Recent cases with Roche's Avastin and several of Phizer's drugs have highlighted the growing problem. While the pharmaceutical companies have increased their outreach efforts, some experts say the Food and Drug Administration (FDA) should shift its efforts to focus on targeted correspondence with doctors, the source of these prescriptions. Some pharmaceutical firms have dedicated security teams, who investigate and stop counterfeit operations. Phizer is working hard to get two messages across to consumers: taking counterfeit drugs can put consumers' safety at risk and the need to make sure consumers are buying from a legitimate pharmacy when purchasing medications online. Some experts say the industry should study mortality rates. "If you die after six weeks of taking a counterfeit drug, people assume it was because of the illness," said John Clark, Vice President and chief security officer of Phizer's counterfeit lab. "People don't automatically trace back to see if the drug was legitimate." Roles of Information Security Executives Changing SecurityInfoWatch.com (06/05/12) Griffin, Joel A new survey by IT professional community Wisegate has shown that many CSOs and CISOs are seeing their jobs grow and change to include a greater focus on information security and risk management. CISOs polled for the study indicated that the changes have largely been driven by compliance issues and changing threats to organizations. CISOs Phil Agcaoili and David Sherry say the survey mirrors trends towards greater integration between physical, information, and cyber security in many organizations as well as a growing focus on risk management. Agcaoili suggests that CISOs facing such changes in their organizations look to industry frameworks from the National Institute of Standards and Technology (NIST) and others that provide a roadmap for transitioning to a new model of organizational security. Sherry advises security managers trying to get funds to change or upgrade security operations use "patience, persuasion, and reason" when dealing with senior management. Both CISOs agree that well considered and clearly laid out plans are key in dealing with changes in the field of organizational security. Could Ears Be the Perfect Biometric? University of Southampton (United Kingdom) (05/28/12) Lewis, Joyce Ear identification could provide as distinctive a form of identification as fingerprints, says University of Southampton's Mark Nixon, a professor in the School of Electronics and Computer Science's Communications, Signal Processing, and Control research group. Nixon is studying ear biometrics, and believes there are possible applications in security systems. He says the ear provides a cradle-to-grave method of identification because it does not change much over the course of a person's life. For a security system, photos of individual ears could be matched against a comparative database. "During walk-throughs at security checkpoints, cameras could digitally photograph passers-by comparing their ears against others in a database," Nixon says. "Used in combination with face recognition, ear recognition offers a second point of comparison in cases where all or part of a face might be obstructed, for example, by make-up." Nixon also believes images of ears would draw fewer privacy concerns, compared to a database of facial images. Shooting Rampage Rattles Toronto Winnipeg Free Press (Canada) (06/04/12) Loriggio, Paola One person was killed and seven others were injured in a shooting at the Toronto Eaton Centre shopping mall on Saturday. The shooting took place at a time when there were hundreds of people inside the mall, which is one of the busiest shopping malls in Canada, and it sparked a panicked stampede as shoppers tried to escape. Among those who were injured was a 28-year-old pregnant woman who was trampled as shoppers charged the exits. At least two other people, including a 23-year-old man and a 13-year old boy who was visiting Toronto with his family, suffered gunshot wounds. The man who was killed in the shooting, 24-year-old Ahmed Hassan, is known to have gang ties. At least one of the other victims may have had ties to a gang as well. Police have said that the shooting was a targeted act, but they have not yet said whether it was gang-related. Authorities have also said that they think they know who the shooter was, but that they are still reviewing video taken from surveillance cameras as part of an effort to track down the suspect. CIA Kills al Qaeda's No. 2 Wall Street Journal (06/06/12) P. A9 Gorman, Siobhan The White House has confirmed that al-Qaida second-in-command Abu Yahya al-Libi was killed in a drone strike in Pakistan on Monday. Libi, who became al-Qaida's No. 2 after his predecessor was killed in a drone attack, had high-level control over the organization's operations and served as its liaison for affiliated groups in Yemen, Africa, and elsewhere. Libi also had the authority to give operational approval and guidance to members of al-Qaida's leadership in Pakistan and other countries. Experts say that the death of al-Libi likely illustrates a number of things, including the fact that the U.S. has been able to maintain its ability to gather intelligence in Pakistan despite the tensions between Islamabad and Washington. The attack on al-Libi also shows that the U.S. is still able to track down senior members of al-Qaida's leadership despite the security measures that the organization has put in place following the death of Osama bin Laden last year, said Rand Corp. al-Qaida specialist Seth Jones. For example, members of al-Qaida have limited their use of phones and the Internet in their communications with one another. Jones also said that the growing number of people in Pakistan who are willing to serve as informants is an indication that al-Qaida is losing support. It's No Secret: There Are More Government Secrets Than Ever Washington Times (05/30/12) Waterman, Shaun Official government secrets reached record levels in fiscal 2011 with more than 92 million classified documents, according to an annual report by the Information Security Oversight Office. That compares to 76.5 million created in the previous fiscal year, and critics said these numbers are proof that the classification system needs reforming. President Barack Obama issued an Executive Order when he took office with the goal of retooling the classification system to make the government more transparent and accountable, and the results of an audit of agency classification procedures and proposals for other reforms Obama mandated are due this summer. "The jury is not fully back in yet, but we have some early indications that [the 2009 changes] didn't go far enough," said Elizabeth Goitein, Co-Director of the Liberty and National Security Program at New York University's Brennan Center for Justice. Since 2008, when the Information Security Oversight Office requested agencies to start supplying numbers on classified documents, the figures for "derivative classification decisions" have climbed by as much as 30 million annually. Information Security Oversight Office Associate Director William A. Cira cautioned that a portion of that growth may be agencies finding ways to tally new types of classified communications. "It is very difficult to estimate the true extent of classification activity ... [owing to] the rapid expansion of the use of electronic tools in the classified domain," he noted. However, Cira conceded that classification activity has likely increased, which might be a result of more information sharing among law enforcement and intelligence agencies. "If a secret document [such as a threat briefing or other terrorism warning] is now distributed to 200 people rather than 20, that's counted as 180 extra derivative decisions," he noted. House Panel Gives TSA Advice on Improving Its Image Los Angeles Times (06/08/12) Goldberg, Jamie Congressional leaders dressed-down Transportation Security Administration officials on June 7 at a meeting of the House Homeland Security Transportation Subcommittee, criticizing the federal agency for its poor handling of public relations. Rep. Mike Rogers (R-Ala.), chairman of the subcommittee, brought up recent stories about public figures such as former Defense Secretary Donald Rumsfeld and former Secretary of State Henry Kissinger being subjected to pat downs, saying, "there are certain people that are just so well known that you've just got to use your common sense." TSA Administrator John Pistole assured the subcommittee that it was taking steps to improve the TSA's public image, including less intrusive screening procedures and the new TSA PreCheck pre-screening system which gets its 1.5 million users through airport security faster and with less hassle. Also noted was the declining number of complaints against the TSA, which fell from 1,445 in March of 2011 to 1,294 in March 2012. Israel Airport Security Targeting Arabs, Muslims in Email Checks Associated Press (06/05/12) Federman, Josef; Hadid, Diaa A 42-year-old Quaker activist from St. Louis was expelled from Israel on May 21 after refusing to allow security at Ben Gurion International Airport search her private e-mail account. Sandra Tamari, who is of Palestinian descent, is not the first to be targeted by this Israeli security measure according to Diana Butto, a fellow at Harvard's Kennedy School of Government and former legal adviser to the Palestinian Authority in the West Bank. Butto says that the policy typically targets Muslims, Arabs, and Indians and is being used more and more frequently. Butto leads tour groups in the region and reports that in the last year at least one person in each group she has led has been subject to a search of their e-mail, generally being denied entry to the country afterward. When questioned about Tamari's experience, Israel's Shin Bet security agency confirmed the story and stated that its agents had acted in accordance with the law. FBI Probes Leaks on Iran Cyberattack Wall Street Journal (06/05/12) Perez, Evan; Entous, Adam The FBI has opened an investigation into the disclosure of classified information that led to the publication of news stories last week detailing a U.S. cyber attack program that targeted Iranian nuclear facilities. The operation, which was called Olympic Games and was first reported on by the New York Times last Friday, was a collaboration between the CIA, the Idaho National Laboratory, and other agencies within the U.S. and Israeli governments. Among Olympic Games' operations was the development and use of the Stuxnet computer worm which was used to cripple Iranian uranium centrifuges. The leak of information about Olympic Games follows another major leak that exposed a double agent who recently thwarted a new-generation underwear bomb developed by al-Qaida in Yemen. Sen. John McCain (R-Ariz.) Tuesday proposed that the leaks were intentional and originated from the Obama administration. The White House pushed back against these claims. "It's classified for a reason," said White House spokesman Josh Earnest, "because publicizing that information would pose a significant threat to national security." LinkedIn, eHarmony Suffer Data Breaches Reuters (India) (06/07/12) Finkle, Jim; Saba, Jennifer The passwords of some users of the social networking site LinkedIn and the online dating site eHarmony have been breached. The breach was announced June 6 after security experts discovered 8 million encrypted passwords on underground online forums. The person who published those passwords was reportedly asking for help in decrypting them. It is unknown whether all of the passwords that were found on the underground online forums belonged to LinkedIn and eHarmony users or whether the passwords that were published were only a part of a larger cache of login information that had been obtained by the hacker. LinkedIn and eHarmony have not said how many of their users' accounts have been breached, though they did