| |
Experts Develop Protections for Product Piracy, Intellectual Property Theft
SearchSecurity.com (12/05/12) Westervelt, Robert
University of Massachusetts Amherst researcher Georg T. Becker was recently awarded the Advanced Cyber Security Center's annual Best Cyber Security Solution award for his part in the development of a new method of providing both hardware and software security for embedded devices. Embedded devices, or purpose-built computing platforms that include everything from USB thumbdrives and MP3 players to ATMs and medical devices, often face unique security concerns centered around counterfeiting and theft of intellectual property. Becker and his team's method calls for using circuitry to create a signal, indistinguishable from noise, in the power consumption of a device that can then be identified using side-channel analysis. This method, called side-channel watermarking, would be very difficult to reverse engineer or circumvent, and offers device manufacturers an easy way to verify the legitimacy of a device, cutting down on counterfeiting and efforts to subvert devices for corporate espionage. Elecia White, founder of the embedded systems consultancy Logical Elegance, says that this could be a boon to many embedded device makers who cannot afford the costly encryption and other hardware and software hardening techniques used to secure ATMs and consumer electronics such as set-top boxes and game consoles. White says the new technique would be especially useful in consumable medical devices such as thermometers, needle guides, and ultrasound transducers, cheap counterfeit versions of which can put a patient's health at risk.
New Washington Law Allowing Non-Medical Marijuana Explained
HR.BLR.com (12/05/12)
Voters in Washington state last month approved Initiative 502 (I-502), which decriminalized certain aspects of the cultivation, sale, possession, and use of marijuana. The law allows users over the age of 21 to possess and use less than one ounce of marijuana legally, while banning the smoking of marijuana in public and driving under the influence of the drug. For employers, the law is likely to create a legal status for marijuana similar to that of alcohol. While alcohol use is legal, employers are still permitted to create policies restricting its usage in the workplace. Employers are also allowed to require alcohol testing and discipline employees who use alcohol in ways that violate company policy. As a result, most company drug policies relating to marijuana are likely to remain unaffected by the new law.
Retailers to Lose Nearly $9 Billion to Shoplifting, Fraud During Holiday Season
SecurityInfoWatch.com (12/04/12)
A new study by the U.K.-based Centre for Retail Research found that U.S. retailers will likely lose $8.9 billion due to shoplifting and fraud this holiday season, up 4 percent from 2011. The study found that employee theft was the biggest source of anticipated losses at an estimated $4.7 billion, followed by shoplifting at $3.8 billion. Vendor and distribution losses are expected to be approximately $400 million, the study found. According to the study, alcohol, women's clothing and fashion accessories, and toys were the top most stolen categories targeted by thieves this year. "The Christmas season is an especially attractive time for criminals," said Professor Joshua Bamfield, the director of the Centre for Retail Research and the author of the report. "Thieves take advantage of busy stores to steal high-value, high-demand goods."
Kansas City Chiefs Player Involved in Fatal Shootings
Wall Street Journal (12/01/12) Clark, Kevin
Kansas City Chiefs linebacker Jovan Belcher killed himself in front of team officials in the parking lot of the team's practice facility on Saturday minutes after having shot and killed his girlfriend. The shooting occurred just after 8 a.m., twenty minutes after Belcher's mother had called the police and told them that her son had shot and killed his 22-year-old girlfriend Kasandra Perkins. Belcher reportedly arrived at the practice facility and talked briefly with Chiefs general manager Scott Pioli and head coach Romeo Crennel before walking a short distance away and shooting himself in the head.
5 Reasons for Conducting Micro-Assessments
SecurityInfoWatch.com (11/29/12) Bernard, Ray
While security managers and professionals are used to making quick mental assessments of vulnerabilities, systems, and concerns every day, security consultant Ray Bernard says that there are a number of compelling reasons to formalize and document these "micro-assessments." Bernard notes that security issues are often not properly or well documented, an issue that a formalized micro-assessment process can help fix. Micro-assessments are also a quick and helpful method of performing gap analyses and assessing the impact of business cutbacks and expansions, and downsizing on security. Using micro-assessments also helps create a framework for delegation and gives a formal name to important exercises and processes, which can help foster collaboration. Key areas that Bernard sees micro-assessments being useful in include checking the alignment of security with corporate strategy, determining the security concerns of managers and employees, and updating security documentation.
Terror Fight Shifts to Africa
Wall Street Journal (12/07/12) Barnes, Julian E.; Perez, Evan
The Obama administration is considering asking for congressional authorization to take action against extremist groups in several African countries, as well as in other nations that are home to militant organizations. According to military counterterrorism officials, any new congressional authorization that would be sought by the White House would allow the U.S. military to carry out operations in Mali, Nigeria, Libya, and other countries that are home to al-Qaida-affiliated and non-al-Qaida affiliated militant groups. News that the White House is considering pressing Congress for a broader authorization to use military force against militant groups comes as the administration is growing increasingly concerned about one of the terrorist groups that has taken up residence in North Africa: al-Qaida in the Islamic Maghreb (AQIM). AQIM fighters are believed to be in Mali, and the group is thought to be trying to carry out terrorist attacks against Western targets. AQIM is also suspected of having a role in the attack on the U.S. consulate in Benghazi, Libya, on Sept. 11. Meanwhile, there is disagreement among some U.S. officials about whether a new congressional authorization is even necessary. Congress authorized the use of military force against those involved in the Sept. 11 attacks, and some officials say that this authorization is sufficient if the administration goes after terrorist groups in Africa by partnering with African forces and regional governments. However, other types of actions would require a new authorization, other officials say.
Iran Says Extracts Data From U.S. Spy Drone
Reuters (12/05/12) Torbati, Yeganeh
Iran's Islamic Revolutionary Guard Corps on Wednesday claimed to have extracted data from a U.S. surveillance drone they say they captured on Tuesday. The Revolutionary Guard on Tuesday boasted that they had hacked into the control systems of a small Boeing ScanEagle surveillance drone, forcing it to land in Iran after it violated Iranian airspace. The Revolutionary Guard said they learned that the drone had been conducting surveillance on Iran's oil export terminals in the Persian Gulf after they "fully extracted the drone's information." However, the U.S. continues to maintain that no drones have gone missing, in contrast to a similar situation last year, when Iran claimed to have hacked and forced a U.S. RQ-170 Sentinel drone to land. In that case the U.S. acknowledged the loss of the drone, but said that it had crashed into Iranian territory, rather than being forced to land. The Revolutionary Guard's claims this week follow an incident last month where an Iranian jet unsuccessfully fired on a U.S. drone after alleging that the drone had violated Iranian airspace.
War on Terrorism Spurs House to Grant Presidents Secret Service Protection for Life
Washington Times (12/05/12)
Congress passed a bill about 20 years ago rescinding life-long Secret Service protection for former presidents after they had been out of office for 10 years, but the House has now passed legislation that would reinstate those protections. “The increased mobility and youth of still-living former presidents, coupled with the national security threat posed to post-9/11 leaders who were instrumental in the war on terror, necessitates protection for life, as has been the case since the 1960s,” said sponsor Rep. Trey Gowdy (R-S.C.). It is unclear what the cost of the change will be, as the Secret Service does not report costs and methods for safety reasons. Some former agents disagree with the long-term protections, however, saying that presidents become less of a target after they have been out of office for several years. Whether or not the Senate will agree with these concerns remains to be seen.
Bureaucratic Battle Blunted Libya Attack 'Talking Points'
Wall Street Journal (12/04/12) Gorman, Siobahn; Entous, Adam
New information has come to light about what was going on behind the scenes as the Obama administration developed its talking points on the the Sept. 11 attack on the U.S. consulate in Benghazi. The 94-word intelligence summary that initially emerged made no references to al-Qaida and instead argued that the attack was "spontaneously inspired by the protests at the US Embassy in Cairo and evolved into a direct assault against the US diplomatic post in Benghazi and subsequently its annex." That said, the summary also conceded that "extremists participated in the violent demonstrations." Officials did add that their conclusions may change, as the investigation is ongoing. The summary was the same one that was used by U.N. Ambassador Susan Rice during her appearance on several Sunday morning talk shows in the immediate aftermath of the attack. Unnamed sources have confessed that the summary was influenced by a highly cautious diplomatic and bureaucratic process, which eventually led to any mention of al-Qaida being eliminated from the report.
In Foiled Jordanian Terror Plot, Officials See Hand of Resurgent al-Qaeda in Iraq
Washington Post (12/03/12) Warrick, Joby
U.S. officials and security analysts are expressing concern about the growing threat from al-Qaida affiliates in the Middle East and North Africa. Among the al-Qaida affiliates that officials and analysts say they are worried about is al-Qaida in Iraq (AQI), a group which had nearly been eradicated during the U.S. occupation of that country but has since become a threat to Western interests again. The threat posed by AQI was underscored by last month's discovery of a terrorist plot to attack the U.S. Embassy and other locations in Amman, Jordan. Authorities investigating the terror plot, which aimed to topple the U.S.-allied Jordanian government, say they have uncovered evidence that the terrorist cell in Jordan that was planning the attack received bomb-building instructions and other guidance from AQI. Meanwhile, AQI is playing a growing role in the civil war underway across the border in Syria. Intelligence officials and terrorism experts say that the same kinds of explosives that were to have been used in the Amman attack have been found in Syria. Foreign jihadists are also flooding into Syria, meaning that the country could become a base for AQI's operations and training efforts. Experts say that the ongoing Syrian civil war is likely to continue producing new terrorist cells that are bent on attacking Western interests.
Hackers Hit Ex-Military Head
Wall Street Journal (12/05/12) Barrett, Devlin; Barnes, Julian E.; Perez, Evan
Government officials have revealed that the FBI is investigating possible hacking attacks targeting the personal computers of retired Adm. Mike Mullen, the former chairman of the Joint Chiefs of Staff. The officials, who spoke anonymously, say that the investigation has traced attacks on one of Mullen's e-mail accounts back to China, though the Chinese Embassy in Washington has denied any knowledge of the investigation. The officials say that Mullen is only the latest in a series of former government officials targeted by similar, still undisclosed, hacks. While Mullen retired from the military in 2011, he continues to work at the Naval Institute, a private think tank on the grounds of the Naval Academy in Annapolis, Md., and is currently serving on State Department and Central Intelligence Agency advisory boards, including one reviewing the events of the Sept. 11 attacks in Benghazi, Libya. Mullen has access to classified information as part of these positions, but his aides say he does not access or view classified material on the private computers that were targeted. TrendMicro cyber security expert Tom Kellermann says the attacks on Mullen and other retired officials could be an attempt to gather intelligence about the views and activities of current officials still consulting with them. Kellermann notes that, as private citizens, former officials are much softer targets than those currently behind government firewalls.
BYOD Security Concerns are Mounting
FierceMobileIT (12/05/12) Donovan, Fred
According to a Ponemon Institute survey, nearly a quarter of IT managers believe that mobile devices and the bring your own device (BYOD) trend pose a mounting security threat to enterprises. Three security hurdles that enterprises need to overcome when transitioning to BYOD were identified by Dionisio Zumerle, a principal research analyst at Gartner. The first hurdle is that the users' right to use the capabilities of their personal device can conflict with the enterprise's need to implement security policies. One way to enforce enterprise policy is to use mobile device management products or to turn to solutions like white- or blacklisting apps, containerization of apps, or creating an enterprise app store. Another hurdle is user freedom to choose their own device without considering security issues or capabilities, which makes it more difficult for enterprises to secure devices or monitor vulnerabilities and updates. To handle this hurdle, Zumerle recommends using network access control products and policies. Privacy concerns related to the user's ownership of the device are the final hurdle, as they could prevent the enterprise from taking aggressive security action. To address privacy concerns, the enterprise should obtain written consent from the employee to allow devices to be remotely wiped if they are compromised, lost, or stolen.
Top Secret MI6 Counter-Terror Intelligence Feared Stolen by Disgruntled Swiss IT Worker Who Walked Out With Millions of Data Files in Backpack
Daily Mail (UK) (12/05/12) Evans, Becky; Slack, James
Authorities in Switzerland are investigating the theft of sensitive information from the country's Federal Intelligence Service (NDB) that was allegedly carried out by a senior IT technician at the agency. Officials believe that the suspect was upset because his advice on operating the spy agency's data systems was not being taken seriously, and that he decided to retaliate by stealing classified information from the agency's servers. That information included intelligence collected by the British spy agency MI6 about counterterrorism operations. All of the information on the servers was being shared between the U.K., Switzerland, and U.S. The suspect is thought to have carried out the theft by abusing his administrator rights and downloading files onto portable hard drives, which he then hid in a backpack in order to sneak them out of the building. The suspect, who was arrested last summer, was allegedly planning to sell the stolen files. It remains unclear whether the suspect was able to pass along any of the stolen information to third parties before he was arrested. The incident has prompted a review of the security measures in place at the NDB.
Study: Majority of Businesses Not Adequately Protecting Payment Card Data
SecurityInfoWatch.com (12/04/12)
Many merchants are violating the Payment Card Industry Data Security Standard (PCI DSS) by storing payment card data on their networks in an unencrypted format, according to a new SecurityMetrics study. The study found that more than 70 percent of merchants engaged in this practice, a number that was virtually unchanged from last year. When asked what kind of data they were storing on their networks, more than 10 percent of merchants said they were storing data from magnetic stripe tracks. Storing such data unencrypted could create a fraud risk for consumers because criminals use information from the magnetic stripe track to forge credit and debit cards. But any payment card data that is stored unencrypted is a tempting target for criminals because it is easier to steal than data that has been encrypted, notes SecurityMetrics' Gary Glover. The study included several recommendations for how businesses can protect payment card data from being stolen, including mapping the pathways of such data on their networks, using card data discovery tools, and creating policies that state payment card data should be deleted from corporate networks.
South Carolina Inspector General: Centralize Security
GovInfoSecurity.com (12/04/12) Chabrow, Eric
South Carolina's current cybersecurity posture is wholly inadequate, according to a report by inspector general Patrick Malley, which calls for greater centralization of information security at the state level. The 18-page report, the result of an investigation sparked by this fall's data breach at the state's Department of Revenue, notes that the S.C. Division of State Information Technology lacks the authority to establish and regulate IT security policies for state agencies. Malley says this has resulted in a decentralized approach to information security with uneven results across state government agencies. This approach, Malley says, "prevents the state from understanding let alone managing, statewide infosec risk, which has the capacity to impact the entire state government." As part of his investigation Malley consulted with the CIOs of 18 state agencies to develop six recommendations for improving information security at the state level. The recommendations include the establishment of a statewide information security program using a federated governance model, and led by a new state CISO. The report also calls for the establishment of a steering committee to oversee the new strategy, and the hiring of consultants to help create a new governance framework.
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
No comments:
Post a Comment