US (BLOGGER) COMPUTER SECURITY http://t3kd.com/blog/2010/11/30/computer-anti-theft-devices-and-programs/
November 30, 2010
Leave A Comment
by David Ritchie
Many types of PC related anti-theft devices in the market. These are hardware devices that can be bought at Pc related equipment stores, meant to protect your computer from actual physical theft. Some of these anti-theft devices come in several forms and functions.
You’ll find the following three types of computer anti-theft devices in the market:
Lockdown devices such as locks, cables and cabinets
Anti-theft alert systems that blast a loud siren when a computer is stolen.
Tracking systems that help locate a missing computer.
Physical Lockdown Anti-theft Devices
Physical lockdown devices comprise chains, cables, bars, boxes, locks, cabinets and similar devices that prevent a thief from moving a computer from its location. These devices are usually successful at stopping a thief from executing his intentions. These devices work only with the casual thief. There’s another form of thief, the one who is premeditated. Such a thief will come prepared with screwdrivers, cutting pliers, grinding tools or cutters to remove restraining devices.
Sometimes an employee does the stealing, having had enough time to evaluate different ways to work around the lockdown devices.
Anti-theft Devices To Prevent Theft Of Data
Removing a computer totally is the work of a thief who wants to make money by selling the computer’s parts. However, there are people who are interested in removing information, which at times is more valuable. Therefore, computer anti theft devices are designed to restrict access to a component such as a USB port or a CD writer drive. For a USB drive, a USB lock can be inserted which effectively prevents the inserting of a USB device into it.
Anti-theft Devices That Trigger An Alert
When a computer is breached, specially designed Pc related anti theft devices create an alert. The alert can be a loud alarm similar to that of a siren. The loud noise detracts the thief from the planned theft. This is probably the most effective anti-theft device for a computer. The only issue is that it takes a few minutes for the police to arrive at the scene, by which time even if the alert goes off, a thief will have enough time to make way with at least 1 or 2 computers.
Asset Tracking Anti-theft Devices
Hardware or a software component is inserted into a computer when it is manufactured. This Pc related component is activated every time the computer is in use. Once it’s on, it connects immediately to the internet, posting its exact location and status.
When such a computer is stolen, the owner can monitor its location through the website of the tracker. It’s possible to point out the exact pinpoint location of the computer so that the authorities can get hold of the thief and the asset.
PC related asset-tracking devices may help get the computer back, but data theft cannot be prevented. That is a very sensitive issue with banks and large corporate who store a great deal of sensitive data in their computers.
Interested in how to increase computer speed? SpeedMyComputer.net – best PC optimizers review.
Related Posts:
No Related Posts
Written by David Ritchie
I'm a software developer, currently freelancing, with over 2 years of professional development in data recovery. From time to time I write articles for ZeoBIT LLC (professional software development for Windows and Mac OS platforms). I have two wonderful kids that drive me nuts.
Visit www.barracudasecurity.com
Tuesday, November 30, 2010
Friday, May 21, 2010
US COMPUTER SECURITY http://www.articlesbase.com/data-recovery-articles/data-security-3-tips-to-keep-your-data-safe-2419171.html
Posted: May 21, 2010
Most of us who work with computers (which, these days, would include just about everyone) have built our lives around these machines. Our entire identies - confidential letters, emails, sensitive spreadsheets, documents, presentations, pictures, etc. are stored on our computers. Despite the enormous amount of personal data stored on our computers, few of us take the time to actually keep it protected and safe. Here are a few tips to help you get started on this path:
1. Backup Your FilesIdeally, you should have two backups of your data: a local backup through an external hard drive, and a remote backup online. You should keep a copy of pretty much everything on your computer on an external hard drive - a mirror image of your system. In addition, you should keep an additional copy of your most important files in an online backup service. These services, which number into dozens (though you should pick the most reputed ones, such as the ones offered by Microsoft, Box.net, etc.) not only give remote access to your files, but also protect them from loss, theft, or hacking.
2. Adequately Protect Your ComputerDo you have an anti-virus installed? If yes, do you regularly update it with the latest anti-virus definitions? How often do you scan your computer for threats? What about anti-spyware/malware? Do you have software that automatically, and actively protects you against malicious websites or software?
These are some of the questions you must answer if you want to protect your computer adequately. It is frightening to find so many people still without a proper anti-virus software on their computer. Don't make this mistake: protect your computer from external threats as much as you can.
3. Be Wary of TheftsThis may sound trivial, but make sure that you take all precautions to protect your computer from being stolen. While desktop computers are obviously much harder to steal that laptops, the latter can be easily picked up by anyone if you keep them unsupervised. Never keep your laptop unsupervised in a visible location (such as a car or coffee shop). Nowadays, you can get security software that will not only lock your data in case of theft, but also help you find it through GPS tracking. If you travel frequently, or are in a habit of using your laptop outdoors, it is recommended that you install such software on your system.
(ArticlesBase SC #2419171)
Read more: http://www.articlesbase.com/data-recovery-articles/data-security-3-tips-to-keep-your-data-safe-2419171.html#ixzz0oc0OZnFx
Under Creative Commons License: Attribution
Posted: May 21, 2010
Wednesday, February 10, 2010
GLOBAL COMPUTER SECURITY http://www.articletrove.co.cc/?p=1620#more-1620
Monday, August 24, 2009
CALIFORNIA (UPDATE) COMPUTER THEFT VICTIMS REACH OUT FOR SUPPORT St. Elisabeth School
Home of the Learning Academies
SAD NEWS
We are so devastated to report that our school was burglarized on Friday Night.
We are working closely with the Police and will be open for business as usual.
We did lose our netbook computers, but we believe that through God's grace and the goodness of the larger community that we will find a way to overcome this setback.
*
Help us rebuild our laptop program. Click here to donate
Monday, August 10, 2009
MASSACHUSETTS COMPUTERS STOLEN Community Center Set Back: Theft « DoctorMO’s Blag:
Community Center Set Back: Theft
I have some bad news for people who were following my progress in getting an Ubuntu computer lab set up for a local Boston housing project. someone broke in to the secure server room and pinched all the computers and most of the monitors.
Rather sad set of affairs really and now we only have 2 machines left (which were somewhere else for repairs) and we hadn’t even gotten the center off the ground yet. So the task force will be looking to the Boston city to see if they can get some more computers to replace the stolen ones and the police will do their best to track old city office computers.
I just have to think, what could they possibly do with computers that old anyway? They’d only just about run Ubuntu well enough to do browsing web and a couple of other things. Oh well, best to just move forwards I guess and there is a grant in the works and locals who will no doubt step forward with help, so never fear.
Update: There was yet another break in, although nothing was stolen since we moved everything that was left behind. It’s shocking that these people would have the gall to try it again.
Friday, May 29, 2009
109,000 pension holders at risk after laptop stolen
It seems hardly a day goes past without news of a lost laptop containing sensitive unencrypted data or a mislaid USB memory stick.
The latest victims are some 109,000 pension holders whose data was on a laptop computer at the offices of Marlow-based NorthgateArinso, a British software provider who supplied the computerised pensions administration system to The Pensions Trust.
The stolen laptop included such sensitive data as names and addresses, dates of birth, National Insurance numbers, employer names, salary details, and bank account details. More information about the affected pension schemes can be found in this BBC News report.
NorthgateArinso published a statement on its website saying that the PC was password-protected, but choosing not to mention that the data was not encrypted:
The Police authorities have confirmed that they are investigating the loss, and believe the theft to be opportunistic rather than a targeted attempt to steal data. However, with awareness growing of the value of identity and banking information we can expect to see more and more petty crooks understanding that the computer they have stolen may have more value than a brand new PC on the shelf of a high street store.
Of course, you'd expect me to bemoan that the disk wasn't properly encrypted. And yes, it is horrendous that such sensitive information wasn't being held securely.
But the big question that instantly springs to my mind is this: Why on earth was there any need to use live data for testing and training purposes in the first place? If a large amount of data needed to be used for testing purposes or statistical analysis then it should have been sanitised beforehand, by wiping out identifying information.
Too many organisations are making too many errors when it comes to properly securing the public's personal information.
Posted on May 29th, 2009 by Graham Cluley, SophosMonday, January 26, 2009
Server stolen
Here is a story that make you think about how your backups are being done. I copied this from one of my user group feeds. Very disturbing.
Server was not in a separate/locked/interior room. No security system installed.
They are still in shock over the break-in. This is a local family owned
30 year old landscaping service business. This sort of wake-up call is
painful (but could have been much worse). There have been two
smash/grab break-ins at different clients locations in the past 2
months. Yes the economy is causing an increase in criminal activity in
our area. This client will be sending a letter out to all their
customers and employees regarding this incident and the potential loss
of information that could be used for identity theft (QB Payroll
information. They are not legally required to do so (they were told by
the Sheriff's Department.
Friday, November 14, 2008
Comments on Database Media Protection
Rich posted an article on database and media encryption (aka Data at Rest) earlier this week, discussing the major alternatives for keeping database media safe. Prior to posting it, he asked me to preview the contents for accuracy, which I did, and I think Rich covers the major textbook approaches one needs to consider. I did want to add a little color to this discussion in terms of threat models and motivation- regarding why these options should be considered, as well as some additional practical considerations in the use and selection of encryption for data at rest.
Media Encryption: Typically the motivation behind media encryption is to thwart people from stealing sensitive information in the event that the media is lost or stolen , and falls into the wrong hands. If your backup tape falls off the back of a truck, for example, it cannot be read and the information sold. But there are a couple other reasons as well.
