Tuesday, June 24, 2014

Knowledge, preparation play crucial roles

What does it say about the world today that in between the lessons on algebra, English and geography we have to teach students about the cold reality of life and death?
Perhaps it speaks to societal changes — although we won’t say it is indicative of an increasingly violent time in history. More than anything, it says that preparing for something with the hope it never occurs is better than not having a course of action.
School-involved attacks are unfortunately not new — the first one recognized in the U.S., the Enoch Brown school massacre in 1764, resulted in the death of nine schoolchildren and their teacher at the hands of American Indian warriors. They are not isolated to the United States, either. The Bremen school shooting in Germany in 1913 left five dead — and is one of 22 in Europe since that time. Sixteen school shootings have taken place in Canada, three in Mexico, two in South Africa and 12 in Asia.
Many of the attacks at schools and universities over the years have been thwarted without any loss of life or have involved singular targets.
The number of shooting incidents is on the decline —according to the National School Safety Council, there were 12 school-property shooting deaths each year on average from 2009 to 2014, compared to 27 a year on average from 1992 to 1997. What is on a dangerous trajectory upward is the number of people killed in confrontations lately.
Although the largest loss of life in a school attack came in 1927 in Bath Township, Michigan, when a man killed his wife and then bombed the school, the attacks since 1999 are growing deadlier. Fifteen died in the shooting in Littleton, Colorado, in 1999; 27 died in the 2012 shooting at Sandy Hook Elementary School in Connecticut; 33 died in the Virginia Tech massacre in 2007.
The problem is serious — made worse in some regards by the exaggeration of facts and the 24/7 coverage by national news media — but it’s important to remember that schools remain some of the safest environments for children and young adults.
What makes the difference if and when an attack occurs is advance preparation and clear communication.
That’s where a series of bills signed into law comes in.
In addition to making some money available for school and university safety improvements, the law will allow teachers and administrators to provide first responders and law enforcement personnel with updates to emergency and crisis plans through electronic devices.
Most important is that the laws recognize the importance of conduct annual school-shooting drills and reviews of security preparations.
The drills have been required for about a year for public schools, but now is extended to require the practice among the 1,800 private schools and the 300,000 students who attend them in the state.
“Parents need to have confidence that their children will be safe throughout the school day and kids should be able to focus solely on their studies,” state schools Superintendent Christopher A. Koch said.
Laws that focus on ensuring preparation rather than giving into fear are an important part of keeping classrooms as safe as possible.

Fight and flight: the new approach to school shooters

Mountain View Whisman district adopting several options if there is gunfire on campus

by Kevin Forestieri / Mountain View Voice

After the school shooting at Sandy Hook, as many as 74 school shooting incidents have occurred in the United States, most recently in Seattle and Oregon. With the spike in shootings, local school districts are looking at new ways to prepare and react if there is an active shooter on campus.

A few weeks ago, Mountain View Whisman School District board members unanimously approved a newly revised emergency response policy if there is an active shooter on campus. According to Kathi Lilga, executive assistant to the superintendent, the new response goes well beyond the traditional "lockdown" strategy, and suggests teachers and students find ways to flee the campus or, at worst, defend themselves against an attacker.

In a presentation to the board titled "Run Hide Defend," Lilga explained that based on recent school shootings, students taking shelter in a lockdown had a lower rate of survival than people who assessed the situation and decided between evacuation, lockdown and defensive measures.

Lilga said the Sandy Hook shooting was a prime example: the students did everything "right" in a lockdown-only response and it was one of the deadliest shootings in U.S. history, with 20 students and 6 staff members slain.

So what should teachers and students do instead? In the revised plan is a simple flow chart. The first option is to attempt a safe evacuation. If the shooter is far away or the sound of gunshots is distant, students and staff are advised to lead students away to a nearby, safe location. This could be someone's backyard or a nearby building. Fleeing the campus means running as fast as possible from the shooter, according to a presentation by the Santa Clara County Police Chiefs Association.

If students cannot safely flee the campus, the well-known lockdown strategy is still in effect. This includes locking and barricading doors, lights turned off and students sheltered behind a secondary barricade. Lilga said the police chiefs' presentation also suggested students wedge textbooks behind their heads if they're leaning against walls to further protect themselves.

If the shooter enters the room, the new strategy suggests teachers and students should "believe that they should survive" and defend themselves. This could mean discharging a fire extinguisher at the intruder or throwing books and other objects in an attempt to disrupt him or her.

