Network Endpoint Security News - Watch Your End

The HSBC Bank is today facing the prospect of investigation after admitting that it has lost a computer disk containing details of 370,000 customers. The disk was last around a month ago after being sent via an external courier from the firm’s offices in Southampton to a third party.

According to the bank, no account details or addresses were included on the disk.

HSBC informed the Financial Services Authority (FSA) about the loss and could now face a fine if the watchdog finds that the bank’s security practices were lax.

The bank has agreed to inform all affected customers, although there is no word on whether it will pay for credit checks for those at risk of identity theft.

According to new research, around ten percent of all malware is designed to use portable storage media, such as removable USB drives, to attack and propagate.

The research found that the most common type of malware on USB sticks was INF/Autorun, a generic identification for malware that tries to use the autorun.inf file as a way of compromising a PC.

Security researchers have unveiled a hardware-based hacking tool which can take over a ‘locked’ Windows PC by connecting directly to the machine’s Firewire port.

The tool, called Winlockpwn, bypasses Windows’s authentication system and lets an attacker take over a “locked” Windows machine without even stealing its password.

With Winlockpwn, the attacker connects a Linux machine to the Firewire port on the target machine. He can then get full read-and-write access to memory and the tool deactivates Windows’s password protection that resides in local memory.

Thankfully, some endpoint security solutions such as Centennial DeviceWall offer protection against such attacks by blocking potentially dangerous communication devices such as Firewire ports, which have little if any legitimate business use.

Hundreds of patient records have been put at risk following the theft of computer equipment from a medical center in Shropshire, UK. The stolen laptop has since been disconnected from the country’s National Health Service (NHS) network, and staff claim the hard disk was protected by encryption software.

However, there is no word on whether a memory stick that was also stolen was similarly protected. The USB stick contained details of 238 patients - including names, date of births, and addresses as well as the details of their speech and language therapy treatment.

The PC and memory stick were stolen while the owner was in an adjacent room in the medical center, highlighting just how easy computer theft is. And it seems that while the NHS Trust concerned has implemented security for laptops, removable media still pose a major risk to patient information.

Research carried out with 21 companies in the UK has revealed that the average cost of a data security breach in 2007 was £1.4 ($2.75 US) million. That equates to around £47 ($92 US) for every single record stolen or exposed.

Companies in the financial sector, which are at a higher risk of a breach, have a cost per stolen record of £55.

The Ponemon Institute, which conducted the research, estimates customer churn rates to go up by an average of 2.5 per cent after a data loss, but the worst example in the UK saw churn rates go up by seven per cent. The size of the losses examined ranged from 2,500 records to more than 125,000 and costs ranged from £84,000 to £3.8m.