Morning Security Brief: Boston Bombings, Defeat of Gun Measure, Android Security, Cyber Trends, and More

By Sherry Harowitz

► UPDATE: The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) announced that federal disaster assistance has been made available to Massachusetts to supplement commonwealth and local response efforts, reports a FEMA release. The Chicago Tribune reports  "Authorities have obtained clear images of the faces of two men with backpacks who they believe were acting suspiciously around the time of the Boston Marathon bombings, a potential breakthrough in the search to find who planted the deadly devices, sources familiar with the investigation said Wednesday."  An article in Wired's Danger Room notes the importance of smoke color in analyzing the bombing

► The Senate voted down a gun amendment that would have extended the requirement for background checks on gun purchases to firearms sales at gun shows and to sales over the Internet, reported The The bill, which would have exempted sales between friends and acquaintances outside of commercial venues, seemed to have been gaining support earlier in the week. “The failure of Manchin-Toomey means the broader bill still includes Democratic language passed by the Judiciary Committee to establish universal background checks. That language failed to attract a single Republican vote during the panel markup and conservative Democrats such as Manchin and Sen. Jon Tester (D-Mont.) have said they cannot support the package without changes to the language on background checks,” The Hill reports.

President Barack Obama held a press conference yesterday in response to the defeat of the Senate amendment, and he spoke in unusually frank terms. He said that the "gun lobby and its allies willfully lied about the bill. They claimed that it would create... a big brother gun registry even though the bill did the opposite; this legislation outlawed any registry."

He further vowed to continue to push for background check legislation. Most significantly perhaps, he said that there were steps his administration could take "Even without Congress.... We are going to address the barriers that prevent states from participating in the existing background checks system. We are going to give law enforcement more information about lost and stolen guns so it can do its job. And we are going to help to put in place emergency plans to protect our children in their schools," he said.

► The American Civil Liberties Union (ACLU) has filed a complaint with the Federal Trade Commission (FTC) “asking the agency to investigate the major wireless carriers for failing to warn their customers about unpatched security flaws in the software running on their [Android] phones,” according to a statement by Chris Soghoian, ACLU principal Technologist. “Google’s Android operating system now has more than 75% of the smartphone market, yet the majority of these devices are running software that is out of date, often with known, exploitable security vulnerabilities that have not been patched,” Soghoian writes. That’s in sharp contrast to what is done by Microsoft on the desktop and by Apple in both its desktop and mobile platforms, Soghoian writes.

► Symantec released its annual Internet Security Threat Report 2013, which reports on the state of cyber threats for the prior year. Here are some highlights from the findings: Targeted attacks were up 42 percent, but attacks directed at CEOs were down 8%. 50% of all targeted attacks were directed toward businesses with fewer than 2,500 employees and 30% of the total was to companies with only 250 or fewer employees. Web-based attacks increased by one-third. Mobile malware “families” rose 58%; mobile vulnerabilities rose 32%, but the report cautions against drawing a connection between the two, noting that whlle Apple’s operating system has themost documented vulnerabilities in 2012, it had only one threat or piece of malware created for it, versus 13 for Android. Most worrying, it said, were zero-day exploits against previously unknown vulnerabilities (though these numbered only 14, and it noted that one group called the Elderwood Gang seemed to have an endless supply of such exploits and simply switches to each new one for its distributed denial of service attacks as the old one is discovered and countered. Email spam is down but e-mail phishing, which had dropped in 2011 increased again in 2012 as did the number of new unique malicious Web domains. Manufacturing was the target of 24% of attacks; 19% were against finance, insurance and real estate; 12% were against government.

► "Researchers at the Georgia Institute of Technology are developing a novel technology that would facilitate close monitoring of [bridges and other such] structures for strain, stress, and early formation of cracks," reports R&D "Their approach uses wireless sensors that are low cost, require no power, can be implemented on tough yet flexible polymer substrates, and can identify structural problems at a very early stage. The only electronic component in the sensor is an inexpensive radio frequency identification (RFID) chip," explains the article. The technology could provide early warning that would help avoid a deadly collapse as occurred in 2007 in the I-35W bridge failure in Minneapolis.



View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.