The county police presentation suggests students "commit to their actions," attack as aggressively as possible, improvise weapons and make loud noises to disorient the shooter.

Defending can mean different things depending on the grade level. Because the policy is designed for students from 5 to 14 years old, there is no "one size fits all" for how to react. Lilga said it's likely that kindergarteners will be told to just run if a shooter makes it in. Eighth graders, on the other hand, might be more capable of throwing books or taking someone down.

The three-tiered response puts more responsibility on teachers and faculty to assess the situation and figure out the best course of action, which means they'll need training. Lilga said teachers, along with classified staff like janitors and secretaries, will have to go through training seminars with local police officers on the new plan in the coming fall.

It also means a bad call could put lives at risk, but Lilga said that should not affect staff decisions. She said they are covered by Good Samaritan laws, which prevents people from being liable for civil damages if they act in good faith to help in emergency situations.

Currently the district has no plans to tell students about the newly revised response. Lilga said teacher input during staff training will help determine "age appropriate discussions" that could be held with students. Students will continue to practice lockdowns, which the school has down for the last eight or nine years.

Board trustee Chris Chiang voiced concerns over whether details for the revised response should be openly released to the public, which could benefit an attacker. But the new strategy was presented publicly by the police chiefs and is available online, and Lilga said there was also local television coverage of the change.

Schools adopting Framingham firm's software for safety

As school shootings continue to make headlines, public school systems are investing in security systems to make students safer in the Bay State and beyond.
One Framingham company is beginning to make inroads with a new mobile app that gives school officials fast access to public safety, with the click of a cell phone button. Rave Mobile Safety launched its Rave Panic Button mobile software on June 16 - incidentally, about a week after the nation's latest school shooting in Troutdale, Ore.

Newtown tragedy informed software development

The software has been in the works since the aftermath of the Sandy Hook Elementary School shootings. Officials from Newtown, Conn. met with the company in the spring following the event to discuss how technology could have limited the scope of the tragedy.
Rave Mobile Safety, which until now has worked mostly with municipalities and higher education clients, had been working with Newtown for about a year before the shooting through its Smart911 platform. That software was unrelated to school security and allowed citizens to enter medical history and other personal details to be used in the event of a 9-1-1 call.
The key to school safety, according to Todd Piett, chief product officer at Rave, is connecting people directly involved in an incident to public safety, as the Rave Panic Button does. The system, which can be deployed to all teachers and administrators, uses an app to connect users to designated school and public safety officials.
The user activates an alarm when the button is pressed, but can also send text messages and video. And data about the user's location, including floor plans, is available to public safety.
"I think everybody is recognizing the problem and investing a ton (of money) in safety," said Todd Piett of schools systems across the country.
The Milford Public School system is among the first to sign on. Milford Police Chief Tom O'Loughlin said in a statement that, when it goes live in the new school year, the software system will "enable more precise and effective on-site action" in the event of an emergency. In an interview, O'Loughlin said the Rave app is far more affordable than installing an alarm system.
"You basically pay a licensing fee each year," he said.
O'Loughlin said Milford has been aggressive about improving school security following the Newtown shootings. And he thinks other Massachusetts schools will soon follow Milford's lead.
Meanwhile, Piett said he expects roughly 500 schools across the U.S. to sign on over the next three to four months. Many school districts are being prompted by state legislation to make these investments, though no formal legislation has yet been passed in Massachusetts.
Piett noted that mobile technology is a smart way to implement an emergency notification system given the attachment to cell phones in our society.
"No one forgets or loses their phone, and if you do, you know it," Piett said.
Rave is selling the software beyond the Bay State. The Associated Press reported on June 7 that eight school districts in Snohomish County, Washington, are implementing the Panic Button software under a state law requiring Washington public schools to invest in new security and surveillance systems.
The state government in Washington is providing grants to school districts to help pay for the new security measures. A Michigan school district has signed on as well.

U.S. school security varies widely

Historically, U.S. school security has been highly variable, with school districts adopting security policies and systems depending on the resources available and local sentiment. But the many of the nation's public schools are vulnerable, according to 2010 data published by the National Center for Education Statistics (NCES).
While most school systems (91 percent) lock or monitor doorways, only 46 percent lock or monitor gates on school grounds. Just 5 percent of the nation's schools employ random sweeps using metal detectors, and only about 1 percent require students to pass through them daily.
Sixty-three percent of schools reported using an electronic notification system for a school-wide emergency in 2010.

