Endpoint Protector Appliance: Stop data theft on Windows and Mac

Air France tries out biometric boarding cards

March 30th, 2009 by Agent Smith (0) Data Encryption,In The Spotlight

Biometric security is on the rise, as new possibilities to use it come into shape, from entrance access and USB card security to the lastest trick: biometric boarding cards, a new usage thought up by Air France. What are they testing? RFID-equipped smartcards which store passenger fingerprints to allow automated boarding, according to the Register.

How does the card do the trick? It is said to contain an encrypted version of forefinger and thumb prints for each passenger. It would be used dedicated gate, which checks the card, compares it to the passenger’s finger or thumb print and if it matches, it opens the gate. No clerk, no time wasted, all simple and easy.

This little baby can be re-used up to 500 times. It also has a barcode inserted into it, containing all the information a traditional paper boarding pass. Said passenger can check in online, insert their card into a dedicated machine withing the airport, get the flight info and seat number printed onto the card. According to Air France, getting such a card takes only a couple of minutes.The also claim once the information is transmitted to the card, it isn’t stored elsewhere, so your data is safe.

If you’re as impressed as I am and want a similar gadget, you have until the end of the year to become and AF frequent flier to be eligible for one. For a first hand experience, you’ll have to fly between Paris and Amsterdam. I think I’ll wait until they extend the program though!

CoSoSys uses humor to teach about security threats

March 12th, 2009 by Agent Smith (0) DLP,endpoint security,In The Spotlight,security breach

As you’ve probably seen on this blog, there are news about security breaches, people who’ve been affected by identity theft and fraud, billions of dollars in losses every single day. More a day in really bad cases. Although there’s a ton of information out there, individuals and companies still fail at protecting themselves against such breaches and at keeping their private data safe.

CoSoSys, leading developer of endpoint security and data loss prevention solutions, has chosen a different approach to raise awareness about the risks we face everyday: humor, namely a series of comic strips showing what can really happen. As CNET puts it, they put the fun back in security threats.

The first comic, originally published on CoSoSys’ EndpointProtector.com site shows how easy it is for an employee to copy your entire data base and take it to your main competitor. A simple thumb drive, three minutes left alone in the office, and that’s it!

data theft comic strip

But as fun and laughing are not the only goals of the strip, each of them also helps you find out what to do and how you do it. Designed to promote the company’s most popular DLP, endpoint security and device management solution, Endpoint Protector, each issue will show how everything can be prevented.

“Recent research performed in both the US and the UK shows a troubling trend: data breaches are rising in numbers and in costs as well. Millions of people have their data exposed to identity theft or fraud each year and few of those affected or those responsible of the incidents know that most of these instances could easily be prevented. Making sure that your private records and all endpoints in your network are secured is not a difficult task. That is why we are committed to put our best efforts into raising awareness and educating the public about staying safe without making any lifestyle compromises”, explained Roman Foeckl, CoSoSys CEO.

The next issues of the strip will be published each Thursday for the next 7 weeks. You can see them here or register to get them on your email. Easier if you asked me, as remembering to visit a link every week is not something I usually do.

You fire them, they take your confidential data!

Terminated employees rarely leave a company without holding a grudge. And when they do hold one, they might take your stapler or some office supplies, but 60 percent of them will take plenty of your confidential data with them when they leave! That was the finding of a study released by the Ponemon Institute and Symantec, quoted by Dark Reading.

What kind of data do they take? It looks like the type that could be of use to them once they have no monthly income: included e-mail lists, employee records, customer information, and nonfinancial information. What about how they take the data and about asking for permission?

Fifty-three percent of respondents downloaded information onto a CD or DVD, 42 percent onto a USB drive, and 38 percent sent attachments to a personal e-mail account, the study says. Seventy-nine percent of respondents said they took the data without their employer’s permission.

Ponemon and Symantec’s forcast is not too bright: as the economy worsens and the layoffs continue, more employees will take private details from the companies terminating them. As the Ponemone analysts explain, once you lose your job, you seem to think there’s not much you could still lose. So people start taking chances in order to feel safe.

So if you’re thinking of terminating some employees today, either hope you can watch them closely, or better yet, get an endpoint security solution that audits file transfers and only allows employees to use approved portable devices. It’s safer that way!

Romanian Petty officer stole military secrets on a USB stick

I don’t know what’s wrong with the military around the world, but the armies and the defense systems seem to be the most vulnerable to the feablest attempts to breach security. Word’s out on a petty officer of the Romanian Ministry of Defense who used an USB stick to steal classified information, including radar frequency and standard NATO maps between 2001 and 2006.

At least that’s what he’s been arrested for! He also confessed for more data thefts occuring in 2008 and 2009. He transferred the data to a Bulgarian liason who then sold them to foreign government representatives, including an Ukrainian. How much was the information worth? 800-1000 american dollars for each “shipment”.

One word for you: audit! How about having an endpoint security solution that monitors data transfers and records them, plus it blocks unauthorized devices? It doesn’t cost much, I am sure the Ministery of Defense can afford it!

[links to the story are from Romanian papers at this time. Once we get English coverage for them, we'll update this entry]

Laptop Facial Recognition Takes Hard Blow

Facial recognition is one of the very well known methods employed by biometric security systems. It’s used in different complicated security systems, but also on more day-to-day devices, such as laptops.

A group of white hat security researchers have recently managed to bypass the facial recognition systems employed by several laptops. According to the Register, the laptops that have had their biometric security breached are developed by Lenovo, Asus and Toshiba. The researchers’ team includes and they have also detailed their findings in a presentation called Your Face is NOT your Password during the Blackhat security conference in Washington.

You might wonder if it was hard to breach the facial recognition systems. The team responsible for this breaches used images of laptop owners or photoshopped images:

Nguyen and his team created a large number of images to run what they described a “fake face bruteforce” attack to fool the systems, which in fairness are still in their infancy, into allowing a log-on. The approach can be compared to trying out a huge number of possible text passwords until the right combination is stumbled upon as part of a conventional brute-force dictionary attack.

While trying to find a practical security use for biometric traits, the developers at Lenovo, Asus and Toshiba should reconsider the efficiency of their facial recognition software. We admire the fact that they lead research and implementation in the field, but we’d appreciate safer systems more :)