Archive

Archive for the ‘Data Loss’ Category

Two charged with data theft from June ’10s AT&T hack…

January 19, 2011 2 comments

Reported today by infosecurity-us and others, the two men (Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26, of San Francisco, California) who had fleeting fame after publishing insecurities in the AT&T iPad website in June 2010 have been arrested and charged with one count of conspiracy to access a computer without authorization, and one count of fraud in connection with personal information.  Each count carries a maximum penalty of five years in prison and a fine of $250,000.

You can find the formal press release on the Justice.gov site.

The original hack involved farming the subscriber details off AT&Ts site by presenting it with random ID codes. Unfortunately, while demonstrating a weakness in a site is often not prosecuted, the pair went on to retrieve 120,000 subscriber details and then passed them on Gawker, who published a redacted list amongst much fanfare. This distribution of personal data will probably get them into a lot of hot water.  Read more…

Excellent Blog on Security and Privacy Matters..

January 19, 2011 Leave a comment

I just wanted to post a short note on the excellent Hogan Lovells blog – It’s not gripping reading in the manner of Steven King or Grisham, but if your job or interests revolve around data protection, information security and privacy, the articles posted are well worth your time to read.

http://www.hldataprotection.com/

Airmen to stop using removable media in wake of wikiLeaks incident…

December 13, 2010 Leave a comment

Last week Noah Shachtman of Wired reported that a new cyber-control order has been issued by Maj. Gen. Richard Webber to prevent the us of removable media under threat of Court-Martial. The order demands that airmen:

immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET

Further in the order adds:

Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media

Of course, blocking the use of removable media is not new – earlier this year a total ban of USB Stick use was in place following a massive worm infection introduced from a rogue usb stick. Operational Buckshot Yankee as it was termed then.

Noah closes with the comment that any remediation technology “Won’t be ready to deploy for years” – I hope he’s going to be surprised, because the technology is ready to deploy right now.

Got (wiki)Leaks? Call a McAfee (DL)Plumber…

November 30, 2010 Leave a comment

With the current news fracas regarding the latest WikiLeaks disclosures, which have reached a pretty interesting juncture with Congressman Peter King asking for WikiLeaks and it’s founder Julian Assange to be declared “Terrorists and spies”, I thought I’d add my fire to the flame and say quite bluntly –

McAfee can help you protect your information!

Yes, you would not believe it but monitoring for inappropriate disclosure of sensitive information is bread-and-butter stuff to us. Read more…

5 Steps To Data Protection Nirvana..

November 5, 2010 Leave a comment

This week as many of you know I’ve been working out of our South African office in Johannesburg, and in particular presented 4 sessions at the McAfee Executive Summit here.

ITWeb, who co-sponsored the event were kind enough to give me a writeup on their site which you can enjoy at your leisure.

Thankyou though to all the customers and partners who came to see us and made the event such a success!

Zurich Insurance hit with $3.5m fine…

August 25, 2010 Leave a comment

David Meyer from ZDNet reports that Zurich Insurance was hit with a $3.5m fine by the Financial Services Authority (FSA) in the UK for failing to secure customer data. This comes from an incident when a data tape went missing in transit between processing centers. There was no evidence the data on the tape had been used or exposed, but the lack of process and policy was enough to cause the FSA and step in.

The FSA noted in their statement that:

As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later

An effective breach of the UK Data Protection Act according to the Information Commissioners Office (ICO).

Speaking on “Celebrations”, Seattle on 26th August…

August 4, 2010 Leave a comment

No, I’m not talking about weddings or the like, Celebrations is a rather beautiful boat that sails around Lake Washington. McAfee have booked her out for a private tour. Attendance is by registration only, but if you think you might like to come you should approach your McAfee account manager.

Bon Voyage!