Want to help prevent school shootings? Build safer campuses.

We have all lived through tragic moments in history that have impacted our lives, consciously or subconsciously. My mother was the one who explained this concept to me, saying she never forgot exactly what she was doing when she learned that JFK had been shot. It was an instance of tragedy and shock that stays frozen in time for her, and makes even the smallest occurrences of the day seem monumental. There have been collective tragedies like that in my life as well, but perhaps none more poignant than the barrage of school shootings we’ve seen in recent years.

For me, the 1999 Columbine school shooting stands out in what has become a grotesque epidemic of gun violence within educational institutions. Of course, this was not the first school shooting to occur and was unfortunately not the last, but the Columbine incident held its own significance in that it underscored the need to identify and address the fundamental causes of these mass killings within schools to prevent more of them.

While progressive steps have been made since Columbine to prevent school shootings, they continue to occur. As a father, and as an architect who works with educators and parents, tragedies like this hit close to home.

I can only imagine how horrific it would be to lose a child in such an inexplicable way. Watching the news coverage of the recent Isla Vista killings, I was moved by the comments made by Richard Martinez, the father of one of the victims.

“No parent should have to go through this,” he said in an interview with CNN. “What has changed; have we learned nothing? These things are going to continue until somebody does something. So where the hell is the leadership?”

Witnessing the pain that parents such as Martinez have gone through, feeling the collective shock of Columbine, Virginia Tech and the Sandy Hook massacres, not to mention the profusion of other school shootings that did not receive the media attention and national empathy they deserved, has continued to fuel my desire to build safer schools and further educate school districts about the importance of safety in what I call “21st century learning environments.”

One of the big things I have found to be extremely important for creating safe learning environments is receiving input from the community. At BCA Architects, we begin every school project by polling parents, teachers, administrators and even law enforcement officials (such as SWAT teams) to collaboratively address each specific community’s concerns and build a consensus on specific solutions.

The beautiful thing about this? Everyone wants to help prevent tragedies from occurring, and the feedback is extremely helpful to the design team. In one town, a group of individuals from the senior center volunteered to do a neighborhood watch. This effort may deter would-be assailants, and it also offers much more comfort to a child’s psychology than having security guards pat down students at entrances.

Here are a few things I have learned to look at since the Columbine shooting that I hope schools across the globe will consider to create safer environments:

Ensure the school’s administration building is positioned in a key location on the campus to facilitate visual connectivity to everyone coming and going from the school and to provide better control of the campus.

Create a single point of access when the school is in session. This is fundamental to the protection of the students and staff and can be accomplished by aesthetically pleasing fencing and by using buildings as barriers to prevent intruders from gaining access to the campus.
Add high-resolution/definition security cameras throughout the school to visually control all areas of the campus, including the athletic fields, to monitor potential intruders. In addition to keeping administrative offices informed and in control, it offers the local police department the opportunity to also monitor the campus.
Implement smart innovations in school construction. Doors and windows can provide greater safety for children and teachers in classrooms. The so-called Columbine lock, for example, allows classroom doors to be locked from the inside in the event of an intruder or lockdown on campus. Hardened glass placed at the entry of the administrative office creates a buffer to prevent a shooter from easily entering the site (reference Sandy Hook). And locating windows at a higher level on exterior buildings prevents easy intrusion without compromising natural daylight.
Although we can never fully keep our students out of harm’s way, I think educators and designers can take into account the thoughts I have listed above and begin to pave the way to a safer tomorrow, and to avoid future tragedies.

Changing a mindset to save lives - Washington Times

Changing a mindset to save lives - Washington Times

Talking to kids in an age of lockdowns and shootings

WASHINGTON -- Asking kids "How was school today?" can be a frightening question for many parents whose children live in a reality where lockdown drills and learning to shelter in place are the norm.

Practicing for an active shooter situation became routine for many schools after the Columbine shooting. In the past 20 years, there have been about 500 school-associated violent deaths, the Associated Press reports. And companies are capitalizing on the terrifying statistics, marketing bulletproof blankets and backpacks.

"It's scary, because you think there are so many schools and what are the chances, but it happens a lot," says Katy Greenberg, a Bethesda, Maryland, mom.

Her 7-year-old has been doing lockdown drills since kindergarten.

Greenberg, who says her daughter is not frightened by the drills since they are part of her school's procedure. "You start school and you just kind of learn how to follow these rules. To them, the drills are just something they do."

