TV newscaster Larry Mendte has been charged with a felony count of intentionally accessing a protected computer without authorization. Somehow Mr. Mendte got the login name and password of his co-worker Alycia Lane, and was reading her personal e-mail account. He would then take details of her personal life and leak it to the media.
Bristol-Myers Squibb Co. (BMY) said a backup computer-data tape containing employees’ personal information, including Social Security numbers, was stolen recently.
The New York drug maker learned of the theft on June 4, and began notifying current and former employees by letter in the past few days, spokeswoman Tracy Furey told Dow Jones Newswires Thursday afternoon.
It was the latest in a series of security breaches involving customer or employee data in the corporate world. A Bristol-Myers rival, Pfizer Inc. (PFE), said last year that personal data for some of its current and former employees were exposed.
The British Ministry of Defense has admitted to losing more than 100 USB flash drives over the last several years. 26 of those contained information classified as “secret”, and 19 contained “restricted” information.
The MoD losses are being characterized by government officials as “shocking incompetence”.
This will lend further fuel to the fire for calls to encrypt all sensitive information in British government and military agencies.
The hidden volumes feature of TrueCrypt 5 has been hacked by Bruce Scheier and researchers from U of W.
There is a new version of TrueCrypt, V6, that may close some of the leakage issues. Schneier has not yet tested this. “The new version will definitely close some of the leakages, but it’s unlikely that it closed all of them,” he says.
Schneier says Deniable File Systems are actually easier to hack than encryption, and that there may be no way to make files truly undetectable on a drive. “Deniability is a much harder security feature to enable than secrecy,” he says.
The UK Daily Mail’s publisher, Associated Newspapers, has found itself the victim of an ironic turn of fate. The company has been bashing the UK Government for losing laptops and unencrypted CD-ROMs of citizen’s personal data. Well, now the newspaper has found that one of it’s own laptops has been stolen, and the laptop contained personal data of employees, and was not encrypted.
The upshot of this ironic turn of fate is that the UK is rigorously putting into place regulations and audit procedures for government agencies to encrypt and protect all sensitive data, and increasingly to enforce strong 2-factor authentication to networked resources and intranet sites.
We can hope that the private sector will also start following these recommendations.
The European Network and Information Security Agency just came out with this report on Secure Flash Drives.
It’s nice to see my IronKey blog quoted in the report.
The report recommends policy improvements, endpoint security, and encrypted flash drives. It also discusses the need for centralized management of flash drives, similar to what IronKey offers with our Enterprise product.
U.S. District Judge Lous Stanton ordered Google to provide it’s 12 terabyte logfile database to Viacom. The database contains the user IDs, IP addresses and entire video viewing history of all of the YouTube members.
Viacom is suing Google for $1 Billion in damages, claiming that pirated TV shows are uploaded to the YouTube site, causing a loss of revenues to Viacom. Viacom owns MTV, VH1 and Nickelodeon.
Google is requesting that Viacom anonymize the data before doing extensive data mining on the logfiles. Viacom has no legal requirement to do so.
Here is a hilarious article about how the Japanese military lost a USB flash drive containing troop deployment maps for a joint Japan-US military exercise. I love the mention of IronKey in this article!
Google uses a human resources outsourcing firm called Colt Express Outsourcing Services. There apparently was a break-in on May 26th, and the names, addresses and social security numbers of numerous Google employees were stolen. CNET employees data was stolen as well. The data was stored on computers and was not encrypted.
We know that the online game World of Warcraft and other online games get phished and trojaned so that people can take over the accounts and either steal points and gold, or sell them for real $.
Now WoW is going to offer a One Time Password hardware token to their users. So if a phisher or a trojan on your computer steals your WoW password, they will not be able to log into your account without possessing the physical token. This is similar to the PayPal Security Key which can be used to lock down your PayPal and eBay accounts.