Tampering with snapshots or media is another problem encryption helps address, as both media and file encryption resist tampering- both in long-term media storage, and file/folder level encryption for short-term snapshots. If a malicious insider can alter the most recent backups, and force some form of failure to the system, the altered data would be restored. As this becomes the master record of events, the likelihood of catching and discovering this attack would be very difficult. Encrypted backups with proper separation of duties makes this at least difficult, and hopefully impossible.
In a similar scenario, if someone was to gain access to backups, or the appliance that encrypts and performs key management, they could perform a type of denial of service attack. This might be to erase some piece of history that was recorded in the database, or as leverage to blackmail a company. Regardless of encryption method, redundancy in key management, encryption software/hardware, and backups becomes necessary; otherwise you have simply swapped one security threat for another.
External File or Folder Encryption. If you rely on smaller regional database servers, in bank branch offices for example, theft of the physical device is something to consider. In secured data centers, or where large hardware is used, the odds of this happening are slim. In the case of servers sitting in a rack in an office closet, this is not so rare. This stuff is not stored in a vault, and much in the same way file and folder encryption helps with stolen laptops, it can also help if someone walks off with a server. How and where to store keys in this type of environment needs to be considered as well, for both operational consistency and security.
Native Database Object Encryption: This is becoming the most common method for encrypting database data, and while it might sound obvious to some, there are historical reasons why this trend is only recently becoming the standard. The recent popularity is because database encryption tends to work seamlessly with most existing application processes and it usually (now) performs quite well, thanks to optimizations by database vendors. As it becomes more common, the attacks will also become more common. Native database encryption helps address a couple specific issues. The first is that archived data is already in an encrypted state, and therefore backups are protected against privacy or tampering problems. Second, encryption helps enforce separation of duties provided that the access controls, group privileges, and roles are properly set up.
However, there are a number of more subtle attacks on the database that need to be considered. How objects and structures are named, and how they are used, and other unencrypted columns, can all ‘leak’ information. While the primary sensitive data is encrypted, if the structures or naming conventions are poorly designed, or compound columns are used, information may be unintentionally available by inference. Also, stored procedures or service accounts that have permissions to examine these encrypted columns can be used to bypass authorization checks and access the data, so both direct and indirect access rights need to be periodically reviewed. In some rare cases I have seen read & write access to encrypted columns left open, as the admin felt that if the data was protected it was safe, but overwriting the column with zeros proved otherwise. Finally, some of the memory scanning database monitoring technologies have access to cached data in its unencrypted state, so make sure caching does not leave a hole you thought was closed.
Hopefully this went a little beyond specific tools and their usage, and provided some food for thought. You will need to consider how encryption alters your disaster recovery strategy, both with the backups, as well as with encryption software/hardware and key management infrastructure. It affects the whole data eco-system, so you need to consider all aspects of the data life-cycle this touches. And some of you may consider the threats I raised above as far-fetched, but if you think like a criminal or watch the news often enough, you will see examples of these sorts of attacks from time to time.
-Adrian
Monday, November 10, 2008
US (BLOGGER) INSURANCE AND COMPUTER SECURITY http://insurance-claim-secrets.blogspot.com/2008/11/electronics-insurance-are-your.html
SEE linked Blog Site for full Article......................
Saturday, November 8, 2008
Electronics Insurance: Are Your Electronics and Computers Covered by Your Insurance?
There is a lot of misinformation today about consumer electronics and how it is treated by insurance companies. Most people I talk to think that if they have homeowners or renters insurance, their consumer electronics are covered.But they usually find out that their assumptions aren’t true…at claims time.
Sure, some of the property is covered. But there are a bunch of limits and exclusions that will surprise you if you have a loss and file a claim.
Don’t wait until claim time to learn about this important coverage. Read this article carefully and make good decisions about your coverage.
Twenty years ago, consumer computer usage and ownership was not all that common. If you owned a cell phone, you carried it in a bag the size of a small purse. There were few home fax machines. Answering machines were pretty common, but voicemail was still on the horizon. Scanners were non-existent. Printers and copiers were huge and expensive, and you didn’t see them in most homes. If you were the rare person who had satellite TV, the dish was about eight feet across and sat out in the back yard. And Personal Digital Assistants (PDAs) and MP3 players had not been invented yet.
But today....
In our home we have:
• two desktop computers with monitors
• four laptop computers
• four printers
• one stand-alone fax machine
• one combination fax, scanner, copier
• three TVs
• two VCRs
• one digital video camera with tripod for our home recording studio
• one audio mixing board, one microphone, one amplifier, two external soundcards, and a 500GB hard drive, all for our home recording studio
• two DVD players
• two cell phones, one smartphone, each with voicemail
• one satellite TV system with a 24” dish on the roof
• two Ipods
Thursday, September 04, 2008
US (BLOGGER) COMMENTARY ON PROTECTING BUSINESS DATA The Enemeies of Business Data
Unmasking the enemies of business data, and how to avoid them
In a previous article, we discussed the 3 R’s of the backup solution for small businesses, and why it is essential to have the best backup solution for your business.