Despite the fact that 74 school shootings have occurred since the shooting at Sandy Hook Elementary 18 months ago, Stephen Brock, president of the National Association of School Psychologists, says the probability of an active shooter situation at a school is relatively low.

"But schools need to be prepared for everything -- from a loose dog, to bad weather, to neighborhood incidents," he says.

Alexandria mom Amy Fortney Parks' two kids experienced a lockdown recently when a shooting happened in their neighborhood.

"The biggest reality came when we had the recent murder of Ruthanne Lodato," says Fortney Parks, a child psychologist who has worked in the Fairfax school system for 20 years.

"I didn't necessarily panic, but it was somewhat stressful," she says.

Most public schools have mandatory lockdown drills, and a certain number are required yearly by each state. Parents are usually kept up-to-date about the drills by the school.

"Earlier this year, I sent out a letter to parents detailing all of the precautions we take to keep their children safe," says Judy Lewis, principal of Burning Tree Elementary School in Montgomery County.

Some parents, such as Julieta Macias of Rockville, Maryland, like to ask their children about the drills.

Macias says she asks about "what happened, how do they feel about it, were they concerned or fearful?" She says her children's familiarity with the drills makes them feel more comfortable and prepared, should anything happen.

Brock says when best practices are followed during drills, students have less anxiety about the threatening situations they might face.

"It makes it perceived as being more controllable," he says. "Drills give kids something to do to address something they are anxious about."

Lewis says lockdown drills are the new normal.

"It's a world our kids are gonna have to swim in," she says.

But she echoes what a lot of educators hope parents will remember.

"Kids need to know what to do, but they also need to know they are safe in this school; this is a good place to be. We will take care of you."

How do you address lockdowns and potential school shootings with your children? Let us know in the comments section of this story, on Twitter or on the WTOP Facebook page. Until then, a local parent talks about being prepared.

Chasing dinosaurs: From fire drills to lockdown scares
Molly Meiners, Parenting Contributor

Fire drills were a regular part of the school year when we were young. As a teenager, it was a fun excuse to get out of class for 20 minutes. In elementary school, however, fire drills scared me half to death.

To be fair, the drills probably inflicted a fair amount of pain on my parents, too, as afterwards I would barrage them with questions: What was our fire safety plan? Had we checked the batteries in our smoke detectors? Had we replaced our fire extinguishers?

Why didn't I have a rope ladder I could throw out my window to climb to safety? Where was our family meeting place? (For the record, our closest neighbor was nearly 1 mile away across a corn field. Where did I think we were going to meet? The local Starbucks?)

My dad answered my questions by telling me we didn't need those things because our house wasn't going to catch on fire, and if it did, his only job was to get my sister and me out safely. (My mom was obviously on her own.)

This made me feel better, and after a couple of days I forgot all about fire safety until the following year.

The once ominous fire drills seem like recess, compared to the lockdown drills our children experience today. In schools across the nation, teachers and children practice how to be prepared for an intruder or criminal activity.

Teachers and faculty work with police to design the best way to fortress the school and protect the children. Detailed plans include hiding in closets and bathrooms, turning off lights and pulling blinds, locking doors, shutting down cellphones and keeping silent to avoid detection.

My preschool-aged child experienced a real-life lockdown this year after a shooting occurred one morning nearby his school. Parents were later told the teachers huddled children in the bathrooms and other remote areas, challenging them to see how quiet they could be.

The littlest ones were given glow sticks to hold in the dark. Some practiced how softly they could sing a song. Others were told they had to keep silent because they were on a dinosaur hunt; if police or firemen came into the school it was because they were looking for the dinosaurs to take back to the museum.

The school couldn't have responded better. Parents were made aware -- notably that the children were safe -- and kept updated on the situation through calls and emails.

A very detailed report of the day -- including individual accountings from each teacher -- was sent to the parents that evening. Following the all-clear, the staff did an immediate debrief of the situation to discuss how it was handled and what would have been done had the situation deteriorated.

I fully recognize that our children are safer due to the detailed planning of school faculty and law enforcement, as well as lockdown drills. A coordinated plan helps students know what to do and allows them to respond to danger in a swift and brave manner.

But how do we explain to our children the absolutely horrific reasons for lockdown drills? How do we strike the balance of making them aware of the dangers without making them scared of the place they should feel safest outside of their own homes?

When I was young, the idea of a school fire seemed remote, at best. Today, the idea of an intruder in a school has proven to be real many times over.

