A recent report by PGP showed that 70% of all data breaches were down to insider failings, not outside hackers.
Friday, 15 May 2009
Social engineering and confidence tricks - the easiest way to obtain passwords?
This is a great article on the BBC showing how easy it is to obtain passwords and other confidential information by using basic social engineering and confidence tricks.
Sunday, 10 May 2009
Scope Phase II scrapped - multi-million pound secret IT communications system scrapped by British government
It has been revealed that the government have had to scrap another major IT project. This one was a secret communications network called Scope and the plug has been pulled during the attempted implementation of phase II.
Friday, 8 May 2009
US top secret missile defence system details on EBay hard drive
For the fourth time BT's information research team have carried out a random study of second-hand computer equipment to see if there is any significant data to be retrieved.
Some of the data found included patent medical records, security logs from embassy's, trading figures for a major fashion house and automotive manufacturer and details of a 50 billion proposed currency exchange.
Companies still do not grasp the importance of hard-drive disposal, if you need help contact FaberBrent.
Wednesday, 6 May 2009
Medical details hacked and held for $10 million ransom
In a shocking (but inevitable) development of cybercrime, a criminal group have claimed that they have stolen and encrypted 8.3 million patient records from the Virginia government.
Whilst this claim remains unsubstantiated at the moment (including claims they have stolen their back-up data) there is no doubt that this type of crime will increase.
1,258,862 email addresses; 1,235,122 windows passwords; 8,300 banking login's...this is what the Torpig botnet achieved in 10 days
The University of California took control of a well known botnet for 10 days with some shocking results.
They were monitoring over 180,000 hacked computers and this gave a facinating and very worrying insight into the data that the criminals have access to.
Yet another call for mobile data encryption
Computing magazine have written a full article calling for the encryption of all public mobile data storage.
Lack of security awareness and training is the cause of most data breaches
At Infosec 2009 John Colley (managing director of ICS2) confirmed what we have been saying for a long time; the biggest risk to information security is people, not systems and the most effective thing you can do to minimise this risk is to educate.
Sounds like he has been reading our recent article on Security International.
Sounds like he has been reading our recent article on Security International.
Tuesday, 5 May 2009
Wire-free wiretaps
More information from the recently released 2008 wiretap report from the US.
Interesting analysis shows the trend away from traditional monitoring to far more prolific and successful wireless surveillance.
1 million social security numbers stolen from a car!
Some things in life are challenging and some things are easy.
Knowing that you must never leave your laptop in an unattended vehicle as there is a high risk of theft is basic. Carying a laptop with no significant security measures containing 1 million social security numbers is criminal.
Knowing that you must never leave your laptop in an unattended vehicle as there is a high risk of theft is basic. Carying a laptop with no significant security measures containing 1 million social security numbers is criminal.
Sunday, 3 May 2009
Government moving ahead with total Internet monitoring
So once again we have been misled by our spin orientated goverment.
Dispite Jacqui Smith making public statements about scrapping a central database to monitor all email and communications traffic it has been revealed (although not a supprise to some of us) that GCHQ's 'Mastering the Internet' or MTI program is already 1 year in, and costing £1 billion over 3 years.
Dispite Jacqui Smith making public statements about scrapping a central database to monitor all email and communications traffic it has been revealed (although not a supprise to some of us) that GCHQ's 'Mastering the Internet' or MTI program is already 1 year in, and costing £1 billion over 3 years.
This program is effectivly creating a master database by installing monitoring systems at ISP's and network hubs.
This contract has been split between Lockheed Martin and Detica who are all bound by the OSA (Official Secrets Act) not to reveal details; but for some reason GCHQ saw fit to place a job advert whose tasks include “operational responsibility for the ‘Mastering the Internet’ (MTI) contract”
Thursday, 30 April 2009
Can hackers steal your data from your glasses?
Very interesting article about the threat from side-band attacks.
Whilst this kind of technique has many challenges the concept of monitoring reflective surfaces with a telescope is a classic.
Tuesday, 28 April 2009
US burglars target small business PC's in mass robbery
In one of the first reported cases of its type a business centre in Los Angeles has been the victim of a systematic robbery where over 60 small businesses have lost there computers.
The overnight theft has left an array of different businesses (including attorneys, real-estate management and talent agencies) trying to assess the damage.
For some occupants this may well be terminal event for their business.
It is probably safe to assume that this kind of targeted computer theft will increase, it you want to know how to avoid becoming a victim contact FaberBrent.
UK identity theft up 40%
The first quarter of 2009 has shown a 40% increase in identity theft according to Cifas, the UK's fraud prevention organisation.
We all need to keep a keen eye out for scams, phishing and unsolicited requests and if in doubt, shred.
Sunday, 26 April 2009
Lost business laptops cost the company an average of $50,000 each
A new survey has attempted to quantify the average cost of lost business laptops.
In a survey covering 138 seperate lost laptop incidents losses were calculated using several factors including data breach cost, loss of productivity, investigative costs and other variables.
The minimum damage in the survey was $1,200 and the biggest loss was just short of $1M!
London workers will sell company secrets - for a price
One in three London workers (out of a survey of 600) said they would be prepared to sell their company data and information for the right price.
The amount of access they have is a real eye-opener. Levels of access include; customer data bases (83%); business plans (72%); accounting systems (53%); human resources databases (51%); and IT admin passwords (37%).
The amount of access they have is a real eye-opener. Levels of access include; customer data bases (83%); business plans (72%); accounting systems (53%); human resources databases (51%); and IT admin passwords (37%).
Thursday, 23 April 2009
Luxury car dealers accused of spying for commercial edge
3 senior employees of luxury car dealership Universal Autosports in New York have been accused of illegally accessing the e-mail system of a rival dealer.
Cash prize for smart mobile design
There is now a cash incentive for designers to come up with a design for secure mobile phones.
The Design Council has recognised the considerable crime associated with mobile devices and this has driven the initiative.
UK considering hardwireing to provide on-demand wiretapping
Lord West (the security minister) told Parliament on Monday that the government are considering installing hardware that would provide instant information on demand for all Internet traffic in the UK.
The technology under consideration is Deep Packet Inspection (DPI).
Welsh trial to track schoolkids with GPS to start in May
A trial will be starting in wales in May to track school children during their journey to and from school.
Parents will be able to use a web portal to see their children's geographical location.
Tuesday, 21 April 2009
The British Council has been ordered to encrypt all portable data
Following a loss of a disc containing data on 2,000 people including trade union membership and banking details the British Council has been ordered to encrypt all data by the Information Commissioner's Office (ICO).
We say ENCRYPT ALL PORTABLE DATA NOW, the campaign starts here. How many more 'horses bolted' stories do we need?
Subscribe to:
Posts (Atom)
Posts
