Archive
Think Like A Spy…
Recently John Sileo spoke at the Department Of Defense’s Joint Family Readiness Conference on the topic of identity protection and theft. As a two time victim of identity theft, John is well placed to speak from the heart about the practical, factual, and emotional aspects of this problem, and though I was not able to attend his presentation the writeup on his presentation is well worth a read.
John advocates a couple of thought processes which I’ll let you read the details of directly from the transcript, but to summarize he encourages us all to “Think Like A Spy” – to question the validity of the request for information at every stage, and with every person. Read more…
Missouri’s new Data Protection Disclosure Law.
Although maybe unnoticed, a month ago Missouri finally joined that heady club called “States which have Data Privacy Laws”.
On 28th August, the “Missouri Data Breach Notification Law”, or House Bill 62 took effect, not protecting, but at least enforcing care and attention of residents personal information (Social Security Numbers, Driver’s Licence Numbers, and information which could be used to access a residents financial accounts). Note I use the word “resident”, because, as with the other 47 or so State laws, this one applies to the Residents of Missouri, not to the businesses. If you have Missouri resident information in your datacenter in Tinbuktoo, you are still required (under civil and actual damages) to comply. Read more…
10 Things you don’t want to know about Bitlocker…
Nov 2015 Update – It seems bitlocker sans pre-boot has been trivially insecure for some time according to Synopsys hacker Ian Hakan, who found a simple way to change the Windows password and thus allow access to data even while Bitlocker was active.
So, with the forthcoming release of Windows 7, the ugly beast known as “Bitlocker” has reared its head again.
For those of you who were around during the original release of Bitlocker, or as it was known then “Secure Startup”, you’ll remember that it was meant to completely eliminate the necessity for third party security software. Yes, Bitlocker was going to secure our machines against all forms of attack and make sure we never lost data again.
What happened?
Army National Guard shows how much it cares about 131,000 identities…
National Guard Website
A busy week in the world of data loss, with the report from the Army National Guard Leaders that a personal laptop containing the records of 131,000 former and current guard members was stolen from a contractor on 27th July 2009. The information included the usual culprits – Name, Address, Social Security Number etc.
What this information was doing on a contractors personal device, and not locked up and restricted is undisclosed, but the important thing is that the Army Guard is showing it’s eagerness to resolve the situation and protect its members. Read more…
FSA Fines HSBC Companies $7,500,000 for data security issues
Following on from my recent posts regarding fines and the cost of data leakage (TJX and Cornell), I thought I’d also bring to your attention the latest initiated by the FSA (Financial Services Authority of UK) against HSBC – On 22nd July A tidy penalty of £4,550,000 ($7.5m) for two failures to protect personal information. HSBC will get a nice 30% discount on this for early payment, leaving them with a bill for £3,185,000 ($5.26m) plus their own internal costs.
Changes to PII and PCI regulations in Nevada
This week Linda McGlasson talked on BankInfo security about some changes to Nevada’s data protection stance. Nevada’s laws are no less complex than other states, but interestingly they have a few which, when combined, give a tighter than usual position.
The interesting bills are CHAPTER 603A – SECURITY OF PERSONAL INFORMATION, which deals with the regulations of Business Practices. This law puts the state teeth behind the PCI regulations, enforcing things which the payment card industry require as part of PCI compliance with state-driven criminal and financial penalties. Read more…
Are we really too dumb to handle protected data?
Following on from my posts on how identitiy / personal data theft protection should be considerd a personal goal of everyone carrying around such information, I thought I’d solicit your opinions – Are we really too dumb to handle password protected information?
TJX (T.J. Maxx) reaches settlement with states on Data Loss
For those who were included in the January 2007 94 million record loss of credit card numbers from TJX (Still the highest loss by number of records ever reported), You may be interested to know that they have agreed a settlement with the 41 various states on the fine. Around $5.5 million of the settlement was for data and consumer protection, and $1.75 million to reimburse the states costs of the investigation.
You can read the details of the deal struck with the FTC from their website. Read more…
Cornell University looses 45,000 records..
datalossdb.org entry / Cornell University Entry
Another typical notification of data loss by an educational establishment. In summary, the personal details of around 45,000 current and former students and staff were lost when the laptop containing them was stolen.
Cornell have been very open with the facts of the matter, their site talks about what they have, and will do about it, and the help they are offering people affected. They also mentioned that their policy is that such data should be either encrypted, or in a secure location. Two things they admit this particular member of staff violated. Read more…
Something is Rotten in the State of Data…
To encrypt, or not to encrypt: that is the question.
Whether ’tis nobler in the mind to suffer
The slings and arrows of user nonacceptance,
Or to take arms against a sea of exploits,
And by opposing end them? To encrypt: to authenticate;
No more; and by authenticate to say we end Read more…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments