TV Newscaster Charged With Felony Count of Intentially Accessing A Protected Computer Without Authorization

July 22nd, 2008

TV newscaster Larry Mendte has been charged with a felony count of intentionally accessing a protected computer without authorization. Somehow Mr. Mendte got the login name and password of his co-worker Alycia Lane, and was reading her personal e-mail account. He would then take details of her personal life and leak it to the media.

Bristol-Myers Squibb Has Backup Tape Stolen - It Contained Unencrypted Social Security Numbers

July 18th, 2008

Bristol-Myers Squibb Co. (BMY) said a backup computer-data tape containing employees’ personal information, including Social Security numbers, was stolen recently.

The New York drug maker learned of the theft on June 4, and began notifying current and former employees by letter in the past few days, spokeswoman Tracy Furey told Dow Jones Newswires Thursday afternoon.

It was the latest in a series of security breaches involving customer or employee data in the corporate world. A Bristol-Myers rival, Pfizer Inc. (PFE), said last year that personal data for some of its current and former employees were exposed.

British Ministry of Defense Admits Lost USB Flash Drives Contained Classified Secret Files

July 18th, 2008

The British Ministry of Defense has admitted to losing more than 100 USB flash drives over the last several years. 26 of those contained information classified as “secret”, and 19 contained “restricted” information.

The MoD losses are being characterized by government officials as “shocking incompetence”.

This will lend further fuel to the fire for calls to encrypt all sensitive information in British government and military agencies.

TrueCrypt Hidden Volumes Hacked by Schneier and Friends

July 17th, 2008

The hidden volumes feature of TrueCrypt 5 has been hacked by Bruce Scheier and researchers from U of W.

There is a new version of TrueCrypt, V6, that may close some of the leakage issues. Schneier has not yet tested this. “The new version will definitely close some of the leakages, but it’s unlikely that it closed all of them,” he says.

Schneier says Deniable File Systems are actually easier to hack than encryption, and that there may be no way to make files truly undetectable on a drive. “Deniability is a much harder security feature to enable than secrecy,” he says.

UK Newspaper Has Sensitive Laptop Stolen - Ironic Since They Were Bashing The UK Government About This Very Issue

July 9th, 2008

The UK Daily Mail’s publisher, Associated Newspapers, has found itself the victim of an ironic turn of fate. The company has been bashing the UK Government for losing laptops and unencrypted CD-ROMs of citizen’s personal data. Well, now the newspaper has found that one of it’s own laptops has been stolen, and the laptop contained personal data of employees, and was not encrypted.

The upshot of this ironic turn of fate is that the UK is rigorously putting into place regulations and audit procedures for government agencies to encrypt and protect all sensitive data, and increasingly to enforce strong 2-factor authentication to networked resources and intranet sites.

We can hope that the private sector will also start following these recommendations.

European Network and Information Security Agency Report on Secure USB Flash Drives.

July 7th, 2008

The European Network and Information Security Agency just came out with this report on Secure Flash Drives.

It’s nice to see my IronKey blog quoted in the report.

The report recommends policy improvements, endpoint security, and encrypted flash drives. It also discusses the need for centralized management of flash drives, similar to what IronKey offers with our Enterprise product.

YouTube Ordered to Disclose Viewer History Logfiles to Viacom

July 7th, 2008

U.S. District Judge Lous Stanton ordered Google to provide it’s 12 terabyte logfile database to Viacom. The database contains the user IDs, IP addresses and entire video viewing history of all of the YouTube members.

Viacom is suing Google for $1 Billion in damages, claiming that pirated TV shows are uploaded to the YouTube site, causing a loss of revenues to Viacom. Viacom owns MTV, VH1 and Nickelodeon.

Google is requesting that Viacom anonymize the data before doing extensive data mining on the logfiles. Viacom has no legal requirement to do so.

Japanese Military Lose Unencrypted USB Flash Drive With Details of Japan-US Military Troop Deployment

July 3rd, 2008

Here is a hilarious article about how the Japanese military lost a USB flash drive containing troop deployment maps for a joint Japan-US military exercise. I love the mention of IronKey in this article!

Google & CNET Employee’s Personal Data Stolen from HR Outsourcer Colt Express

July 3rd, 2008

Google uses a human resources outsourcing firm called Colt Express Outsourcing Services. There apparently was a break-in on May 26th, and the names, addresses and social security numbers of numerous Google employees were stolen. CNET employees data was stolen as well. The data was stored on computers and was not encrypted.

World of Warcraft To Prevent Phishers and Trojans with 2-factor Authentication Device

July 1st, 2008

We know that the online game World of Warcraft and other online games get phished and trojaned so that people can take over the accounts and either steal points and gold, or sell them for real $.

Now WoW is going to offer a One Time Password hardware token to their users. So if a phisher or a trojan on your computer steals your WoW password, they will not be able to log into your account without possessing the physical token. This is similar to the PayPal Security Key which can be used to lock down your PayPal and eBay accounts.