In Two Weeks, Your iPad Can Be Used on Military Networks

May 3, 2013 by

By the middle of the month, iPhones and iPads will likely pass a Pentagon security review that will result in their use, for the first time, on military networks.

As part of the Pentagon’s big push into the mobile-device market, the Defense Department has already issued so-called Security Technical Implementation Guides, or STIGs, for BlackBerry 10 phones and Playbook tablets, and for Samsung’s Android-powered Knox phone. Apple will not be left out.

“We expect to release the iOS STIG sometime in the next two weeks,” says Air Force Lt. Col. Damien Pickart, a Pentagon spokesman.

The Pentagon still has “a few open questions” about how Apple’s operating system — and the high-end devices it powers — will lock down its sensitive data, Pickart says. But it’s issued an “interim STIG” for the latest version of iOS, iOS 6, indicating that the obstacles are minor. It’s a bureaucratic irony of the mobile age: Apple desktop and laptop computers still aren’t cleared to access military networks, but iPhones and iPads will be.

None of this means the Pentagon is actually buying troops any tablets or smartphones — yet. But military “user groups” interested in accessing Pentagon networks on the move now have approval to use these select devices. For instance: the Army’s Combined Arms Center, which recently developed a book about Afghanistan for the iPad, or whomever will end up using the Pentagon’s experimental biometrics-scanning smartphone.

As might be expected, the military is moving very cautiously into the mobile market. The vast majority of mobile devices already in use in the Department of Defense are BlackBerrys, much like with the rest of the government — some 470,000 of them. The first new devices with security clearances for military networks? Um, BlackBerry phones and tablets.

To think, just months ago, a rumor circulated that the Pentagon was ditching BlackBerry for iPhones and iPads. LOL.

It’s not clear when the Pentagon will use that market power to finally issue orders for specific smartphones and tablets. The Pentagon’s top information-security officials speak about purchasing a “family of devices” for military use, yet it’ll be weeks or months before any of those devices actually make their way to troops’ pockets and backpacks. Most likely, by the time the first military mobile orders get issued, Apple products will be among them.

View Source

Filed Under: Featured News Tagged With: , , , , ,

Grenade-shaped cigarette lighter shuts down Miami International Airport

April 20, 2013 by

Let’s just say the novelty has worn off.

A section of Miami International Airport was shut down early Thursday morning after a male passenger attempted to go through a security checkpoint with what appeared to be a grenade, but turned out to be a novelty cigarette lighter.

The Miami Dade police bomb squad was called shortly before dawn to Concourse D and determined that the camouflage-painted item was indeed a lighter.

“People do things sometimes without thinking,” Alvararo Zabaleta, spokesperson for the Miami Dade Police Dept. “This guy didn’t use much common sense.”
Miami International Airport spokesman Marc Henderson was a tad less charitable.

“I would like to know, 12 years after 9/11, why some people in the public still don’t seem to have gotten the memo that you don’t bring prohibited items or novelty items in the shape of weapons to the airport and expect to get them through TSA checkpoints?” Henderson told the Orlando Sentinel. “Even if the Boston marathon bombings had not happened, we’re vigilant at all times.”

The passenger, who police declined to identify, was not charged with any crime, but he did have his lighter confiscated.

While the incident disrupted activity at the terminal for approximately one hour, Zabaleta said that passengers should take some comfort in knowing that the system worked as it was intended.

“The security measures are working, and all the protocols were followed properly in this case,” Zabaleta told the News.

View Source

Filed Under: Featured News Tagged With: , , , , ,

CYBERSECURITY JOBS CONTINUE TO PAY BETTER THAN OTHERS

April 15, 2013 by

Demand for cybersecurity professionals continues to climb, and while overall pay for security staff dipped slightly this year, cyber pros are still earning more than their counterparts in general IT jobs, according to a new survey.

InformationWeek’s 2013 Salary Survey of 682 IT security professionals found the strong market for cyber professionals has nearly erased the gender gap when it comes to pay. The median staff salary declined $2,000, to $95,000, in 2013, while management salaries increased to $120,000, up $5,000 from the previous year.

Those figures are significantly higher than those for general IT staff and management, each which increased $2,000 in 2013, to $87,000 and $110,000, respectively, the survey found.

In addition, the survey showed very little disparity when it comes to comparing salaries for men and women in IT security jobs. While male security staffers still make $2,000 more per year than the average female IT security pro, those in management positions held the same average salary ($120,000), regardless of gender.

Cybersecurity professionals also tend to be very satisfied with their jobs, with 63 percent of respondents saying they are satisfied or very satisfied with all aspects of their jobs.

But despite high job satisfaction among cybersecurity professionals, many indicate that they will likely leave their jobs soon. The opportunity for higher pay was the top reason for leaving among 68 percent of staff and 73 percent of managers, the study found.

“George, for example, loves working for his federal agency but will likely leave soon – the competitive pay and benefits offered by the private sector make it hard for the government to compete,” the report states.

Surprisingly, however, security professionals have some reservations about their job security. Eighty-nine percent of IT security staffers said they feel at least somewhat secure in their jobs, down from 92 percent in 2012, and 92 percent of security managers feel secure, down from 93 percent last year. This is largely due to the uncertainty about government funding and the sequester, and/or because of the high expectations to prevent attacks and keep skills up to date, the survey found.

Finally, certifications also continue to be an asset for cybersecurity professionals, with staff members holding certifications making $12,000 more and managers making $10,000 more in base salary than their noncertified counterparts, the study found.

But while certifications were an asset, education may be a barrier to getting a cybersecurity job, an expectation some organizations may have to overcome if it is meet the demand for cyber professionals, the survey states. The Homeland Security Department’s Task Force on CyberSkills is looking to use junior and community colleges in combination with 2,000 hours of on-the-job training to bring potential workers without a definitive degree up to the levels where they can defend a network from attack, according to the report.

“While certifications are needed to get past the HR filters, hiring professionals who continue to educate themselves is important,” the report states. “After all, attackers don’t care about that piece of paper.”

View Source

Filed Under: Featured News Tagged With: , , , ,

Behavior Profiling Redefines Security at the Mall of America

February 7, 2013 by

After 9/11, the owners of the Mall of America handed the facility’s security director a blank check. They wanted the mall to be outfitted with cameras and metal detectors, but Security Director Doug Reynolds didn’t think that was the right solution. While the tech tools would aid security efforts, Reynolds didn’t think they were the best fit for the unique facility that he is charged to protect.

The term “mall” doesn’t provide a complete picture of the Mall of America. Located near Minneapolis in Bloomington, Minn., the facility is visited by 40 million people annually and spans 4.2 million square feet. Not only does it house the stores one would expect to find in a shopping mall, but it also features the United States’ largest indoor theme park complete with roller coasters, an aquarium and a movie theater. In addition, a hotel is scheduled to open early this year. All of these attractions combine to create an extraordinary environment for a security department.

Reynolds surveyed different security methods and industry standards, but none of the conventional approaches in the United States seemed to be the best fit for the Mall of America. “We thought cameras were good but they were missing an element, which ended up being the human element,” he said.

Looking to Israeli security methods, Reynolds learned about how behavioral profiling is used in the country, especially at Tel Aviv’s Ben Gurion International Airport. He attended training in Israel to better understand how the technique is used and how security officials there have improved it.

“Most people think that behavioral profiling started in Israel but it did not; it actually started in the U.S. through the FBI to do different types of profiling for crimes, such as serial killers, sexual predators, that kind of thing,” Reynolds said. “The Israelis — when they were looking for best practices — found the FBI doing it, and they took it on and honed the skills and perfected the science behind it.”

A former Israeli Airports Authority security agent, Michael Rozin, was brought onto the Mall of America’s security team to help adopt the country’s behavioral profiling principles to the public environment at the U.S. facility. Rozin and Reynolds worked to create the mall’s Risk Assessment and Mitigation (RAM) program, which instead of relying on technology to help identify a potential security risk, uses trained officers who look for behavior that isn’t considered normal in the mall’s setting.

The Mall of America’s security department consists of about 150 people with the lion’s share constituting what most people consider typical security. RAM personnel make up a small percentage of the department’s staff, Reynolds said, but all security personnel are exposed to the program and its concepts. “A handful are given the additional 10 to 12 weeks of training in it,” he said.

The RAM officers work in what Reynolds described as “visually undercover” — they wear plain clothes and ear pieces, but visitors can spot the officers if they’re looking for them.

“We want people to see them. We want them to know they’re out there,” Reynolds said. “If it’s a person with harmful intentions then they think that this thing, I don’t know what it is or how big it is, but it’s there, it’s a factor and this is not the place to commit the crime.”

Although the behavior profiling program was adapted to fit the Mall of America’s environment, it uses the same three components as Ben Gurion airport: detecting suspicious indicators, security interviewing (which Rozin said is the most important) and operational deployment.

Read More

Filed Under: Featured News Tagged With: , , , , ,

Four security trends defined 2012, will impact 2013

December 23, 2012 by

Mobile and Mac malware burbles noxiously, data breaches and data mining will cause more havoc with your privacy, and the Web will continue to suffer the ignominy of poorly-written, Swiss-cheesed code as security experts predict lessons from 2012 go unlearned in 2013.

The Internet is slowly changing, and security experts say that today’s security issues will continue to be major players in driving that change. Here are four trends that dominated headlines in 2012, and will continue to play a major role in 2013.

The Internet as governmental tool

The collective realization by governments around the world that the Internet is an excellent network for conducting surveillance, monitoring, espionage, and war, says Finnish computer security firm F-Secure’s Chief Technical Officer Mikko Hypponen, may not come to full fruition in 2013. But the foundation for that change is already underway.

“There will be more operations along the lines of Olympic Games, also from other sources than US and Israel. Later on, we might look back at these first 20 years of the Web as the Golden Days, when the net was still free,” he wrote in an e-mail to CNET. “Olympic Games” is the covert inter-government project that reportedly birthed Stuxnet, Duqu, and Flame.

Information security expert Chris Wysopal agreed that “cyber-warfare” is becoming commonplace. “When there’s a political or actual war event, we’re seeing cyber-attacks parallel that. It does seem to be more pronounced. It’s almost not newsworthy, as if we expect it to happen alongside a political event.”

Take that in for a moment. Government-sponsored, computer-based attacks, as “almost not newsworthy,” he said.

But just because these attacks are becoming more frequent doesn’t mean that they don’t stymie security researchers. Tomer Teller, a security evangelist and researcher at Check Point, said that he was surprised this year by the rise of “precision-targeted attacks.”

“We saw that with Gauss this year, from the Stuxnet family. It had an encrypted payload, and researchers couldn’t decrypt it,” Teller said.

Tim Rains, the director of Microsoft’s Trustworthy Computing division, pointed out that these governmental actions have consequences beyond the nuclear reactors of Iran and other industrial targets.

“Eighty-five percent of the exploits against operating systems tried to take advantage of one of the vulnerabilities that Stuxnet used. A very small fraction of malware uses “zero-days,” so we’re seeing commodity malware writers benefits from the research of professionals,” he said. “It was a trend in 2012, and we’ll continue to see that in the next year.”

More mobile devices, bigger targets

Experts have been talking up mobile security for several years now, and as mobile device proliferation continues, so will the security problems associated with them. Because the problems are mobile and always-connected in nature, the security challenges will become more complex in 2013, experts told me.

Lookout Mobile Security’s senior product manager, Derek Halliday, noted two interesting trends that his company saw in 2012. Lookout predicted and saw in 2012, “only a few dominant kinds of mobile malware,” he said.

Microsoft’s Rains agreed. “[The Looter exploit] is responsible for the second-most highest number of mobile threats we saw.”

Halliday added, “The other thing was how geographic specific these threats were. We were surprised by the stark contrast between the U.S. and say Russia or China. If you try to run a toll fraud application at scale in the U.S., you’ll encounter some problems — a double-opt in message, government intervention,” he said.

Another point Halliday made was that while Android 4.2 is the most secure yet, with numerous security improvements, operating system fragmentation will prevent it from reaching most people until late 2013.

On the other hand, said Wysopal, the impact of mobile malware is definitely growing. “In 2012, half a percent of all mobile users got hurt by mobile malware in the U.S. That’s a million people, not an insignificant number. It’s a trend that is happening slower than expected, but it’s not going to go away.”

The malware problem is likely to remain isolated from Apple’s iOS, according to Hypponen. “There’s still no iPhone malware. Five years after shipping one of the most popular systems, they have no malware problem at all. That’s a major accomplishment by Apple. Job well done.”

Read More

Filed Under: Featured News Tagged With: , , , , , , , ,

One way to make passwords obsolete — just keep typing

August 18, 2012 by

Remembering a clunky password could become a thing of the past, according to researchers at Iowa State University.

Morris Chang, an associate professor of engineering, and his team are working on keystroke authentication — a way of identifying you by the way you type and how long you pause between keystrokes. Ultimately, such a technique could block unauthorized users based on their typing patterns from gaining access to an account.

Using biometrics to identify and authenticate users isn’t new — think fingerprint recognition or iris scans. But those are one-time verifications. What makes keystroke authentication more secure is the fact that typing patterns are continuously monitored.

Also, there’s an added layer of security.

“You can steal passwords,” says Chang. “But you can’t steal biometrics.”

