If you’re interested in protecting yourself against data theft, data leakage and other USB device related risks and would also like to help needy children, then you’re going to love the License to hope campaign! Powered by CoSoSys and the Romanian Foundation for Children, Community and Family, License to hope aims to create an education center with 50 properly equipped laptops and providing computer usage training to 150 marginalized children yearly.

Meet the children

To do so, CoSoSys will donate 50% from all revenue generated by Secure it Easy license sales. Secure it easy is an easy to install endpoint security software that helps protect notebooks and PCs in small and home offices as well as home users from portable storage device threats. You can use it to lock down USB Ports in seconds and control your PC’s endpoint devices.

Want to be part of this amazing campaign? Then check out Secure it Easy first and see if you need it. You can also add a badge to your website or become a fan of the License to hope campaign on Facebook.. And they’re also on Twitter. See the full press release here.

Mistakes happen everywhere. Some lead to lots and lots of private data being exposed. This is the case of Danish group ISS whose representatives accidentally mail a storage device containing 9500 employee records instead of holiday cards. The bad news is that the information exposed included names, addresses and social security numbers. The good news is at least it wasn’t their whole employee database, about 2000 managed not to be exposed to the risk of identity theft and fraud!

The company has announced those affected by this new breach but it’s not giving too many details, as there’s an ongoing investigation. Read more on the incident here.

As far as we’re concerned, the conclusion is very simple. Be careful where you store private details of your employees! Try to do it on a safe computer network. And if you need to save all that info on a storage device, make sure it’s encrypted, because such little gadgets are misplaced all the time!

Shands HealthCare has recently announced about 12,500 of their patients that their private medical data has been stolen in January, along with the laptop that contained the personal details. As it almost always happens in the case of hardware storing sensitive records, the laptop wasn’t encrypted in any way.

The stolen info contains names, addresses, medical record numbers and medical procedure codes of the patients, as well as the Social Security numbers of about 650 people. Luckily, up to know, there is no evidence of any misuse of the data, and we should keep hoping that the thief or thieves just needed the notebook to sell it or for personal use…

At least some measures have been taken: training for the employees and system-wide encryption policy to prevent such data breaches in the future. And of course, there’s protection for those affected, eligible for 12 months of free credit monitoring.

Let’s hope the new system works, as according to Gainesville.com, security breaches involving large amounts of patient data being exposed are some what of a recurring habit at Shands.

Yet another warning about data loss, company policy and how easily all your files can be liked over the internet comes into the security world, this time from the Federal Trade Commission. Long overdue some would say, including Robert Siciliano in a recent post on Information Security Resources.

Yes, it is quite bewildering to see how after warning after warning and a long line of data breach incidents, companies still allow the misuse of software and hardware resources. It is also confusing to see the FTC now getting ready to directly warn about 100 companies about the risks of peer-to-peer. It’s a bit late, years and years after the problems appeared.

But if there are any IT managers or CEOs who don’t know what peer-to-peer can lead to, here are a few quotes from Siciliano’s article:

Last year the House Committee on Oversight and Government Reform responded to reports that peer to peer file sharing allows Internet users to access other P2P users’ most important files, including bank records, tax files, health records, and passwords.

An academic from Dartmouth College found that he was able to obtain tens of thousands of medical files using P2P software.In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers.

I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

In some cases, the benefits of technology are far more important than the risks. It happens with all gadgets that make work fun, efficient and portable. But if you do allow your employees to install software that’s easily hacked, at least protect your files by restricting access to them…

We’ve previously explained how banning something altogether instead of ensuring a safe way to use that piece of technology is not really the smartest idea out there. And our theory seems to be confirmed by the Pentagon: they have recently replaced their strict ban against USB flash drives with a strict usage policy referring to both types of devices used and how they are employed.

The reasons to ban them were serious, as past incidents of misuse led to virus infections, as the Daily Tech reminds us, and the prohibition also covered almost anything you can connect through an USB port to their network, from such as cameras or portable hard drives or smart phones. Yet standing against some of the most common ways to transfer data couldn’t last for too long. The Pentagon is now ready to allow them back into their daily routine, but only if it’s their specific devices which come with their very own hardware and software malware removal kits.

The drives they are planning to allow are headed to Afganistan where they will be used in combat command centers and analysis centers. Let’s hope these ones won’t end up being sold in Afgani markets! Or end up in some library… Maybe they won’t, as these are the rules:

Only properly inventoried, government-procured and owned devices will be allowed for use in DoD’s information systems.”

“Personally-owned devices are prohibited on all DoD networks and computers.”

The new government-owned and approved drives cannot be used in personal or other non-government computers or networks without specific approval.

Thumb drives and other flash media are to be used “only as a last resort” for transferring information from computer to computer or from place to place. When other network resources are available, they should be used instead.

