Archive for June, 2009

S.M.A.R.T data and hard disk encryption..

June 30, 2009 Leave a comment

A few months ago I did some research on hard disk S.M.A.R.T data. For those not in the loop, it stands for Self-Monitoring, Analysis, and Reporting Technology, and is basically a mechanism modern hard disks use to track their health. Read more »

Categories: Programming Tags: ,

New article on VBS Classes.

June 29, 2009 Leave a comment

I just posted the followup to my introduction on VBS Classes – you can find it in the programming section. Read more ».

UK “has cyber attack capability”…

June 29, 2009 Leave a comment

Last week in England Lord West (Parliamentary Under-Secretary for Security and Counter-terrorism) indicated that the UK has the ability to launch cyber-attacks. Though his interview was very thin on facts and details, he made some interesting comments that GCHQ (The British Government’s communications and information systems arm in Cheltenham, UK) have former “naughty boys” in its employ, and that:

“It would be silly to say that we don’t have any capability to do offensive work from Cheltenham, and I don’t think I should say any more than that”

Interesting indeed, but I’d liked him to at least tell me something about what the government could do that the average hacker could not. Do they have more resources than the average bot net for example? Read more…

Categories: Cyber War Tags: ,

TJX (T.J. Maxx) reaches settlement with states on Data Loss

June 24, 2009 3 comments

For those who were included in the January 2007 94 million record loss of credit card numbers from TJX (Still the highest loss by number of records ever reported), You may be interested to know that they have agreed a settlement with the 41 various states on the fine. Around $5.5 million of the settlement was for data and consumer protection, and $1.75 million to reimburse the states costs of the investigation.

You can read the details of the deal struck with the FTC from their website. Read more…

Categories: Data Loss, PII Tags: , ,

Cornell University looses 45,000 records..

June 24, 2009 1 comment entryCornell University Entry

Another typical notification of data loss by an educational establishment. In summary, the personal details of around 45,000 current and former students and staff were lost when the laptop containing them was stolen.

Cornell have been very open with the facts of the matter, their site talks about what they have, and will do about it, and the help they are offering people affected. They also mentioned that their policy is that such data should be either encrypted, or in a secure location. Two things they admit this particular member of staff violated. Read more…

Something is Rotten in the State of Data…

June 24, 2009 Leave a comment

To encrypt, or not to encrypt: that is the question.

Whether ’tis nobler in the mind to suffer

The slings and arrows of user nonacceptance,

Or to take arms against a sea of exploits,

And by opposing end them? To encrypt: to authenticate;

No more; and by authenticate to say we end Read more…

Data Loss Goes Personal…

June 18, 2009 Leave a comment

Today I received yet another of those annoying “We may have lost your personal information…” letters from my bank. No information on how it happened, or what they are doing to stop it happening again. It’s almost as though this was an inevitable and repeatable condition of doing business….

Yet again I’m going to get another bank card, yet again I’m going to have to change the numbers in my Blockbuster, Amazon, etc. accounts, and (again) I have yet another free 12 month subscription to “Identity Theft Monitoring.”

Great news indeed, but I suspect many readers of this blog have also been through this a few times as well.

Read more…

Lose One Customers data, tell EVERY customer?

June 16, 2009 Leave a comment

For the last few weeks I’ve been traveling around the country presenting at our Security Innovation Alliance roadshow. It’s been great meeting and presenting alongside some of the 60+ companies who’ve chosen to integrate their security products into McAfee’s ePO platform. Looking at the portfolio it seems that soon it might actually be possible to service any IT security need through one pane-of-glass management interface.

One question that came from the audience during one of the sessions surprised me, as it wasn’t about IT at all. The question was “What laws apply to PII in printouts?”

Well, unfortunately the simple and unfortunate answer is – all of them. Read more…

Hackers – Criminals, Pirates – Politicians…

June 12, 2009 Leave a comment

It’s been an interesting week in the IT world with some quite amazing (to me anyway) news. No, I’m not referring to the FTC’s decision to shut down the known spam ISP Pricewert, or the announcement by T-Mobile that their network had not indeed been hacked…

I’m referring to the news that the Swedish “Pirate Party” gained a seat in the European Parliament. Read more…

Categories: Privacy Laws Tags: , ,