Search This Blog

Friday, October 23, 2009

Security Management Weekly - October 23, 2009

header

  Learn more! ->   sm professional  

October 23, 2009
 
 
Corporate Security

  1. "Galleon Case Prompts Firms To Plug Leaks"
  2. "To Protect Your Privacy, Hand Over Your Data " MIT Proposal Suggests Digital Identities Could be More Secure if They Were Based on Data Gathered From 'Reality Mining'
  3. "Nokia Sues Apple Over Alleged Breach of Patent"
  4. "Stop That (Solar) Thief" Several Companies Offering Products Aimed at Stopping Thefts of Solar Panels
  5. "Software Pirates Hijack Windows 7 China Debut"
Homeland Security

  1. "Sessions: Congress Erred in E-Verify Extension Vote" Alabama Senator Says Lawmakers Should Have Made Program Permanent
  2. "Mass. Man Accused of Plot to Kill Shoppers, Troops"
  3. "Report: White House Neglecting Bioterrorism"
  4. "US Congress Votes to Allow Guantanamo Transfers to US"
  5. "Flow of Terrorist Recruits Increasing" Growing Numbers of Citizens of Western Nations Traveling to Terrorist Training Camps in Afghanistan and Pakistan
Cyber Security

  1. "China Expands Cyberspying in U.S., Report Says" Chinese Gov't Calls Allegations Made in U.S.-China Economic and Security Review Commission Report 'Unfounded'
  2. "Federal Student Aid Data Isn't Secure, IG Says"
  3. "Researchers Help Ensure Security of Military Logistics"
  4. "Botnet Unleashes Variety of New Phishing Attacks"
  5. "NASA Told to Plug IT Security Holes"

   

 
 
 

 


Galleon Case Prompts Firms To Plug Leaks
Wall Street Journal (10/23/09) Sharma, Amol; Pulliam, Susan

Companies are currently undertaking extensive damage control measures following criminal allegations brought against Galleon Group founder Raj Rajaratnam that allege he was involved in an insider-trading scheme that also involved a number of corporate executives and employees. Companies with possible ties to the investigation include Intel Corp. and Google Inc. Intel has assured its partner, Clearwater Corp., that the company's information is safe after Intel managing director Rajiv Goel was accused of leaking information to Rajaratnam regarding Clearwater's plans to merge with Sprint Nextel Corp. in March 2008. Google, for its part, has suspended ties with investor-relations firm, Market Street Partner, while the firm conducts an internal investigation into Shammara Hussain, a former employee whom prosecutors maintain passed along sensitive information about Google.


To Protect Your Privacy, Hand Over Your Data
New Scientist (10/22/09) Venkatraman, Vijaysree

A new proposal from the Massachusetts Institute of Technology's (MIT's) Human Dynamics Laboratory suggests that digital identities would be more secure if they were based on data collected from "reality mining," which studies how people behave using the digital data produced by computerized activities. MIT researcher Alex Pentland says that researchers and corporations have already realized the potential for reality mining, and argues that if people were to gain control over their own personal data mines they could use that information to prove who they are or inform smart recommendation systems. Pentland believes that allowing access to that data is safer than relying on key-like codes and numbers, which can be stolen or faked. He proposes creating a central body--supported by cell phone networks, banks, and the government--that would manage a data identity system. Banks could provide pieces of data to a third party running a check on a person's identity, and individuals could use their own data for services such as apps on a smartphone. Pentland says such a system would be far more powerful than existing recommender systems. He has been working to alleviate concerns over using personal data as an identification system, and has gotten the Harvard Law Lab and the World Economic Forum to develop and support the idea. He says 70 other industry partners have expressed interest and will be asked to test a design for the system.


Nokia Sues Apple Over Alleged Breach of Patent
Guardian Unlimited (UK) (10/22/09) Wray, Richard

Phone manufacturer Nokia is pursuing legal action against Apple, claiming that the company's iPhone infringes on 10 of its wireless patents. Prior to the initiation of this action, Nokia and Apple had been in talks to create a licensing deal that would allow Nokia to receive payment for each iPhone produced. Representatives for Nokia have not said how much Apple would be expected to pay for the use of the 10 patents, but licensing payments usually amount to a few dollars. Considering that Apple is expected to sell as many as 80 million iPhones per year by 2012, those payments could add up to tens or hundreds of millions of dollars. Nokia representatives also said that the door is still open to negotiate these payments with Apple, as their case will not see the inside of a courtroom until the end of 2011.


Stop That (Solar) Thief
Wall Street Journal (10/19/09) Simon, Stephanie

Expensive solar panel arrays have become a major target of theft as demand for solar power increases. In response to this surge in photovoltaic theft, a number of companies are now offering new security products designed specifically to protect solar panels. These panels make such attractive targets because they are relatively easy to remove and, in a couple of hours of work, thieves can remove an average of 40 to 50 panels that can then be sold for a few hundred dollars each on the black market. Most installers say that security is vital to solar arrays, particularly those located in remote areas or in office parks that are mostly unoccupied on the weekend. In order to combat these thefts, Heliotex has created special screws that make the panels harder to remove. The bolts of these screws are created in an odd pattern, which can only be opened using a unique key. Another company, CodeSource of Denton, Texas, has created a labeling system for the panels that can record panel barcodes and make them easier for law enforcement to track. Unlike most labels, when the CodeSource label is removed, it leaves behind a residue of the bar code that can still be seen under ultraviolet light. Finally, there is Gridlock Solar Security, which is based out of Santa Rosa, California. They offer an alarm system wired through each solar panel that goes off if the panels are disturbed. At the same time, the system, which costs between $995 and $2,300 automatically, calls several programmed numbers, including the owner's cell phone or the police.


Software Pirates Hijack Windows 7 China Debut
Reuters (10/16/09) Soh, Kelvin; Lee, Melanie

Although Microsoft is not planning to officially launch its new Windows 7 operating systems for nearly a week, Chinese consumers have been able to buy the software for some time now thanks to software pirates. At some shops in Shanghai's Xinyang market, for example, pirated versions of Windows 7 are being sold for as low 20 yuan, or $2.93, each. Windows 7 normally sells for as much as $320. The availability of pirated versions of software like Windows 7 illustrates the problems software makers have in making money in China, a country in which roughly 80 percent of the software sold is pirated. However, that percentage is falling due to the steps the Chinese government and companies are taking to fight piracy. For instance, Microsoft is cutting the prices of some of its applications so that there will be less demand for pirated software among consumers. The Chinese government, meanwhile, has been cracking down on piracy of software and other consumer items. Four people were sent to jail in August when a Chinese court convicted them of selling a pirated version of Microsoft Windows XP. Experts say that other factors, including rising levels of education and living standards among Chinese consumers, should help push down software piracy rates to as low as 50 percent by 2012, according to estimates by the research firm Gartner.




Sessions: Congress Erred in E-Verify Extension Vote
Montgomery Advertiser (10/23/09) Berry, Deborah Barfield

Congress has extended the E-Verify program, which allows employers to ensure that their employees are in the country legally, for three years as part of the recently-passed $43 billion Department of Homeland Security spending bill. The bill now goes to President Barack Obama, who is expected to sign it. But the bill is being criticized by a number of people, including Sen. Jeff Sessions (R-Ala.), the author of an amendment to the Homeland Security spending bill that would have made E-Verify permanent. Sessions criticized Congress for changing that amendment so that E-Verify was only extended for three years. Sessions noted that not making E-Verify permanent was a mistake, given the fact that the nation is in midst of a serious recession and high unemployment. Others are criticizing Congress for continuing E-Verify. Among them is the U.S. Chamber of Commerce and the National Association of Manufacturers, who say that the federal databases used by E-Verify are so error-prone that many legal immigrants and citizens are mistakenly disqualified from jobs. Immigration groups have also criticized E-Verify, and have called on Congress to focus instead on overhauling the nation's immigration system.


Mass. Man Accused of Plot to Kill Shoppers, Troops
Associated Press (10/22/09) Lavoie, Denise

Authorities on Wednesday arrested 27-year-old Tarek Mehanna, a resident of the Boston suburb of Sudbury, Mass., who is accused of conspiring with two others to support terrorism. According to authorities, Mehanna and the two other individuals--Ahmed Abousamra, an American who is now in Syria, and an unidentified man who is now cooperating with authorities--conspired between 2001 and 2008 to shoot shoppers in U.S. malls and to "kill, kidnap, maim, or injure" U.S. soldiers in Iraq, as well as two politicians who were once part of the executive branch but have since left office. The politicians, who authorities say were never in any danger, have not been identified. Prosecutors say that the men wanted to carry out the attacks because they were angry about the presence of U.S. troops in the Middle East. Despite their plans, Mehanna and his co-conspirators never came close to carrying out an attack. Authorities say that their repeated attempts to enter terrorist training camps failed, and that they could not get the weapons they wanted to carry out the attacks in U.S. malls.


