Saturday, 13 June 2009
Robotic one-eyed snake cam
The Israeli military have developed a robotic snake complete with a wireless camera 'eye' for reconnaissance missions.
UK mobile phone directory, opt-out or be listed
There have been many headlines regarding this controversial service. The bottom line is that many millions of us have found our mobile phones in a public directory with very questionable authority.
The company responsible, Connectivity, claim they give out no actual data but only connect with consent. We wonder how long until their data is breached and we all have to get new mobile phones?
To opt out text 'E' to 118800 from the phone you want taken off, it takes up to 4-weeks to be removed. Why 4 weeks when this is an automated database function (surely it should be almost instant?).
What ever way we look at this development it appears to be a significant erosion of privacy.
British Consulate-General sets good InfoSec example in New York
Nice to report a positive public-sector infosec story.
The British Consulate-General in new York has gone public with its use of BeCrypt's USB token authentication system. This multi-factor system allows remote working and data access with a good level of protection.
In our opinion this kind of system should be rolled-out across the public sector.
36% of IT pro's have used their position to view sensitive company data
In another example of insider threats Cyber-Ark's 2009 Trust, Security & Passwords Survey found some very serious results on just how much snooping IT staff are prepared to do.
It is worth considering that often even junior IT staff have access to huge amounts of very confidential company data.
If you don't have checks and processes in place to mitigate this significant risk contact FaberBrent now.
Undercover investigation discovers sensitive military technology can be easily purchased
A US federal watchdog group has discovered poor enforcement of regulations when it comes to the sales of sensitive military technology.
This kind of problem is common across many industries. When times are tough cash is king and people will stretch the rules to make a sale.
If you are concerned about your internal company security, or need help ensuring your third-party suppliers are observing the rules contact FaberBrent for advice.
Sunday, 7 June 2009
NY State Court judge allows surreptitiously obtained emails as evidence - does not constitute a 'wire-tap'
NY State Court judge has allowed covertly obtained emails to be used as evidence in a divorce case.
The judge stated that since the emails were 'viewed' in the husbands account, not 'intercepted in transit' it did not constitute a wire-tap.
Claimed hack of entire T-Mobile US network data
The following has been posted by hackers seeking a reward, so far their claims have been unconfirmed but if true would be shocking.
"Date: Sat, 6 Jun 2009 15:18:06 -0400
Hello world,
The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is
available in 98 of the 100 largest markets and 268 million potential customers.
Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers,
financial documents up to 2009.
We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder.
Please only serious offers, don't waste our time."
Thursday, 4 June 2009
The first British Standard on management of personal data has been published, say hello to BS10012
BS10012 is a long overdue, framework standard for establishing best practice and compliance with the Data Protection act.
Overall it appears to be a very solid standard which clearly identifies a cross-organisational ownership structure and and emphasis on awareness, dynamic improvement and education.
This new standard looks very promising although there will be some challenges integrating it into legacy procedures and policies. If you want to implement BS10012 contact FaberBrent for expert advice.
Business Software Alliance asks 1,000 London companies to provide a software audit
The BSA is the body that checks compliance for software licencing. This crack-down follows similar campaigns in Manchester and Glasgow.
A company-wide software audit is a very healthy thing from a security view-point. Employee's may have downloaded pirated software which is illegal and could contain spy-ware designed to extract your company info.
US Govt accidentally releases secret nuclear list
266 pages of "highly confidential" information regarding civilian nuclear sites and programs was accidentally published by the federal govt according to the New York Times.
Monday, 1 June 2009
Watch out for the Men in Black - just like the films, only real.
Unsuspecting workers on a construction development in Washington got quite a response when they accidental cut through a fiber-optic cable.
Within moments 3 SUV's (black of course) pulled up and 6 men in suits jumped out. "You just hit our line". Whose line was never quite revealed but one could probably assume it was a 'black line' (private, unlisted, secure) belonging to the FBI/CIA/NSA (delete as applicable).
Hollywood would be proud.
65,000 employee records compromised
A job application website page may have exposed 65,000 current and former employee information at Aetna (one of the largest health-care benefit companies in the US).
Once again the breach appears to be with a third-party partner. It is essential that you specify, educate and enforce security policy with third parties as clearly as you do with your own systems.
Sunday, 31 May 2009
Update - $50,000 reward offered for missing White House disks
Following our previous story it has now been revealed that there is a $50,000 reward on offer to recover the missing Clinton administration disks.
Seems like it would have been much cheaper to encrypt them in the first place!
Massive NYC ID and banking scam busted - Bank insiders to blame
A major corporate identity theft ring has been broken up by police in New York.
The gang used insiders working in major banks (including JP Morgan Chase, TD and HSBC) to provide a stream of stolen data.
Once again we see an insider threat realised into a serious crime. If you want help covering the 'insider threat' due diligence within your organisation contact FaberBrent for specialist advice.
Thursday, 28 May 2009
109,000 Pensions Trust records lost
Once again a huge amount of peoples data goes walking out the door on a stolen laptop.
The laptop was stolen from the company that developed the database for Pensions Trust. Data included: addresses, NI numbers, salaries and bank account details. In an all too common pattern the data was not encrypted.
It is key that if you are entrusting third-parties with your customer data that you specify the security level, and audit rights to ensure observation.
"Screensavers" is the web's most dangerous search, also watch out for "Jonas Brothers"
A new piece of research by McAfee has listed the search terms most likely to direct you to a site with malicious code.
In some circumstances more that half of the search returns for 'scrensavers' were dangerous sites.
If you browse the web you should read this.
Monday, 25 May 2009
Stolen RAF hard drives contain senior staff vetting data including drug use, debt and use of prostitutes!
Three hard-drives containing sensitive information went missing from RAF Innsworth last September. The loss of these drives was made public but it has only now become apparent the extent of the information on them.
The data included security vetting information on senior officers. This included (down to fine detail including names, dates, times and places) information regarding drug use, extra-marital affairs, debt, use of prostitutes and medical conditions.
Once again these disks were unencrypted. We say ENCRYPT ALL PORTABLE DATA NOW.
Information Commissioner threatens NHS over thousands of lost medical records
The Independent have lead today with the ongoing pile of serious data breaches by the NHS (we have reported on several of these).
The Information Commissioner has threatened fines and other sanctions against the guilty parties.
We feel that fines will only take away from patient care and the only true deterrent for senior management is ultimately the possibility of a custodial sentence (a la Health and Safety legislation). Only then will we see Public Sector management take this problem seriously. There is a strong argument for a Disclosure Law which is an effective deterrent for the Private sector, but it will have no impact on which NHS trust you use as most NHS patients have to use whichever service falls in their geographic area.
If you run a public or private medical practice and need impartial advice on how to keep your patient data both accessible and secure contact FaberBrent.
Sunday, 24 May 2009
UK to go live with full network of cctv vehicle tracking via APNR
It has been coming for a long time but it now looks like we are about to go live with possibly the most aggressive general intelligence gathering tool in the western world.
Many of us have noticed the ever increasing number of matt-black banks of cctv cameras appearing at road junctions. These are all part of the APNR (Automatic Number-Plate Recognition) system. These combined with existing local authority cctv networks make up a formidable array of cameras.
The software allows the tracking of all vehicle number-plate movements. It is a tremendous tool for addressing general automotive crime but there are some very considerable questions unanswered. There have been no published guidelines as to the who, what and where's regarding accessing the data. The second big question is what this means in court. Does it follow the 'speed-camera' model of definitive evidence, where you are guilty unless you can prove your innocence?
Thursday, 21 May 2009
Bill Clinton's misssing hard drive - 1TB of data unaccounted for
Over 1 terabyte (1000 gigabytes) of data is missing on a lost hard-drive from the Clinton administration.
This data includes personal information about senior politicians and their families.
The drive was stored in an unsecured archive area where 100's of people had access including cleaners and visitors.
The problem of disposing of hard-drives and securely archiving data is a significant challenge.
Subscribe to:
Posts (Atom)
Posts
