Monday, September 10, 2007

Portable Devices Pose Growing IT Security Threat - Managers Scrambling to Manage Threat from Floods of New Devices

Regular readers of this blog will note that ARC is regularly drawing attention to the dangers of uncontrolled portable data storage devices in the workplace. A 16Gb flash drive is capable of storing almost 1 million uncompressed MS Word documents.

Computer World in August reported that a growing number of IT and security managers are taking steps to control access to corporate information stored on portable storage devices that are used both with and without the approval of IT managers. At the U.S. Department of Veterans Affairs, for example, employees, contractors, and business partners are required to use encryption or other means to protect data stored on portable devices. In addition, the VA is in the process of acquiring encrypted thumb drives and applying encryption to other devices and storage media, says Bob Howard, CIO and assistant secretary for information and technology at the agency. Meanwhile, medical staffing firm Martin, Fletcher has deployed security software on the 150 PCs on its network in order to prevent data breaches via portable storage devices.

Despite this, few that 20% of organisations take any steps at all to manage this rapidly growing information security threat.

IT Security is covered in detail on Security Management Stage 1, 19-30 November 2007. In addition, a new two-day course entitled IT Security and Incident Response focuses on how to investigate suspected internal crimes using IT equipment. The course, led by IT expert, broadcaster and author, Ed Wilding, will be held over the period 9-10 October.
Posted by at

Podcast Masterclasses in Security Management

How to successfully outsource security, how to measure the value of security programmes, the threat from counterfeiters and business continuity planning are just four of many interviews now downloadable as podcasts from the following site:

Posted by at

Two Thirds of Britons Faking It!

Around one in eight British shoppers has bought a counterfeit watch, handbag or other product in the last year as it becomes more socially acceptable, a study by lawyers Davenport Lyons and Ledbury Research has found. "The most dramatic change in attitudes towards fakes is that they have reached their tipping point. They have become socially acceptable," the study said. Two-thirds of Britons readily admit to peers that they have bought a counterfeit product, it showed. But it also that found just under a third of the buyers of fake goods said the experience made them more likely to buy the genuine one!

Market stalls are the primary source of fake goods, but the trade has increased as people travel more to destinations where such products are more readily available and access online websites such as eBay, the study said.

The counterfeit market is growing fast and affects everything from cigarettes to aircraft components, so it’s not only costing money – it could also cost lives.

*******

Illicit Trade and Product Counterfeit is one of the subjects covered during Security Management Stage 3. Dates for forthcoming Security Management Stage 3 Courses are:

24 September – 5 October 2007 (UK)
2 – 13 December 2007 (Bangladesh)
12 – 23 May 2008 (UK)
22 September – 3 October 2008 (UK)

Posted by at

US Container Security Initiative Goes Global as Worries Continue over Dirty Bombs

US Homeland Security Secretary Michael Chertoff says that the U.S. Container Security Initiative will go into effect at 58 ports across the globe by 1 October 2007, and predicts that the Secure Freight Initiative will become effective by the end of 2007, according to a report in Port Security News.

Once the Secure Freight Initiative has been implemented, U.S. authorities should have no trouble distinguishing "the kitty litter from the dirty bomb" when scanning cargo containers for radiation, Chertoff says. Scanning 100 percent of all cargo is not feasible and would result in clogged ports and supply chains, Chertoff says, explaining, "If I shut them, there won’t be any risk, but there won’t be any ports."

For the full story go to:

Posted by at

Electronic Access Control Systems Explained

Basic, but useful, diagrams of electronic access control systems can be found on the website of the Electrical Contractors’ Association at:

Access control is one of many subjects addressed on Security Management Stage 1, which runs in the UK from 19-30 November 2007.
Posted by at

Bump Cloning – A New Medical Procedure? If You Use Proximity Cards You Had Better Read This!

A young man in Belgium, Jonathan Westhues, has published on his web site details of how to make a "cloner" for proximity cards. This handheld device can be used to secretly copy your access control card from a distance and replay the card for any proximity card reader. The young man generously provided construction details and circuit diagrams for verification of his efforts.

This technique is called "bump cloning" because all that the adversary would have to do is "bump" you in a hallway or elevator to copy your card, even if it remains in your wallet. This would for all intents and purposes make his device a "clone" of your card, useable in any reader in the system!

A most worrying aspect of this device is the target person has no idea his card was "cloned" and therefore would have no reason to report it as being compromised. Additionally, if any mischief was done then the card access system would dutifully report the target's card number was used to access the space.

Wiegand and MiFare proximity card systems are apparently immune to this type of attack.

For further information go to:

Posted by at

CIA – Hands Off Wikipedia!!!

An online tool that claims to reveal the identity of organisations that edit Wikipedia pages has revealed that the CIA was involved in editing entries. (Wikipedia is a free online encyclopaedia that can be created and edited by anyone and is NOT a recommended resource for anybody researching for a university degree!)

Wikipedia Scanner allegedly shows that workers on the agency's computers made edits to the page of Iran's president. It also purportedly shows that the Vatican has edited entries about Sinn Fein leader Gerry Adams.

The tool, developed by a US researcher, trawls a list of 34m edits and matches them to the net address of the editor.
Posted by at
Subscribe to: Posts (Atom)