Search This Blog

Friday, August 24, 2012

Security Management Weekly - August 24, 2012

header

  Learn more! ->   sm professional  

August 24, 2012
 
 
Corporate Security
Sponsored By:
  1. "Shootings Weigh on South Africa's Leaders"
  2. "Group: DC Gunman May Have Targeted It, Too" Traditional Values Coalition
  3. "Security Manager's Journal: Security Training On the Cheap"
  4. "End Users See Benefits of PSIM" Physical Security Information Management
  5. "How to Protect Multi-Facility Enterprises"

Homeland Security
Sponsored By:
  1. "Norway Killer Deemed Sane, Given 21 Years"
  2. "Iran's Supreme Leader Orders Fresh Terror Attacks on West"
  3. "NYPD Official: Muslim Spying by Secret Demographics Unit Generated No Leads, Terrorism Cases"
  4. "U.S. Authorities Warned to Stay Vigilant"
  5. "Hard Lessons" Security Threats on College Campuses

Cyber Security
  1. "Malware Can Take Ugly Leap Forward to Virtual Machines"
  2. "DHS Warns Siemens 'Flaw' Could Allow Power Plant Hack" Department of Homeland Security
  3. "Microsoft Warns of 'Man-in-the-Middle' VPN Password Hack" Virtual Private Networking
  4. "Security First: New NIST Guidelines on Securing BIOS for Servers" National Institute of Standards and Technology
  5. "Hackers Warn Government: Come Clean On Surveillance System or Face Attack" Australia

   

 
 
 

 


Shootings Weigh on South Africa's Leaders
Wall Street Journal (08/20/12) Maylie, Devon

New details are emerging about a deadly clash between police and striking workers at a platinum mine in Marikana, South Africa, on Aug. 16. According to South African National Police Commissioner Riah Phiyega, the 540 police officers who had been deployed to the site--which has been the scene of an illegal strike by the miners since Aug. 10--began building a barbed-wire cordon in response to growing tensions in the miners' camp and the failure of the workers to respond to demands to lay down their weapons. Phiyega noted that a group of armed miners charged an unfinished side of the cordon, prompting police to use water cannons, tear gas, and stun grenades to try to stop them. Some of the protesters fired shots, to which police responded by firing rubber bullets. Phiyega said that police officers also fired live ammunition at the protesters. Phiyega said that police officers fired on the miners only as a last resort, though some of the miners said that the police fired first even though they were only armed with sticks. A total of 34 miners were killed in the clashes, and another 78 were injured. The violence at the mine, which has been attributed to a rivalry between two unions that want to represent the miners, has claimed a total of 44 lives since it began earlier this month. Workers at the mine are protesting what they say is low pay and poor living conditions.


Group: DC Gunman May Have Targeted It, Too
Associated Press (08/17/12)

The head of the Traditional Values Coalition on Friday claimed that she believed that her group had also been targeted by the man who allegedly shot and wounded a guard at the Washington, D.C., headquarters of the Family Research Council on Aug. 15. Traditional Values Coalition President Andrea Lafferty said she had been visited by FBI agents who told her that the alleged gunman, Floyd Lee Corkins II, had a note with the coalition's contact information written on it on his person when he was apprehended. Lafferty said she believes this meant that Corkins had intended to attack her organization, which also has a Washington, D.C., location.


Security Manager's Journal: Security Training On the Cheap
Computerworld (08/09/12) Rice, J.F.

Security manager J.F. Rice recently discussed his efforts to create and carry out a security awareness training campaign with a nonexistent budget. Without any formal training training, Rice relies on freely available materials, such as the National Institute of Standards and Technology's (NIST) free tech security guidelines and best practices, to inform his unfunded efforts. Using methods and guidance from the NIST publications, Rice set about creating a customized Web-based training program to teach security awareness, then using posters and email newsletters to raise awareness of the awareness training. Rice is also considering using increased face time, joining department staff meetings and new-hire orientations. His resources are meager, but rice says, "I don't expect change to happen overnight, but I am optimistic that I can dial up our security with the right messaging and reinforcement."


End Users See Benefits of PSIM
SecurityInfoWatch.com (08/06/12) Chong, James; Campbell, Don

In this article, James Chong, founder, CTO, and senior vice president of strategic innovation at VidSys, and Don Campbell, vice president of product management for VidSys, share a few ways organizations are using physical security information management (PSIM) software to improve security, safety, and business operations that would otherwise be costly or impossible without it. Using PSIM software, one global Fortune 50 enterprise was able to reduce the number of false alarms being reviewed by 90 percent. The software let the organization track the time and location of alarms so that a video could be reviewed immediately. Prior to implementing the software, all alarms and cameras would have to be reviewed manually to determine where the alarm was triggered. Enterprises also use PSIM software in situations where there have been multiple invalid card swipes on a specific door within a certain period of time to determine whether the card holder and the individual in the video match. The system, when integrated with the HR department, help personnel determine quickly whether or not the person is an active employee. Prior to using the PSIM software, different operators would have to look at each system individually, and would then have to coordinate information and determine whether or not to take further action. The City of Baltimore was able to test its new PSIM software just one week before the start of the inaugural Grand Prix, when the city endured an earthquake and the remnants of a hurricane. The events allowed the mayor to test the system as he reviewed live feeds from helicopters in order to make assessments and decisions about impacted areas -- specifically those without power. And one prominent university's PSIM software platform helped campus police identify, track, and apprehend five individuals involved in an attempted robbery on campus. The software allowed police to verify a license plate number, immediately pull up the video from the location, and visually identify the suspects. As a direct result, four of the five suspects were criminally charged and prosecutors were able to use the video as part of the investigation.


How to Protect Multi-Facility Enterprises
Security Technology Executive (07/12) Vol. 22, No. 5, P. 30 Liguori, Joe

Security can be complicated for facilities that have multiple locations across North America. One of the biggest questions security directors face today is whether to standardize the security systems their company will deploy, as large companies begin to see the value in the strategy because it can help lower the overall cost of a system and enable them to manage employee access privileges through a single interface. Several years ago, companies often had one brand of access control system for an office in a small city in the Midwest and another type for a big city office on the West Coast. Aside from the issue of standardizing technology, corporate security professionals will likely face the challenge of helping rural offices understand that security is extremely important, and is not just about protecting assets. Directors can specifically list the requirements for such locations to help ensure a security program is accepted and implemented, but they should also be willing to adapt to the needs of local offices, such as allowing entrance and exit for courtyard areas without requiring card access. There will be budget issues as security directors look to deploy devices, software and other equipment across multiple locations. Also, they will need to future-proof security products to ensure they still have value in five years or more.




Norway Killer Deemed Sane, Given 21 Years
Wall Street Journal (08/24/12) Hovland, Kjetil Malkenes; Stoll, John D.

Anders Behring Breivik, the 33-year-old man who admitted to killing 77 people in a terrorist attack in Norway in July 2011, was sentenced to 21 years in prison by a Norwegian court on Friday. The verdict follows the conclusion of a 10-week trial that aimed to determine whether Breivik was sane at the time of the attacks. The court ultimately decided that he was, making it possible for him to be sentenced to prison rather than a psychiatric institution for the criminally insane. Although Breivik's sentence is for 21 years, he could spend the rest of his life in a prison outside of Oslo because Norwegian law allows preventive detention sentences such as the one given to Breivik to be extended for five year terms for as long as the inmate remains a threat to society. Breivik's sentence comes roughly two weeks after a Norwegian government commission released a report on the attacks, which consisted of a car bombing in Oslo and mass shooting on a nearby island and were reportedly motivated by Behring's belief that Norwegian culture was threatened by an influx of immigrants. The report noted that police should have responded to the attack sooner and that the Norwegian government did not take sufficient steps to prevent car bombings in the area where Breivik detonated his vehicle. In addition, the report also criticized Norwegian officials for not following through with decisions to improve security. The report's findings led to the resignation of Norwegian National Police Commissioner Oystein Haland.


Iran's Supreme Leader Orders Fresh Terror Attacks on West
Telegraph.co.uk (08/22/12) Coughlin, Con

According to senior Western intelligence officials, Iranian Supreme Leader Ayatollah Ali Khamenei recently ordered the Revolutionary Guard Corps' Quds Force to intensify its recent campaign of terror attacks against Israeli and Western targets. Accord to these officials, the directive was issued after an emergency meeting of Iran's National Security Council discussed a new report that found Iran's access to and relationship with Hezbollah could be seriously jeopardized should the government of Syrian President Bashar al-Assad fall to rebel forces. Iran has long used Syria to facilitate its collaborations with Hezbollah, but there is no guarantee that this would be possible should the Assad regime be deposed. The order for fresh attacks was meant to punish and warn, "America, the Zionists [Israel], Britain, Turkey, Saudi Arabia, Qatar, and others that they cannot act with impunity in Syria and elsewhere in the region." The Quds Force has already been linked to a recent spate of attacks and terror attempts in the U.S., South Asia, Africa, and Europe, targeting Israeli, Saudi, and Western diplomats, citizens, and assets. The Revolutionary Guard has also been accused of advising the Assad regime, and Syrian rebels recently captured 48 Iranians in Syria, at least some of whom they say are senior Revolutionary Guard members.


NYPD Official: Muslim Spying by Secret Demographics Unit Generated No Leads, Terrorism Cases
Associated Press (08/21/12)

In court testimony unsealed on Monday, New York Police Department Assistant Chief Thomas Galati admitted that the department's controversial Demographics Unit had not generated a single lead or terrorism investigation in the six years since Galati assumed his position in 2006. The existence of the previously unknown Demographics Unit, which carried out far-reaching surveillance and infiltration of Muslim communities in New York City and across the northeast U.S., caused an uproar when it was revealed last year in a series of stories by the Associated Press. At the time NYPD officials and New York Mayor Michael Bloomberg defended the unit, which has since been renamed the Zone Assessment Unit, calling it a valuable tool in the city's fight against terrorism. In his testimony, however, Galati made clear that the program had yielded no tangible results and refuted the report by former department analyst Mitchell Siber that the work of the unit led to a case against a bookstore clerk later convicted of planning to plant a bomb in a Manhattan subway station. Galati also confirmed that the unit targeted individuals based on language and national origin, regardless of any substantial suspicion of involvement in terrorism.


U.S. Authorities Warned to Stay Vigilant
WTOP Radio (08/20/12) Green, J.J.

U.S. law enforcement agencies are being warned to be on the the lookout for what at first blush may seem completely innocuous activities and behaviors as part of the Department of Homeland Security's Nationwide Suspicious Activity Reporting Initiative. According to DHS and the FBI, with the Labor Day weekend and both the Democratic and Republican national conventions coming up, law enforcement needs to be aware of suspicious behavior that may be preludes to larger acts of terrorism. The initiative cites examples such as an unauthorized man caught on video attempting to break in to a manhole, individuals photographed and filmed conducting surveillance on movie theaters, and suspicious, unauthorized helicopter fly-overs of restricted areas. Said one federal law enforcement official, "they may seem like minor issues, but as transnational terror groups use the Internet to promote terror and train operatives, it's precisely these kinds of incidents that can weak havoc at a moment's notice."


Hard Lessons
Security Management (08/01/12) Spadanuta, Laura

Virginia Polytechnic Institute and State University (Virginia Tech) in Blacksburg,Va., has been through so much since a gunman Seung-Hui Cho, killed 38 people, including himself, and has attempted to learn important lessons to limit another mass shooting in the future. Virginia Tech did use mechanisms such as e-mail to send out information about the shooting, but technology has made instant mass communication far easier since the April 16, 2007, tragedy. Today's notification systems can generally be used with all carriers and most every student has a smartphone. Best practice is to have numerous ways to reach members of the campus with pertinent information, and Virginia Tech's current system includes text messaging, e-mail, message boards, sirens, and desktop alerts, among others. While, every situation will require different directives, such as the message to shelter in place, communication is still a challenge because information on Twitter or a rumor can lead to confusion in the heat of the moment. A new state law requires colleges to have threat assessment teams, and the university has brought together individuals from different departments and disciplines to perform the task of identifying dangerous behaviors. Also, more schools are adopting the approaches of the National Incident Management System (NIMS) and the Incident Command System (ICS) for coordinating activity with local law enforcement in the event of a major incident.




Malware Can Take Ugly Leap Forward to Virtual Machines
PhysOrg.com (08/23/12) Owano, Nancy

Security researchers have found that a new multiplatform Trojan virus has the ability to copy itself onto virtual machines running on infected systems. The new malware, called Crisis, was first identified on Macs in July by Kaspersky Labs, and was later found by Symantec to have a Windows version as well. The malware uses social engineering to infect machines, posing as an Adobe Flash installer to get users to download a .jar file containing the virus. The malware allows its operators to monitor conversations on Skype and other chat programs, and monitor Internet browsing in Firefox and Safari. What makes Crisis unique is that when it detects a VMware virtual machine image on an infected system it copies itself onto the image using VMware Player. "This may be the first malware that attempts to spread onto a virtual machine," says Symantec's Takahashi Katsuki. The Windows version of Crisis also is able to copy itself to connected Windows Mobile devices using Remote Application Program Interface. Kaspersky researchers say Crisis's code is sophisticated and the malware was likely developed as a tool to be sold to cybercriminals on hacker forums.


DHS Warns Siemens 'Flaw' Could Allow Power Plant Hack
CNet (08/22/12) Whittaker, Zack

The Department of Homeland Security has issued an alert to operators of power plants and critical infrastructure after security researcher Justin Clarke last week exposed a flaw in the encryption of hardware manufactured by Siemens subsidiary RuggedCom. At a security conference in Los Angeles, Clarke demonstrated a method of extracting the single encryption key used to decode the network traffic of the RuggedCom hardware, allowing him to monitor that traffic and send malware or credentials. "If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," said Clarke. Accord to the DHS alert, "an attacker may use the key to create malicious communication to a RuggedCom network device." This is the second flaw Clarke has found in RuggedCom hardware, which he purchased secondhand off eBay. Clarke previously identified a method of extracting a password that would allow remote backdoor access to equipment, a vulnerability RuggedCom has reportedly since patched.


Microsoft Warns of 'Man-in-the-Middle' VPN Password Hack
Computerworld (08/21/12) Keizer, Gregg

Microsoft released a security advisory warning of the potential for man-in-the-middle attacks able to steal passwords from wireless networks and virtual private networks. The advisory was a response to a blog post by security researcher Moxie Marlinspike weeks earlier in which he described and released a tool capable of exploiting vulnerabilities in the MS-CHAP v2 encryption tool, commonly used in PPTP VPNs and WPA2 Enterprise Wi-Fi networks. Marlinspike's new tool, Chapcrack, parses data for MC-CHAP v2 encrypted passwords, then decrypts them using the CouldCracker service. The tool could theoretically be used by hackers to gather and decrypt passwords from data packets sent over a VPN or Wi-Fi network and thus gain full access to the network. Although Microsoft issued the security advisory and is advising IT administrators to adopt Protected Extensible Authentication Protocol to secure VPN passwords, it says it does not intend to issue a security update addressing the problem. "The issue is due to known cryptographic weaknesses in the MS-CHAP v2 protocol and is addressed through implementing configuration changes," the advisory reads. MS-CHAP v2 is supported by Windows 7, XP, and Vista, as well as Windows Server 2003, 2008, and 2008 R2.


Security First: New NIST Guidelines on Securing BIOS for Servers
NIST News (08/21/12) Brown, Evelyn

The National Institute of Standards and Technology is soliciting comments on its draft publication "BIOS Protections Guidelines for Servers" until Sept. 14. The guidelines were written for various audiences, including server developers and information system security professionals charged with securing their organization's servers as well as boot processes and hardware security modules. The document focuses how to achieve BIOS security in the various architectures that are used by servers. The guidelines also address the service processors that some servers use to perform management functions such as BIOS updates, says NIST's Andrew Regenscheid. He noes that BIOS security for servers is different because servers need more flexibility, since they are often managed remotely. The release of the document comes amid the emergence of BIOS attacks as a new threat vector. The first ever piece of malware designed to infect BIOS, known as Mebromi, was discovered by a security company last September.


Hackers Warn Government: Come Clean On Surveillance System or Face Attack
The Australian (Australia) (08/21/12) Colley, Andrew

A faction of the hacker collective Anonymous is threatening cyber attacks against Australian government targets if an inquiry by Green Party Sen. Scott Ludlum into the Australian government's use of the video analytics software TrapWire does not go forward. Anonymous has already been carrying out attacks and hacks of government Web sites related to proposed counterterrorism legislation that would require Internet service providers (ISPs) to retain user data for up to two years. The group had been relatively quiet since releasing a trove of user data stolen from the ISP AAPT last month, but e-mails released on WikiLeaks this month stoked fears in some hacker and activist groups that TrapWire was a U.S. government plot to use civilian security cameras to monitor the population on a massive scale. These fears, which have largely been debunked in the media, triggered the inquiry by Ludlum, who is asking for information about Australian agencies' use of TrapWire. Anonymous' recent activity has included attacks on the Web site of the Australian Security Intelligence Agency and threats to go after the Defence Signals Directorate if its demands are not met.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: