Discount Offers

Personal Self Defence Spray UK's No1 Spray Legal Pepper Spray Clone UK Sale Only

£22.99
End Date: Sunday Mar-18-2018 9:46:38 GMT
Buy It Now for only: £22.99
Buy It Now | Add to watch list

SIA Licensed Security Tie Pin Badge K4S® Exclusive Design

£5.75
End Date: Sunday Mar-11-2018 19:04:15 GMT
Buy It Now for only: £5.75
Buy It Now | Add to watch list

Bomber Jacket Black Bouncer Security Door Supervisor

£35.99
End Date: Tuesday Mar-20-2018 16:26:22 GMT
Buy It Now for only: £35.99
Buy It Now | Add to watch list

Combat Trousers Security Bouncer Police Security Door Supervisor

£19.19
End Date: Tuesday Mar-20-2018 16:47:09 GMT
Buy It Now for only: £19.19
Buy It Now | Add to watch list
0024505
Visit Today : 1
Visit Yesterday : 1
This Month : 20
This Year : 51
Total Visit : 24505
Hits Today : 240
Total Hits : 4420677
Who's Online : 1

kit

South Shields armed robbery RECAP: Cash stolen from security guard at knifepoint outside Barclays bank on King Street

What we know so far

What happened? The robber approached the security guard brandishing a knife and threatening him.
He managed to snatch the cash box being carried by the G4S courier and fled the scene on foot.

Was the security guard hurt? Northumbria Police said that the security guard wasn t injured but was left shaken by the incident.
When did the robbery take place?

Police say they were called to King Street at 11.45am, following reports of a security guard being robbed. Is there a description of the suspect?
Yes, police released a brief description of the culpit.

The man is described as 6ft tall, of slight build . At the time of the robbery, he was wearing a blue bobble hat. The man is believed to have been with a second male.

What are police saying? A Northumbria Police spokeswoman said:
Enquiries are ongoing and officers remain in the area to carry out searches and to reassure members of the local community.

Anyone who saw anything is asked to get in touch with police on 101 quoting log 322 13/02/18 or call Crimestoppers on 0800 555 111.

South Shields armed robbery LIVE: Cash stolen from security guard at knifepoint outside Barclays bank on King Street

What we know so far

What happened? The robber approached the security guard brandishing a knife and threatening him.
He managed to snatch the cash box being carried by the G4S courier and fled the scene on foot.

Was the security guard hurt? Northumbria Police said that the security guard wasn t injured but was left shaken by the incident.
When did the robbery take place?

Police say they were called to King Street at 11.45am, following reports of a security guard being robbed. Is there a description of the suspect?
Yes, police released a brief description of the culpit.

The man is described as 6ft tall, of slight build . At the time of the robbery, he was wearing a blue bobble hat. The man is believed to have been with a second male.

What are police saying? A Northumbria Police spokeswoman said:
Enquiries are ongoing and officers remain in the area to carry out searches and to reassure members of the local community.

Anyone who saw anything is asked to get in touch with police on 101 quoting log 322 13/02/18 or call Crimestoppers on 0800 555 111.

PSA: If your security starts and ends with bug bounties, you’re gonna …

Analysis Remember when Uber tried to cover up1 the fact its AWS datastore containing records on 57 million riders and drivers had been hacked ? And that it bunged the hackers $100,000 to shut them up, and then disguised the expense as a bug bounty payout?

Who could forget ? Certainly not shocked US lawmakers, who held a hearing in Washington, DC on Tuesday to consider whether anything has been learned from the sorry affair, and how legislation may help prevent future computer security cockups. Given that Congress has all but forgotten2 about Equifax3 fumbling sensitive data on 143 million Americans, and millions of others around the world, you may be forgiven for thinking politicians don’t actually care. Well, the Senate’s subcommittee4 on consumer protection, product safety, insurance, and data security at least went through the motions this week by inviting5 experts to testify, and an Uber executive to be contrite, on matters of hacking and whatnot.

It was suggested the proposed Data Security and Breach Notification Act6 could be effective in cracking down on corporations that are careless with people’s personal files. Introduced last November, the bill would “impose criminal penalties on corporate officials that willfully disguise breaches from the public,” according to Senator Bill Nelson (D-FL), cosponsor of the legislation and a hearing participant. For a sense of how many executives may be expected to go to jail over data breach deception if the bill becomes law, consider how many bank leaders responsible for the 2007-2008 financial crisis have been imprisoned: one7.

In prepared remarks at a hearing titled, “Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers,” subcommittee chairman Senator Jerry Moran (R-KS) said his goal was to learn why Uber had not immediately notified people about its 2016 breach and to have a discussion about how vulnerability disclosure programs can improve cybersecurity.

Ignominy

Uber chief information security officer John Flynn, in prepared remarks, reiterated previous statements from the ride hailing biz’s post-Kalanick leadership that “it was wrong not to disclose the breach earlier.”

He told senators that Uber has learned something from the public ignominy and lawsuits the company has endured as a result of being hacked.

“We recognize that the bug bounty program is not an appropriate vehicle for dealing with intruders who seek to extort funds from the company,” he said. Flynn said Uber had quit using GitHub8 to store its proprietary code . The hacker who penetrated Uber’s defenses found credentials for the company’s AWS data store in a private GitHub repository, he explained, without detailing how the private repo was compromised.

He also said the transit-app biz has expanded its use of multi-factor authentication for AWS, implemented IP address whitelisting, refined its identity & access management permissions and authentication mechanisms, and implemented credential auto-expiration.

Extortion

Flynn and other hearing participants expressed support for bug bounty programs as a way to improve online security, though some feel legitimate vulnerability disclosure isn’t always easy to separate from extortion. While supportive of bug bounty programs in general, Justin Brookman, director of privacy and technology policy at Consumers Union, a consumer advocacy group, said that state data breach notification laws, which first came into being in 2002, need to be reconciled with vulnerability disclosure programs to avoid alarming people unnecessarily about security flaws. Clearly, it would not be useful to mandate customer notifications every time a bug gets found, lest people start treating the messages like all the other app-oriented notifications they ignore.

Brookman also observed that there’s nothing inherently wrong with lobbying for a better bounty, even as he allowed that, “At some point, a request for more money may convey an implicit or explicit threat to sell the exploit or compromised data elsewhere if the demands are not met.”

He concluded that Congress needs to pass laws that provide companies with better incentives for investing in security. Marten Mickos, CEO of HackerOne, a platform for vulnerability disclosure and bug bounty programs, came out in favor of rewarding hackers for security research to no one’s surprise.

“Hackers are truly the immune system of the internet,” he said, citing numerous successful bug bounty hunting initiatives in government . He advocated for reform of the Computer Fraud and Abuse Act to remove penalties for actions that don’t harm people. He also called for the harmonization of state data breach notification laws and encouraged companies to develop better channels for reporting bugs.

PSA: If Your Security Starts And Ends With Bug Bounties, You're Gonna ...

Bug bounty boffin .. . Katie Moussouris

Katie Moussouris, founder and CEO of Luta Security and the person who convinced Microsoft to abandon9 its long-standing antipathy towards bug bounties, told legislators to look beyond bounty programs, noting that rewards create more bug hunters but don’t necessarily lead to more bug fixes. She recommended that legislative priorities should include support for better security education in all grade levels, and particularly for anyone involved in computer science programs . People have to learn secure coding and practices from the get-go, in other words.

In a phone interview with The Register, Moussouris said, “Everyone has gotten so enamored of bug bounties that they maybe have forgotten other investments in security that they should do first or alongside bounty programs.”

Bug bounty programs, she said, have been over-marketed as a solution to finding bugs. “They’re not a cost effective replacement for penetration testing,” she said. Moussouris said the hearing accomplished its goal, examining the use of bug bounties with regard to Uber’s payout . Flynn acknowledged Uber had made a mistake and didn’t make any excuses, she explained. “That’s what the public and Congress needed to hear,” she said. “What Congress needed to show was eventually you will be held accountable.”

The extent of that accountability depends on the letter of the law, and there Moussouris said legislators should proceed with care . Noting that Sen . Moran is working on a bill to harmonize the various different state breach notification laws, she said she advised him that any federal law should not aim to be a common denominator by adopting the weakest of state requirements.

She also said over-regulation would be equally problematic because it could encourage companies to remain willfully ignorant of being hacked to avoid liability.

“These are not easy problems to solve,” she said.

References

  1. ^ tried to cover up (www.theregister.co.uk)
  2. ^ all but forgotten (www.politico.com)
  3. ^ Equifax (www.theregister.co.uk)
  4. ^ subcommittee (www.commerce.senate.gov)
  5. ^ inviting (www.commerce.senate.gov)
  6. ^ Data Security and Breach Notification Act (www.congress.gov)
  7. ^ one (www.nytimes.com)
  8. ^ quit using GitHub (www.theregister.co.uk)
  9. ^ to abandon (www.theregister.co.uk)