With youth comes innocence. My child never mentioned anything being different about the school day, and given his young age, we decided not to ask. I'm guessing parents of the older children had a very different evening, with lots of hugs, tears and calming words.

The innocence will be short lived. Soon, my child and his classmates will be bigger and will no longer be blissfully unaware … because they are hot on the trail of a T-Rex. When that happens, we will have our hands full explaining the realities of today's world.

Will this education, coupled with lockdown drills, instill an unhealthy fear in our children of their own schools and the first responders charged with keeping them safe? Or will the opposite happen? Will we slowly let our guard down as these practices become more common, replacing vigilance and preparedness with a blasé response?

A child shooting a classmate is no longer a breaking news story. In fact, it's often second or third on the national evening news lineup. Promises like the one made by my dad -- keeping us safe, first and foremost -- are much harder to keep and prepare for these days.

Iran Nuke Reactor Hits Capacity

Iran’s Russian-built nuclear power plant in Bushehr hit capacity on Tuesday and was hooked into the country’s national power grid, according to Iranian officials.
Iran’s Russian-built nuclear power plant in Bushehr hit capacity on Tuesday and was hooked into the country’s national power grid, according to Iranian officials.
The contested power plant, which the West suspects could be used to fuel a nuclear weapons program, hit its top capacity and is now generating electrical power across Iran, according to these officials, who said that the construction of more nuclear plants has been approved.
“Two days ago, the necessary measures were taken and today the electricity generated by the nuclear power plant was transmitted into the circuit and 1,000MW of the electricity would enter the national grid tomorrow (Tuesday),” Behrouz Kamalvandi, the spokesman for Iran’s Atomic Energy Organization (AEOI), announced Tuesday, according to reports in Iran’s state run press.
The Bushehr plant is running at full steam, producing 1,000 mega-watts of electricity following a successful refueling, according to Iran.
“The process of reloading fuel into the Bushehr nuclear power plant ended successfully and the facility joined the national grid at 5:30 Tuesday morning with 50 percent of its nominal power after accomplishment of relevant technical tests,” AEOI head Ali Akbar Salehi was reported as saying on Tuesday.

Israelis Uncover Explosives Workshops, Tunnels During Search for Kidnapped Teens

Three teens kidnapped by Palestinians 10 days ago

Israeli soldiers search for tunnels / AP
Israeli soldiers search for tunnels / AP
JERUSALEM—Soldiers searching for three Israeli students kidnapped on the West Bank 10 days ago have uncovered 10 workshops for manufacturing explosive devices and scores of hidden tunnels, according to army spokesmen, but there is still no sign of the kidnap victims.
Officials hinted today for the first time that the intensive army search, which has been concentrated in Hebron near the site of the abduction, may be significantly reduced in the coming days, leaving the search largely to the intelligence network of the Shin Bet Security Services.
The Palestinian population had been relatively passive when the house-to-house searches began but in the last few days there has been increasing resistance and at least two Palestinians have been shot dead.
Several Israeli infantry brigades have been pulled off regular training in order to carry out the search. Most of the tunnels they uncovered were in the basements of civilian houses, their entrances hidden by washing machines or heavy furniture. The troops have scoured wells, caves, and pits in the countryside surrounding the city. “There’s no point in doing these raids again and coming up with nothing,” said an officer. More than 300 persons have been detained, almost all of them Hamas activists.
Senior army officers say that the general population may rise up if the search goes on too long. Officials have suggested that it would be wise to pull the troops back before the onset of the month-long Muslim holiday, Ramadan, next week.
Israeli officials are also concerned about the growing antagonism from West Bank residents towards Palestinian Authority President Mahmoud Abbas, who denounced the kidnapping last week and called for the release of the three victims, two aged 16 and one 19.
Abbas has ordered his own security forces, including police, to aid in the search. A mob attacked a Palestinian police station this week, indicating popular resentment. Israel would not want to see him toppled, for fear of chaos on the West Bank.

Friday, June 13, 2014

200 U.S. contractors surrounded by jihadists in Iraq

As the battle for Iraq worsens, it was only a matter of time before the private contractors became a part of the religious insurgency happening inside the country. We have for years watched the slaughter in Iraq take place as we were on the front lines of this conflict daily, driving and operating in these still war torn, destructive, polarized, religiously divided cities.

