The Security Week That Was: A Recap - April 21-27, 2007

Breathing a Sigh of Relief

Corporate security leaders at a number of financial institutions were able to breathe a sigh of relief after a man alleged to be "Bishop" bomber was arrested this week in Iowa. The man, a former postal carrier, is suspected of sending a number of threatening letters and almost-working pipe bombs to financial institutions such as Janus and American Century Investments. In the letters, investment companies were threatened with violence if certain funds and notes didn't see a rise in value.

While much of the investigation is still under wraps, the police work sounded like a security pro's dream: database mining to find links and shared stock owners of the targets, profiling of the suspect using a photo of a car that was in a package, and a handwriting analysis that linked the suspect. If anything, the incident was clear evidence of the need for collaboration between various security departments and police, and the need to ensure that security procedures are in place at corporate mailrooms.

What's the point?
IT security products vendor pays hackers to break into computer

3Com's subsidiary Tipping Point was the benefactor behind a $10,000 prize to hackers who would exploit a Macintosh computer. Macs, while not immune to security breaches, have long been largely left alone by hackers because percentage-wise, they're simply not as common as Windows PCs. Nonetheless, at CanSecWest, a security conference for IT types, the challenge was made to break a Mac vulnerabilities open. After having to relax rules when hackers weren't able to do traditional hacks, a hacker finally was able to exploit a vulnerability in the Safari web browser that comes standard with Macs. Despite the success, the news barely made a blip; perhaps because the whole methodology of throwing a $10,000 prize in the mix from a network security products company seemed to smell a bit funny --- it would be like one of the biggest phy-sec security products manufacturers throwing out a few grand to any thief who could break into a chemical plant while everyone was at an ASIS conference. I wrote a bit about this on my blog.

Converging emergency notification
UNL puts emergency notification over IT assets

People talk a lot about convergence these days, and it was interesting speaking with ADT North America President John Koch and ADT's director of commercial strategic products this week while in Florida. Those two gentlemen theorized that convergence would happen in one of two ways: either with physical security systems being pushed onto business networks, or secondly, with an overall alignment of IT and physical security management.

Mark this news as one for the former approach. The University of Nebraska at Lincoln announced this week that it would be deploying a campus emergency notification system that would leverage the university IT assets. The system will allow the university administrators to automate a warning that would flash up on screens of all university computers in the event of a looming natural disaster like a tornado, or, God forbid, in the event of a mass shooting like what happened at Virginia Tech.

In other news
Grillo departs ASSA ABLOY, ADT earns Cisco status, more

Joe Grillo, a fixture for HID and ASSA ABLOY who actually helped created HID in the early 1990s and who was instrumental in making HID part of ASSA ABLOY in the year 2000, is leaving the company to pursue other challenges. … ADT Security Services – the arm of ADT chiefly focused on commercial integration projects – was awarded the status of Authorized Technology Provider in physical security from Cisco. … Saudi Arabia made arrests in a huge terror plot that would have involved armed militants and plane-based attacks on oil fields in that country. … Airport screening makes changes as Delta allows musical instruments as carry-ons, and the Jacksonville airport will automate screening of checked golf club bags.

Upcoming Web-Based Educational Seminars
Delivering smart card programs on May 10, HSPD-12 on May 24

On May 10, we'll be hosting a program titled "Converging Smart Card Programs". We'll have vendor experts, as well as security/information leaders from some top companies (including PriceWaterhouse Coopers) which were able to use a smart as much more than a smart card. From access control to cafeterias, these folks did it all. Sign up for that webinar here; attendance is free thanks to sponsor support from Legic.

On May 24, we'll have the second in our FIPS 201/HSPD-12 webinar series. We'll review what's happening in enrollment, integration, physical access and biometrics, and also turn to such issues as what agencies and federal departments should be doing before the Oct. 1 deadline. We've just made our registration page for that webinar live; attendance, once again, is free thanks to sponsor support from Diebold, Lenel, Gemalto and Sagem Morpho.

Finally, a look at our most popular stories of the week: