Morning Security Brief: Theft Databases, Credential Authentication, Mobile Device Security, and South Korean Cybersecurity
By Ann Longmore-Etheridge
Retailers have created databases of alleged employee thieves. The U.S. Transportation Security Department is seeking credential authentication technology. Mobile Device security at the U.S. Military Academy and the Army Corps' Engineer Research and Development Center is lax. South Korea is creating a new cybersecurity and attack deterrence department.
►In its fight to stop employee theft, retailers have helped "amass vast databases of workers accused of stealing and are using that information to keep employees from working again in the industry," says the New York Times. "The repositories of information...often contain scant details about suspected thefts and routinely do not involve criminal charges. Still, the information can be enough to scuttle a job candidate’s chances," the Times states. "The databases, which are legal, are facing scrutiny from labor lawyers and federal regulators, who worry they are so sweeping that innocent employees can be harmed. The lawyers say workers are often coerced into confessing, sometimes when they have done nothing wrong, without understanding that they will be branded as thieves."
►The U.S. Transportation Security Administration (TSA) is preparing to purchase credential authentication technology next year, such as that which can verify air travelers' driver's licenses and boarding passes before they are allowed to proceed beyond the security checkpoint to board an aircraft. The TSA's Request for Information asked that companies submit white papers on the technology they could provide by mid-April.
►ComputerworldUK reports that mobile devices used by the U.S. Army Corps of Engineers' Engineer Research and Development Center and by the U.S. Military Academy have lax security. Problems include no training or user agreements, no applications to protect the data on the devices, no way to wipe data from lost or stolen devices, and more.
►The defense ministry of South Korea has announced that will create a new department to oversee cyber deterrence policies, structure information protection, and prepare against emerging threats. According to Techzone360, "The new cyber team is expected to be in place in the first half of 2013. Its goal will be to develop defensive cyber warfare methods and recruit more forces to carry out cyber space operations.... South Korea has been the target of a number of serious, concentrated cyber attacks in recent years. In 2009, the nation was the victim of mass DDoS (Distributed Denial of Service) attacks that disrupted business and communications in the country. Other large-scale DDoS attacks occurred in 2010, 2011, and 2012, and the most recent attack, which occurred last month, has reportedly damaged thousands of critical computers and even ATM machines."