say that they are continuing to look into the matter. The fallout from the breach remains unclear. The information that was published included only passwords and not account holders' e-mail addresses, which means that anyone who decrypts the passwords will not be able to easily use them to break into accounts on LinkedIn and eHarmony. However, some analysts said that the hackers who stole the passwords likely also have access to the e-mail addresses that go along with them. If so, analysts say, the hackers would indeed be able to access users' accounts. Risks of Boomerangs a Reality in World of Cyberwar Associated Press (06/03/12) Lardner, Richard A destructive new computer virus known as "Flame" has been attacking Iran's oil industry, as suspicions persist that the United States and its allies may be behind the creation of the virus. Even as U.S. cyberwar capabilities advance, there has been some concern that Flame or other viruses could spread to computers it was never intended to attack. The Department of Homeland Security (DHS) has said there have been no reports of infections from the Flame virus thus far attacking U.S. companies. According to DHS, the origin of the virus, which is designed to secretly record data traffic, take screenshots, and record audio and keystrokes, is a mystery. However, anonymous government sources say President Obama previously ordered another virus, known as Stuxnet, to be used to infect computer systems for Iran's nuclear program. Cyber security experts also continue to raise suspicions that U.S. and Israeli researchers are responsible for Stuxnet. The Russian researchers who discovered Flame, meanwhile, say that it is so advanced that it was very likely sponsored by government sources. On the other hand, Becky Bace, chief strategist at the Center for Forensics, Information Technology and Security at the University of South Alabama, argues that nation-states are not the only ones who have the means to put together a virus as sophisticated as Flame. Either way, experts agree that it could take years to discover who is responsible for either Stuxnet or Flame. Chinese Online Retailer Probes Possible Security Breach Wall Street Journal (06/04/12) Burkitt, Laurie The online Chinese retailer Yihaodian, which is backed by Wal-Mart and delivers a variety of different products to the homes of its customers, may have been the victim of a data security breach. A spokeswoman for Yihaodian announced the possible breach on June 4, though she did not say how many of the company's 18 million registered users may have been affected. However, the spokeswoman did say that Yihaodian has taken steps to improve security following the possible breach, including adding account-verification codes and reminding users to protect their accounts with strong passwords. Yihaodian has also created a system that locks accounts when they are accessed from Internet addresses that are deemed suspicious, and has also begun freezing user accounts when several different accounts are accessed from one address. The possible data security breach at Yihaodian comes amid an increase in the number of online breaches in China. A survey conducted earlier this year by China's Xinhua news agency found that 70 percent of Chinese consumers have had their personal data leaked as the result of online security breaches. Malicious hackers have been targeting companies that hold consumers' personal data because such data can be sold to other companies. E-commerce sites have been especially vulnerable to attacks because they have not invested a sufficient amount of time in updating their security measures, said Steve Mushero, the chief executive of the Chinese Internet-service company ChinaNetCloud. Cybersecurity Experts Needed to Meet Growing Demand Washington Post (05/30/12) Fitzpatrick, Alexander Demand for cybersecurity professionals far outweighs supply, with the U.S. government needing to hire at least 10,000 experts in the near future and the private sector requiring quadruple that amount, says Trend Micro's Tom Kellermann. Experts say the U.S. government needs more "white hats" in its arsenal to prepare itself for cybersecurity events, but the pool of qualified digital specialists is small. A 2009 Georgetown University Center on Education and the Workforce study found that less than 6 percent of all college graduates were earning degrees in computers and math, while only 2 percent of that number earned a degree directly related to cybersecurity. Booz Allen Hamilton's Edwin Kanerva says students who major in computer science are often drawn to fields outside of security, because they have more appeal and can be more lucrative. He says students must be exposed to more science, engineering, technology, and math education, and some cybersecurity training should be added to high school curricula. "What I'd like for kids to see is that cybersecurity is intellectually stimulating; it's a great field," says the U.S. National Science Foundation's (NSF's) Janice Cuny. NSF plans to fund 10,000 computer science classes in public high schools by 2016. Romney's Private Email Possibly Hacked, Campaign Investigating Fox News (06/06/12) Republican presidential candidate Mitt Romney's campaign is investigating claims that the former governor's private e-mail account was illegally accessed by a third party after e-mails from the account were published Tuesday by the Wall Street Journal. The story deepened Tuesday when the gossip blog Gawker received an e-mail from the alleged "hacker" who claimed to have breached the account, "mittromney@hotmail.com," by correctly guessing the answer to one of the account's security questions. The "hacker" claimed not to be affiliated with any larger group, reportedly writing that they had never done anything similar before. The Romney campaign's communication director Gail Gitcho said that authorities are investigating the incident. Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
No comments:
Post a Comment