We’ve previously explained how banning something altogether instead of ensuring a safe way to use that piece of technology is not really the smartest idea out there. And our theory seems to be confirmed by the Pentagon: they have recently replaced their strict ban against USB flash drives with a strict usage policy referring to both types of devices used and how they are employed.
The reasons to ban them were serious, as past incidents of misuse led to virus infections, as the Daily Tech reminds us, and the prohibition also covered almost anything you can connect through an USB port to their network, from such as cameras or portable hard drives or smart phones. Yet standing against some of the most common ways to transfer data couldn’t last for too long. The Pentagon is now ready to allow them back into their daily routine, but only if it’s their specific devices which come with their very own hardware and software malware removal kits.
The drives they are planning to allow are headed to Afganistan where they will be used in combat command centers and analysis centers. Let’s hope these ones won’t end up being sold in Afgani markets! Or end up in some library… Maybe they won’t, as these are the rules: Read more
There have been dozens of news on cyberattacks lately. From human rights websites from China being under attack, to the attacks on US sites and institutions, to a more recent article debating how a cyberattack will affect the UK public’s trust in their Goverment. (Check our Twitter profile for an extended list of such news).
A minor effect attack would make UK citizens not trust their representatives. It seems crazy and it tastes of instant panic, but is it? I’d say more cyberattacks would have the same effect on US citizens as well. Why? It’s simple! It’s not because people are scary and tend to run amok at the smallest of threats, it’s because of the created expectations that were never met. Read more
Usually it is nice to receive gifts. But sometimes free is not what you want if it comes with a catch. As reported by the Sunday Times, the MI5 is warning executives of gifts received.
It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”
If such a prapared Flash Drives is connected to a PC without proper endpoint protection in place such es Endpoint Protector 2009, the Trojan will infect the PC and open a backdoor to the PC that will make remote data theft possible within seconds. Until the infection through a customized Trojan will occur through a standard anti-virus solution can take from minutes to weeks. The only protection is to pre-emptively lockdown the use of USB devices the network should not trust.
Read the entire story that sounds more like a Ian Fleming novel than a real life story.
A security breach estimated to have taken over one month has given unidentified individual access to the grades and social security numbers of students of the Valdosta State University, along with private details of faculty members. The breach discovered in December on a university server has put 170,000 individuals at risk, but the ongoing investigation is yet to reveal who was behind the breach and what was their purpose.
While the breach was discovered in early December, the official announcement was released on February 18th, after a prior release announcing an ongoing investigation. According tot the university site “the breached server and potentially breached data were secured and removed from the network. While we still do not have any evidence that personal information was taken, we are alerting affected individuals via email, web, and mass media of the potential theft of their personal information.”
Sudents and faculty can check if they have actually been affected here and consult quite a few identity theft resources, but no protection is offered to them bu the University from what we can tell form the site, press release and press coverage. At least they are sorry and planning to make security changes…
AvMed Health Plans is currently dealing with a prominent data breach after having two company laptops stolen from their corporate offices in Gainesville in early December. The theft could compromise personal information of over 200,000 current and former subscribers, as well as their dependents, said a company announcement quoted by Gainesville.com.
The two laptops contained details such as names, addresses, phone numbers, Social Security numbers and protected health information. Yet the company states that the risk of identity theft is very low, as data was listed in a random way, regardless of the fact that, 12 days after the incident, AvMed discovered the data on one of the two laptops was not properly encrypted.
AvMed states there were no reports of identity theft up to now, but they will only have a clearer view on the situation after their members start registering for identity protection, service provided by the company for free for the next 24 months.
There have been so many news lately about stolen hardware with important data, server hacks, security threats embedded in any new gadget that gets launched (like the iPad), that it could make anyone think all security companies and experts care about is pointing warning fingers towards anything cool someone would think of using. With all these stories, some of which we’ve shared on our Twitter stream, security becomes this two-headed monster that’s there to kill the fun in technology.
But that’s far from being true! Effective security is about playing it smart: seeing what could happen and preventing it, while allowing people to still have their share of fun. We tend to forget that, but that is the purpose to security in general and endpoint and data security in particular. iPods, iPads, colorful USB sticks, netbooks, smartphones, cameras, you should use it all as long as they help you work better and make your life easier. You should use them at home, in the office, while commuting, the idea is to know what threats they pose and how to prevent them.
Security experts to concentrate on everything bad that’s happening. The reason is simple, if companies and individuals don’t fear the consequences, they tend to ignore the risks. The all present mantra “It can’t happen to me” is their shield against all attacks and breaches. So there is a reason and a purpose behind showing off all the bad stuff, but that should never cast a shadow over the real goal of security: making your life safer and better.