And if this isn’t enough, random staffers and devices will be audited periodically. Their policy sounds bullet proof, at least on paper

There have been dozens of news on cyberattacks lately. From human rights websites from China being under attack, to the attacks on US sites and institutions, to a more recent article debating how a cyberattack will affect the UK public’s trust in their Goverment. (Check our Twitter profile for an extended list of such news).

A minor effect attack would make UK citizens not trust their representatives. It seems crazy and it tastes of instant panic, but is it? I’d say more cyberattacks would have the same effect on US citizens as well. Why? It’s simple! It’s not because people are scary and tend to run amok at the smallest of threats, it’s because of the created expectations that were never met.

Remember all the fuss bout the Cyber Czar of the US? A year waiting for him or her to finally be appointed! Remember all the military, state and civilian attacks, data thefts and what not? They keep happening and no one seems to be doing much. Remember all the reviews of state institutions saying how they all fail at establishing the compulsory security policies? Take all that and filter it through all the security products, research and breakthroughs in the media. The general message is that 1. the technology is out there and 2. governments and other public institutions fail at implementing it! Of course it generates disappointment, lack of trust and yes, it scares us a bit! They could protect their information, but they aren’t doing it!

But wait, there’s more! It might seem all natural, easy to explain and clear on who to blame. But I’d also say the common PC user’s view on security is distorted. How many movies with complicated passwords broken in 5 seconds have you seen? How many top notch hackers that are brought down in hours? It all seems fairly easy. But is it?

From what I’ve seen until now, it’s not as easy to break someone’s email password as it is to just plug and play a flash drive on their computer or happen to find their lost hardware. How’s your experience with security so far?

Usually it is nice to receive gifts. But sometimes free is not what you want if it comes with a catch. As reported by the Sunday Times, the MI5 is warning executives of gifts received.

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”

If such a prapared Flash Drives is connected to a PC without proper endpoint protection in place such es Endpoint Protector 2009, the Trojan will infect the PC and open a backdoor to the PC that will make remote data theft possible within seconds. Until the infection through a customized Trojan will occur through a standard anti-virus solution can take from minutes to weeks. The only protection is to pre-emptively lockdown the use of USB devices the network should not trust.

Read the entire story that sounds more like a Ian Fleming novel than a real life story.
Enjoy.

A security breach estimated to have taken over one month has given unidentified individual access to the grades and social security numbers of students of the Valdosta State University, along with private details of faculty members. The breach discovered in December on a university server has put 170,000 individuals at risk, but the ongoing investigation is yet to reveal who was behind the breach and what was their purpose.

While the breach was discovered in early December, the official announcement was released on February 18th, after a prior release announcing an ongoing investigation. According tot the university site “the breached server and potentially breached data were secured and removed from the network. While we still do not have any evidence that personal information was taken, we are alerting affected individuals via email, web, and mass media of the potential theft of their personal information.”

Sudents and faculty can check if they have actually been affected here and consult quite a few identity theft resources, but no protection is offered to them bu the University from what we can tell form the site, press release and press coverage. At least they are sorry and planning to make security changes…

AvMed Health Plans is currently dealing with a prominent data breach after having two company laptops stolen from their corporate offices in Gainesville in early December. The theft could compromise personal information of over 200,000 current and former subscribers, as well as their dependents, said a company announcement quoted by Gainesville.com.

The two laptops contained details such as names, addresses, phone numbers, Social Security numbers and protected health information. Yet the company states that the risk of identity theft is very low, as data was listed in a random way, regardless of the fact that, 12 days after the incident, AvMed discovered the data on one of the two laptops was not properly encrypted.

AvMed states there were no reports of identity theft up to now, but they will only have a clearer view on the situation after their members start registering for identity protection, service provided by the company for free for the next 24 months.

There have been so many news lately about stolen hardware with important data, server hacks, security threats embedded in any new gadget that gets launched (like the iPad), that it could make anyone think all security companies and experts care about is pointing warning fingers towards anything cool someone would think of using. With all these stories, some of which we’ve shared on our Twitter stream, security becomes this two-headed monster that’s there to kill the fun in technology.

But that’s far from being true! Effective security is about playing it smart: seeing what could happen and preventing it, while allowing people to still have their share of fun. We tend to forget that, but that is the purpose to security in general and endpoint and data security in particular. iPods, iPads, colorful USB sticks, netbooks, smartphones, cameras, you should use it all as long as they help you work better and make your life easier. You should use them at home, in the office, while commuting, the idea is to know what threats they pose and how to prevent them.

Security experts to concentrate on everything bad that’s happening. The reason is simple, if companies and individuals don’t fear the consequences, they tend to ignore the risks. The all present mantra “It can’t happen to me” is their shield against all attacks and breaches. So there is a reason and a purpose behind showing off all the bad stuff, but that should never cast a shadow over the real goal of security: making your life safer and better.