Zone-H.org - Unrestricted Information - client side security, a battle lost in beginning

client side security, a battle lost in beginning

Written by Massimo Cotrozzi

Friday, 11 August 2006

Yet another laptop stolen is threatening the US. This time the laptop, which for the sake of clarity we have to say it was "retrieved" after few days, disappeared in New York with a bunch of quite unimportant data inside; it was containing personal details of 534thousand people who had absence from work for medical reasons. More than a couple of strange things have to be noted here:

1) how come all these data was present on a laptop? The security manager and the IT auditors of the company will probably face (have faced) a very bad quarter of an hour, i think... even if the pc was stolen from a "secured location" press reports, how come it was possible that all that data was present there at all? Backup? Come on.

2) how come these data were stored on a hard disk with no protection?

Is it too complicated to have encryption to protect data inside the laptops? well, no. ehm... yes. Why? Because we all (yes, that's a WE) disable all sort of security after a while we use it. Why? Because seamless security is an oxymoron and having to type in a password every time you have to access data it's a pain. I know you're going to argue that there are proximity tags that "unlock" data automagically, but there are some problems with them. Not technical, unfortunally... Did you ever buy one? They're seriously expensive when it comes to the budget for security that most companies have. And here the big issue lies with the fact that most companies undervalue the information that is stored /accessed through laptops.

3) How was the laptop recovered? The fact that details were not revealed it's always a bad thing and leads people into thinking there's something going on.

4) This is not the first time something like this happens. Do this people read newspapers? or do they just think it will never happen to them? These are just some of the news this week:

A U.S. government computer loaded with approximately 133,000 drivers' and pilots' records - including Social Security numbers - was stolen last month, the Department of Transportation said Wednesday.
Two laptop computers with personal information on about 31,000 Navy recruiters and their prospective recruits were stolen from Navy offices
A laptop stolen from a payroll auditor contains personal information on 12,000 current and former Armstrong World Industries Inc. employees, the company said.
About 8,000 clients of MD Management, a subsidiary of the Canadian Medical Association, data was stolen from a car in a parking lotKaiser Permanente mailed letters this week to 160,000 of its Northern California-based HMO subscribers, informing them that a laptop containing their personal information, including their phone numbers and Kaiser numbers, had been stolen.

want more? stay tuned.....

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]