Doug Bedell — December 2, 2016, 1:30 pm

‘Fake News’ a Web Security Threat

You may have heard that the term “fake news” is building as a security concern. And so it is, but what’s “fake news” all about? Here’s a Security InfoWatch take on the subject, timely and helpful.

“Fake news” is a creation of cyber meanies, who are at home on the Internet. It didn’t just appear in the 2016 election cycle. “Think back to April 23, 2013, when a tweet, apparently posted by the Associated Press, reported that there had been an explosion in the White House and that President Obama had been injured.

“It only took two minutes to debunk the message, but during those two minutes the stock markets lost over $125 billion of value.” There was likely a small group of traders who were in on the mischief. Did they profit from it? You bet.

“Fake news is predictable,” the Infowatch post continues. “It is almost always initially delivered by Twitter or Facebook. It may or may not contain a link to a URL. Fake news is specific – its goal is to fan the flames of discord or to solidify public opinion within a small constituency. Fake news is usually designed to divide opinion, between those that want to believe it, and those that can’t possibly believe it.”

This doesn’t discredit social media channels that provide useful information to increasingly wary followers. But it indeed calls for a “heads up” on the Web.

Doug Bedell — November 28, 2016, 6:10 pm

Resting Easier About Computer Security, Still…

Reading about instances of cyber attacks, you can get the impression that the bad guys are gaining on the good guys when it comes to the security of corporate computer systems. Not so, says Richard Bejtlich, on his blog, TaoSecurity, The Way of Digital Security.

Bejtlich argues that 1) Solution providers “share enormous amounts of information on the security landscape, 2) Government agencies, such as the FBI, share as well. “Federal agents notified more than 3,000 U.S. companies [in 2013] that their computer systems had been hacked,” Bejtlich advises, (3) Books, articles and social media share – “The amount of readable material on security is astounding,” as contrasted with the late 1980s and 1990s when “hardly any books or articles were available. Now, thousands of resources exist…,” (4) Security conferences share, and (5) Private groups and limited information exchange groups share.

“If you disagree with this analysis, and continue to lament that bad guys share more than the good guys,” Bejtlich asks, “what evidence can you provide?” His challenge is reassuring, but we’d be sure to have good anti-tampering software installed anyway.

Doug Bedell — November 21, 2016, 10:43 pm

Internet Banking Calls for Security Savvy

Online banking can be a great convenience but, Safe & Savvy notes, it’s a digital security risk as well.

Safe & Savvy quotes F-Secure Security Advisor Sean Sullivan: “Online banking basically puts a bank machine on the internet. But the World Wide Web, Wi-Fi networks, and devices don’t offer people the level of security they expect from banks. Banks aren’t ignoring these risks, but basic man-in-the-middle attacks are more than enough to compromise the security of an online banking session.

“Man-in-the-middle, or MITM attacks, “are when an attacker is able to place themselves in between two parties exchanging information, allowing attackers to monitor or even change the information being communicated. So when you’re doing banking over the internet, you’re sending/receiving information like passwords, financial details, and other data that MITM hackers can steal and use to break into your bank account.”

Sullivan provides tips on securing Internet banking services in his Safe & Savvy post.

Doug Bedell — November 18, 2016, 4:02 pm

DHS Offers Help on Infrastructure Security

Looking to insure that your commercial buildings and grounds are safe? Beyond appropriate vehicle barriers, you can seek a means of insuring that’s so from the Department of Homeland Security. DHS has an Office of Infrastructure Protection to help critical infrastructure owners and operators “understand and address risks to critical infrastructure.

“IP provides information on emerging threats and hazards so that appropriate actions can be taken. The office also offers tools and training to partners to help them manage the risks to their assets, systems, and networks.”

Think you may be a vulnerable setting if anybody wants to target you? This DHS office may well be able to provide you with reassuring assistance.

Doug Bedell — November 16, 2016, 3:50 pm

App Aims to Reduce Security Wait Times at Airports

A new feature has been added to the flightSpeak app to help reduce stress on holiday travelers at airports, Government Security News advises. Called CheckPoint, it’s “designed to help passengers better anticipate security line delays so they can enjoy a more efficient, less stressful airport travel experience.”

The Transportation Security Administration (TSA) has been working to reduce security wait times. “However,” GSN notes, “domestic and international air travel has surged by more than five percent this year. flightSpeak aims to assist passengers by providing advance notice so they can arrive at the airport with enough time to clear potentially lengthy security lines.”

Doug Bedell — November 15, 2016, 10:28 am

Security Officers Hard-Pressed by Technology Changes

The heat keeps turning up on chief security officers and information security officers, the Security blog notes. Five common “complexity drivers” range from “regulations and internal rules” to the “ever increasing number of threats, particularly sophisticated threats.”

“In the 25+ years I have been involved in technology,” says Security writer Kevin Coleman, “I have never seen so many emerging technologies coming into play at the same time.”

Doug Bedell — November 8, 2016, 12:44 pm

Security at Convention Centers

Who doesn’t need to be concerned about security? Certainly not convention centers executives, Don Erickson, CEO of the Security Industry Association, explains.

Indeed, convention centers are considered to be “soft targets,” Erickson notes. The good news is that event operations teams “dedicate an incredible amount of resources to ensure that exhibitors, staff, attendees and the public have peace of mind from such (terrorist) threats when attending major industry events.

“The security strategies implemented at convention centers,” Erickson continues, “commonly include coordination with local law enforcement, attendee screening, employee training, security technology and additional security staff.”

That’s good for attendees to be mindful of they’re intently scouring a convention center for ideas and insights applicable to their own industries.

Doug Bedell — October 31, 2016, 3:40 pm

Norfolk Southern Provides a ‘Safety Train’ on Its Rails

Credit the Norfolk Southern railroad for coming up with a training program to protect the security of the communities its trains pass through. When trains carrying hazardous materials derail, it’s vital for local first responders to know how to respond effectively.

Thus, Norfolk Southern’s “safety train” has been traveling its routes to introduce first responders and local government representatives on how to counter such an emergency.

“‘The safety train is a mobile technical training center – a vocational school – for the continuing education of first responders and representatives of government agencies who support Norfolk Southern’s commitment to incident-free handling of hazardous materials,’ said David Schoendorfer, Norfolk Southern’s system manager hazardous materials. “It’s a whistle-stop train that helps keep our communities safe.'”

Doug Bedell — October 28, 2016, 1:35 pm

DHS Connects With Its Industry Partners

Continuing its outreach to security industry partners, the Department of Homeland Security (DHS) held a Strategic Industry Conversation event earlier this month “to discuss program topics that span multiple DHS Offices and Components and impact the DHS Unity of Effort initiative.”

Soraya Correa, DHS Chief Procurement Officer, blogs about the the DHS/industry partnership on the department’s website.

“Nine breakout sessions, led by industry leaders and Department employees,” Ms. Correa notes, “encouraged participants to discuss various topics across the homeland security enterprise, from research and development to cybersecurity acquisitions. Vendors interested in specific mission areas (e.g., aviation security) were able to hear from, and speak with, DHS and industry leaders who are actively engaged in those mission areas.”

DHS notes that information on doing business with the Department can be found at

Doug Bedell — October 26, 2016, 10:15 pm

‘A Thorny Problem:’ ISIS Using Drones

Something else to be concerned about in defending a security perimeter: off-the-shelf drones. As in, for example, ISIS using drones in Iraq rigged to drop small explosive charges in its defense of Mosul. They’re also using drones as artillery spotters, DefenseTech reports.

“It’s a pretty thorny problem” and “we expect to see more of this” as the advance on Mosul continues, said U.S. Army Lt. Gen. Stephen Townsend, commander of Combined Joint Task Force-Operation Inherent Resolve. Defense Tech adds that “Townsend also referred to the incident earlier this month in which ISIS used a model airplane as what he called a ‘Trojan horse’ against Kurdish Peshmerga fighters in northern Iraq.”

It’s not that warfare is becoming like the toy aisle in a department store, but there are continually new security threats to defend against, and drones clearly are one of them.