| | Learn more! -> |  | |  |
| |
Wal-Mart Inquiry Reflects Alarm on Corruption
New York Times (11/16/12) Clifford, Stephanie; Barstow, David
Recent regulatory filings have revealed that a series of routine audits by Wal-Mart of its foreign subsidiaries has turned into a growing investigation into violations of U.S. anti-bribery law. After hearing news reports of Tyson Foods paying fines for violating the Foreign Corrupt Practices Act in early 2011, Wal-Mart General Consul Jeffrey J. Gearhart launched precautionary audits of Wal-Mart's Mexico, China, and Brazil subsidiaries, which quickly turned up evidence of poor compliance with Wal-Mart's anti-corruption policies. The investigation deepened after the company became aware that the New York Times was looking into the current investigation in conjunction with a story about allegations that Wal-Mart executives had covered up specific and major allegations of bribery on the part of the Mexican subsidiary in 2005. According to the regulatory filings, Wal-Mart is continuing investigations of subsidiaries in China, Brazil, and India, while a separate internal investigation has been launched into the alleged 2005 cover up. These investigations and related compliance reforms have so far cost Wal-Mart well over $100 million. New training has been instituted at several of the foreign subsidiaries and corruption reporting guidelines have been changed so that all allegations of corruption must now be referred directly to Wal-Mart's general consul or the company ethics office in Bentonville, Ark.
Workplace Homicides Down, But Prevention Needs to be Stepped Up
Security Director News (11/14/12) Canfield, Amy
The National Institute for the Prevention of Workplace Violence (NIPWV) reports that incidents of workplace homicides fell from a total of 518 in 2010, to 458 in 2011, the lowest number the institute has on record. Despite the drop, NUPWV executive director W. Barry Nixon calls on employers to keep up prevention programs. "If we really want to significantly eliminate workplace violence, what we’ve got to do is start to focus on a security-conscious culture in our organizations,” he maintains. One way to achieve this goal, Nixon says, is for companies to institute "enterprise security management," to look at security and prevention as an integral part of their business strategy. Nixon also pointed out a number of other trends in the report that he feels companies need to address. For example, the report indicates that, while violence is down, suicides have increased in the past several years. He additionally advised companies to be wary of violence trends in the wider community, which the report found can be a predictor of violence in the workplace.
Tox Report on Workplace Shooter Jones: No Street Drugs, Traces of Pot
Fresno Bee (CA) (11/13/12) Guy, Jim; Benjamin, Marc
The search for answers in a deadly workplace shooting that took place at a meat processing plant in Fresno, Calif., on Nov. 6 continues to be inconclusive. Fresno County Coroner's Office Chief Forensic Pathologist Dr. Venu Gopal says that a preliminary toxicology screening on shooter Lawrence Nathaniel Jones turned up only small traces of marijuana but no evidence of other illegal drugs. Jones' acquaintances and coworkers have been unable to explain what drove the 42-year-old ex-felon to kill two of his coworkers and injure two others before turning his gun on himself at Fresno's Valley Protein on Nov. 6. Gopal says the next step will be to examine Jones' medical history and conduct a toxicology screening for prescription drugs to see if he took or stopped taking any medications before the shooting. Meanwhile, Valley Protein has begun a long-term counseling program for its workers, where Fresno Police Department Chaplains will follow-up with employees over the next 60 days to see how well they are coping after the shooting and offer whatever support may be needed.
Ticket-Buying Robbers Pull Guns in South African Museum, Steal More Than $2M Worth of Art
Associated Press (NY) (11/12/12)
Several art thieves stole more than $2 million worth of paintings from a museum in Johannesburg, South Africa, on Sunday. According to investigators, the thieves posed as art students and a teacher visiting the Pretoria Art Museum. They paid for tickets and asked the curator to show them around before pulling guns. The thieves then tied up the curator and others before making off with the paintings they had just asked about. The suspects escaped in a silver sedan as private security guards for the museum closed in on them. Security at the museum is expected to increase following the theft, but officials have declined to offer specifics on their plans.
Rules for the Unruly
Security Management (10/01/12) Vol. 56, No. 10, P. 96 Pilker, Donald C.
The Virginia Mason Medical Center in Washington State has developed an aggression-management training program for non-security hospital staff. The aggression-management training component teaches participants that aggression can be at three levels: personal, aggressive, or physical. Staff are instructed to note the disruptive behavior in the patient's chart, tell other staff members about the incident, and display a team presence involving care providers from various disciplines who discuss the desired behavior. The next level of aggression is where patients can cause verbal or physical harm, in which case staff should report the incident to management and security, and work in teams to alleviate the situation. The highest aggression level may involve patients becoming extremely agitated, and staff should seek to secure the area to prevent the patient from harming himself or others. Staff members should call security and other staff like psychiatric medical professionals as needed. The hospital also has established a Security Response Review Committee that is responsible for evaluating security responses each month, and comprises about 10 volunteer members from various departments. Volunteers need to have sufficiently high authority to make changes or corrections to staff programs. At the monthly roundtable discussions, trends are reviewed to determine if any security or procedural adjustments need to be made. The committee meetings recently led to the creation of a symbol used by nurses to indicate that a patient is displaying aggressiveness. Meanwhile, the security department has developed a Violent Incident Report form that is given to employees to complete when they report incidents of aggression. This makes it easier for security to align the sequence of events with data in the security reports.
Benghazi Attack Details Aired
Wall Street Journal (11/16/12) Gorman, Siobhan; Entous, Adam
Former CIA Director David Petraeus will testify before the Senate and House intelligence committees on Friday about the attack on the U.S. consulate in Benghazi, Libya, on Sept. 11. Petraeus' testimony comes about one week after he resigned from his post after investigators discovered that he was having an extramarital affair, though the hearing is not expected to focus on that issue. The timing of Petraeus' resignation and the hearings on the Benghazi have prompted some to speculate that the Obama administration may have something to hide, though lawmakers say they hope that Friday's hearings will put those theories to rest. However, some lawmakers say that they are skeptical that they will learn anything new about the Benghazi attack from Petraeus' testimony. Petraeus' appearance before the two committees comes one day after acting CIA Director Michael Morell, Director of National Intelligence James Clapper, and several other officials testified before the panels on Thursday about the Benghazi attack. Rep. Adam Schiff (D-Calif.), one of the lawmakers present at the hearing, said that the testimony convinced him that the intelligence about the attack was inaccurate at times but that the Obama administration did not change it for political purposes as some have claimed. Nevertheless, the hearings did not apparently help lawmakers understand why it took so long for intelligence reports to show that the attack did not stem from a protest over an inflammatory video posted on YouTube, as was initially believed.
Terrorist Attack on Power Grid Could Cause Broad Hardship, Report Says
New York Times (11/15/12) Wald, Matthew
The National Academy of Sciences issued a report on Nov. 14 concluding that terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work. Blowing up substations or transmission lines with explosives or by firing projectiles at them from a distance would enable terrorists to cause cascading failures and damage parts that would take months to repair or replace, according to the report. The electric utility industry has intermittently tried, in collaboration with the Department of Homeland Security, to rehearse responses. Of particular concern are giant custom-built transformers that increase the voltage of electricity to levels suited for bulk transmission and then reduce voltage for distribution to customers. Very few of those transformers are manufactured in the United States, and replacing them can take many months. Technicians in March shipped three specially designed transformers from St. Louis to Houston and rapidly installed them as part of a preparedness drill. The transformers had multiple attachments so that they can be used in a variety of jobs. They are functioning well, said one of the experiment's supervisors, Richard Lordan, a senior technical expert at the Electric Power Research Institute, but follow-up steps — like figuring out how many such transformers should be stockpiled as well as developing storage depots, financing purchases of the equipment, and planning how to allocate it in an emergency — have yet to be taken. Experts say that changes in the electric industry have made the grid more vulnerable in recent years, pointing out that the grid was mostly built to serve the needs of individual utilities, but regulators have cut the generation companies loose from the companies that transport and distribute power to foster a competitive market. "I don't think we pay quite enough attention to the technology fixes that would allow us to make the power system more resilient," said Clark Gellings, a researcher at the Electric Power Research Institute who is one of the report's authors.
