Search This Blog

Friday, June 26, 2009

Security Management Weekly - June 26, 2009

header

  Learn more! ->   sm professional  

June 26, 2009
 
 
Corporate Security

  1. "Antigua Arrests Ex-Regulator in Stanford Fraud Case "
  2. "Commuter-Plane Rule Looms" FAA Creates Panel to Draw Up Rules Aimed at Reducing Pilot Fatigue
  3. "Pirates Free Cargo Ship Near Somalia, One Crewman Dead"
  4. "Apple Obsessed With Secrecy on Products and Top Executives"
  5. "Dutch Weigh French-Style Net Piracy Law"
Homeland Security

  1. "Wave of Bombings Continues in Iraq"
  2. "Iran's Mousavi Vows to Continue Election Protests"
  3. "Emergency Response to Metrorail Crash Shows Post-9/11 Gains"
  4. "TSA's Express Security Grounded" Program That Allowed Frequent Fliers to Speed Through Security Lines Ends at 18 U.S. Airports
  5. "Al Qaeda Says It Would Use Pakistani Nuclear Weapons"
Cyber Security

  1. "UK Looks to Young Geeks to Secure Cyberspace"
  2. "Military Command Is Created for Cyber Security"
  3. "China Linked to 70 Percent of World's Spam, Says UAB Computer Forensics Expert"
  4. "Microsoft Releases Its Free Security Program"
  5. "DNSSEC Showing More Signs of Progress"

   

 
 
 

 


Antigua Arrests Ex-Regulator in Stanford Fraud Case
Reuters (06/25/09) Fletcher, Paul

Antigua and Barbuda's authorities arrested the country's former chief financial regulator, Leroy King. He has been detained on a provisional warrant that charges him with collaborating with Allen Stanford in a $7 billion Ponzi scheme. His arrest follows his firing as head of Antigua and Barbuda's Financial Services Regulatory Commission after U.S. federal authorities announced criminal charges against him including fraud, conspiracy, obstructing justice, and conspiracy to launder money. U.S. authorities have 45 days to formally proceed with an extradition case against King, a period that could be extended to 60 days.


Commuter-Plane Rule Looms
Wall Street Journal (06/25/09) P. A3; Pasztor, Andy; Mitchell, Josh

The Federal Aviation Administration announced Wednesday that it plans to create a panel that will develop recommendations for new rules for the commuter airline industry. The panel, which will be made up of regulators, airline representatives, and labor leaders, is scheduled to begin meeting in mid-July to draw up recommendations on rules aimed at reducing fatigue among pilots in the commuter airline industry. The recommendations should be complete by Sept. 1, the FAA said. In addition to announcing the creation of the panel, the FAA said Wednesday that it has ordered its inspectors to audit the performance of less-experienced pilots as well as those who have failed flight tests or are in need of remedial training. Meanwhile, the FAA has asked airlines and unions to work together to produce thorough background checks of pilots that will help identify those who have repeatedly failed flight tests in several different training settings or at different carriers. The FAA has also asked the commuter airline industry to implement a policy requiring carriers to obtain all FAA records on pilots before they are hired. The FAA's recent actions stem from the Feb. 12 crash of a Colgan Air plane in Buffalo, N.Y. The investigation into that crash discovered that the pilot had failed several flight-proficiency tests in the course of his career and that the plane's crew may have been overly fatigued.


Pirates Free Cargo Ship Near Somalia, One Crewman Dead
Insurance Journal (06/25/09)

The Dutch Defense Ministry has announced that Somali pirates have released the Dutch Antilles-flagged cargo vessel MV Marathon after holding it for about a month and a half. The ministry also noted that the ship, which was hijacked May 7, is being escorted to port by a Dutch navy frigate that is part of the antipiracy coalition patrolling the Gulf of Aden. The ministry did not say whether a ransom was paid for the ship. However, the ministry did say that one of the 19 Ukrainian crew members on board the MV Marathon died of a gunshot wound when the pirates hijacked the vessel last month. Another crew member was wounded in the attack.


