A company-wide software audit is a very healthy thing from a security view-point. Employee's may have downloaded pirated software which is illegal and could contain spy-ware designed to extract your company info.
Thursday, 4 June 2009
Business Software Alliance asks 1,000 London companies to provide a software audit
The BSA is the body that checks compliance for software licencing. This crack-down follows similar campaigns in Manchester and Glasgow.
US Govt accidentally releases secret nuclear list
266 pages of "highly confidential" information regarding civilian nuclear sites and programs was accidentally published by the federal govt according to the New York Times.
Monday, 1 June 2009
Watch out for the Men in Black - just like the films, only real.
Unsuspecting workers on a construction development in Washington got quite a response when they accidental cut through a fiber-optic cable.
Within moments 3 SUV's (black of course) pulled up and 6 men in suits jumped out. "You just hit our line". Whose line was never quite revealed but one could probably assume it was a 'black line' (private, unlisted, secure) belonging to the FBI/CIA/NSA (delete as applicable).
Hollywood would be proud.
65,000 employee records compromised
A job application website page may have exposed 65,000 current and former employee information at Aetna (one of the largest health-care benefit companies in the US).
Once again the breach appears to be with a third-party partner. It is essential that you specify, educate and enforce security policy with third parties as clearly as you do with your own systems.
Sunday, 31 May 2009
Update - $50,000 reward offered for missing White House disks
Following our previous story it has now been revealed that there is a $50,000 reward on offer to recover the missing Clinton administration disks.
Seems like it would have been much cheaper to encrypt them in the first place!
Massive NYC ID and banking scam busted - Bank insiders to blame
A major corporate identity theft ring has been broken up by police in New York.
The gang used insiders working in major banks (including JP Morgan Chase, TD and HSBC) to provide a stream of stolen data.
Once again we see an insider threat realised into a serious crime. If you want help covering the 'insider threat' due diligence within your organisation contact FaberBrent for specialist advice.
Thursday, 28 May 2009
109,000 Pensions Trust records lost
Once again a huge amount of peoples data goes walking out the door on a stolen laptop.
The laptop was stolen from the company that developed the database for Pensions Trust. Data included: addresses, NI numbers, salaries and bank account details. In an all too common pattern the data was not encrypted.
It is key that if you are entrusting third-parties with your customer data that you specify the security level, and audit rights to ensure observation.
"Screensavers" is the web's most dangerous search, also watch out for "Jonas Brothers"
A new piece of research by McAfee has listed the search terms most likely to direct you to a site with malicious code.
In some circumstances more that half of the search returns for 'scrensavers' were dangerous sites.
If you browse the web you should read this.
Monday, 25 May 2009
Stolen RAF hard drives contain senior staff vetting data including drug use, debt and use of prostitutes!
Three hard-drives containing sensitive information went missing from RAF Innsworth last September. The loss of these drives was made public but it has only now become apparent the extent of the information on them.
The data included security vetting information on senior officers. This included (down to fine detail including names, dates, times and places) information regarding drug use, extra-marital affairs, debt, use of prostitutes and medical conditions.
Once again these disks were unencrypted. We say ENCRYPT ALL PORTABLE DATA NOW.
Information Commissioner threatens NHS over thousands of lost medical records
The Independent have lead today with the ongoing pile of serious data breaches by the NHS (we have reported on several of these).
The Information Commissioner has threatened fines and other sanctions against the guilty parties.
We feel that fines will only take away from patient care and the only true deterrent for senior management is ultimately the possibility of a custodial sentence (a la Health and Safety legislation). Only then will we see Public Sector management take this problem seriously. There is a strong argument for a Disclosure Law which is an effective deterrent for the Private sector, but it will have no impact on which NHS trust you use as most NHS patients have to use whichever service falls in their geographic area.
If you run a public or private medical practice and need impartial advice on how to keep your patient data both accessible and secure contact FaberBrent.
Sunday, 24 May 2009
UK to go live with full network of cctv vehicle tracking via APNR
It has been coming for a long time but it now looks like we are about to go live with possibly the most aggressive general intelligence gathering tool in the western world.
Many of us have noticed the ever increasing number of matt-black banks of cctv cameras appearing at road junctions. These are all part of the APNR (Automatic Number-Plate Recognition) system. These combined with existing local authority cctv networks make up a formidable array of cameras.