What the U.S. Government tells you about Iraq is incorrect, what the prime minister of Iraq says cannot be believed, what the armchair pundits tell you is nonsense and is an educated guess at best.  I spent the better part of the past six years working TWISS, BESF, WPPS and WPS contracts all over the country of Iraq and I tell you first hand, it is and always will be lawless, the local populace has neither the will nor the capability to defend itself, nor does it care.

The Iraqi Government is full of bluster, hype, over confidence and lacks the ability to make cohesive decision that are in the best interest of all of its citizens.  The American people should demand that our government help recover these great American contractors, then fly off into the sunset leaving Iraq to its on devices.

I can tell you for certain we are not wanted their and cannot influence the situation on the ground without overwhelming combat power and that is not something that I condone. We as a country have lost way too much in the fight for Iraq's life, its time to let it fight for its on survival.

To all the contractors be brave, strong and shoot straight and may god bless you.
To my buddies still on the ground, I will pray for you each night until you return.


Wednesday, June 11, 2014

What RyPul Threat Assessments Does

What We Do

Our physical threat assessment experts create security designs and plans that can help you defend yourself in place from an armed attacker in your home, on your campus, commercial property, remote site or work place. Our risk assessments provide you the choices, training and devices necessary for survival. In today's state of armed attacks, work place violence and school shooters, we believe that administrators, business owners and parents need to think defend in place, instead of run, hide and die. Our intent is to assist you in developing and applying procedures that will permit you and your clients to recover quickly from attacks, accidents, fires, or natural disasters.


School Threat Assessments
Force Protection Plans and Options
Residental Security Staffing Plans
Risk Mitigation Options
Security Barrier Placement Assessments
Personal Protection Training
Route Driving Planning
Personal Protection Teams
Family Personal Security Specialists
Remote Site Security Assessments


Is your company, commercial property, remote site, building, school or home prepared to defend itself from an attack. Are you prepared for the masked gunman, the home invasion robber, the range of attacks from heavily armed militants or the local school shooter?  If your immediate answer is not a resounding "YES" then you need to call us today for a personal security threat assessment.

The assessment process will include the full range of relevant factors that affects your business or personal safety and  provide you the most appropriate risk mitigation options for your individual needs. It is incumbent upon you to have your sites assessed and then to immediately put into place the industry's best security methods and procedures to enhance your overall safety, security and peace of mind. These methods include updating or reinforcing your present building construction materials, acquiring and installing bullet resistant or bullet proof materials and installing physical barriers to stop intruders from entering into protected areas or other restricted spaces.

As specialists in threat assessments and personal security, RyPul Threat Assessments has produced an effective threat assessment procedure, and we are uniquely suited to assist you with effective, actual and real world risk mitigation options. We help protect you, your site and your clients with the highest possible degree of survivability. Our assessments are designed to help you thwart any attacker at your first level of defense.

Don't accept age old threat modeling or the aftermath responses from crisis management companies, become proactive, get ahead of the game and contact us for a fresh perspective of your available security options.

Tuesday, June 10, 2014

Gunman, student dead after shooting at Oregon high school

Gunman, student dead after shooting at Oregon high school, authorities say

June 10, 2014: Authorities respond to a shooting incident at Reynolds High School in Troutdale, a suburb of Portland, Ore.Fox News
Authorities in Oregon say a gunman entered a high school outside of Portland Tuesday morning and fatally shot a student before he was killed himself.
The Multnomah County Sheriff's Office said in a statement that the situation is stabilized at Reynolds High School in Troutdale.
Scott Anderson, the chief of the Troutdale Police Department, confirmed the deaths and called the events a “tragic day” for the community. Authorities did not say how the shooter died.
The sheriff’s office said at 8:07 a.m. local time Tuesday, police responded to the reports of shots fired at the school.
Students told The Associated Press they were informed over the intercom that there was a lockdown and to quietly go to their classrooms.
The wife of a vice principal at the school told KPTV that she received a text message from her husband that said there was an active shooter.
More than 100 police and sheriff’s units are reportedly on scene in addition to medical personnel and the FBI, according to KOIN 6.
Doug Daoust, the mayor of Troutdale, told Fox News that SWAT teams are evacuating classrooms one at a time. TV news broadcasts showed students being escorted away from the school with their hands on their heads, The Associated Press reports.
Freshman Daniel DeLong, 15, said while waiting after the shooting that he saw a physical education teacher at the school with a bloodied shirt.
"I'm a little shaken up," DeLong told The Associated Press. "I'm just worried."
He said he was texting friends to make sure they were all OK.
"It just, like, happened so fast, you know?" he said.
Freshman Morgan Rose, 15, said she was hunkered down in a locker room with another student and two teachers.
"It was scary in the moment now knowing everything's OK I'm better," she said.
Authorities are asking parents to reunite with students at the Wood Village Fred Meyer supermarket and advise all other people to stay out of the area. A reporter from the Oregonian, who is at the supermarket, tweeted that employees brought out water and cookies for parents.
Around 2,800 students attend the school, Q13 Fox reports.
Linda Florence, the superintendent of Reynolds School District, said this day is “one that I had hoped would never, ever be part of my experience.”
Troutdale is a quiet tourist town of 15,000 near the Columbia River, about 16 miles east of downtown Portland.
Authorities are planning to release more information on the shooting at a news conference scheduled for 3 p.m. ET.
The Associated Press contributed to this report.