Apple Obsessed With Secrecy on Products and Top Executives
New York Times (06/23/09) P. B1; Stone, Brad; Vance, Ashlee

Apple has implemented a number of security measures in an effort to tightly control information about its products. For example, the company requires employees who work on top-secret projects to pass through a number of security doors and enter a numeric code to get into their offices. In addition, Apple has installed security cameras in areas where employees are working on important projects. According to an employee who worked in such an area, workers in some product-testing rooms must cover up devices in black cloaks when they are working on them and turn on red warning lights when removing the cloaks. The red lights were installed to alert workers in the area to be more careful than they otherwise would be, the employee said. Another step Apple has taken to prevent the release of information about its products involves providing employees with incorrect details about a product in order to track down the source of news reports that contain the false information. Employees are sometimes fired for leaking information. According to Regis McKenna, a Silicon Valley marketing veteran who used to advise Apple on its media strategy, the culture of secrecy began to take shape in the wake of Apple's launch of the first Macintosh. Apple was concerned because competitors knew about the Mac before it was introduced.


Dutch Weigh French-Style Net Piracy Law
Business Week (06/22/09) Phillips, Leigh

A cross-party commission of Dutch investigators has issued a report that found that illegal downloading is widespread throughout the country, particularly among young people. In order to counteract this practice, the commission issued several recommendations including holding parents responsible for their child's illegal downloading practices; the creation of new licensing framework that allows paid downloading; and the elimination of a levy imposed on CDs and DVDs to reduce customer prices. Additionally, legislators may consider implementing a law similar to the one recently put in place by France, which creates a three strikes policy. This legislation has come under fire from civil rights supporters who oppose such harsh measures. As Jeremie Zimmerman of the Internet freedom group, La Quadrature du Net, argues, "Governments must realize that the costs of repression exceeds by far the benefits and most of the time harms civil liberties."




Wave of Bombings Continues in Iraq
New York Times (06/26/09) Rubin, Alissa J.; Robertson, Campbell

A wave of bombings in Iraq over the last several days comes ahead of the planned withdrawal of U.S. troops from Iraqi cities on June 30. In the latest incident, which occurred Friday, a suicide bomber on a motorcycle blew himself up in a Baghdad market area, killing at least nine people and injuring 25. The attack came on the heels of seven bombings on Thursday, at least five of which occurred in Baghdad. In one of those attacks, two people were killed and 30 were wounded at a bus station in the city. Wednesday was also a violent day in Baghdad. A crowded market in the Sadr City section of the capital was bombed, killing 76 people and injuring 158. Experts say that the recent wave of attacks is an attempt by terrorists to prove that Iraqi forces will not be capable of securing the cities once U.S. forces leave. Experts also predict that the violence will only get worse in the days leading up to the withdrawal.


Iran's Mousavi Vows to Continue Election Protests
Wall Street Journal (06/26/09) P. A8; Coker, Margaret

Iranian opposition leader Mir Hossein Mousavi broke four days of silence on Thursday by issuing a statement on the Web site of his newspaper in which he vowed not to give into "recent pressures" he said were aimed at isolating him and forcing him to change his position on the annulment of the disputed June 12 presidential election. "I cannot modify black as white and white as black," said Mousavi, who claims incumbent President Mahmoud Ahmadinejad's victory in the election was rigged. "This is not the solution to expect me to express something in which I don't believe." Mousavi's statement could give new life to the protests that have been occurring in Iran in the wake of the election. Those protests have gotten smaller and more sporadic this week due to the crackdown by Iranian security forces. At least 17 people have been killed in the crackdown, while hundreds of Mousavi supporters have been arrested.


Emergency Response to Metrorail Crash Shows Post-9/11 Gains
Christian Science Monitor (06/24/09) Cook, Dave

In a recent interview with the Christian Science Monitor, Daniel Kaniewski, the deputy director of George Washington University's Homeland Security Policy Institute and a former adviser to former President George W. Bush, praised the response to Monday's Metrorail accident in Washington, D.C. Kaniewski noted that the regional response to the accident, which killed nine people and injured more than 70, was proof that the response to extraordinary incidents has significantly improved since the September 11, 2001 terrorist attacks. Kaniewski said he was particularly impressed with the communications between the agencies involved in the response to the crash. "As I monitored the radio traffic of the local agencies involved, I expected to hear chaos; but instead I heard the calm and ordered dispatch of emergency units and informative reports from arriving personnel," Kaniewski said. He also noted that agencies from Washington, D.C., and agencies from surrounding jurisdictions were able to communicate on the same channel, which allowed them to work together in a unified manner.


TSA's Express Security Grounded
USA Today (06/23/09) Frank, Thomas

The Clear program, which allowed frequent fliers who cleared background checks to quickly pass through airport security, ceased operating on Tuesday morning after the company that operated it went out of business. The company, Verified Identity Pass, said in a statement on its Web site that it went out of business because it was unable to negotiate an agreement with its senior creditor to continue operating. Investors may have also been hesitant to put money into Verified because President Obama has yet to appoint a new head of the Transportation Security Administration, which created the program that made Clear possible, said the company's founder, Steven Brill. It remains unclear the more than 250,000 people who were enrolled in the Clear program--which was in place at 18 airports around the country, including airports in Atlanta, Denver, and Washington, D.C.--would receive refunds of the fees they paid to participate. Experts say that the end of the Clear program is a significant setback to efforts by travel groups and Congress to allow travelers who clear background checks prior to arriving at airports to pass through security more easily.


Al Qaeda Says It Would Use Pakistani Nuclear Weapons
Reuters (06/22/09) Ersan, Inal

Mustafa Abu al-Yazid, al Qaeda's leader in Afghanistan recently said in an interview with Al Jazeera that if the organization is able to gain control of Pakistan's nuclear weapons, it would use them against the United States. The statement was in response to a question regarding U.S. intentions to seize control over Pakistan's nuclear weapons if it appeared the country was unable to keep them out of militant hands. When asked about al Qaeda's future plans, al-Yazid said that the organization would continue "work on the open fronts and also by opening new fronts in a manner that achieves the interests of Islam ad Muslims and by increasing military operations that drain the enemy financially." Specifically, al-Yazid expressed hope for renewed campaigns in Saudi Arabia following the naming of Abu Basir al-Wahayshi as the new leader for al Qaeda in the Arabian Peninsula. However he also said that the organization would be willing to accept a truce with the United States of approximately 10 years if all U.S. troops are withdrawn from Muslim countries and Washington agrees to stop supporting Israel and pro-Western governments of Muslim nations.




UK Looks to Young Geeks to Secure Cyberspace
Associated Press (06/25/09) Stringer, David

British Prime Minister Gordon Brown on Thursday announced the creation of a new cybersecurity unit made up of former hackers. According to Alan West, Britain's terrorism minister and the former head of the country's defense intelligence staff, the unit will be charged with tracing the source of cyber attacks on systems operated by Britain's government, businesses, and individuals. In addition, the unit will be responsible for preventing cyber attacks on these systems, West said. He added that the unit will also have the ability to launch cyber attacks on Britain's enemies. The creation of the cybersecurity unit comes amid concerns that China and Russia are using new technology to spy on the U.K. Officials are also becoming worried that terrorist groups linked to al-Qaida could eventually develop the ability to use cyber warfare to attempt attacks on targets in the West.


