The CyberWire Daily Briefing for 10.10.2012
The next salvo in the anti-US-banking campaign has apparently been fired: Capital One reports a denial-of-service attack, and Iran's Izz ad-Din al-Qassam Cyber Fighters claims responsibility.
Apache warns of critical configuration problems in its popular open-source CloudStack platform. A Stanford student demonstrates an HTML5 phishing exploit. Apple's fingerprint software is found to expose Windows passwords. A Japanese phone directory project exposes large amounts of personal data. Microsoft reports two threat trends: exploitation of key generators and malware designed to attack supply chains.
Anonymous apparently opens a campaign against the Estonian government, but attribution and even recognition of cyber attacks are notoriously difficult—was Ireland's Google outage a hack or a bug? (This may give pause to defense intellectuals constructing deterrent theories of offensive cyber capability.)
Possible US budget sequestration continues to trouble industry, and major integrators like Raytheon look to hedge with cyber. BAE and EADS will not merge—German objections were decisive. Microsoft announces a major shift in strategic direction away from software and toward devices and services. Cisco cuts ties with China's ZTE over dealings with Iran. Security analysts generally find warnings about ZTE and Huawei plausible, but the companies (and their government) vigorously deny espionage charges.
Stories exemplify three academic trends: online connections among students and potential employers, strong cyber curricula at community colleges, and the growth of executive master's programs with a cyber emphasis.
Businesses fear a cyber executive order will impose a checklist-security regime. The Philippines' Justice Department issues an unusual call for cyber vigilantism.
Notes.
Today's issue includes events affecting Australia, Estonia, France, Germany, India, Indonesia, Iran, Ireland, Japan, Philippines, Russia, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Capital One hit by denial of service attack, suffers online problems (ZDNet) Banking giant Capital One confirmed last night that it was targeted by a cyber-attack that disrupted online services. An Iranian group calling itself Izz ad-Din al-Quassam Cyber Fighters has claimed responsibility for the denial of service attack
Muslim Hackers Responsible for Attacking US Banks Not Identified or Located (Muslim Hackers Responsible for Attacking US Banks Not Identified or Located) Yesterday, hackers part of the Izz ad-Din al-Qassam Cyber Fighters have resumed their operations against US banks by launching a distributed denial-of-service (DDOS) attack against the website of Capital One. Avivah Litan, vice president distinguished analyst at Gartner Research, reveals that authorities have already located the servers utilized by the attackers to disrupt the financial institutions websites, but they have yet to identify the hackers or trace their location. I personally take these very seriously
Critical Flaw Reported in CloudStack (Threatpost) The Apache Software Foundation is warning users about a configuration problem in the open-source CloudStack platform that could allow an attacker to take a number of unwanted actions, including deleting all of the virtual machines on a system
Proof-of-Concept Exploits HTML5 Fullscreen API for Social Engineering (Threatpost) Independent security researcher, web designer, and Stanford Computer Science student Feross Aboukhadijeh has developed an attack concept that exploits the fullscreen application programming interface in HTML5 in order to carry out phishing attacks
Confirmed: Apple-owned fingerprint software exposes Windows passwords (Ars Technica) Exploit software is released one month after the serious weakness came to light
Google disappears for Irish internet users - but was it a nameserver hack or admin screwup? (Naked Security) Thousands of Google users in Ireland found that they were unable to access the site earlier today when the nameservers for google.ie began to point to a third-party site based in Indonesia. But was it an admin cockup or the result of a malicious hack
Islamic magazine.islamtoday.net massive database hacked by @VenomSec (Cyberwarzone) VenomSec has attacked the Islamic magazine website Islamtoday. net. The hackers achieved to leak the massive database on PasteBin
Anonymous: #OpEstonia message to the government of Estonia (Cyberwarzone) "Hello Government of Estonia, We are Anonymous. We have seen that you do not care about your people And you show them no respect. For an exampleEstonia explain that they do not have money,But then they gave greece 357
Ransomware adds audio component to force users to pay up (Help Net Security) Not satisfied with just showing the fake FBI note, the criminals behind one of the many ransomware campaigns going on at the moment are trying to assault the users' other senses as well
Controversy over Japanese app that published up to 760,000 personal addresses (CSO) A security firm says the Android app put up to 760,000 address book entries from 3,400 users into a searchable public database
Microsoft: Software Activation-Key Generators Major Malware Conduits (Dark Reading) Lure of free software often leads to malware infection, new Security Intelligence Report finds. Blame it on Angry Birds: The main threat in the first half of the year was a software activation key generator used to spread malware mainly to users of Angry Birds Space and Battlefield -- Bad Company. The Win32/Keygen software was detected nearly 5 million times, according to findings in Microsoft's new Security Intelligence Report (SIR) 13
Microsoft Report Exposes Malware Families Attacking Supply Chain (Threatpost) Less than a month after the Nitol botnet takedown, Microsoft has released data casting more scrutiny of supply chain security. In its latest Security Intelligence Report (SIR) for the first half of 2012, Microsoft has connected the most prevalent malware families involved in supply chain compromises, including malicious add-ons pre-installed on PCs by manufacturers, as well as pirated software available on peer-to-peer networks, and music and movie downloads
Zitmo Growing More Sophisticated, Prevalent in Android (Threatpost) From July to September this year, there's been an uptick in Zitmo (or Zeus-in-the-Mobile) mobile banking malware according to research revealed this week by network security firm FortiGuard Labs
Coding error undermines DEAMS data reliability (Fierce Government IT) The system, Defense Enterprise Accounting and Management System, made unauthorized changes to some fields in more than a quarter of the 4,207 general ledger accounts within it, the Defense Department office of inspector general says in a report dated Sept. 28
Security Patches, Mitigations, and Software Updates
October Patch Tuesday: Microsoft Enforces 1024-bit RSA Keys (eSecurity Planet) Microsoft releases seven bulletins addressing 20 security issues in Windows, SQL Server and Office. Microsoft is out with its October Patch Tuesday update, fixing 20 security issues and enforcing a new level of security with an RSA key strength update. Only one of the October Patch Tuesday bulletins
Microsoft patches 20 vulnerabilities (Help Net Security) Microsoft Security Bulletin Summary for October 2012 contains 7 bulletins to patch 20 vulnerabilities. MS12-064, rated at critical, affects Microsoft Word and would allow an attacker to send a malicious
Cyber Trends
Infosec Slowly Puts Down Its Password Crystal Meth Pipe (Dark Reading) Is Google's OAuth 2.0 implementation an identity plus or minus? There is an immense amount of technology churn in identity. The Cloud Security Alliance guidance alone mentions dozens of different identity standards, but which ones work best for an enterprise, and how should it choose
Security Wisdom Watch: Leaders and Lightweights (CSO) A look at individuals and groups leading the way--or not--in tough times
Ponemon statistics 2012 on cost of cybercrime (Security Affairs) At the American Enterprise Institute (AEI) event Cybersecurity and American power, Gen. K.B. Alexander, director of the National Security Agency (NSA) and chief at the Central Security Service (CSS), defined cybercrime the greatest transfer of wealth in history. alerting Government on the emergency related to intellectual property theft due cyber espionage. Symantec placed the cost of IP theft to the United States companies in $250 billion a year, global cybercrime at $114 billion annually ($388 billion when you factor in downtime), and McAfee estimates that $1 trillion was spent globally under remediation
Take-Aways from TTC's Military Cyber Security Conference (GovWin) Recently I had the opportunity to attend a multi-day conference in the Washington, DC area on the topic of Military Cyber Security hosted by the Technology Training Corporation. The topics that were covered ranged from the nature and degree of the threat to what military and other entities are doing to address the threat currently and what is needed going forward. Throughout the conference one thing became clear - while much has been done already
Data Loss from Missing Devices Ranks First Among Top Mobile Threats (Billing World) The rankings, released by Cloud Security Alliance, came from a survey of more than 200 enterprise participants. A main goal of this survey was to provide guidance on where enterprises should place resources to address mobile device security threats
Mounting risks from mobile devices in the enterprise (Help Net Security) RSA released a new research report from the Security for Business Innovation Council (SBIC) that addresses the continued surge of consumer mobile devices in the enterprise and shares security leaders'
What are the current trends in cloud adoption? (CloudTech) This echoes a recent piece of research from the Cloud Security Alliance (CSA) and ISACA, which stated that it would take at least three years for the cloud to reach its full impact
Reasons Cloud is a Seller's Market (CIO India) We were able to identify just two third-party cloud knowledge certifications--ComTIA's Cloud Essentials and its new Cloud+ Certification and the Cloud Security Alliance's Certificate of Cloud Security Knowledge (CCSK)--that carry any weight in the
Marketplace
Defense Budget Cut 'Equals Devastation,' Bell Chief Says (Fort Worth Star-Telegram) Bell Helicopter Chief Executive John Garrison on Tuesday joined the chorus of defense industry executives sounding the alarm about the likely consequences if Congress doesn't act by early January to block huge defense spending cuts from automatically taking place
Contractor Survival Tactics: Raytheon Focuses on High-Growth Markets (GovWin) Raytheon said it's focusing on providing cyber capabilities to the Intelligence, DoD and DHS markets, as well as embedding information assurance
Robert Hale: Pentagon Could Reprogram Funds for 'High-Priority' Contracts Under Sequestration (ExecutiveGov) The Defense Department may ask Congress for authority to reprogram funds for high-priority contracts if sequestration cuts kick in Jan. 2, Defense News reports. Pentagon Comptroller Robert Hale told reporter Marcus Weisgerber the service branches would be asked to review key contracts and try to avoid disruptive renegotiations. Defense spending would see a $50 billion reduction under sequestration
Intelligence community cloud coming online in early 2013 (FederalNewsRadio.com) The CIA and the National Security Agency are building a secure cloud computing architecture for the entire IC. Meanwhile, the Defense Intelligence Agency and the National Geospatial-Intelligence Agency will work together to build an IC-wide common
Audit: Maryland cyberdefenses lacking, finds residents' info may be at risk (Washington Post) As home to the U.S. Cyber Command and more than a dozen other military and government agencies conducting classified Internet work, the Free State is routinely touted by Maryland Gov. Martin O'Malley (D) as the nation's cyber capital. But an audit
Wrangling scuppers BAE-EADS tie-up (Financial Times) EADS and BAE Systems have given up their 34 billion euro quest to create the world's biggest defence and aerospace company after objections from Germany scuppered the deal
Microsoft: Radical shift to devices, risk ahead of Windows 8 (ZDNet) Microsoft makes it official: The company is now a devices and services company. Unfortunately, that transition away from high margin software licenses may be rocky
Cisco cuts ties with Chinese firm accused of reselling gear to Iran (Ars Technica) Cisco has ended a sales partnership with ZTE, after the Chinese technology firm was accused of selling Cisco networking equipment to Iran despite US sanctions against the country. Cisco's decision became public just as a Congressional report yesterday claimed Chinese companies ZTE and Huawei pose a security threat to the US and can't be trusted to comply with US and international law
Australian firm assists NASA (UPI.com) QuintessenceLabs Founder Vikram Sharma says NASA was drawn to his Australian cryptographic start-up firm because its quantum key distribution technology meets the U.S. space agency's goal of unconditionally secure information exchange
Rapid7 acquires Mobilisafe (Help Net Security) Rapid7 has acquired Mobilisafe, a Mobile Risk Management (MRM) provider, and entered a new market with its solution for managing the risk associated with Bring Your Own Device (BYOD)
SpectorSoft Announces Acquisition (Dark Reading) Corner Bowl Software has focused on developing software that helps system administrators perform critical tasks
CACI Wins Lockheed DoD Cyber Forensics Subcontract (Govconwire) CACI International Inc. has won a $36 million subcontract from Lockheed Martin to provide cyber forensics and information technology solutions for the Department of Defense Cyber Crime Center
CounterTack Appoints Security Veteran Stuart McClure to Board of Directors (U.S. Politics Today) CounterTack, the industry's first and only provider of in-progress cyber attack intelligence and response solutions, today announced it has named Stuart McClure, president and CEO of Cylance and former McAfee
Open source hobbyists now in high demand (IT World) You know what? They're not calling us "hobbyists" anymore
Products, Services, and Solutions
Symantec Helps Businesses Accelerate Mobile Adoption By Enabling Developers To Build Trusted Enterprise Ready Apps (Dark Reading) Offerings include two new programs as well as a single mobile suite spanning device management, application management, and mobile security
HTTPS Everywhere plugin from EFF protects 1,500 more sites (Ars Technica) The browser extension makes it easier to connect to encrypted websites
Kernel crimps make Windows 8 a hacker hassle (The Register) Windows 8 will make hackers' lives hard, says Windows internals expert, security researcher and co-author of Apple's iOS and the open source Windows XP clone ReactOS, Alex Ionescu. Now chief architect at CrowdStrke, a security company focused on nation-state adversaries, Ionescu says Windows 8 builds on the usermode exploit mitigations introduced into Windows Vista and 7 with new approaches to security that attempt to mitigate kernel mode attacks. Ionescu will outline those new defences at the Ruxcon Breakpoint security conference in Melbourne, Australia, next week
Array Networks unveils secure access gateway virtual appliance (Help Net Security) Array Networks announced its new vxAG Virtual Secure Access Gateway virtual appliance for cloud and virtualized environments. The new product gives enterprises and service providers the ability to run
RSA's New Security System Could Prevent Password Leaks Of The LinkedIn Or Yahoo Kind (CrazyEngineers VoiCE) The recent mishap at LinkedIn, that leaked passwords of 6.5 million users, is something that the security researchers and the scientists who specialize in cryptography are trying really hard to prevent. Even though companies like LinkedIn or Yahoo
Boeing's Data-Analytics Tool Helps Agencies Inundated With Information (DefenseNews.com) First deployed in 2005 and updated every six months, TAC "functions completely differently from anything else out there," said Charles Fleischman, chief technical officer of Boeing's Intelligence Systems Group. "You don't ask it a question like on
Trend Micro introduces defense against targeted attacks (Help Net Security) Trend Micro is introducing Custom Defense - an advanced threat protection solution that enables businesses and government agencies not only to detect and analyze APTs and targeted attacks, but also to adapt their protection and respond to these attacks
Kaspersky Lab Responds to Security Needs of SOHOs (Tempo) Why SOHOs need KSOS 2. According to a research done by B2B International in collaboration with Kaspersky Lab, 41%[1] of companies surveyed globally are not prepared for cyber-threats and 31% of its IT specialists are not fully aware of today's Trojans
CUBIC CORPORATION : Cubic Cyber Solutions Expands XD Product Line (4-Traders) Cubic Cyber Solutions, the subsidiary of Cubic Corporation (NYSE: CUB) that develops versatile cross-domain transfer appliances, recently introduced its new XD-10G solution for high-speed one-way transfer using a
Google Retools Search Appliance (InformationWeek) Never mind the cloud. Companies need search hardware, and Google aims to deliver
VMware Fights Lock-In Fears, Supports Rival Tools (InformationWeek) VMware revamps vCloud Suite management tools to work with Microsoft's Hyper-V, Citrix Systems' XenServer, and open source Xen and KVM hypervisors, and run VMs across public and private clouds, including Amazon's EC2
Apple's Lightning authentication chip may have been reverse engineered (Apple Insider) An unauthorized accessory maker has promised that products cloning Apple's new Lightning cable are on their way, thanks to reverse engineering
Technologies, Techniques, and Standards
Practical IT: What is your company's threat response strategy? (Naked Security) As someone looking after IT for your company, how do you react to reports of vulnerabilites like those seen recently in Java and Internet Explorer
Cyber Security Awreness Month - Day 9 - Request for Comment (RFC) (Internet Storm Center) The Internet Engineering Task Force (IETF) is the main standard body for Internet related protocols. As far as standard bodies go, the IETF is probably the most open. Standards are discussed on mailing lists, and all you need to do is sign up for a mailing list and chime in, or attend one of the IETF meetings or both. There is no "membership" and standards usually require aconsensus
NASA shares tips for using Google+ (Fierce Government IT) Since it began using Google+ in November 2011 NASA has gained more than 229,000 followers and a wealth of experience using the social media tool. But success using the social media platform is largely dependent on knowing how to maximize the tool's strengths, said Jason Townsend, deputy social media manager for NASA
Design and Innovation
Clayton Christensen: "Disruptive Innovations Create Jobs, Efficiency Innovations Destroy Them" (TechCrunch) If you get the opportunity to hear Clayton Christensen hold court, seize it. Speaking at BoxWorks in San Francisco today, Christensen was characteristically soft-spoken, self-deprecating and good-humored, even prompting Ron Miller to describe him as "the Steven Wright of business research" and the anti-Aaron Levie
Anderson: Today's 'Maker Movement' Is The New Industrial Revolution (TechCrunch) As the longtime editor-in-chief of Wired Magazine, the author of The Long Tail, the coiner of the term "freemium," to name just a few of the things that he's known for, Chris Anderson is well-renowned for having his finger on the pulse of trends just as they're starting to coalesce into movements
Research and Development
Physics Nobel honors quantum computing pioneers from France and US (IT World) An American and a Frenchman have won the 2012 Nobel Prize for Physics for their work on quantum optics, which could one day lead to faster computer processors, better telecommunications or more accurate timepieces
Academia
With $20M Raised, MyEdu Launches New Tools To Help College Students Actually Connect With Employers (TechCrunch) Launched in 2010, Austin-based MyEdu set out to help students reduce the cost of earning a college diploma and remove the friction from every aspect of the higher education process, from deciding on the right school to finding post-graduate employment. Since then, the startup has been methodically collecting data from students as well as official academic data from universities to identify
Cyber safety coming to Marion: classes start soon (Ocala.com) High-ranking national security officials warned over the summer that cyber attacks are now the biggest threat to the United States, costing citizens and companies around the globe at least $250 billion annually
Crack the Cyber Code: Grad schools prepare a new generation of cybersecurity leaders (Express) Brian Fricke discovered his passion for cybersecurity while in the Marine Corps. "We had a big virus hit our squadron, and I was like, 'Oh, I think I can fix this.'" Fricke got the patch disk and removed the virus. "It wasn't a big deal if you think about it, but it was a big deal to [the squadron] because none of the computers were working." A big deal indeed: Fricke earned a Navy Achievement medal for his work. "I had a mentor that taught me this: If you can be the one to translate the techie stuff to the business and vice versa, then you will always have a job," says Fricke, 30. Fricke is a pioneer in this type of translation. He's a part of George Washington University's first class of World Executive MBA candidates with a focus on cybersecurity
Legislation, Policy, and Regulation
White House to meet with House staffers over cybersecurity order (The Hill) Obama administration officials plan to discuss a possible executive order aimed at improve cybersecurity with House aides. Caitlin Hayden, a White House spokeswoman, acknowledged on Tuesday that an interagency team, led by White House national security staff, met with Senate aides on Friday. She said the administration is planning to hold a similar session with House staffers in the "near future.""The administration is continuing to explore improvements both through the promotion of cybersecurity best practices and increased cybersecurity information sharing
What An Executive Order On Cybersecurity May Mean For Enterprises (Dark Reading) While officials say an executive order could set voluntary security standards, companies worry that it can result in a checklist approach to security
EU cloud strategy calls for standards (Fierce Government IT) Cloud computing technical specification standardization, model contracts and a pooling of requirements among European Union governments would cause the gross domestic product impact of cloud computing in the EU to nearly triple to 250 billion euros by 2020, says the European Commission
Offensive Cyber Capabilities Need to be Built and Exposed Because of Deterrence (Infosec Island) Within the next couple of years the world will experience more intentionally executed and demonstrated cyberattacks while the development of offensive cyberweapons will become fiercer and publicly more acceptable. Today, cyber capabilities are essential for nation-states and armed forces that want to be treated as credible players. Cyberspace, the fifth dimension of warfare, has already become an important arena of world politics, especially since we are living in a time in which the lines between war and peace have blurred
DoD-DHS' info sharing program on cyber threats isn't shrinking (Foreign Policy) Last week, Rep. Mike Rogers (R-Mich.) slammed the Pentagon program allowing some businesses to share information on cyber attacks with the government and receive help in defending against those attacks. Rogers claimed that since being expanded to include the Department of Homeland Security, the DIB-pilot project, as it's colloquially known, has been bleeding members
Protecting Against A 'Cyber 9/11' (Washington Post) Congress has recessed until after the November elections without passing cybersecurity legislation, which a bipartisan chorus of prominent defense and intelligence officials says is urgently needed to protect our countrys economic and national security
Commentary: Air Force Cyber Vision 2025 (DefenseNews.com) These efforts and others have allowed us to provide operational support to our own missions, as well as to U.S. Strategic Command and U.S. Cyber Command. To build on this progress, the Air Force has sought to identify and articulate enduring concepts
Cybersecurity month sparks renewed calls for collaboration (Defense Systems) In two appearances the first week of October, Commander of the U.S. Cyber Command and National Security Agency Director GEN Keith Alexander called on agencies to collaborate with each other and the private sector to better share information for the
Litigation, Investigation, and Law Enforcement