Monday, June 9, 2014

Are you part of the FAKE E-Bay customer list?

In the wake of eBay’s disclosure that a breach may have exposed the personal data on tens of millions of users, several readers have written in to point out an advertisement that is offering to sell the full leaked user database for 1.4 bitcoins (roughly USD $772 at today’s exchange rates). The ad has even prompted some media outlets to pile on that the stolen eBay data is now for sale. But a cursory examination of the information suggests that it is almost certainly little more than a bid to separate the unwary from their funds.
The advertisement, posted on Pastebin here, promises a “full ebay user database dump with 145, 312, 663 unique records”, for sale to anyone who sends 1.453 bitcoins to a specific bitcoin wallet. The ad includes a link to a supposed “sample dump” of some 12,663 users from the Asia-Pacific region.
ebay-btcThere is a surprisingly simple method for determining the validity of these types of offers. Most Web-based businesses allow one user or customer account per email address, and eBay is no exception here. I took a random sampling of five email addresses from the 12,663 users in that file, and tried registering new accounts with them. The outcome? Success on all five.
For a sanity check on my results, I reached out to Allison Nixon, a threat researcher withDeloitte & Touche LLP (and one of the best sources I’ve met for vetting and debunking these supposed “leaks”). Nixon did the same, and came away with identical results.
“A lot of this is inference — finding out whether an account exists,” Nixon said. “A lot of the time if they generate fake leaks, they’re not doing it based on data from real accounts, because if they did then they might as well hack the real web site.”  eBay does maintain separate domains for different regions and countries, includingebay.co.uk (Great Britain), ebay.cn (China) and ebay.com.au (Australia), but testing indicates that all of these eBay sites use the same accounts database.
It’s worth noting that we saw nearly the exact same scams — an offer on Pastebin to sell a list in exchange for bitcoins — right after the LinkedIn breach last year. That offer also turned out to be fake.
Nixon posits that the main target of these fake leak scammers are probably security companies eager enough to verify the data that they might just buy it to find out. Interestingly, I did have one security company approach me today about the feasibility of purchasing the data, although I managed to talk them out of it.
“I think the target victim is a security company trying to verify,” Nixon said. “Only they would have that sort of money.”