Report: White House Neglecting Bioterrorism
USA Today (10/21/09) Hill, Mimi

A report issued Wednesday by the bipartisan Commission on the Prevention of Weapons of Mass Destruction criticized the Obama Administration for not doing enough to protect the nation from the threat of biological terrorism. The report faulted the White House for failing to take several steps in its approach to preventing a biological terrorist attack, including not appointing any senior political appointees with a biodefense background. The report also criticized the Obama Administration and Congress for not providing enough money for a program that aims to ensure that there are enough drugs to respond to a biological terrorist attack. The Obama Administration asked for $305 million for this program in its fiscal 2010 budget request—an amount that the report said is "insufficient by a factor of 10." For its part, the Obama Administration has said that protecting the nation from terrorist attacks is one of its "top national security priorities," and that the government is "carefully evaluating" its "all-hazards" spending.


US Congress Votes to Allow Guantanamo Transfers to US
Agence France Presse (10/20/09)

The U.S. Senate on Tuesday approved legislation that would allow the Obama administration to bring detainees from the Guantanamo Bay detention facility to the U.S. mainland for trial. However, the legislation--which was included in a bill that would fund the Department of Homeland Security next year--includes some restrictions on efforts to bring terrorism suspects from the soon-to-be-closed facility for trial. For example, the Obama administration would have to complete a detailed assessment of the possible risk of bringing a particular terrorism suspect to the U.S. 45 days before they can be transferred out of Guantanamo Bay. This assessment must include details of the dangers involved in bringing the suspect to the U.S., steps that are being taken to reduce the threat, the legal rationale behind the transfer, and assurances to the governor of the state in which the suspect is to be tried that the individual represents little or no security risk. In addition, the legislation forbids the administration to release terrorism suspects in the U.S., including its overseas territories. But the bill also left a number of other questions unresolved, including whether the Obama administration can hold terrorist suspects in the U.S. indefinitely without charging them, as well as what would happen to those who are tried in civilian courts and acquitted.


Flow of Terrorist Recruits Increasing
Washington Post (10/19/09) Whitlock, Craig

U.S. and European officials are becoming increasingly concerned about rising numbers of Western terrorist recruits, including Americans, that are traveling to Afghanistan and Pakistan to attend militant training camps. Since January, reports indicate that at least 30 recruits have traveled from Germany alone to Pakistan for training, approximately 10 of whom have since returned to Germany. The country's security services are currently on high alert after groups affiliated with both the Taliban and al-Qaida released tapes threatening an attack against Germany if it did not withdraw its troops from Afghanistan. There are approximately 3,800 German troops in Afghanistan at this time as part of the NATO-led forces. Other European countries are also attempting to prevent their citizens from traveling to Pakistan to receive military training. Pakistani officials recently arrested a group of foreigners including Swedes reportedly on their way to a terrorist training camp in North Waziristan near the Afghan border while three Belgians and a French citizen are currently awaiting trial in their home countries after returning from Pakistani camps in 2008. Some European countries, like Britain, have been more successful on cracking down on potential home-grown terrorists traveling to training camps in Pakistan or other South Asian locations. Other countries, like Germany, are still having a difficult time, as al-Qaida and its affiliates have begun focusing their recruiting efforts with agents on the ground in Europe. In contrast to recent U.S. assessments, which indicate that al-Qaida's command structure has been severely weakened in recent years, a Dutch report indicates that the group's ability to carry out attacks may actually be increasing as it has successfully cultured alliances with like-minded terrorist groups worldwide.




China Expands Cyberspying in U.S., Report Says
Wall Street Journal (10/22/09) P. A9; Gorman, Siobhan

The U.S.-China Economic and Security Review Commission issued a report on Thursday that said that the Chinese government is increasingly launching cyberspying operations against the United States, and that those operations are "straining the U.S. capacity to respond." The report, which was written by analysts at Northrop Grumman, described a cyberspying incident in which the Chinese apparently infiltrated the computer networks of a U.S. company. In that incident, which the report said took place at an unnamed "firm involved in high-technology development" in 2007, hackers stole valuable research and development information from the company's networks and exported it to eight U.S. computers outside the company, including two machines at unidentified universities. The university computers were chosen because the large amount of Internet traffic volume on university networks provided cover for the transfer of the company data. After the information was transferred to the computers, it was sent overseas. The company whose data was stolen in the incident was able to detect the outflow of information, but not before significant amounts of that data left its network, the report said. The report concluded that the attack had to have been supported or orchestrated by the Chinese government, given the fact that the stolen information was technical in nature and was not easily sold by other companies or criminal groups. The "professional quality" of the attack is also an indication that the Chinese government was involved in some way, the report said. A spokesman for the Chinese Embassy in Washington criticized the report, saying that allegations that the Chinese government has engaged in cyberspying against the U.S. are "unfounded and unwarranted."


