Recent Security Letter Excerpts

WARNING: WARRANT ACCESS TO NETWORK COULD BE EXPLOITED BY OTHERS.

Tom Cross, X-Force, an IBM security unit, has determined that cooperation with law enforcement in serving a warrant of the computer system can lead to an opportunity that lets hackers perform illegal wiretaps. Cross found this weakness in access equip. made by Cisco. (He focused on Cisco because it was the only system to make intercept access details public. Cross believes similar vulnerabilities exist with other computer platforms.)

Networking and Internet companies have backdoors in their systems to support law enforcement with legitimate Internet wiretap requests. But these avenues also inadvertently make it easier for hackers who game the system to steal information. This was a factor in Google’s decision last month to consider withdrawing from China. The ease to infiltrate Google’s system is too easy. Summing up: organizations should monitor law enforcement carefully in installing wiretaps. Their systems could be compromised.

SEATTLE SECURITY GUARDS FAIL TO INTERVENE IN NEARBY YOUTH ATTACK.   Perhaps millions have already seen the video which has appeared globally in the news. In Seattle, Olympic Security Services personnel, contracted by King County, were in the Westlake station of the Metro Tunnel. Private security supported local law enforcement. A 15-yr.-old girl, and four other s at one point, attacked a girl. They robbed her of an iPod, cell phone, purse, and other items. That wasn’t enough. The 15-yr.-old attacker kicked the still, prone victim. All of this was picked up by surveillance video which was shared globally.

This news event has created a storm of discussion. While the beating was taking place, Olympic Security personnel were just a few feet away. Perhaps the attacker knew that security guards aren’t paid to get involved and felt free to act brazenly as she did. The reaction of Olympic Security’s client, King County Metro Transit, and the Seattle public was not warm toward the guards. Couldn’t they have intervened? They seemed like spectators at a fight, though one was seen on a radio seeking assistance.
What are security guards supposed to do?  The stated tasks of  security officers are to: deter, delay, detect, respond, and report. That doesn’t say anything about trying to arrest a wild 15-yr.-old female robber who is kicking her victim on the sidewalk directly in front of them. The security officers told a reporter that they were intimidated by the girl’s aggressive behavior. They provided aid to the victim after the attackers left and helped police in identifications in the subsequent arrests.

Is this enough? Doesn’t common sense require people to help others? Technically, the Olympic Security guards did what they were trained to do…and nothing more. That’s a pity. Society expects more from trained security personnel than this incident revealed.

SURGE IN TEMPORARY WORKERS REQUIRES ADEQUATE VETTING. RISKS IGNORED. From a trough last July, to the latest data, the use of workplace temps has risen 12%. Could this be one of those soft signs that the Great Recession is over? We don’t know. Perhaps. But it is reasonable to consider the security implications these new workers create.

According to preliminary data from the US Bureau of Labor Statistics, temporary employees grew 200K from 1.7M in July to over 1.9M. At the height of the flush times in late 2007, over 2.6M temps were working. That’s more than a one-quarter shrink from the top. Principle: vetting across the board.

---

Comments RSS You can leave a response, or trackback from your own site.