Air France tries out biometric boarding cards

March 30th, 2009 by Agent Smith (0) Data Encryption,In The Spotlight

Biometric security is on the rise, as new possibilities to use it come into shape, from entrance access and USB card security to the lastest trick: biometric boarding cards, a new usage thought up by Air France. What are they testing? RFID-equipped smartcards which store passenger fingerprints to allow automated boarding, according to the Register.

How does the card do the trick? It is said to contain an encrypted version of forefinger and thumb prints for each passenger. It would be used dedicated gate, which checks the card, compares it to the passenger’s finger or thumb print and if it matches, it opens the gate. No clerk, no time wasted, all simple and easy.

This little baby can be re-used up to 500 times. It also has a barcode inserted into it, containing all the information a traditional paper boarding pass. Said passenger can check in online, insert their card into a dedicated machine withing the airport, get the flight info and seat number printed onto the card. According to Air France, getting such a card takes only a couple of minutes.The also claim once the information is transmitted to the card, it isn’t stored elsewhere, so your data is safe.

If you’re as impressed as I am and want a similar gadget, you have until the end of the year to become and AF frequent flier to be eligible for one. For a first hand experience, you’ll have to fly between Paris and Amsterdam. I think I’ll wait until they extend the program though!

US 2008 data breach growth blamed on insiders

January 19th, 2009 by Agent Smith (0) DLP,Data Encryption,Data Theft & Loss,Research and Studies,security breach

Apart from the economic downturn, the year 2008 brought another critical issue to US companies: a nearly 50% increase in data breaches, leading them to lose considerably more sensitive data. According to an Identity Theft Resources Center (ITRC) study quoted by the Register, last year 35 million data records were exposed in 656 admitted incidents, amounting to a 47% increase compared to the 446 data loss incidents reported in 2007.

ITRC also states that about 40% of security breaches are never reported,  thus the true number of exposed confidential records is most likely to be far greater than the study suggests.

Computer malware, hacking, and insider theft accounted for 29.6 per cent of recorded breaches, where the root cause of the attack is known. One in six breaches (15.7 per cent) were blamed to insider theft, a figure that’s more then doubled between 2007 and 2008.

The good news is that as education regarding data loss prevention reached more companies, the number of incidents caused by human errors has decreased. But that is a very small light in a highly untrained corporate world, where most reported data breaches  involved data unprotected by either encryption or the simplest password protection. Let’s hope for a better protected 2009!

Self-encrypting laptop from Dell

November 13th, 2008 by Agent Smith (0) DLP,Data Encryption,endpoint security

One of the most common causes of security breaches is stolen hardware. And I’m sure you’ve all heard of the thousands and thousands of laptops stolen in airports, from parking lots and other public places. And as most companies fail to implement a comprehensive endpoint security solution, a stolen laptop means trouble. For the end users, a laptop sometimes stores most of their documents, personal and business, memories from trips and other important events and everything that is private and dear to them. Picturing everything lost to a stranger’s hand is hard to cope it.

Dell states there’s a new way to prevent such bad things from happening: a self-encrypting laptop. Your data is still lost, but at least no one can acess it. The drives with self-encryption features are produced by Seagate and embedded in the new Dell product. And apparently, the Seagate hardware will soon be shipped by IBM and LSI as well. Let’s hope no one breaks the encryption system!

Deloitte Lost Hundreds of Thousands of Pension Details

October 20th, 2008 by Agent Smith (0) Data Encryption,Data Theft & Loss,security breach

Deloitte has recently admitted it had lost a laptop containing pension details on hundreds of thousands of individuals. What is different though is that finally this laptop contained encrypted information, was password-protected and no misuse of the stored information has been discovered. While losing laptops is not something to take lightly, I am happy to report those having it won’t be able to easily access the stored information.

So what did the laptop contain? According to the Register, 150,000 railway workers’ details, details on all UK Vodafone staff with pensions and as well as records of other unnamed pension funds were stored on the said laptop. No addresses or bank information though. How it was stolen? From a handbag of a Deloitte employee. Vodafone Staffers, as well as the railway workers have received letters letting them know what has happened soon after the theft. We’re now looking forward to see where the “thorough investigation” takes Deloitte.

US Federal Agencies Welcome Data Theft

July 30th, 2008 by Agent Smith (3) DLP,Data Encryption,Data Theft & Loss,In The Spotlight,Laws & Standards,endpoint security,security breach

After 15 months of investigation into 24 major US federal agencies, the Government Accountability Office (GAO) has release a report showing that key US Departments still don’t take data security seriously. Given the list of breaches we’ve been covering affecting everyone from colleges and hospitals to the US Army, I’d say it’s high time they started!

According to the report quoted by Vnunet.com, around 70 percent of laptops and handhelds used by agency failed to comply with Office of Management and Budget (OMB) rules and didn’t use encryption making the data available to anyone intending to steal it. The OMB rules are not even close to being new, as they decided all federal laptops should be encrypted back in 2007.

“We are recommending that OMB clarify governmentwide encryption policy to address agency efforts to plan for and implement encryption technologies,” said the report.

“We are also making recommendations to selected agencies to properly install and configure FIPS-compliant encryption technologies, to develop policies and procedures to manage encryption, and to provide encryption training to personnel.”

Other practices of extremely low levels of security (or should we say non-existent security) include Nasa employees refusing to deploy encryption software on their laptops and members of the Department of Education who weren’t told encryption software was installed so they of course weren’t using it. From what I know if they’re using Windows, whenever a new program is installed, you have a quite nagging message in your Startup Menu. How patient must one be to simply ignore it over and over again :)

« Previous Entries
Next Entries »
© Endpoint Security Info 2010. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML