Archive for April, 2010

Data Protection Projects – Where to start?

April 28, 2010 Leave a comment

One common question I get asked when I speak on Data Protection, is “what do I do first” – it’s interesting topic because although my presentation is exactly about what most people should do, and in what order, everyone and every organization is different and one size, absolutely does not fit all.

In my presentation I talk about “5 Steps to Data Protection Nirvana”: Read more…


Copiers give up secrets…

April 28, 2010 Leave a comment

This interesting report by CBSNews highlights the problem of not paying attention to how data leaks occur. CBS News worked with a small company who specialize in Digital Copier Security to show how easy it was to obtain sensitive data.

By simply going to a used copier supplier and buying 4 random machines at a cost of around $300 each (without knowing who their previous owners were), they were, within an hour able to retrieve thousands of page prints of sensitive data including: Read more…

I got a virus in my email? Me?!?…

April 27, 2010 Leave a comment
Today I received a very pleasant email from the “Student Support Center” of, I guess Hotmail? It seems I got a virus in my account (funny, I don’t remember signing  up for it, but hey, I must have eh?).
If I respond to them with my user name and password, they will fix it for me. Thankfully, the password will be encrypted somehow magically when I reply to them.
Now, if I could only work out what my user name is…

Countrywide Financials Data Loss leads to $20m class action suite…

April 14, 2010 17 comments

Following on from the Countrywide Financial data breach back in 2008, they now find themselves saddled with a class action lawsuit for $20,000,000.

Countrywide Financials problems all started when employee Rene Rebollo confessed to downloading 20,000 data files per week and selling them to Wahid Siddiqi for as much as $70,000 (a total of 2.2 million people’s information was compromised), this leading to Bank Of America (their new owners) paying $350,000 to Connecticut to settle claims.

The terms of the class action can be found on http:\\, but they include up to $50,000 reimbursement per incident of identity theft from a fund of $5,000,000, free credit monitoring, $90 for opening a new account, $20 per month, up to $200 for credit monitoring, $10 per hour for telephone calls etc, and many other miscellaneous things.

I just won €650,000 in the Spanish Lotto!

April 13, 2010 2 comments

I know everyone will be happy for me, when I tell you I just got notification from the Spanish Lotto about my winning ticket. I must have bought the ticket when I was drunk, or jetlagged, because for the life of me I can’t remember buying it, but, I was in Madrid recently so it must be true.

See you all on the Costa del Sol! Read more…

Categories: Scams Tags:

Speaking at CIO Peer Forum, Toronto Canada..

April 13, 2010 Leave a comment

Just a reminder that this week on Friday 16th, I’ll be presenting at the CIO Peer Forum in Toronto.  Feel free to drop by and say hello. My slot is 9am. The abstract is:

With the ever changing regulatory landscape, increase of novel threats, and the continuing trend to mobilize data, it becomes increasingly important to consider how to protect that information from loss or disclosure, and how to protect organizations from the onerous task of publicly disclosing a breach. Mr Hunt discusses the current regulatory trends and the practical steps you can take to secure mobile information, without creating business disruption using technologies such as endpoint encryption, data loss prevention, and network based discovery/monitoring.

Passware release Bitlocker/Truecrypt Decryption Tool

April 5, 2010 Leave a comment

Following on from my post “10 Things You Don’t Want To Know About Bitlocker”, “TPM Undressed” and “Firewire Attacks Revisited” it recently came to my attention that Passware, Inc. A feisty California company has released a version of their forensic software which will decrypt Bitlocker and TrueCrypt protected hard disks via the classic Firewire vulnerabilities.

A full write-up can be found on the Passware site, but simply, given a machine that’s running, but has encrypted drives (for example one using Bitlocker in TPM-only mode, or a machine which is suspended, not hibernated). As to how to do it, well they have implemented the exploit in a very neat and usable way:

Read more…