Stay Clear of Computer Threats on Vacation and Business Trips

July 30th, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, In The Spotlight, In the News, encryption schemes, endpoint security

And how exactly can you do that? CoSoSys has just released version 3.0 of Carry it Easy +Plus which focuses on increased security for security for USB flash drive users that access their data on public PCs like in internet cafés or hotel business centers.

Carry it Easy Plus

Carry it Easy +Plus 3.0 has a whole range of features on display that are great for road warrior or the luckier ones of us who are vacationing: Website Password Manager, PC-Screen Lock128 bit AES data encryption, Outlook e-mail, contact and calendar sync, File & Folder Sync, No Trace Internet Browsing and much more.

So why do you need such tight security? The official release explains it:

When vacationing or travelling for business, the simplest technology-bound actions on your daily routine can expose you to real threats. Accessing your webmail account in an Internet café or on a different public PC you might run across in hotel business lounges or in airports exposes you to having your login credentials stolen by keyloggers or other malicious applications. The same can happen when plugging in your notebook in an unsecured network.

With the new SafeLogin feature in Carry it Easy +Plus as your password manager, all your website login credentials are stored securely in encrypted format on your portable storage device and automatically entered on any PC without the use of a keyboard. This feature does not only make logging in secure but also more convenient.

US Federal Agencies Welcome Data Theft

July 30th, 2008 by Agent Smith (3) DLP, Data Encryption, Data Theft, IT security, In The Spotlight, Laws & Standards, encryption schemes, endpoint security, security breach

After 15 months of investigation into 24 major US federal agencies, the Government Accountability Office (GAO) has release a report showing that key US Departments still don’t take data security seriously. Given the list of breaches we’ve been covering affecting everyone from colleges and hospitals to the US Army, I’d say it’s high time they started!

According to the report quoted by Vnunet.com, around 70 percent of laptops and handhelds used by agency failed to comply with Office of Management and Budget (OMB) rules and didn’t use encryption making the data available to anyone intending to steal it. The OMB rules are not even close to being new, as they decided all federal laptops should be encrypted back in 2007.

“We are recommending that OMB clarify governmentwide encryption policy to address agency efforts to plan for and implement encryption technologies,” said the report.

“We are also making recommendations to selected agencies to properly install and configure FIPS-compliant encryption technologies, to develop policies and procedures to manage encryption, and to provide encryption training to personnel.”

Other practices of extremely low levels of security (or should we say non-existent security) include Nasa employees refusing to deploy encryption software on their laptops and members of the Department of Education who weren’t told encryption software was installed so they of course weren’t using it. From what I know if they’re using Windows, whenever a new program is installed, you have a quite nagging message in your Startup Menu. How patient must one be to simply ignore it over and over again :)

New PCI Standards Disregard Inside Threats

June 27th, 2008 by Agent Smith (0) Data Encryption, Data Leakage, Data Loss, Identity Theft, In The Spotlight, Laws & Standards, encryption schemes, online fraud, security breach

Starting June 30, new measures inserted in the Payment Card Industry (PCI) standard will be inforced. However, representatives of a database security firm point out that the new additions do nothing to address inside threats.

As Vnunet.com shows in a recent article, the new measures require that companies dealing with stored credit card and other consumer financial data either install firewalls around all internet-facing applications or have all customer application code reviewed for common vulnerabilities.

Secerno representatives showed that the new and “improved” standard does not address real threats effectively:

“The PCI Data Security Standard has the best intentions but, as is the case with many compliance directives, it barely addresses the most immediate and upcoming threats to consumer data,” said Paul Davie, founder of Secerno.

“It is generally inadequate for addressing the sort of internal threat that can be exploited easily, such as by general or privileged users.”

Other than completely ignoring ill willed insiders, the PCI standard also fails to regulate data encryption requirements, database security policies, measures of protecting data on private networks.

There’s No DLP without Encryption

June 18th, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, In The Spotlight, encryption schemes, endpoint security, security breach

Any enterprise considering to implement data loss prevention technology in the future must keep one aspect in mind: efficient DLP comes hand in hand with a sound encryption strategy. Given this aspect, Dark Reading states DLP solutions are surely moving from quick-fixes aimed at reducing data breaches to being seen as a core strategy with the purpose of identifying corporate sensitive information as such and controlling access to it.

This shift in views over DLP solutions, data loss prevention might be what’s needed to bring pack to life previously designed and now stagnant data encryption projects.

“Every major DLP vendor has, or is developing, encryption capabilities or partnerships,” says Rich Mogull, founder and principal analyst at Securosis, a security consultancy. “File/folder encryption and DLP should be integrated.”

If this prediction is the right one, we have complex and highly effective corporate security strategies to look forward to. As laws don’t stop breaches or identity thefts, nor significantly reduce them, a comprehensive policies might prove to be a much better alternative.

New Easier Way to Encrypt Large Amounts of Data

April 29th, 2008 by Agent Smith (0) DLP, Data Encryption, Data Loss, Data Theft, encryption schemes

Researchers from many world renowned universities and research labs such as UCLA or Root Labs have been focusing for quite a while on data encryption. According to the Register, current research lead to an encryption scheme that has the potential to simplify the protection of sensitive information. This encryption scheme allows banks, hospitals and other organizations to lock files using keys that are based on specific attributes: an employee’s position or geographic location.

The method, which was unveiled last week, adds to the growing body of research known as functional, or attribute-based encryption. Functional encryption is designed to solve the hassle tied to traditional public-key encryption resulting from distributing and managing thousands or millions of private keys authorized people need to decrypt protected data. If 1,000 people in an organization need to securely share their public key with their co-workers, that requires close to one million separate exchanges.

Functional encryption tries to simplify things. It allows data to be encrypted using attributes directly tied to the recipients, such as their names or email addresses, without the need for the parties to have exchanged keys ahead of time. Rather than relying on a single key that unlocks all data, functional encryption envisions a more flexible sort of system where a personal key unlocks some doors but not others.

© Endpoint Security Info 2008. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML