Data on 700 Children with Social and Developmental Problems Lost

April 30th, 2008 by Agent Smith (0) Data Theft & Loss,endpoint security,security breach

Medical data on about 700 children and teenagers with social and developmental problems from Hong Kong have recently been lost. The data loss was admitted to by the territory’s government at the end of last week.

The records were stored on a memory card which was stolen from a Child Assessment Centre in the city’s Tuen Mun district. The government’s Department of Health, quoted by M&C News, said the memory card had been kept in an unlocked room.

The lost data included detailed records of interviews with troubled youngsters including assessments and, in some cases, their photos, identity card numbers and addresses.

SHA Personal Information Accidentally Exposed

April 30th, 2008 by Agent Smith (0) In the News,security breach

Sensitive personal data of 1,800 State Highway Administration (SHA) employees, including names and Social Security numbers, were compromised last week in Baltimore. An internal investigation quoted by WBALTV showed that the breach was done inadvertently and not with criminal intent.

“We had an incident where an employee transferred personnel transaction data from a secure drive to a SHA shared drive,” said SHA Deputy Administrator of Finance and I.T. Normetha Goodrum.

CoSoSys to Protect VIPdesk’s Critical Data Housed on Removable Storage Devices

April 30th, 2008 by Agent Smith (0) DLP,Data Theft & Loss,In The Spotlight,In the News,Laws & Standards,security breach

CoSoSys Logo CoSoSys, the leading provider of Endpoint Security solutions, announced today that VIPdesk, a pioneer of premium home-based contact center solutions and concierge services, has selected their most recent released Secure it Easy software, version 2.0, to manage and enforce the company’s portable device security guidelines. Secure it Easy efficiently protects VIPdesk’s remote workstations and notebooks owned by its home-based agents against data loss, data theft and other forms of data leakage.

“Legislative requirements enforced by an increasing number of US states and the recent Federal Trade Commission rulings against companies who did not prevent sensitive data exposure are stipulating clear actions to be taken in case of data theft or private record exposure. Such laws call for proactive management of portable devices that are capable of storing private information,” said Roman Foeckl, Managing Director of CoSoSys. “This set of features within Secure it Easy enables organizations of all sizes to better comply with government regulations and industry standards regarding data breach management and IT governance.”

See the full press release here.

New Easier Way to Encrypt Large Amounts of Data

April 29th, 2008 by Agent Smith (0) DLP,Data Encryption,Data Theft & Loss

Researchers from many world renowned universities and research labs such as UCLA or Root Labs have been focusing for quite a while on data encryption. According to the Register, current research lead to an encryption scheme that has the potential to simplify the protection of sensitive information. This encryption scheme allows banks, hospitals and other organizations to lock files using keys that are based on specific attributes: an employee’s position or geographic location.

The method, which was unveiled last week, adds to the growing body of research known as functional, or attribute-based encryption. Functional encryption is designed to solve the hassle tied to traditional public-key encryption resulting from distributing and managing thousands or millions of private keys authorized people need to decrypt protected data. If 1,000 people in an organization need to securely share their public key with their co-workers, that requires close to one million separate exchanges.

Functional encryption tries to simplify things. It allows data to be encrypted using attributes directly tied to the recipients, such as their names or email addresses, without the need for the parties to have exchanged keys ahead of time. Rather than relying on a single key that unlocks all data, functional encryption envisions a more flexible sort of system where a personal key unlocks some doors but not others.

Wireless Vulnerabilities Are the Greatest Threats to Corporate Network

April 29th, 2008 by Agent Smith (0) Data Theft & Loss,In The Spotlight,In the News,Wireless Vulnerabilities,endpoint security

AirPatrol CEO Nicholas Miller said wireless vulnerabilities are the greatest Internet-related threat to all corporate networks. The statement was made within the Interop/CSI SX Conference from Las Vegas, at the Computer Security Institute’s CSI CX conference and was subsequently picked up by DarkReading. According to Miller, the rapid growth of wireless networking has generated an unprecedented increase in threats caused by wireless vulnerabilities.

“The problem is that wireless vulnerabilities don’t just expose the user who’s unaware of them, but the whole corporate network the user is attached to.”

A large number of companies are nowadays moving towards a wireless infrastructure to save money and reduce current infrastructure. But according to Miller, this move exposes them to greater risks, given that the wireless environment is known to harbor old vulnerabilities that are yet to be resolved.

Wireless infrastructure vendors offer some security capabilities, “but they are really looking for rogue access points, which is a tiny issue compared to the total problem associated with laptop security,” he said. “You really need to look at the entire network — you need to secure the endpoints.”

The problem with most wireless technologies is that they don’t account for the end user’s location, Miller said. “All of a sudden people can have access to the network as if they were in the building, which is why we need location-based access in wireless. Any wireless product you’re looking for should have that capability. If a hacker wants to break into the network, they should have to break into the building.”