One common question I get asked when I speak on Data Protection, is “what do I do first” – it’s interesting topic because although my presentation is exactly about what most people should do, and in what order, everyone and every organization is different and one size, absolutely does not fit all.
In my presentation I talk about “5 Steps to Data Protection Nirvana”: Read more…
This interesting report by CBSNews highlights the problem of not paying attention to how data leaks occur. CBS News worked with a small company who specialize in Digital Copier Security to show how easy it was to obtain sensitive data.
By simply going to a used copier supplier and buying 4 random machines at a cost of around $300 each (without knowing who their previous owners were), they were, within an hour able to retrieve thousands of page prints of sensitive data including: Read more…
Countrywide Financials problems all started when employee Rene Rebollo confessed to downloading 20,000 data files per week and selling them to Wahid Siddiqi for as much as $70,000 (a total of 2.2 million people’s information was compromised), this leading to Bank Of America (their new owners) paying $350,000 to Connecticut to settle claims.
The terms of the class action can be found on http:\\www.cwdataclaims.com, but they include up to $50,000 reimbursement per incident of identity theft from a fund of $5,000,000, free credit monitoring, $90 for opening a new account, $20 per month, up to $200 for credit monitoring, $10 per hour for telephone calls etc, and many other miscellaneous things.
I know everyone will be happy for me, when I tell you I just got notification from the Spanish Lotto about my winning ticket. I must have bought the ticket when I was drunk, or jetlagged, because for the life of me I can’t remember buying it, but, I was in Madrid recently so it must be true.
See you all on the Costa del Sol! Read more…
Just a reminder that this week on Friday 16th, I’ll be presenting at the CIO Peer Forum in Toronto. Feel free to drop by and say hello. My slot is 9am. The abstract is:
With the ever changing regulatory landscape, increase of novel threats, and the continuing trend to mobilize data, it becomes increasingly important to consider how to protect that information from loss or disclosure, and how to protect organizations from the onerous task of publicly disclosing a breach. Mr Hunt discusses the current regulatory trends and the practical steps you can take to secure mobile information, without creating business disruption using technologies such as endpoint encryption, data loss prevention, and network based discovery/monitoring.
Following on from my post “10 Things You Don’t Want To Know About Bitlocker”, “TPM Undressed” and “Firewire Attacks Revisited” it recently came to my attention that Passware, Inc. A feisty California company has released a version of their forensic software which will decrypt Bitlocker and TrueCrypt protected hard disks via the classic Firewire vulnerabilities.
A full write-up can be found on the Passware site, but simply, given a machine that’s running, but has encrypted drives (for example one using Bitlocker in TPM-only mode, or a machine which is suspended, not hibernated). As to how to do it, well they have implemented the exploit in a very neat and usable way: