Archive for September, 2008
Author: Dave Lewis
September 30, 2008 at 7:24 am · Filed under Crime, Data Security, Military
Bad news for the Royal Air Force. The joys of the ever present USB hard drives have sunk its teeth into the exposed shin of yet another organization.
From Computer Weekly:
Information stored on USB portable hard drives has been stolen from a high-security area at the base of the Service Personnel and Veterans Agency at RAF Innsworth, Gloucester.
The agency provides support services for around 900,000 serving and ex-service personnel. It is unclear how many people are affected by the theft.
The Ministry of Defence admits three disk drives were taken from the high security area of the base. MoD Police and Gloucestershire Police are investigating the theft.
Since the drives (or disks?) where removed from a high security area of the base would it not follow that the range of suspects would be greatly reduced? When I was doing contract work for the US military, back in the day, they would provide be an armed guard as an escort. A friendly reminder that if I tried anything silly that I would have a little extra ventilation for my trouble.
Article Link
Author: Dave Lewis
September 30, 2008 at 7:12 am · Filed under Data Security, Education
Whatever works I guess.
From Silicon.com
Food giant Unilever is turning to virtual worlds and giant purple dragons to turn staff on to guarding valuable corporate data.
In an attempt to woo the “digital natives” - the under-35s who make up the bulk of Unilever’s 165,000 staff worldwide - the company has turned to a Second Life-based virtual world.
It launched its security drive on its own private complex in the virtual world, a gleaming glass office on a sun-drenched leafy island, looking out on a glistening sea.
Sure I’m poking fun but, honestly there is no silver bullet for handling security awareness in a corporate environment. For their sake I hope it works over the long term.
Article Link
Author: Dave Lewis
September 23, 2008 at 8:39 am · Filed under Education, Threats
In the UK the NSPCC’s “ChildLine” will be offering assistance via SMS/Internet to kids in need.
From the BBC:
The NSPCC hopes to reach more at-risk children by making use of the technology that youngsters are comfortable and familiar with.
Early trials by the NSPCC show that boys and girls seek help with family problems in very different ways.
The improved access to ChildLine - 0800 1111 - comes as the NSPCC bids to recruit more people to answer calls.
And some disturbing reasons behind the need for the new services,
NSPCC research suggests that 94% of sexual abuse cases reported to ChildLine in 2005/06 were committed by someone known to the child, and 59% of abusers were family members.
This, said Dame Mary, often meant children had difficulty seeking help without being found out.
Microsoft has ponied up £1.3m in software and services. Very cool. Something like this program needs all the support it can get.
Article Link
Author: Dave Lewis
September 23, 2008 at 8:23 am · Filed under Crime, Data Security, Insider Threat
A former employee of the Texas Lottery said that “accidentally copied the personal data of more than 27,000 Texas lottery winners”. OK, I’m calling BS on his story.
Oops. How did that USB key get there? I must have tripped and fell and “voila”.
The ex-employee downloaded “his own work files off his computer and took them to his next job”. Um, OK. Never known work related files to have a person traveling ability from company to company. Especially when you include the personal info for 27K people.
From the Dallas Morning News:
The names and Social Security numbers of 27,075 mid-level lottery winners — people who have won prizes from $600 up to around $1 million — were on the employee’s hard drive. Also included were the names, Social Security numbers and, in some cases, bank routing and account numbers of 639 current and former commission employees and 534 lottery retailers.
There have been no reports that the information has been used inappropriately, but in a letter sent out on Sept. 11, commission officials advised that the recipients put a fraud alert on their credit reports and check their bank statements.
I smell a rat here. Apparently so did the Texas Attorney’s office otherwise we wouldn’t be having this discussion.
Article Link
Author: Dave Lewis
September 21, 2008 at 11:48 am · Filed under Privacy, Spam/Phishing
Spammers managed to purloin a mailing list that was managed by the BBC. The email accounts that were on the list were then subject to a barrage of, you guessed it, spam.
From the Telegraph:
The spam e-email offered the sex drugs at “US$1.49 per pill” but such advertisements are often a front for identity fraudsters attempting to glean financial information from their victims.
John Whittingdale, chairman of the all-party Commons Culture Committee, called on the BBC to take urgent steps to protect personal details from event the security lapse being repeated.
“This is a very serious incident and I would expect them to take urgent action,” said the Conservative MP.
So, the question is, do you trust your personal information will be handled safely by large organizations?
Article Link
Author: Dave Lewis
September 20, 2008 at 6:56 pm · Filed under News
It has been a weird long ride with the current US administration. We have seen some odd tech security things like the missing email saga and Cheney’s attempt to reclassify this documents as being beyond the reach of the national archive. Well, one of those things has been rectified.
On paper at least.
From CNN:
U.S. District Judge Colleen Kollar-Kotelly found that the records are not excluded from preservation under Presidential Records Act, which gives the national archivist responsibility over the custody of and access to the records at the end of a president’s final term.
The Bush administration had sought a narrow interpretation of the act to allow for fewer materials to be preserved by the National Archives.
“Defendants were only willing to agree to a preservation order that tracked their narrowed interpretation of the PRA’s statutory language,” Kollar-Kotelly said in her order. This position “heightens the Court’s concern” that some records will not be preserved without an injunction.
A very interesting turn of events. I wonder if he/they will comply.
Article Link
Next entries »
