New victims, same old story…. An unprotected USB stick containing private information of Canadian residents went missing from an office of Human Resources and Skills Development in Gatineau, Quebec.
The drive was storing the names, social insurance numbers, dates of birth and loan balances of 583000 students who had borrowed money between 2000 and 2006.
The internal investigation on the affair started only two months after the discovery of the loss of the stick (Nov. 5th) and a notification was sent to the victims only last Friday.
So the question remains: Are we ever going to learn from others’ mistakes? Especially now that Device Control, Data Loss Prevention and USB encryption software has been around for ages and it’s virtually in everybody’s reach.
Jeffrey Paul Delisle, ex sub-lieutenant of the Navy Intelligence admitted that the spying charges against him were true. According to prosecutor Lyne Decarie, he willingly entered the Russian Embassy in 2007 to offer to sell confidential military information. Apparently, he was getting around $3000 per month for his services, but he declares he wasn’t doing it for the money, but for’ ideological reasons’.
He was asked to copy references about the Russians from his work PC to an USB stick, then he took the stick home and uploaded the data to an email application to share it with the people paying him.
You can find more info on this high-level spying affair here:
This Sunday an incident of the most common happened at the Lyon train station in Paris: a thief disappeared an USB stick from a car. Nothing special here, this kind of things happen everyday!
What makes this incident so special is the info stored on the memory stick. The owner of the key is an entrepreneur involved in an installation of fiber optic at some important buildings in Paris. His USB stick contained the highly confidential plans of the Elysée palace, the Internal Affairs Ministry and the Paris Police. The worst is that the stick was not encrypted, so the thief has full access to all the documents!
The questions we need to ask now is: did the thief know beforehand what type of info was on the stick or did he steal that precise stick just by accident?
Stuxnet, the worm created by the US and Israel for breaking down Iran’s nuclear plant Natanz got out of their control
An article published today in the New York Times shows that the Stuxnet virus-written and deployed by the US and Israeli government-targeting the Iranian nuclear plant Natanz got out in the wild. It seems that the purpose of the code was to set back the Iranian nuclear research program by commanding the control hardware responsible for the spin rate of the centrifuge equipment. The important aspect of this is the fact that the worm only targeted this specific nuclear plant, it was never intended to spread on the Internet.
The network at Natanz is air-gapped, which made it very difficult for the people who made the plan to introduce the code into the network. They needed someone with physical access to the site to get the worm inside through thumb drives (this is also the manner how the first versions of the worm were distributed). To quote one of the architects of the plan: ‘It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.’
The way Stuxnet spread outside Natanz’s network is most probably on a laptop. Fortunately, security researchers were able to annihilate it.
Endpoint Protector just announced the launch of the Content Aware Protection module as a Customer Preview. The new 4.1 version incorporates top of the line technology that enables you to eliminate risks of confidential data loss or data leakage to the Internet or the Cloud (services such as Google Drive, Dropbox, iCloud, etc.)
To read more on the new Endpoint Protector feature, visit: http://www.cososys.com/press_releases/Press_Release_Endpoint_Protector_adds_Content_Aware_Protection_to_prevent_data_leaks_to_the_cloud_15-May-2012_EN.html
The launch of the new Endpoint Protector 4 client for Linux did not pass unnoticed.
The Var Guy wrote a blog post presenting the new release and emphasizing the importance of Data Loss Prevention and Device Control solutions for mixed environments (Win, Linux, MAC).
You can read the whole article here: http://www.thevarguy.com/2012/04/10/endpoint-protector-4-adds-linux-support/
What is Data Loss Prevention? Is it related to technology, processes or people? Is it limited to some administrative policies and IT restrictions? These are the questions discussed in a well-documented recent article on darkreading.com.
DLP is not just an information security concern, it is not just a technical issue. DLP involves the entire organization, establishing what data is sensitive, where the sensitive data is kept, how is it accessed and used, and only after understanding these key points will they be able to define and implement a strategy for protecting and securing such data, at a level of both administrative processes and IT limitations.
In short, DLP is a business issue and it concerns technology as well as processes and people.
With the rising number of attacks and unintentional data leakage, protecting sensitive information became an essential task for any organization, regardless of its size. This is why the implementation of security controls for preventing data loss is actually the foundation for a secure business performance.
You can read more on this hot topic on darkreading.com
Endpoint Protector just launched the new versions for Ubuntu and openSUSE of its Device Control and Data Loss Prevention solution, Endpoint Protector 4. With the new launched version, Endpoint Protector is virtually platfom-independent.
Endpoint Protector 4 is available as Hardware and Virtual Appliance, with support for Windows, Mac OS X and Linux Ubuntu 10.04 LTS and openSUSE 11.4. The data and device security solution ensures a complete and proactive protection against both inside and outside threats for organizations in an easy, but highly efficient manner with seamless integration and no operating system constraints. For more details, please visit: http://www.endpointprotector.com/en/index.php/products/endpoint_protector
Highly experienced professionals are very hard to find, as enterprises have to go through lengthy processes to hire security experts who, although very experienced, are rather rare. Organizations that work with more than 2000 members report increases in salary and number opportunities to grow and ascend for trained and experienced security professionals, despite the slow economic environment. These are the key findings of the (ISC)2 2012 Career Impact Survey.
According to the survey, 96% of security professinals are currently employed and only as low as 7% of information security professionals were unemployed at any point during the last year. Moreover, over 70% or respondents received a salary increase in 2011 and more than half expect to receive an increase in 2012. More than half of those who changed jobs said they did so because they had opportunities for advancement. Read more
To improve British police abilities to prevent growing cybercrime, UK authorities established three regional e-crime fighting units in Yorkshire and the Humber, the Northwest and in East Midlands, each having a team of three dedicated police officers.
They will work side by side with the Metropolitan Police Central e-crime Unit. The establishment of regional offices is part of the UK government’s plan to spend 30 million ponds over four years to improve the country’s ability to investigate and diminish cybercrime. Read more