Great security information resource


Backdoor in Call Monitoring, Surveillance Gear

If your company’s core business is making software designed to help first responders and police record and intercept phone calls, it’s probably a good idea to ensure the product isn’t so full of security holes that it allows trivial access by unauthorized users. Unfortunately, even companies working in this sensitive space fall victim to the classic blunder that eventually turns most software into Swiss Cheese: Trying to bolt on security only after the product has shipped.
phonetapFew companies excel at showcasing such failures asSEC Consult Vulnerability Lab, a software testing firm based in Vienna, Austria. In a post last year called Security Vendors: Do No Harm, Heal Thyself, I wrote about Symantec quietly fixing serious vulnerabilities that SEC Consult found in its Symantec Web Gateway, a popular line of security appliances designed to help “protect organizations against multiple types of Web-borne malware.” Prior to that, this blog showcased the company’s research on backdoors it discovered in security hardware and software sold by Barracuda Networks.
Today’s post looks at backdoors and other serious vulnerabilities SEC Consult found in products made by NICE Systems, an Israeli software firm that sells a variety of call recording solutions for law enforcement, public safety organizations and small businesses. According to SEC Consult, NICE’s Recording eXpress — a call recording suite designed for small and medium-sized public safety organizations (PDF) – contains an undocumented backdoor account that provides administrator-level access to the product.
“Attackers are able to completely compromise the voice recording / surveillance solution as they can gain access to the system and database level and listen to recorded calls without prior authentication,” wrote Johannes Greil and Stefan Viehböck of SEC Consult. “Furthermore, attackers would be able to use the voice recording server as a jumphost for further attacks of the internal voice VLAN, depending on the network setup.”
According to the security firm’s advisory, these and a slew of other security security holes likely also exist in Cybertech eXpress and Cybertech Myracle, older NICE products aimed at corporations seeking call recording software for customer service, training and verification.
NICE did not immediately respond to requests for comment. SEC Consult says the company has fixed the backdoor and a few other issues via a recent security update, but that serious other flaws remain unaddressed (including multiple unauthenticated SQL injection issues).
A section of the NICE Web site says the company also “provides Law Enforcement Agencies (LEAs) with mission-critical lawful interception solutions to support the fight against organized crime, drug trafficking and terrorist activities.” While the SEC Consult didn’t examine these technologies, NICE’s track record here doesn’t exactly instill confidence that those systems are any more secure.
Nicholas Weaver, a researcher at the International Computer Science Institute(ICSI) and at the University of California, Berkeley, said the NICE case is the classic worry of all those who write security monitoring software.
“If an attacker takes control, the monitoring software can easily be turned against the installer,” Weaver said. “So many critical programs exist in shadows: never discussed, never audited, and never known. For many of these programs, whenever a researcher illuminates them, discoveries like this seem almost inevitable.”

Thieves Planted Malware to Hack ATMs

A recent ATM skimming attack in which thieves used a specialized device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come.
Two men arrested in Macau for allegedly planting malware on local ATMs.
Two men arrested in Macau for allegedly planting malware on local ATMs (shown with equipment reportedly seized from their hotel room).
Authorities in Macau — a Chinese territory approximately 40 miles west of Hong Kong — this week announced the arrest of two Ukrainian men accused of participating in a skimming ring that stole approximately $100,000 from at least seven ATMs. Local police said the men used a device that was connected to a small laptop, and inserted the device into the card acceptance slot on the ATMs.
Armed with this toolset, the authorities said, the men were able to install malware capable of siphoning the customer’s card data and PINs. The device appears to be a rigid green circuit board that is approximately four or five times the length of an ATM card.
According to local press reports (and supplemented by an interview with an employee at one of the local banks who asked not to be named), the insertion of the circuit board caused the software running on the ATMs to crash, temporarily leaving the cash machine with a black, empty screen. The thieves would then remove the device. Soon after, the machine would restart, and begin recording the card and PINs entered by customers who used the compromised machines.
The Macau government alleges that the accused would return a few days after infecting the ATMs to collect the stolen card numbers and PINs. To do this, the thieves would reinsert the specialized chip card to retrieve the purloined data, and then a separate chip card to destroy evidence of the malware. Here’s a look at the devices that Macau authorities say the accused used to insert the malware into ATMs (I’m working on getting clearer photos of this hardware):
Five of the devices Macau police say the thieves used to insert the malware and retrieve stolen data.
Five of the devices Macau police say the thieves used to insert the malware and retrieve stolen data.
Here is a side-view look at the circuit board device:
Source: Yahoo! News
Source: Yahoo! News
And finally, a close-up of one end of the skimming board itself:
Image: orientaldaily.on.cc
Image: orientaldaily.on.cc
ATM attacks that leverage external, physical access to install malware aren’t exactly new, but they’re far less common than skimming devices that are made to be affixed to the cash machine for the duration of the theft. It’s not clear how the malware is being delivered in this case, but in previous attacks of this sort the thieves have been able to connect directly to a USB port somewhere inside the ATMs.
Late last year, a pair of researchers at the Chaos Communication Congress (CCC) conference in Germany detailed a malware attack that drained ATMs at unnamed banks in Europe. In that attack, the crooks cut a chunk out of the ATM’s chassis to expose its USB port, and then inserted a USB stick loaded with malware. The thieves would then replace the cut-out piece of chassis and come back a few days later, and enter a 12-digit code that launched a special interface that displayed the amount of money available in each denomination — along with options for dispensing each kind.
In December 2012, I wrote about an attack in Brazil in which thieves swapped an ATM’s USB-based security camera with a portable keyboard that let them hack the cash machine. In that attack, the crook caused a reboot of the ATM software by punching in a special combination of keys. The thieves then were able to reboot into a custom version of Debian Linux designed to troubleshoot locked or corrupted ATM equipment.