To prevent Stuxnet infections, follow this simple four-step guide.

A thumb drive containing personal data of current and past graduate medical education residents and fellows at Cooper University Hospital has recently gone missing. Lost around July 8th, the incident has been reported to the proper authorites a few days later who are now looking into the potential security breach only two weeks later.

According to hospital sources, the lost data includes Social Security numbers, addresses, and phone numbers. As it always happens in such cases, the data was not in anyway encrypted or protected.

The University later released the following statement:

“Cooper University Hospital is investigating the circumstances surrounding a missing thumb drive. The thumb drive contained information with personal data about graduate medical education residents and fellows for the current and prior academic years. We have advised the residents and fellows who were advised to contact their local police. No other employee information was compromised. Further, No patient information or records were compromised. The incident was reported to the New Jersey State Police Cyber Crimes Unit on Friday, July 23 as per the state notification procedure. The hospital is conducting a thorough investigation and has initiated an aggressive plan to protect any personnel who could be affected by this potential security breach.”

As of yet there are no information on the number of individuals affected by the breach.

Usually it is nice to receive gifts. But sometimes free is not what you want if it comes with a catch. As reported by the Sunday Times, the MI5 is warning executives of gifts received.

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”

If such a prapared Flash Drives is connected to a PC without proper endpoint protection in place such es Endpoint Protector 2009, the Trojan will infect the PC and open a backdoor to the PC that will make remote data theft possible within seconds. Until the infection through a customized Trojan will occur through a standard anti-virus solution can take from minutes to weeks. The only protection is to pre-emptively lockdown the use of USB devices the network should not trust.

Read the entire story that sounds more like a Ian Fleming novel than a real life story.
Enjoy.

Were you bored of or unhappy with your common, old and no-longer-cool USB 2.o portable toys? It’s time to enjoy the freshness of a new device once more! The USB 3.o HDD devices have been launched and apparently are fully functional. LucidPort Technologies is currently showcasing its SuperSpeed USB 3.0 storage devices at the Intel Developers Forum (September 22nd to 24th). And you’ll soon be able to get them for yourself. Soon means in this case sometime this year.

Here’s a description of the devices from StorageNewsletter.com:

Designed with LucidPort’s USB300 USB 3.0 to SATA bridge chip, these SuperSpeed USB drives can transfer up to 250 Mbytes/sec. Existing USB 2.0 drives run between 25 to 35 Mbytes/sec. These drives are fully backwards compatible to legacy USB 2.0/1.1 hosts and can operate with the standard USB mass storage drivers found in Windows, MacOS, and Linux PCs today.

In short, 10 times the performance of an USB 2.0 device. Impressive indeed. Now let’s see how many USB 3.0 flash drives get lost and what new breaches they lead to Yes, very optimistic of yours truly, Agent Smith, to say that

DarkReading has recently published an article exploring the methods and reasons why company should secure their thumb drives. The first issue they bring into our attention is whether stolen or lost USB are less often reported (when compared to laptops for example) because companies have learned to protect them or because they are so hard to track, no one has any idea of how many have been lost or ever used within a certain network. 

I’d have to say that unless companies cut access to their USB ports or implement a comprehensive endpoint security application, no one will ever be able to tell how many employees have ever used flash drives to carry data to and fro the office and how often they have misplaced them. 

Here are a few of the security methods presented by DarkReadeing that a company is presented with and has to choose from when trying to prevent the damages thumb drives entail: 

• blocking all USB ports on all network computers – I would say that’s impracticle as instead of benefiting from all advantages of easy portability and storage, a company would force employees to use other methods to carry their project between work and home. And to my mind, it’s harder to secure an entire laptop than it is for a thumb drive.
• Relying on the security software USB producers advertise – could work, given the security is not a marketing scam only. If it’s not, what is offered, points out DarkReading, can be quite limited
• A hybrid approach mixing advanced data encryption with a system to allow only certain pre-aproved USB drives.
• Using cheap drives and open source encryption technology, but only when you really trust your employees. I’d say this is a bit futile, as if trust is what you base the security policy on, why implement it in the first place? Security is not a matter of trusting or not trusting personnel. It’s a matter of noticing breaches can happen to anybody and that all employees are human and can easily err. Or get really mad at you and hurt your business on purpose.