March 30, 2007
UK financial advisers, Grant Thornton, says that organizations that fail to lock-down bluetooth connections on company-owned laptops and other portable devices are taking a huge data theft gamble. The company says the number of bluesnarfing attacks - where a connection between two devices is forced without the consent of the target machine - is on the increase.
Grant Thornton gives the unsurprising advice that non-essential bluetooth links should be turned off. But can employees be trusted to do this themselves, or is it better to manage this centrally?
Solutions like Centennial DeviceWall can help extend endpoint security by locking-down bluetooth connections in addition to managing the flow of data through wired communications such as USB and firwire ports. With every new laptop now seemingly enabled for bluetooth out-of-the-box, could 2007 be the year of the ‘bluesnarfer’?
March 27, 2007
A six year-old child has hacked into the UK Parliament’s computer system, installing a keylogger onto an MP’s machine. As part of an experiment run by the UK campaign ‘Get Safe Online’, the minister agreed to leave her PC unattended for 60 seconds.
In a quarter of that time, the schoolgirl had successfully installed an application that monitored every keystroke without anyone noticing. The keylogger, if left undetected, would have recorded everything the MP wrote on her PC in the next six months.
While the MP might have declared herself “surprised” it was probably somewhat predictable that the Houses of Parliament refused to comment. It’s always encouraging to hear stories about the strength of IT security measures applied to government-owned PCs….
More on ITPro
March 23, 2007
A USB flash drive containing 59 documents, many from the council’s Environmental Services Department in Scotland was discovered near a bike shelter close to the council building at Pullar House. A retired man found the device and gave it to a local newspaper. Data on the (unencrypted) thumb drive included 25 spreadsheets which detailed council workers’ pay, insurance contributions, hours worked, health and safety reports, performance reviews as well as budget information.
The loss of the device had gone unnoticed and unreported to police. A council spokesman stated that council workers often take work home on USB flash drives, however no mention of encryption or other precautions were made.
Source: The Register, Perth Advertiser
March 15, 2007
Japan’s Dai Nippon Printing Co. said on Monday a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients including Toyota Motor Corp. Dai Nippon is one of Japan’s largest commerical printing companies. The stolen confidential information included names, addresses and credit card numbers intended for use in direct mailing and other printing services.
What is amazing about this case is that the thefts were traced to a single employee who had been stealing the data from May 2001 through March 2006 by copying information on to floppy disks and other recording media (USB flash drives etc). The former employee was arrested February 20th, nearly six years after he had begun his data theft spree.
A solution to this problem would be products such as Code Green’s Anti-Data-Leakage Network Appliance which monitors content on a network and implements policies regarding removable media devices. Code Green’s solution is also translated into Japanese and Unicode compliant which really gives Japanese companies no excuse when it comes to monitoring where customer data is going and taking steps to prevent internal data theft.
March 1, 2007
We’ve spent a lot of time on WatchYourEnd.com talking about the threats posed by personal storage devices to corporate data. But it seems its not only the employers who are at risk.
Recent statistics from the UK Government’s Home Office suggest that street crime has seen an eight percent rise which is directly attributable to the theft of ‘personal electronics’ such as mobile phones and MP3 players. Worse still, it seems the majority if insurance policies do not cover theft or damage to these devices (or the data contained on them).