Read more

Filed Under: Featured News Tagged With: , , , , ,

What it takes to be a private investigator

June 9, 2012 by

TV and movie portrayals of real professions tend to be less than realistic, and the job of private investigator is no exception. But just because you won’t solve every case between 9 and 10 p.m. on Tuesdays doesn’t mean that becoming a private investigator isn’t for you.

What does it take to be a successful private investigator?

“You need to be intelligent, inquisitive and methodical,” says Dr. David Woods, a professor of criminal justice at South University’s Austin campus. Woods, who holds a doctorate in criminal justice and has worked as a police officer and a private investigator, also cites having an open mind, being proficient with technology and learning about people.

A good knowledge of the law is another necessity. Private investigators are regular citizens who must follow the law, but because of their profession they are held to a higher standard of legal knowledge than the public.

Most states require P.I.s to obtain a license, but the requirements vary widely based on where you live. Depending on the jurisdiction, even those with a law enforcement or military background may have to prove they have the necessary knowledge and skills.

Fulfilling the requirements may involve education, training courses, an apprenticeship or all three. In some situations, the education and training requirements can be met with a bachelor’s degree, such as the Bachelor of Science in Criminal Justice offered at several of South University’s campuses.

The work of a private investigator is not for everyone, but it can be an exciting way to earn a living for the right person. Like most careers, it has its plusses and minuses.

Working independently, as most P.I.s do, can mean a constant search for new clients. Other drawbacks include a lack of regular hours, dangerous situations and – much more often than danger – long periods of inactivity during surveillance work.

But Woods says that the fictional portrayals of private investigators are not completely untrue. The main resemblance to TV, he says, lies in the freedom and adventure of the job.

“It can take you anywhere, anytime,” he says. As for the disguises and subterfuge so often a part of TV shows, he says they may or may not be part of an investigation.

“A disguise is often part of surveillance work. But posing as someone you’re not is much rarer – maybe 10 percent of the job,” he says. “A good private investigator is never seen or heard until the investigation is complete.”

Other than the freedom it affords – which many may say is the best part – being a P.I. provides the ability to promote fairness and justice.

Because they see such a large number of cases, law enforcement agencies must limit the resources they can expend on each one. A private investigator, on the other hand, has the ability to focus his or her resources on one client at a time, which can yield better results.

“Many times, you are able to assist people who may have no other recourse available to them,” says Woods. “You can do something important and help someone out.”

Read more

Filed Under: Featured News Tagged With: , , , ,

Scary Study: Murder Is The Top Cause Of ‘Injury Death’ For Women At Work

June 7, 2012 by

When we think about workplace safety, we usually think about dangerous factory equipment or safety goggles. Office workers might worry about the danger of chairs or asbestos. But women with violent partners face another danger: Their partners coming to their workplace and committing violence. A horrifying new study finds that 142 women were killed on the job by their husbands or boyfriends between 2003 and 2008.

Researchers found that partner violence accounted for 22% of all workplace homicides of women in that five-year period. The study was published in the journal Annals of Epidemiology by researchers from National Institute for Occupational Safety and Health and the Injury Control Research Center at West Virginia University.

According to previous research, murder is the top cause of “injury death” for women at work, accounting for 40% of all deaths. Most of those murders take place in the course of robberies at workplaces like restaurants and convenience stories. But the new research found that the second leading type of workplace homicide against women is carried out by “personal relations,” with about 80% of them “intimate partners” — boyfriends or husbands.

What do those numbers mean? More women died on the job because of domestic violence than because of violence by clients (including prisoners and mental patients!) or disgruntled co-workers. Private workplaces including restaurants, hotels, and retail stores were among the most common locations of violence. Federal, state, and local government workplaces were significantly safer. Women who work in health care, production, and office administration were at the highest risk of partner violence.

What do we take away from all this? It’s not that most of us have to be afraid of going to work. But it’s a sad reminder that for women in violent relationships, the workplace isn’t necessarily a safe space.

Read more

Filed Under: Featured News Tagged With: , , , ,

Smartphone Security: Why it Matters

June 6, 2012 by

We are all going mobile. It could be a smartphone, an iPad, or some other handheld device, but we are increasingly living our always-connected lives on-the-go.

Whether we are working, checking our bank account balances, playing a few games, or just surfing the Web, we are becoming more dependent on mobile technology – and consequently more vulnerable. Because wherever our phone or tablet goes, so goes our data and online privacy.

Contacts, credit card information, e-mail – all the sensitive data that we thought was secured on our PCs at home or at work is slowly getting transferred to our mobile devices, except this time there is no security software to keep us safe.

These are some of the more common mobile security threats that we now face:

Malware
Infected apps are probably the number one source of malware on smartphones and tablets. This is particularly true of devices running the open Android platform. In the rush to compete with Apple’s App Store, thousands of early apps were uploaded to the Android Market with very little scrutiny. Consequently, many of them are infected with viruses or contain permissions that can open up our phones to malware and data theft.

Phishing e-mails and texts
Most smartphone e-mail and texting platforms do not have the spam filters that are now standard in PC-based programs, and the spammers and phishers have been quick to take advantage. Bogus and unsafe links often look less threatening and receive far less scrutiny when they are viewed on a smartphone screen rather than on a PC.

Spyware
GPS tracking software and other mobile surveillance programs have now reached a very high level of sophistication. The same “spyware” that allows parents to monitor their kids whereabouts, e-mails and texting habits can be used to stalk or spy on adult users. Many programs can be installed without the owner of the mobile device knowing and can run undetected indefinitely.

While there are common sense moves that we can make to protect ourselves – don’t leave an unlocked phone lying around; don’t click on suspicious links – there is also help at hand via smartphone security tools. Security software can combine anti-theft defenses with virus and spam protection to provide a much-needed level of comfort as we become more invested in the mobile world.

As well as providing real-time virus scanning and advanced firewall protection, mobile security software can block unwanted calls and texts, provide privacy features, and even disable or “clean” a phone of sensitive data if it is lost or stolen.

We’ve spent so much time and effort securing our desktops and laptops, it would be a shame to undo all that hard work by leaving our smartphones unprotected.

Read more

Filed Under: Featured News Tagged With: , , , ,

Arrests made in historic pharma heist

May 8, 2012 by

Arrests were made May 3 in connection with the largest theft of pharmaceutical products in the history of Connecticut, according to law enforcement officials.

A pair of brothers, Amaury and Amed Villa, were arrested in Florida yesterday on charges they stole roughly $80 million in pharmaceutical products from an Eli Lilly warehouse in Enfield, Conn., in March 2010. The subsequent investigation involved the FBI, local Enfield Police Department and Eli Lilly’s global security department. “As a result of their efforts, and our counterparts in Florida and across the country, we believe that a prolific cargo theft ring has been dismantled,” David Fein, the U.S. Attorney for Connecticut, said in a statement.

According to the indictment, the Villa brothers, who are Cuban citizens living in Miami, broke into the Eli Lilly warehouse on the night of March 13, 2010, using equipment purchased at a Home Depot to cut a hole in the warehouse’s roof. They are accused of disabling parts of the ADT security system that protected the facility before using a forklift inside the warehouse to load several boxes of Zyprexa, Prozac and Gemzar into a rented tractor trailer. Amed Villa’s fingerprints were found on a water bottle within the warehouse, according to the indictment.

In Connecticut, Amaury and Amed Villa are each charged with one count of conspiracy to commit theft from an interstate shipment, which carries a maximum term of imprisonment of five years, and four counts of theft from an interstate shipment, each of which carries a maximum term of imprisonment of 10 years.

Following the theft, Bob Reilley, Eli Lilly’s director of global security, reviewed the event and security flaws that led to its initial success. He and his team shared lessons learned about warehouse security, multiple entry threats, visitor controls, alarm response controls, among others, with 25 pharmaceutical companies and others concerned with supply chain security, according to the company.

The company also began lobbying for stiffer penalties for those caught stealing pharmaceutical products. “Right now, there’s no distinction in penalty between the theft of a load tires and the theft of a load of medical products,” Reilley said. Because of the threat to patients’ safety, “the penalty should be much greater” for medical products, he said.

In 2011, Eli Lilly became an early member of the Coalition for Patient Safety and Medicine Integrity, along with six other pharmaceutical companies. Two primary goals of the coalition are to protect patients from risks posed by stolen and inappropriately handled medical products that enter legitimate distribution channels and increase the associated federal criminal penalties for crimes involving stolen medical products.

Congress is considering a bill (S. 1002) introduced by Sen. Charles Schumer (D-NY) and dubbed the SAFE DOSES Act that would increase penalties for medical product thefts.

The pharmaceutical products stolen by the Villa brothers, despite the passage of more than a year and a half, were recovered in October 2011 from a storage facility in Florida as part of the investigation. Eli Lilly said it plans to destroy the products when they are no longer needed as evidence.

Read more

Filed Under: Featured News Tagged With: , , , ,
«Older Posts