This month, we will unmask the 5 enemies of business data, so that you know WHY it so vital to have the best backup solution for your business.
The 5 enemies are:
1. Hard disk failures
2. Viruses
3. Theft
4. Software bugs
5. Lightning and other environmental factors
Let’s talk about hard disk failures first. The hard drive(s) in your computer system are where your business data is stored. The hard drive is made up of two or more rigid disk-shaped platters that spin at a very high speed. The “heads” hover over the spinning disk platters reading and writing to the disk. The clearance between the spinning disk platters and the “heads” is much less than the width of a human hair. It is truly an amazing engineering feat, but it has its potential problems.
Basically, hard disks fail because those “heads” come in contact with one of more of the spinning disk platters. Hard disks can fail at any time. They may last one month, one year, or many years. They may fail the day after you get your new computer. The uncertainty of when your hard disk will fail, and it will fail, should prompt you to invest in a backup solution for your business.
The next enemy of your business data are viruses. Computer viruses operate in much the same way as human viruses. Just as a virus makes you sick, a computer virus makes your computer “sick”. It is estimated that computer viruses cost businesses approximately 55 billion dollars in damage in 2003, and it has gone up every year. There are approximately 2-3 new viruses created every day! A virus on your computer can at best be a nuisance, but most of them are there to delete, steal, or ruin your data. So be sure your business is protected by good virus protection software and a reliable backup solution.
The third enemy is theft. You will be shocked at these alarming statistics!
1. Laptop theft doubled in 2004 since 2001
2. FBI survey revealed that more than 600,000 laptops and desktop computers were stolen in 2003, and that number has remained steady according to the latest survey - 3.97% of stolen laptops and desktops were NEVER recovered
3. The average company loss due to theft of just one computer is $47,000
4. Nearly three 75% of survey respondent companies from a BSI computer theft survey had between 1 and 9 computers stolen in the last 12 months (2004). Nearly 10% replied that they had more than 25 computers stolen in the last 12 months
5. 67.7 % of respondents reported the estimated value of data on their stolen computer at $25,000 or less; 9.2% estimated the value at $1,000,000 or more, and 2.3% estimated the value at more than $10,000,000
6. The next computer theft will occur before you finish reading this article.
I personally know of two companies whose computer were stolen. One had their laptop stolen and the other had all of the desktops stolen. In both cases, the thieves were never found nor were the stolen computers recovered.
The fourth enemy is software bugs. Have you suffered the frustration of clicking on an application to open it and when it opened, nothing was there, or only partial information was shown? That is most always caused by a software bug. A software bug is a programming error in the software code that causes problems in applications. According to Carnegie Mellon University’s CyLab Sustainable Computing Consort-ium, there are 20 to 30 software bugs per every 1000 lines of code in the typical commercial software. That is the software you buy to help you business. As an example, I have a client who clicked on her client contact application and when it opened, all her contacts were gone. But since she was backing up her data, she was able to get those contacts back. You never know when an application will fail. It can work for months or even years, then suddenly, it fails and the information is gone!
The fifth and final enemy of your business data is lightning. Although there are other environmental factors, we are focusing on lightning because it will affect every business no matter where they are located. According to data loss statistics for the years 2000 and 2001, lightning was fourth following accidents, theft, and power surges as the causes of computer data loss. Here are five statistics about lightning in the US:
1. There are 2000 thunderstorms occuring at any given moment
2. There are 100 lightning strikes every second
3. There are 8 million lightning strikes every day
4. There are 1 billion volts in a lightning flash
5. The average lightning flash would light a 100 watt light bulb for 3 months
Lightning can strike up to 5 miles away and still cause damage to your computer.
So, make sure your business is secure from these 5 enemies of your business data.
For your entire backup needs call Pulkin Computer Services at 770-381-8611 and mention this article.
Wednesday, September 03, 2008
TEXAS (INFORMATION WEEK) BLOGGER ARTICLE ON DATA THEFT Data Theft - Storage Blog - InformationWeek
Data Theft
The ability to steal company data is no more real today than it was five years ago, but the volume of data that can be stolen is.
This Labor Day weekend I was strolling through the local discount computer store and was reminded of one of the biggest concerns I have been hearing from CIO's lately -- data theft. There are 1-TB USB external hard drives floating around $300 and small, pocket 250-GB drives at around $150.
The real issue is would you rather block or tackle? In yesterday's entry I discussed file auditing and one of its capabilities to know who copied a file and to where. If someone were to copy company-sensitive data you could be alerted to that and stop them before they got out the door ... tackling. You would be better served had that copy never happened in the first place ... blocking. The ultimate would be to have both auditing and blocking integrated so the two applications could work together, sharing policies and metadata... data supervision.
One of the challenges is most people don't see this as stealing, they see it as more the data equivalent of taking home a box of pens from the supply closet. Actually, the office supplies are held in higher regard, probably because they are tangible. People just don't hold digital content in as high regard as cash. A person that would never take a $100 bill off your desk might very well rip a copy of the latest CD or DVD, or might also take home a customer list, a prospect database, Excel, or Word templates. The attitude is that this is not "really stealing."
It falls on the shoulders of the IT professional to lock this data down, while not making the environment too cumbersome to work with. This makes the more draconian approaches, like disabling all USB devices, impractical, and it is the void that data blocking tools could fill. These products allow you to set policies that only allow certain types of users to copy certain types of files to certain types of devices. They can have full access to the files as long as they stay on the network, but allow you to restrict their movement beyond that. I think they are becoming a key requirement in the enterprise.
Data supervision integrates auditing with blocking (among other capabilities) to allow shared policy and common metadata databases. Doing so simplifies the process and allows further examination of what is happening in your enterprise. Say, for example, an executive in your organization has full access and can copy virtually anything to USB devices. You can still have an alert that warns if anyone in the organization is copying a large amount of data to a device in a short period of time -- blocking could then step in and stop the transfer.
For example, if you are in the oil and gas market and suddenly 500 GB of SEG-Y data is being copied to a local USB drive, that could be legitimate, but it also could betheft . With data supervision you will be able to suspend the transfer, investigate who is making the transfer, and why. Then you can make an informed decision as to if that transfer should be allowed to continue.
There is a significant amount of corporate assets that only see life in digital form. Don't let that data walk out the door on a pocket hard drive.
Track us on Twitter: http://twitter.com/storageswiss.
Subscribe to our RSS feed.
George Crump is founder of Storage Switzerland, an analyst firm focused on the virtualization and storage marketplaces. It provides strategic consulting and analysis to storage users, suppliers, and integrators. An industry veteran of more than 25 years, Crump has held engineering and sales positions at various IT industry manufacturers and integrators. Prior to Storage Switzerland, he was CTO at one of the nation's largest integrators.
Monday, July 07, 2008
Mary Rosenblum was a terrific instructor to follow Paul Park. She's one of Clarion West's graduates, and has built a reputation for strong, humane hard science fiction, a mystery series, and for her award-winning short stories. She helped move the students into our usual Milford-style workshop critiquing. She's a smart critiquer, and very good at taking stories for what they aspire to be and helping point the way toward that goal. I really enjoyed hearing her critiques.
Her reading on Tuesday night was great--she read an alternate history mystery story from a new anthology of them. Hers was set in a Mexico where Europeans and disease hadn't wiped out the native population, and where as well the Chinese explorers had had a greater impact. It was a delightful story: clever, with fascinating details woven in throughout.
The week was capped by something horrible that brought out something wonderful: while the students were in class downstairs, someone broke into the third floor of the house where our students are living and stole four laptops and some personal effects. I feel terrible for the students--some lost work, some lost family photos, some have had to go online and change passwords, etc. It has been a harrowing experience for them--more than just annoying, because a laptop while you're at the workshop is almost as important as a hand. Not only do you write on it and use it to mail your story to Kinko's, but it's also your lifeline to home and your personal support network.
The students are all upset, of course, but trying hard not to let it ruin their time at the workshop. The wonderful part is how the community responded. One of the students (who wasn't involved) blogged about the event, and people picked it up and rallied around with offers ofcomputer loaners and office supplies, and donations to start a replacement fund. There were lots of queries, so we posted on our website and other friends of Clarion West posted on theirs, and within 48 hours of the theft we had enough in donations to replace the laptops.
What an amazing, heartwarming conclusion. The students still have lost what they've lost, but the support, both emotional and financial, has been mind-blowing.
Thanks, everyone, for doing what you could, whether you helped spread the word, sent a message of support to the class, are watching ebay and craigslist and all to see if we can catch the perpetrators, offered a loaner, or made a donation to replace thecomputers . The way the community is rallied around really helped the students feel that they're not alone in this. The support means a lot: to them, and to Clarion West (and to me!)
One thing it has made me see is that people really understand how intense attending Clarion West is, and what the students were going through already when they had the additional stress of this invasion of their workshop home. The sympathy and support has been really affecting. This is such a generous, responsive community. I'm in awe.
As I type this, Leslie has the affected students with her to buy them new laptops. We're also going to make certain they have both the software and hardware to keep writing (and lock-down cables). It's possible that donations may exceed what we need to do this, and if so, we will be returning them proportionally to the donors.
All I can say is thank you. Wow.
In personal news: today is Jim's birthday. We had dinner and cake last night with Karen and Barry and will be having sushi then cake with the family and neighbours tonight. If you want to wish him a happy birthday, you can email him at jmg @ zipcon . com (remove the spaces).