FBI Investigating How Petraeus Biographer Broadwell Obtained Classified Files
Washington Post (11/14/12) Horwitz, Sari; Miller, Greg; DeYoung, Karen
The cybercrime unit of the FBI's field office in Tampa, Fla., is continuing to investigate Paula Broadwell, the woman who had an affair with former CIA Director David Petraeus. A search of Broadwell's home in North Carolina on Monday night resulted in the seizure of several boxes of material, some of which was sensitive in nature. Investigators are trying to determine whether classified material was compromised as a result of the affair between Petraeus and Broadwell. U.S. officials have said that there is no evidence of a security breach so far. Petraeus has denied that he was the source of the classified material that was found in Broadwell's possession, and Broadwell has confirmed those claims. Although news of the affair between Broadwell and Petraeus has come to light only within the past week, the FBI has been investigating the matter for several months now. The investigation was launched following the discovery of e-mails that linked Broadwell to Petraeus, which prompted concerns that the former CIA director's e-mail account had been hacked, that he was in danger, or that he had been compromised. However, a law enforcement official speaking on condition of anonymity said that more serious security threats had been ruled out. Meanwhile, lawmakers are calling on Petraeus to appear before Congress to testify about the attack on the Benghazi consulate on Sept. 11. Sen. Susan Collins (R-Maine) said that Petraeus should still testify because he has information about the attack that lawmakers need to hear.
Democratizing Radiation Detection
Security Management (11/01/12) Vol. 56, No. 11, P. 20 Harwood, Matthew
Following the March 2012 Fukushima Daiichi nuclear accident in Japan, a nonprofit organization called Safecast created a network that enabled people to measure and report radiation levels. Volunteers were provided with GPS-enabled Geiger counters, and the resulting data was uploaded to online maps. Today, Safecast is using donor funds to enable Geiger countries to be distributed globally by 2013. Japan's nuclear crisis also spurred a company called Image Insight to develop an application that lets people use smartphone cameras to detect gamma radiation. Called GammaPix, the application "employs the inherent gamma-ray sensitivity of CCD and CMOS chips used in the digital image senors of surveillance cameras and smart phones ..." according to the company's white paper, and data can also be uploaded to public maps. The upcoming application, which will cost about $10 for iPhone and Android smartphone users, can be used to curb the theft of radioactive materials, emit an alarm in the case of radiation accidents, and help first responders in a radiation emergency. GammaPix can also be installed in digital surveillance cameras to enable the detection of radioactive substances. Image Insight's Gordon Drukier says hospitals could use GammaPix to prevent the theft of radioactive material.
Mass Transit Monitoring
ASIS News Release (11/01/12) Anderson, Teresa
When Denver's Regional Transportation District (RTD) expanded its commuter rail and train services two years ago, it also upgraded its security command center, making use of state of the art security and camera systems to extend the RTD's view of its sprawling transportation system. The RTD's Integrated Security Operations division includes a small internal police force, armed contract security officers, and members of local police forces. From the new command center, they monitor live and recorded feeds from over 1,100 cameras located in train stations, bus terminals, and parking ramps. Security cameras are also mounted in all of RTD trains and 80 percent of buses. In addition, the command center monitors the 240 emergency phones located on pedestrian bridges, platforms, and parking lots. The command center is also the hub for RTD's Transit Watch program, which encourages passengers to e-mail, phone, or text security concerns directly to RTD. ISO Transit Police Commander Bob Grado says that the new command center has helped RTD to centralize its security operations and pull back from a security model that called for officers to constantly be patrolling the transit system, to a more flexible model where the system can be constantly monitored and officers deployed as needed.
BYOD Threats Require Additional IT Resources: Webroot
eWeek (11/15/12) Eddy, Nathan
A majority of American, British, and Australian companies that have adopted bring-your-own-device practices have increased security threats and concerns as a result of employee-owned mobile devices, according to a new Webroot survey. More than 50 percent of respondents reported experiencing mobile threats that significantly impacted employee productivity and business activity, while 61 percent said their IT costs had been driven up by the need to meet mobile security concerns. Help desk resources were especially impacted, with 63 percent reporting increased help desk volume due to mobile, accounting for as much as one-third of help desk workload in some cases. Most respondents said they viewed mobile devices as a major risk to corporate security and 46 percent had implemented mobile security programs. Overall, 45 percent reported having devices lost or stolen in the last year, while 24 percent experienced mobile malware infections that damaged productivity or compromised customer data. These rates were even higher in companies with 500 or more employees. Webroot offers suggestions for improving mobile security which include outlining clear and detailed BYOD policies defining permitted uses and requiring the use of corporate-selected or managed security software on personal devices.
