Network Endpoint Security News - Watch Your End

UK councils confess to lost data

Matt Fisher — Mon, 14 Apr 2008 08:49:49 +0000

According to research by the BBC, personal data about citizens has been lost or wrongly disclosed by 13 London councils in the last year. Twenty-three councils responded to a request made by the broadcaster under the Freedom of Information act.

In one exaple, highly-sensitive information about children in care was stolen when a council worker took files into a bar.

2008 set for record number of security breaches

Matt Fisher — Wed, 09 Apr 2008 08:46:58 +0000

The Identity Theft Resource Center (ITRC), a not-for-profit organization that helps victims of identity theft, claims that security breaches in the first three months of 2008 have more than doubled over the same period in 2007.

Up to this week, the organization had already recorded 167 incidents that exposed 8,391,871 personal records this year. This was compared to 76 breaches in 2007. For the whole of 2007, the ITRC tracked 446 breaches involving 127,725,343 personal records.

According to the center, breaches in financial institutions have seen a slight decrease. In the US so far in 2008, Educational institutions account for 25 percent of data breaches; Government agencies suffered 18 percent, with medical and health care organizations causing 14 percent of incidents.

HSBC faces investigation over lost disk

Matt Fisher — Mon, 07 Apr 2008 10:04:58 +0000

The HSBC Bank is today facing the prospect of investigation after admitting that it has lost a computer disk containing details of 370,000 customers. The disk was last around a month ago after being sent via an external courier from the firm’s offices in Southampton to a third party.

According to the bank, no account details or addresses were included on the disk.

HSBC informed the Financial Services Authority (FSA) about the loss and could now face a fine if the watchdog finds that the bank’s security practices were lax.

The bank has agreed to inform all affected customers, although there is no word on whether it will pay for credit checks for those at risk of identity theft.

USB malware increases

Matt Fisher — Fri, 04 Apr 2008 10:27:45 +0000

According to new research, around ten percent of all malware is designed to use portable storage media, such as removable USB drives, to attack and propagate.

The research found that the most common type of malware on USB sticks was INF/Autorun, a generic identification for malware that tries to use the autorun.inf file as a way of compromising a PC.

Firewire hacking tool breaks cover

Matt Fisher — Fri, 07 Mar 2008 13:21:48 +0000

Security researchers have unveiled a hardware-based hacking tool which can take over a ‘locked’ Windows PC by connecting directly to the machine’s Firewire port.

The tool, called Winlockpwn, bypasses Windows’s authentication system and lets an attacker take over a “locked” Windows machine without even stealing its password.

With Winlockpwn, the attacker connects a Linux machine to the Firewire port on the target machine. He can then get full read-and-write access to memory and the tool deactivates Windows’s password protection that resides in local memory.

Thankfully, some endpoint security solutions such as Centennial DeviceWall offer protection against such attacks by blocking potentially dangerous communication devices such as Firewire ports, which have little if any legitimate business use.