For more about what I'm listening to, books I read, and my writing this week, see Les Semaines
.Thursday, June 19, 2008
US (BLOGGER) LOST COMPUTER LAPTOP PROPOGANDA Security Musings: Lost Laptop Propaganda
Another lost laptop story, this time from the UK. The details of the theft aren’t too unique – laptops with sensitive patient data were stolen from a hospital and a doctor’s house, and while the files were supposed to be encrypted, they weren’t. This story, much like every other data leak story, brings up the same arguments for why it isn’t a big deal:
- “The data, which also cannot be accessed without passwords, contained patients’ names, postcodes, hospital numbers and dates of birth.” (Emphasis added)
Passwords are ridiculously weak forms of security, and, if the files aren’t encrypted, chances are the statement that access is impossible without a password is most likely just flat-out wrong - “However they insisted there was no reason to believe the computers had been targeted for the information they contained, merely for their monetary value.”
Targeted or otherwise, the data is now freely accessible to the thief. There’s equally no reason to believe that this will not be exploited. While historically, thieves are just in it for the quick score, that’s not really a guarantee. - “However he insisted that only someone with ‘specialist computer knowledge’ would be able to crack the passwords and access it.”
It’s not too hard to find people who know their way around a computer. And, thanks to the internet, specialist-type information is ridiculously easy to find. - “‘We believe the data will almost certainly be wiped by the thief so he can get a quick sale. “
Without any evidence that this is the case, you can believe whatever you want. I’m sure that’s really comforting to the people whose data is at risk. - “The hospital has stressed that the data was only a copy of information stored centrally, so no details of appointments or treatment have been irreparably lost.”
Well, thank goodness the people responsible for the data didn’t get hurt.
Every story about a data leak, regardless of the source (hospital, bank, etc), always seems to contain the same PR spin. “Well, the files are password protected anyway, and the person who stole them probably isn’t even going to notice, and it doesn’t matter because they probably just want to wipe the hard drive and sell the machine anyway, so, no hard feelings, okay? We’re sorry we weren’t adhering to the applicable laws and data protection standards, but this probably isn’t a big deal anyway.”
I understand the desire to try to mitigate the problem and reassure customers that things will “be alright”. But, these arguments are at best wishful thinking and at worst outright lying. If someone’s data could have been compromised, they need to understand the steps they need to take to protect themselves, not be reassured that it’s probably not a big deal.
Wednesday, April 23, 2008
Playing It Safe With Laptops
April 23rd, 2008Having switched from a desktop to a notebook as my primary computing device (not considering the PS3), being conscious about the added vulnerability of personal data is now imperative. It would be terrible if the laptop was lost or stolen , of course, but there is now the more probable risk of accidentally damaging the portable machine (not that I am sloppy, but it is reassuring to know that I am protected from hard drive damage due to dropping the laptop, or from accidentally yanking it off the coffee table).
Some habits are really worth adopting in order to minimize the pain of going through data loss and/or recovery - even more so in the case of theft (fact: about 97% of stolen computers are never recovered). There are scores of data recovery services available, but they generally seem to take advantage of the customers’ cornered situations and charge a heavy premium for fetching data from a damaged laptop (often more than the cost of a newcomputer). Of course, there are some pre-emptive solutions available such as PCPhoneHome or LaptopLocate.net, which can help track down machines by monitoring their location. With the iAlertU freeware application, you can even add “car alarm” or security cameraiSight-equipped Apple notebook. protection for an
The first and most vital thing to do for any computer user, is to use a backup storage device. The simplest form of this would be to connect an external hard drive. Hard drives with encryption features allow locking down of personal information as all data stored on the drive is inaccessible without a master password. While it is possible to back up data on optical media like DVDs, this is a cumbersome repetitive chore and requires a lot of sorting and organization for the backed up information to be easily accessible.
External drives can play well with automated backup software, thus making what would otherwise be a daily chore as an invisible background task for thecomputer. My external hard drive is network-attached, which eliminates the need to constantly plug it into a laptop, and additionally allows moving all media files to the external drive so they are accessible from all sharedcomputers on the home network. On the flip side, this does have the disadvantage of not being able to access your media outside the home (unless you open up the drive for internet access).
I often find myself minimizing the kind of personal data that is stored on the notebook’s hard drive. I typically use my Gmail account as a network archive as this makes my files retrievable from any computer with an internet connection (more on how to make this process more convenient in a future tutorial). This benefits both security and accessibility, and prevents losing years of data and pictures along with the laptop. There are new web services cropping up now, that recognize this activity and endeavor to help organize data tucked away in your email attachments. Xoopit is one such service that ties in with a Gmail account.
What is your favorite strategy?
Monday, April 21, 2008
US (BLOGGGER) HOME IDENTITY THEFT SECURITY Preventing Identity Theft
A Security Matter to All Business Software Users!
As we all know identity theft has become an extensive problem in today’s world. Fortunately people nowadays are familiar with the problem of identity theft and the basic defence needed to protect ourselves.
Just a number of simple tips can prevent your data from falling into the wrong hands. Things like shredding or incinerating identifying documents, changing passwords regularly, and keeping PIN numbers separate from our ATM cards. These steps will beyond doubt help to keep you as an individual, safe.
But unfortunately a home-based business makes you an attractive target for burglary and theft, thieves knows that in effect they can rob two places for the price of one that is your home, and your home business.
So security is absolutely imperative, and must begin with files that are kept on your computer. Make sure that a password is used to protect your desktop, even if you are the only one who normally has access to your system. A good password utilizes both letters and numbers, and is difficult to guess. Should the computer be stolen , the information contained within will still be protected. Especially sensitive documents can be individually password protected with many types of software programs before selling or trashing your computer.
You will need to invest in a high quality wipe program that eliminates all traces of data from the hard drive. Hackers often steal junkedcomputers or buy them from pawnshops in hopes of tracing residual information; they have the equipment and technology to do this.
Make sure that all files are regularly backed up to a separate drive, and this must be separately protected. Options can include an external hard drive that can be locked in a safe, or hidden somewhere safe, or even a miniature flash drives that can be clipped to a keychain. In that way, if your main computer is unfortunately stolen, you will still have imperative access to your customer records.
Be exceptionally scrupulous about your internet connection. A firewall and top quality antivirus software are absolutely critical; your best offence is an active defence, so set your programs above all your operating system, to update automatically, many of the updates are designed to fix security problems. By utilizing your firewall and automatically updating your programs, you will go a long way toward defending yourself and your customers’ information.
But if you plan to have customers submit any form of personal data to you through your website, and in particular if you offer online ordering, your website must truly be secure.
So a most have is Secure Socket Layering, as most of us now know, this is the technical name of encryption, the software scrambles the data as it is transmitting, thus preventing the data from falling into the wrong hands. This is one expense that you basically must accept, as non-SSL transmissions are easily viewable by others on the internet.
Protecting your customers’ information is relatively easy, just remember to follow the general identity theft protection procedures for your customers’ data as well as your own, utilize SSL, excellent firewall and antivirus software, and back up and password protect your client files.
At all times practice standard identity protection procedures for your clients as well as yourself. Frequently updated firewall and antivirus software, and make this become a habit, because if you can get into this habit, you will be doing your best to protect yourself and your business, and you will find it easy to keep this up as your business grows.Thursday, March 20, 2008
SOUTH DAKOTA (BLOGGER) STUDENT STEALS COMPUTER http://zsimmons.wordpress.com/2008/03/18/so-today-something-i-had-dreaded-finally-happened/
SO TODAY SOMETHING I HAD DREADED FINALLY HAPPENED, but first a little back-story: Our district is blessed to have a lot of monetary resources and fair bit of that goes toward technology. Most schools are not this fortunate in this way, but the circumstances here are acute enough, and the percentage of native students high enough that we get a lot of federal support, in the form of dollars poured on problems. Also it helps that the district has an excellent grant writer who’s managed to help to channel a lot of that federal money our way. Although all the technology helps in some ways, i’m not convinced that money couldn’t have been spent in better ways. Anyway, so there is a lot of technology in the district, lots of smart boards and computers, not exactly what you expect on the front lines of educational inequality. We don’t have 30 children sharing one textbook or computers with floppy(5.25 inch) drives. The challenges are different. In my classroom this technology is manifest in a cart of 20 MacBooks. These are pretty nice machines, and i have 20 of them. I have no class that has that many students. I’ve always been a bit paranoid about using them, because it can be hard to manage. Some of the kids have a knack for doing exactly what they’re not supposed to be doing on a computer. Also, they’re expensive and after the number of them that have gotten stolen in past years, teachers are now responsible if they turn up missing. Today, i had an assignment (that only a couple of students were working on) where they were supposed to do some research on the web about different kinds of energy resources. We’re learning about energy in terms of physics this unit and i had really wanted to work in a little bit about where our energy comes from, renewable energy, etc. Anyway, at the end of 1st hour, as i was cleaning up for 2nd hour, I went to close the computer cabinet and #10 was not there. I looked around, a student must have left it on a desk or something. Nope, hmm, must be under some papers, did they hide it? No? I scoured the room and my mind, where did it go? Shit! The students who had been working on the computers were really good kids, i couldn’t imagine that they had swiped a computer. WTF? I qc’d our tech person and told her the situation. She told me who to talk to and i informed them too. So during the next class period the wheels were turning. They interviewed the students who had used the computers and still nothing. At the end of 2nd period, an announcement over the intercom: Teachers hold your students in the room and account for all your students, i.e. lock-down. Security went through and opened student lockers in search of the missing computer while students were held in their classes. It turned up (WHEW) but that meant that one of my students stole a computer(BUMMER). I got it back, hes on his way to jail, and it saddens me. He’s a goofy kid, not a great student, but not a mean one either. I never imagined he’d swipe something. From what i gather, he was in a spot and desperate. I can only imagine the predicament he was in. I only hope this bad experience serves as a lesson and sets him back on the good path.
Filed under: School
TENNESSEE (BLOGGER )COMMENTS ON DATA THEFT http://www.taborcg.com/?p=30
I have started to use a new open source program called “TrueCrypt” and I wanted to share some of my first impressions.
Data protection is quickly becoming the number one priority in computer security. In fact it could be argued that the data carried on your computer is more valuable than the computer itself. For example, last year the Nashville Election Commission had stolen a laptop containing data on every Nashville voter. With this data a criminal could have assumed the identify of any Nashville voter and done any of the typical “identify theft” things such as opened credit card accounts under that ID, opened/closed utilities, etc, etc. Fortunately Nashville got the laptop back, but the other data loss situations are popping up all the time.
It’s a fact of life that someone is going to lose a computer component that will have sensitive data on it. Be it a laptop, desktop hard drive, backup tape, or USB thumb drive, accidental loss or just plan theft will occur. Of course when that laptop is stolen, did the thief just steal it to pawn for drug money, or was it a calculated attack aim at getting sensitive data? Who’s to say that even if it did get pawned, what if the new owner finds the data and sells it? The only sure defense for your data is to encrypt it, and that is what TrueCrypt does.
TrueCrypt takes different approaches to how it encrypts your data. One method is the concept of using a “virtual drive” or “drive image”. Basically, a “virtual drive” or “drive image” is a file on the hard drive which the OS (Windows in this case) “mounts” as a normal drive in and of itself. So the file in My Documents called “Some_cd_image.iso” is mounted to look like it’s the “L:\” Drive. Any data read or written to the “L:\” Drive actually goes into “Some_cd_image.iso” in My Documents. Mac users are more accustom to this concept because Mac Software from the Internet is generally distributed using a “.dmg” file, which is a drive image. People who “back up” there CD ROMs also work with drive images, because those backups are simply sector-by-sector image copies of the original optical disk. But I digress.
One method for TrueCrypt is to create a file which is then mounted as a drive image. TrueCrypt will then automatically encrypt and decrypt data as it written or read from the “drive”/file.
TrueCrypt can also encrypt whole drives, so rather than having an encrypted file which is then mounted as a virtual drive, you can choose to encrypt an entire thumb drive, or a second hard disk. Again, once the drive in created and mounted, you can read and write data to it just like any drive. TrueCrypt handles the encryption and decryption automatically.
TrueCrypt also has a “whole drive encryption” feature for the system drive. This is the really COOL feature in which you can encrypt your ENTIRE computer. When your computer boots, TrueCrypt will ask for a password (this is the encryption key), after you enter the correct password, your system will boot and run as normal. If your computer is lost or stolen, your data is safe. TrueCrypt isn’t a password, it’s encryption, so even if they thief took the hard drive out and put it into a another system, they would not be able to “see” any of the data on it. Because you only have to enter your password at boot time, there is no consent “in-your-face” element to TrueCrypt, all new data, email, or programs, you put on your system are safe.
TrueCrypt also has some other features which I really like.
- Total lack of data structure in a secured file. This means that if you had a file you mounted as a drive image, there is no way for anyone to tell what exactly that file is or how full that “virtual drive” might be without knowing your encryption key (password). In fact, a TrueCrypt file is nothing more than random “noise” before you use your encryption key, thus someone could not actually PROVE that the file they are looking at is even an encrypted file.
- Hidden Volumes and Plausible Deniability. TrueCrypt lets you create a “file within a file”. Let’s say that you have a situation where you are forced by some means to give over your encryption key (password). There are many far-fetched examples on why this would happen such as “someone has a gun to your head”. However a more realistic example would be “you are under court order to turn over a password”. With Hidden Volumes and Plausible Deniability you could have 2 passwords, one opens up your real secret stuff, the other opens up somewhat secret stuff. If forced you simply give up the “somewhat secret stuff” password. There is NO technical way to prove that you gave up the wrong one.
- Key Files. These are files which you can use in place of, or along with, a password. For example, you have a picture, or ten pictures, which you can use as “passwords”. You simply tell TrueCrypt to use the “hashed sums” from that or those image files as the password. A “hashed sum” is a mathematical representation of a computer file which is always the same so long as the file does not change. What makes the use of “hashed sums” of key files interesting is that you can avoid using the keyboard to input the key to unlock your data. Criminals have used “key board loggers” which record every key stroke to record passwords from victim’s computers.
I have really stared to beat the drum about security with my clients here at TCG. TrueCrypt is perhaps the best tool I have found thus far for the lay-person to help guard against data theft.
Posts