U.S.-China Economic and Security Review Commission Urges Congress to Probe China's Cyber Attacks
Reuters (11/14/12) Wolf, Jim
The United States-China Economic and Security Review Commission's latest annual report to Congress focused in large part on issues of cybersecurity and the threat of cyber attacks and cyber espionage originating in China. "China's cyber capabilities provide Beijing with an increasingly potent tool to achieve national objectives. A diverse set of Chinese hackers use pilfered information to advance political, economic, and security objectives," the report warned. Among the biggest threats mentioned in the report were efforts by Chinese hackers to crack two-factor authentication schemes. The report suggested Congress conduct a review of Chinese cyber espionage practices and the legal penalties that can be imposed on companies found to engage in or benefit from cyber espionage. Released in the midst of the Chinese Communist Party's 18th Party Congress, the report was met with sharp criticism in China. Foreign Ministry spokesman Hong Lei accused the commission of having a "Cold War mentality" and interfering with internal Chinese politics. Lei also asserted that U.S. and China already had a robust collaboration on Internet security.
Obama Authorizes New Cyber Warfare Directive
The Hill (11/14/12) Munoz, Carlo
The White House has laid out specific ground rules for how and when the U.S. military can carry out offensive and defensive cyber operations against a foreign threat. A senior Obama administration official confirmed recently that the president has signed a White House directive on "cyber operations." "The directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal," the official explained. The directive differentiates between network defense capabilities and other cyber operations. "What [the directive] does, really for the first time, is it explicitly talks about how we will use cyber operations," the official said on Wednesday. The official said the measure would allow the administration to be "flexible" in dealing with cyber threats and to act when needed.
Skype Vulnerability, Now Blocked, Allowed Account Hijack
InformationWeek (11/14/12) Seltzer, Larry
Skype says that it has corrected a security vulnerability in its password reset feature that allowed attackers to hijack users' accounts. Malicious hackers could exploit the vulnerability by creating an account with the victim's e-mail address. Although Skype will display an error message stating that an account is already associated with the e-mail address, the attacker will still be able to proceed with the account creation process. The attacker could then enter the victim's e-mail address and ask for the password for the account to be reset. But instead of being sent to the victim's e-mail account, the password reset notification and token was displayed in Skype itself. This allowed the attacker to simply click on a link to reset the password for the victim's account. Skype temporarily disabled the password resetting feature before it announced that it had developed a fix to correct the vulnerability.
Salvaging Digital Certificates
Dark Reading (11/12/12) Roberts, Paul
Dutch certificate authority (CA) DigiNotar was crippled last year after a security breach resulted in the issuing of hundreds of fake certificates in the names of major brands, including Google, Yahoo, and Skype. The security compromise was just one of many, as recent attacks and breaches on CAs have thrown into question the reliability of digital certification schemes, especially those that use Secure Sockets Layer (SSL). A glutted market overrun with dubious certificates and generally poor implementation of SSL and other certificates by CAs and developers of all stripes also contribute to doubt about the reliability of digital certificates. Experts advise carefully vetting CA vendors and treating their services as partnerships rather than as products. Organizations also should have CA back-up options ready, as CAs themselves are increasingly the weak link in the certification chain. Most importantly, experts recommend making a detailed inventory of existing certificate inventories and infrastructures, clearing out what is not needed and composing detailed lists that describe certificates, their uses, and outlining who has what authority over them. Meanwhile, SSL specialist Moxie Marlinspike is working on developing Convergence, a dynamic, global network of Web identity "notaries" that he hopes will replace the static lists of CAs that currently serve as the backbone of digital certification.
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
|
No comments:
Post a Comment