Federal Student Aid Data Isn't Secure, IG Says
Federal Computer Week (10/21/09) Lipowicz, Alice

The computer systems at the U.S. Department of Education are ill-equipped to handle the personal and financial data of the millions of students enrolled in the Federal Student Aid (FSA) program, finds the department's inspector general (IG) in his latest report. The FSA program, which dispenses close to $70 billion annually, has access to college students' personal and financial information. Although the audit did not mention any specific breaches of data, it does intimate that FSA's practices could enable such an event. The IG's office underscored eight inefficient security practices--particularly in the certification and accreditation procedures--in the student aid records, the report notes. "The FSA Chief Operating Officer and the Department Chief Information Officer must improve security controls over the certification and accreditation process for information systems to adequately protect the confidentiality, integrity and availability of department systems and the data residing in the systems," concludes Education Department assistant IG Charles Coe in the audit report.


Researchers Help Ensure Security of Military Logistics
University of Texas at Dallas (10/20/09) Moore, David

University of Texas at Dallas (UTD) professor Bhavani Thuraisingham, director of UTD's CyberSecurity Research Center, believes it is possible to establish data security for large military logistics systems even if the system's component parts come for multiple companies that are not secure. "The challenge for security researchers is to develop appropriate security architectures to ensure that the system operates securely even if individual components fail," Thuraisingham said. She recently spoke at a recent panel discussion that included U.S. Department of Homeland Security inspector general Richard Skinner, the deputy chief of naval operations for Fleet Readiness and Logistics vice admiral Michael Loose, and the U.S. Department of Defense's U.S. Transportation Command deputy commander vice admiral Mark Harnitchek. Thuraisingham also said that data-mining techniques can be used to detect viruses and malicious software that may have been introduced into the supply chain process. Thuraisingham's team is developing architectural solutions for secure systems, conducting risk analysis and risk modeling, and using data-mining techniques in security.


Botnet Unleashes Variety of New Phishing Attacks
Dark Reading (10/19/09) Higgins, Kelly Jackson

The expansive Zbot botnet that disseminates the nefarious Zeus banking Trojan has been generating a series of seemingly undercover phishing attacks since mid-October--the most recent one being a false warning of a system-wide Conficker worm infection from Microsoft that offers a free "cleanup tool." The recent attacks directed at corporations were contained within email messages that notified users of a "system upgrade." The emails carry pernicious links and infected attachments. In some cases they are disguised as emails from the company's information technology department, and contain alerts about upgrades to the users' email accounts. F-Secure researchers recently discovered the botnet sending out malware-laden messages with convincing subject lines. "What we're seeing is an evolving campaign of different lures to see which one works," says Sophos Labs' Richard Wang.


NASA Told to Plug IT Security Holes
InformationWeek (10/16/09) Hoover, J. Nicholas

NASA reported 1,120 cybersecurity incidents in 2007 and 2008, which was more than any other federal agency, according to a report from the Government Accountability Office (GAO). Among the types of cybersecurity incidents that NASA reported during that two-year period was the installation of malicious software on agency computers. In one such incident, 82 NASA computers were infected with rootkits, which resulted in them becoming part of a botnet based in the Ukraine. In another incident, 86 NASA computers were infected with the Zoneback Trojan, which disables security software and runs other types of malware. The GAO report also said that NASA laptops containing unencrypted data about a prototype hypersonic jet and test plans for a space telescope and a lunar orbiter were stolen. In the aftermath of these breaches, NASA has worked to improve incident response and strengthen the practices it uses to protect its IT network, though the agency still has gaps in its cybersecurity measures, including control vulnerabilities and program shortfalls, GAO said. The report said that these vulnerabilities make it possible for someone with malicious intent to perform a variety of actions, including bypassing or disabling computer access controls. The report gives NASA eight broad recommendations for improving cybersecurity, including more fully developing risk assessment and security policies and procedures. A separate report includes nearly 200 specific recommendations. NASA said that it agrees with the GAO recommendations and that it has taken steps to improve security, including implementing improvements in IT management.


Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

2 comments:

Brittanicus said...

The American people are now aware that E-Verify would have been stripped from immigration enforcement bills by our legislators? Sen.Harry Reid D-NV, Nancy Pelosi D-CA failed in their objective to table the law, as public outcry positively terminated any chance? But now the battle lines have been drawn between--THE AMERICAN WORKERS Vs. A MULTITUDE OF PARASITE BUSINESS ORGANIZATIONS AND THE OPEN BORDER LOBBYISTS. The 15 million unemployed citizens and legal residents now know who are the enemy that we are up against? The American public must stop the demand for undying influx of impoverished labor. The magnet is businesses who draw the illegal cheap job hunters across the borders into the clutches of exploiting employers. I have heard from countless US workers, who have been dropped to make way for cheaper labor in every category of jobs, including higher career positions.

American workers have been paying a price for at least two decades, because thousands of companies had resisted paying for health care? Instead that when maimed workers specially in manual forms of labor are carted to the nearest emergency hospital for treatment. The outcome being the employer is resolved from any responsibility and the taxpayer absorbed the medical debt. WHEN THE AMERICAN PEOPLE FORCE OUR INCOMPETENT POLITICIANS TO INTRODUCE E-VERIFY AS A PERMANENT ADDITION TO THE IMMIGRATION ENFORCEMENT ARSENAL, ILLEGAL ALIENS WITHOUT JOBS WILL LEAVE IN DROVES. But their must be substantial penalties for not using E-Verify, such as heavy fines and prison for many violations. Internal ICE enforcement on a grand scale must become a daily event, as they investigate violations within the working communities. ONE CERTAIN WAY TO HALT THE ILLEGAL ALIEN INVASION, IS BY CHANGING THE CIVIL LAW TO CRIMINAL AS A CLASS ONE FELONY FOR ENTERING AMERICA WITHOUT PERMISSION?

A new poll by Zogby International has found people across our border believe an amnesty that would grant legal status to illegal immigrants would prompt more people to enter the U.S. illegally, the Center for Immigration Studies (CRS) stated. Another new survey conducted by Rasmussen Reports reveals that 56% of Americans say that federal immigration policies encourage illegal immigration, and 64% believe that local law enforcement should conduct raids in places where illegal aliens gather to find work. Only 19% opposed the raids compared to 24% who opposed such raids back in April.

Brittanicus said...

A commentary from a blogger in:
Berwick, Pennsylvania about a once a thriving manufacturing town. There were 30,000 people employed at "American Car and Foundry" which used to manufacture munitions, tanks and railroad cars during the war. There were also many clothing and shoe manufacturers in town which employed several thousand people. Since the signing of the NAFTA agreement, every one of those businesses is GONE! G-O-N-E!!! There are thousands of unemployed people there with no hope of finding work since the majority of them are above 50 years of age and the fact remains it is a rural/semi-rural area.YET, there are scores of illegals coming into that same town collecting welfare and living in "HUD" homes which were lost by retirees living on a fixed income who could no longer afford their property taxes due to the increase in oil, gas, food, and cuts in their pensions and health are! THIS IS THE MAJOR REASON WE NEED A PERMANENT E-VERIFY, FOR EVERY PERSON WHO IS EMPLOYED? NOT JUST FOR A THREE YEAR PERIOD?

Call and blast your Senators and Representative at 202-224-3121 in Washington. Overwhelming the switchboard with your calls, as it is having an outstanding effect of--MILLIONS of angry voters. THEY ARE BEGINNING TO LISTEN AND REACT? INFORM THEM DO YOUR DUTY OR SUFFER THE CONSEQUENCES ON RE-ELECTION DAY? Tell them you want a PERMANENT E-Verify for--EVERY WORKER, a secure double layer fence and--REAL--enforcement against sanctuary state policies. Read undisclosed facts, statistics and lawmakers immigration enforcement grades at NUMBERSUSA. UNEARTH the corruption in government at JUDICIAL WATCH. Your voice is needed to halt OVERPOPULATION and American Worker survival. Demand NO-MORE-AMNESTIES. They should--GO--home and come through the front door, like millions of honest legal immigrants? Report any irregularities in your workplace to ICE. Be a patriotic American, Whistle-Blower and inform of illegal activity to ICE. Your job--COULD BE NEXT?