Military Command Is Created for Cyber Security
Wall Street Journal (06/24/09) P. A6; Gorman, Siobhan; Dreazen, Yochi

U.S. Defense Secretary Robert Gates announced that he will create a military cybersecurity command in an effort to better protect the Pentagon's computer networks from hackers in countries such as China and Russia. Under Gates' plan, the command will initially be part of the Pentagon's Strategic Command, a unit that is responsible for computer-network security. In addition, Gates has recommended that the command be headed by Lt. Gen. Keith Alexander, the director of the National Security Agency. Gates' decision to create the command--which will begin operating in October and will be fully operational by October 2010--has been criticized by some who say it could result in military control over civilian computer systems. However, defense officials say the Cyber Command will focus only on military networks, although it will consolidate cyberwarriors and investigators from across the government under one roof. But the command's focus on military networks also has been criticized by cybersecurity experts such as Maren Leed of the Center for Strategic and International Studies, who says it could leave important national networks open to attacks and intrusions.


China Linked to 70 Percent of World's Spam, Says UAB Computer Forensics Expert
University of Alabama at Birmingham (06/23/09) Hayenga, Andrew

University of Alabama at Birmingham (UAB) researcher Gary Warner reports that so far in 2009 nearly 75 percent of the Web sites advertised through spam studied by the UAB Spam Data Mine relate back to China. "China has become a safe haven for Web site operators that use spam to promote their products because of the willingness of some Chinese Web-hosting companies to ignore spam complaints about those sites, which are hosted on their servers for a fee," Warner says. "The hosting companies don't create the spam, but rather declare themselves bullet-proof hosting sites--meaning that regardless of the illegal activities being reported, they will not terminate their customer's spam-related Web sites or domains." So far this year, the UAB Spam Data Mine has reviewed millions of spam emails and connected hundreds of thousands of Web sites advertised through spam to 69,117 unique hosting domains, of which 48,552, or about 70 percent, had Internet domains ending in the Chinese country-code top-level domain .cn. Furthermore, 48,331 of those sites were hosted on Chinese computers. The Chinese spam epidemic is strengthened by the availability of cheap domain names, which encourage spammers to buy multiple domains, creating a continuous stream of spam. Warner says that although only a few companies in China are responsible for the illegal spam activity, they risk hurting the entire country's reputation.


Microsoft Releases Its Free Security Program
Financial Times (06/23/09) P. 14; Menn, Joseph

Microsoft has released a test version of Microsoft Security Essentials, a free security package that replaces the company's little-used OneCare product. Microsoft executives say Security Essentials, which provides users with some protection against malware but does not warn that specific Web sites are dangerous, is being released to protect the PCs of consumers in the developing world. These computers are often compromised when users visit sites that have been tampered with by hackers. Microsoft plans to make 75,000 copies of the test version of Security Essentials available during the initial rollout. Microsoft is expected to release Security Essential more widely later this year. Both rollouts will be limited to users with licensed Windows machines, a move that some security experts say will limit the ability of the new program to improve Internet security.


DNSSEC Showing More Signs of Progress
Dark Reading (06/22/09) Higgins, Kelly Jackson

There has been a great deal of progress in rolling out DNSSEC since researcher Dan Kaminsky discovered a DNS cache poisoning flaw last year. In the wake of that discovery, the federal government told agencies that they must adopt the security protocol for the .gov top-level domain by December. In addition, federal agencies' intranet zones will need to be signed with DNSSEC by mid 2010. Meanwhile, ICANN has partnered with VeriSign, the Department of Commerce's National Telecommunications and Information Administration, and the National Institute of Standards and Technology to test and deploy DNSSEC on the Internet's root zone as part of an effort to improve security. Finally, the announcement earlier this month that the .org top-level domain had been signed with DNSSEC was seen as being a sign of progress in efforts to implement the security protocol. Despite the progress, there are still some obstacles to adopting DNSSEC, particularly among businesses. For example, the DNSSEC command-line controls in BIND, the most common type of DNS server, are difficult to use and difficult to integrate into other management tools, said Cricket Liu of Infoblox.


Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: