U.S. Calls for Global Cybersecurity Strategy

WASHINGTON — The Obama administration on Monday proposed creating international computer security standards with penalties for countries and organizations that fell short.

While administration officials did not single out any countries in announcing the strategy, several officials said privately that the hope was that the initiative would prod China and Russia into allowing more Internet freedom, cracking down on intellectual property theft and enacting stricter laws to protect computer users’ privacy.

“The effort to build trust in the cyberspace realm is one which should be pushed in capitals around the world,” said Commerce Secretary Gary Locke, who will soon be taking over as President Obama’s ambassador to China.

The strategy calls for officials from the State Department, the Pentagon, the Justice Department, the Commerce Department and the Department of Homeland Security to work with their counterparts around the world to come up with standards aimed at preventing theft of private information and ensuring Internet freedom. A fact sheet released by the White House also promised that the United States would respond to attempted hacking “as we would to any other threat to our country.”

Attorney General Eric H. Holder Jr. called it a “historic strategy,” adding that “the 21st-century threats that we now face to both our national and international security really have no borders.”

Last week the administration released the domestic component of its new computer security strategy, increasing and clarifying the penalties for computer crimes, and giving the domestic security agency a clear mandate for the protection of the government’s own networks. That effort was intended to reverse a growing perception that penalties for attacks on government, corporate and personal computers had been relatively small.

In addition to giving the Homeland Security Department new authority over federal computer systems, the legislation calls for the agency to work with energy companies, water suppliers and financial institutions to rank the most serious threats and find ways to counter them. The law would also require each business to have an independent commercial auditor assess its plans and, in the case of financial firms, report those plans to the Security and Exchange Commission.

Source:- http://www.nytimes.com/2011/05/17/us/politics/17cyber.html?_r=1#h[]

Read More

Microsoft, Facebook, Govt Legislation Led Security

Lawmakers in Washington, D.C. introduced more cyber-security and online privacy bills in Congress last week. Sen. John D. Rockefeller introduced the long anticipated “Do Not Track” bill that would require all companies to honor users’ tracking preferences. Companies that violate rules set by the Federal Trade Commission would face civil penalties and lawsuits from the FTC and state attorneys general. Rockefeller also included provisions to cover users surfing online using mobile phones and wireless carriers.

A bipartisan group of 11 senators, led by Sen. Patrick Leahy, introduced PROTECT IP, a revamped version of last year’s COICA, to combat piracy online. PROTECT IP would authorize the Justice Department to obtain injunctions against Internet service providers to turn off DNS, or Domain Name System, services to sites selling or distributing counterfeit goods. The government would also be empowered to force other companies, such as search engines, ad networks and online payment processors to stop supporting the “infringing site.”

The White House also released its ambitious cyber-security plans to Congress, outlining its plans for protecting critical infrastructure from cyber-attack and requesting a federal data breach notification law. Under the plan, the Department of Homeland Security would work with individual businesses and states to protect electric grids, financial systems and transportation networks. The Obama administration gave individual organizations control over how to protect their networks, but required that those plans be shared with DHS. If they weren’t comprehensive enough, the DHS would work with the organizations to improve them under the plan.

Facebook users were told to change their passwords, again, especially if they used a lot of apps on the social networking site. Symantec researchers discovered that app developers who were using Facebook’s older authentication system instead of the newer OAUTH 2.0 system were inadvertently passing along user token access codes to third parties, such as advertisers and analytics companies. The tokens acted as a “spare key” to user profiles, giving others access to user data such as photographs and the ability to post messages on the user Wall.

Facebook also rolled out several security measures designed to improve security, such as two-factor authentication for login, CAPTCHA on links that may be spam, and an online surfing tool that uses community rankings to determine whether links are safe or not.

Microsoft announced it will be acquiring voice-over-IP provider Skype on the same day it released its small Patch Tuesday update for May. Patch Tuesday addressed two vulnerabilities in Windows Server and PowerPoint. Just before the announcement, Skype patched a flaw of its own in the Mac client that would have allowed attackers to create and spread a worm via the user’s contact list. While the Microsoft-Skype combination would have the most impact on video conferencing and mobile, security experts cautioned vendors and developers to be vigilant about any changes to Skype that would require modifying their own products.

Microsoft also released volume 10 of its Security Intelligence Report, which found that phishing attacks on social networking platforms skyrocketed in the second half of 2010. Websense reported cyber-attackers were moving their botnet operations to countries with a better “cyber-reputation,” such as Canada.

Source:- http://www.eweek.com/c/a/Security/Microsoft-Facebook-Govt-Legislation-Led-Security-News-465385/

Read More

RBI Advises Banks To Set Up Whistle Blowing System

Concerned over rising incidents of cyber crime, the Reserve Bank of India has suggested banks to put in place a strong whistle blowing system as well as reward employees who help prevent frauds.

"Appropriate mechanisms need to be established in banks...including transaction monitoring teams in banks and to investigate them (disputes or suspicions raised by stakeholders) thoroughly. Banks should have a well publicised whistle blowing mechanism," RBI said.

This suggestion is part of the central bank's guidelines on information security, electronic banking, technology risk management and cyber frauds.

RBI further said that employee awareness is crucial to fraud prevention.

"A positive way of creating employee awareness is to reward employees who have gone beyond their call of duty, and prevented frauds. Awards may be given to employees who have done exemplary work in preventing frauds," the RBI said.

With the advances in information technology, most banks in India have migrated to core banking platforms and have moved transactions to payment cards (debit and credit cards) and to electronic channels like ATMs, internet banking and mobile banking.

Fraudsters have also followed customers into this space. "However, the response of most of the banks to frauds in these areas needs further improvement, thereby avoiding putting the entire onus on the customer," the RBI said.

It said most retail cyber and electronic banking frauds would be less than Rs 1 crore.

A need is therefore felt to have an industry-wide framework on fraud governance, with particular emphasis on tackling electronic channel based frauds, it said.

RBI had appointed a Working Group headed by RBI Executive Director G Gopalakrishna on various issues arising out of the use of information technology in banks.

The apex bank examined various issues and made its recommendations in nine broad areas, including IT Governance, Information Security and Cyber Fraud.

In the guidelines, RBI said banks need to ensure implementation of basic organisational framework and put in place policies and procedures which do not require extensive budgetary support, infrastructural or technology changes, by October 31, 2011.

Source:- http://economictimes.indiatimes.com

Read More

Violent Teens Top Threat Here

While fighting terrorism is the FBI's top priority for the nation, battling street warfare is its most pressing worry in Greater Springfield, according to the agency's regional chief.

Richard DesLauriers, the FBI supervisor out of Boston, said during a recent interview that counterterrorism, counterintelligence and cyber crime top the list of national threats, but teens with guns are this city's most persistent menaces, prompting the agency to increase resources to combat that in Western Massachusetts.

"We're acutely aware the most significant problem here is violent, street-based and neighborhood gangs," said DesLauriers, a Longmeadow native and Cathedral High School graduate, and the FBI supervisor in charge of Massachusetts, Rhode Island, New Hampshire and Maine.

DesLauriers met with the editorial board at The Republican along with Springfield FBI supervisor Mark Karangekis on Tuesday, four days before the outbreak of violence in Mason Square that left one man dead and another wounded. A suspect in the shootings was wounded by police after they said he shot a city patrolman and state trooper. Both officers were wearing protective vests and were not seriously injuried.

The suspect, Tamik Kirkland, had escaped from a medium security facility in Shirley and returned to his hometown where police said he was a member of the so-called Maynard Street posse. Police said he shot two men on State Street, one fatally, before opening fire on pursuing police at Burr and Cambridge streets.

The death is the seventh in the city, following the March 12 shooting of 16-year-old Kevin Gomez, killed outside a birthday party on lower Belmont Avenue. Charged was 17-year-old Gregory Falero, who has pleaded innocent.

There also have been a series of nonfatal shootings in the city recently. Law enforcement officials say drug and turf wars typically spur the bloodshed.

Karangekis said an FBI-led regional gang task force, which includes members from local police departments, the state police, the Hampden County Sheriff's Department and the U.S. Drug Enforcement Administration, turns its sights daily on the area's most gang-plagued neighborhoods to identify and prosecute "impact players."

Karangekis said so-called "street posses" can be more dangerous than national gangs, including La Familia and the California-based Bloods, precisely because they are less organized and more volatile than their more structured counterparts.

"They morph," Karangekis said, meaning there is always a queue of young recruits to replace any one member taken off the streets by law enforcement or violence and their affiliations are fluid. "You might be part of a street posse one day and a Blood the next. Kids emulate national street gangs."

DesLauriers also said Springfield is a crossroads for drug activity to its north, south, east and even west; law enforcement officials have identified a growing gang problem in Pittsfield and Lee, he said.

High on the list of national crime-fighting priorities are public corruption; civil rights violations such as hate crimes; national and trans-national crimes (an ethnically broader umbrella for traditional organized crime), and significant white-collar crimes such as mortgage and securities fraud.

Prior to arriving as the Boston supervisor, DesLauriers was formerly the deputy assistant director of counterintelligence in Washington D.C., the head of the FBI's counterintelligence unit in New York City from 2006 and 2007, and an assistant supervisor in the Boston FBI office before that.

He said the agency has changed from solely a crime-fighting entity to an "intelligence-driven, threat-focused" national security agency since Sept. 11, 2001.

"Decades ago, we would react to a crime ... (make an arrest), go to trial or someone would plead guilty and the bad guy would go to jail. We can't afford to be reactive anymore," DesLauriers said.

Read More

Microsoft Corporation (NASDAQ:MSFT) Tries To Define Cybercrime

A recent Microsoft Corporation (NASDAQ:MSFT) report has said that cybercrimes are falling into two distinct camps.

Microsoft Corporation (NASDAQ:MSFT) Tries To Define Cybercrime

Microsoft Corp 25.03 -0.29 (-1.15%) Intraday 3 Month 6 Month 1 Year

According to the latest security report released by the software giant, cybercrime groups can be classified within two groups; ones that have been targeting people using rare exploits or using social engineering, and those that use other attack techniques.

Jerry Bryant, group manager of response communications for Microsoft Corporation (NASDAQ:MSFT)’s Trustworthy Computing Group, said that, “We’re seeing a polarization of criminal behavior: There’s the highly sophisticated, skilled [criminals] who create exploits and go after high-value targets using zero-day attacks, special intelligence, and customized social engineering”.

Microsoft Corp. (NASDAQ:MSFT) shares were at 25.32 at the end of the last day’s trading. There’s been a -9.3% change in the stock price over the past 3 months.

Microsoft Corp. (NASDAQ:MSFT) Analyst Advice
Consensus Opinion: Moderate Buy
Mean recommendation: 1.78
(1=Strong Buy, 5=Strong Sell)
3 Months Ago: 1.75
Zack’s Rank: 19 out of 89 in the industry

Source : StocksandShares

Read More