U.S. concerns over Chinese tech manufacturers understandable, experts say (CSO) Most experts agree that China is home base to a large, active community of hackers engaged in cyber-espionage
ZTE sticks up for itself after national security allegations (Android Community) Yesterday, we told you that ZTE and Huawei were facing accusations of being a potential threat to US national security by the House Intelligence Committee. In a nutshell, the Committee said that both companies could potentially help the Chinese government spy on the US in a report that followed a year-long investigation. Naturally, ZTE and Huawei (along with China for that matter) didn't take too kindly to the allegations leveled in the report, and today ZTE is hitting back with a full statement in an attempt to clear its name
China rejects US claims over telecom firms (Asiaone) A US Congressional report that warns two Chinese telecom companies pose a national security risk and should face restrictions in the US market is "groundless", China has said. The US House Intelligence Committee draft report says that equipment supplied by two Chinese firms, Huawei Technologies and ZTE, could be used by Beijing for espionage purposes."The US Congress investigation report, which is merely based on subjective suspicions and false foundations, has in the name of national security made groundless accusations against China," Shen Danyang, a spokesman for China's Commerce Ministry said
'Terrorist organization'? Turkish hackers face quarter-century prison terms (RT) Members of the RedHack group are facing up to 24 years in prison after prosecutors qualified their activity as aiding an armed terrorist organization. The defense claims the allegations are part of state policy of targeting the opposition. Turkish hacker group RedHack is being held responsible for taking down the central Turkish police website in February, while simultaneously attacking 350 additional police websites across the country
Philippines Supreme Court restrains government from enforcing new cyber law (IT World) The Supreme Court in the Philippines has temporarily restrained the government from enforcing a new controversial cyber law, in response to petitions from civil rights and journalists groups in the country. In a temporary restraining order (TRO), the court on Tuesday enjoined the government from implementing or enforcing the Cybercrime Prevention Act of 2012, which makes online libel a cybercrime with the prospect of being punished twice for one act, allows the authorities to take down a website alleged of violating the cyber law without judicial review, and also provides for collection of real-time traffic data without a warrant or judicial order, according to its critics
Hack into child porn sites instead, DOJ urges hacktivists (GMA Network) Instead of attacking government sites in protest, an anti-cybercrime official on Tuesday evening suggested that hackers hack into those engaging in porn and child porn instead. Cybercrime Office head Assistant Secretary Geronimo Sy said he suggested this at a forum for the implementing rules and regulations for the Cybercrime Prevention Act of 2012
The Center for Internet Security Boosts Government Cybersecurity (Govtech) In 2010, police investigating what appeared to be a relatively minor case of financial fraud made a startling discovery: The case they were working on -- which involved $30,000 stolen from a local college -- was linked to a worldwide crime ring that was using malware to harvest personal data from infected computers and then sending it across the globe
Student accused in UT computer breach (Houston Chronicle) A University of Texas at Austin student is accused of launching a cyber-attack that shut down the university's computer system during spring registration, investigators said. Garret Ross Phillips, 19, of Austin, faces a felony charge of breach of
Supreme Court Terminates Warrantless Electronic Spying Case (Wired) The Supreme Court closed a 6-year-old chapter Tuesday in the Electronic Frontier Foundation's bid to hold the nation's telecoms liable for allegedly providing the National Security Agency with backdoors to eavesdrop, without warrants, on Americans'
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cyber Maryland 2012 (Baltimore, Maryland, Oct 16 - 17, 2012) "Designed for information security insiders, business innovators and aspiring professionals, this two-day conference features national thought leaders, showcases business opportunities and provides outstanding networking. CyberMaryland 2012 is for technology companies, business leaders, students, emerging professionals, policy makers, elected officials, business services and entrepreneurs in public and private enterprise."
National Cyber Security Hall of Fame Inaugural Award Ceremony (Baltimore, Maryland, USA, Oct 17, 2012) Created to honor those who've created the cyber security industry, the National Cyber Security Hall of Fame celebrates its inaugural class this month.