The software allows the tracking of all vehicle number-plate movements. It is a tremendous tool for addressing general automotive crime but there are some very considerable questions unanswered. There have been no published guidelines as to the who, what and where's regarding accessing the data. The second big question is what this means in court. Does it follow the 'speed-camera' model of definitive evidence, where you are guilty unless you can prove your innocence?
Thursday, 21 May 2009
Bill Clinton's misssing hard drive - 1TB of data unaccounted for
Over 1 terabyte (1000 gigabytes) of data is missing on a lost hard-drive from the Clinton administration.
This data includes personal information about senior politicians and their families.
The drive was stored in an unsecured archive area where 100's of people had access including cleaners and visitors.
The problem of disposing of hard-drives and securely archiving data is a significant challenge.
House of Lords surveillance concerns rejected by UK Govt
A detailed list of concerns and recommendations regarding the very high quantity of surveillance undertaken by the Government has been rejected.
The House of Lords Select Committee reported back in February that over-surveillance was breaking the trust between Government and the people.
The House of Lords Select Committee reported back in February that over-surveillance was breaking the trust between Government and the people.
Wednesday, 20 May 2009
So called "secret questions" are too easily guessed
We will see this week a new study showing how vulnerable our "secret questions" actually are.
Town Centre CCTV has little effect on crime
Home Office funded research shows what most security experts already knew. CCTV is not (and never was) a cure-all for the urban crime environment.
It can be very effective when used correctly for a specific purpose, but anyone who has ever tried to use cctv to identify suspects will know most cameras are defeated by a baseball cap.
Hundreds of millions of pounds have been spent on urban cctv systems in recent years with very little solid data on it's effectiveness (but sure looks impressive when you see a control room with walls of screens). If you have a legacy cctv system and want to know if it doing all it, can contact us for impartial advice.
Austrian Government hide security vulnerabilities in Citizen Card
It has been revealed that the Austrian government has known abouut security vulnerabilities in its Citizen card since 2006.
The real issue here is not that there are vulnerabilities in this system but to understand there are vulnerabilities in all systems. Therefore no single ID system will ever fix the security challenges they profess to address. A legitimate ID card is simply that, a legitimate card. It does not mean the person holding it is legitimate or the data on it is genuine. UK ID card fans please take note.
Personalities most likely to be victims of scammers
A new study by the Office of Fair Trading (OFT) has identified the 20% of people most likely to fall victim to scams and cons.
A very interesting study showing that likely candidates were often successful business men and people with extensive experience in the area the scams were targeted.
It is human nature that we can fall victim to cons (especially in a pressurised business environment where we encourage people to take any advantage) but this can be very costly if it is your companies funds or data that are the ultimate target. The two pillars to mitigate your risk are systemic controls and staff education. If you are concerned and need help contact FaberBrent.
Could GPS fail?
The Global Positioning System (GPS) is a free satellite service run by the US military.
Whilst it seems very unlikely there is a real problem it is an interesting to think of how many companies and individuals are reliant on a service with no contracts, SLA's or comebacks. One could imagine that this story is more about fundraising than anything else.
Tuesday, 19 May 2009
Secret taping in Valeo boardroom by former Chief Exec
Accusations and denials are flying regarding the 'secret' recording of boardroom meetings at major French car parts manufacturer Valeo.
Thierry Morin, the former chairman and chief exec does not deny the recording system but claims it was "unthinkable that no one else was aware".
Thierry Morin, the former chairman and chief exec does not deny the recording system but claims it was "unthinkable that no one else was aware".
French Radio station RTL says that digital recording devices connected to the boardrooms conferencing system automatically activated when the mics switched on. The memory cards were then covertly removed after the meeting. Sounds a lot like a bugging device to us.
Conferencing equipment is a major vulnerability to your business privacy. It doesn't take much imagination to understand that several high-sensitivity microphones connected to a phone line (in other words a conference phone) can easily be manipulated to record/broadcast all of your meetings. Look out for the warning signs and contact FaberBrent to find out how to mitigate this risk.
Teens see hacking as a casual pastime
A report of 4000 14-18 year-olds shows some very surprising data.
20% have some 'advanced' hacking knowledge and a third of them sat they have used it.
66% say they have successfully hacked instant messaging and/or social networking accounts of people known to them.
Even allowing for teenage braggadocio these are still significant figures. What will it mean as this generation grows up?
Subscribe to:
Posts (Atom)
Posts
