US thumb drives finally allowed on Pentagon premises
We’ve previously explained how banning something altogether instead of ensuring a safe way to use that piece of technology is not really the smartest idea out there. And our theory seems to be confirmed by the Pentagon: they have recently replaced their strict ban against USB flash drives with a strict usage policy referring to both types of devices used and how they are employed.
The reasons to ban them were serious, as past incidents of misuse led to virus infections, as the Daily Tech reminds us, and the prohibition also covered almost anything you can connect through an USB port to their network, from such as cameras or portable hard drives or smart phones. Yet standing against some of the most common ways to transfer data couldn’t last for too long. The Pentagon is now ready to allow them back into their daily routine, but only if it’s their specific devices which come with their very own hardware and software malware removal kits.
The drives they are planning to allow are headed to Afganistan where they will be used in combat command centers and analysis centers. Let’s hope these ones won’t end up being sold in Afgani markets! Or end up in some library… Maybe they won’t, as these are the rules: Read more
Who’s afraid of the big bad cyberattack?
There have been dozens of news on cyberattacks lately. From human rights websites from China being under attack, to the attacks on US sites and institutions, to a more recent article debating how a cyberattack will affect the UK public’s trust in their Goverment. (Check our Twitter profile for an extended list of such news).
A minor effect attack would make UK citizens not trust their representatives. It seems crazy and it tastes of instant panic, but is it? I’d say more cyberattacks would have the same effect on US citizens as well. Why? It’s simple! It’s not because people are scary and tend to run amok at the smallest of threats, it’s because of the created expectations that were never met. Read more
Be careful with Flash Drives as a Gift. They might cause a malware infection!
Usually it is nice to receive gifts. But sometimes free is not what you want if it comes with a catch. As reported by the Sunday Times, the MI5 is warning executives of gifts received.
It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”
If such a prapared Flash Drives is connected to a PC without proper endpoint protection in place such es Endpoint Protector 2009, the Trojan will infect the PC and open a backdoor to the PC that will make remote data theft possible within seconds. Until the infection through a customized Trojan will occur through a standard anti-virus solution can take from minutes to weeks. The only protection is to pre-emptively lockdown the use of USB devices the network should not trust.
Read the entire story that sounds more like a Ian Fleming novel than a real life story.
Enjoy.
Breached server puts 170,000 at risk
A security breach estimated to have taken over one month has given unidentified individual access to the grades and social security numbers of students of the Valdosta State University, along with private details of faculty members. The breach discovered in December on a university server has put 170,000 individuals at risk, but the ongoing investigation is yet to reveal who was behind the breach and what was their purpose.
While the breach was discovered in early December, the official announcement was released on February 18th, after a prior release announcing an ongoing investigation. According tot the university site “the breached server and potentially breached data were secured and removed from the network. While we still do not have any evidence that personal information was taken, we are alerting affected individuals via email, web, and mass media of the potential theft of their personal information.”
Sudents and faculty can check if they have actually been affected here and consult quite a few identity theft resources, but no protection is offered to them bu the University from what we can tell form the site, press release and press coverage. At least they are sorry and planning to make security changes…
Private data of 208,000 at risk after laptop theft
AvMed Health Plans is currently dealing with a prominent data breach after having two company laptops stolen from their corporate offices in Gainesville in early December. The theft could compromise personal information of over 200,000 current and former subscribers, as well as their dependents, said a company announcement quoted by Gainesville.com.
The two laptops contained details such as names, addresses, phone numbers, Social Security numbers and protected health information. Yet the company states that the risk of identity theft is very low, as data was listed in a random way, regardless of the fact that, 12 days after the incident, AvMed discovered the data on one of the two laptops was not properly encrypted.
AvMed states there were no reports of identity theft up to now, but they will only have a clearer view on the situation after their members start registering for identity protection, service provided by the company for free for the next 24 months.
