In the news, the British Prime Minister Brown has expressed concern regarding the recent security breach that left about half of the British population’s addresses and banking information out in the open, well somewhere out there. The said information was lost while in-transit through the British Post system contained within two computer data disks. This headline dated November 21’st of this year highlights the need for greater security with regards to the handling and safekeeping of vital personal information.
The event happened when a Junior official of the British Government’s Finance Department downloaded the information off a government website for use on another agency. It was then sent through courier service to that agency which was not named but when the disks didn’t arrive after a few days alarm bells started to ring and the police was brought into the investigation to help with the case. The problem was so great that the British Prime Minister apologized to the British public when speaking in Parliament much to the disgust of the MP’s and the public in general.
This event sparks new urgency in the way we handle and treat information even those categorized as personal. The information that was lost had information that was needed for the processing of millions of child and senior benefits support processing which is expected to result in outrage and disgust among many of the affected individuals.
Government’s from around the world spend millions of dollars in safeguarding information of all sorts and questions do arise from such cases such as why a junior officer had access and was even allowed to copy the said information out of a government server down to computer disks.
Corporate Internal Security – The Continuing Battle
The last post tackled the damage an internal threat might do to a person on the outside of a business organization. This post deals more with the threat from within from the viewpoint of the targeted organization itself. The problem with an internally planted backdoor or some other form of malware is that it is integrated with the programs themselves that are supposed to provide security to the system. The system that is affected can most of the time be freed of these stated threats by re-installing the said application with a version that is free of the problem code.
Just imagine the amount of information that has to be moved, re-processed and re-stored just to make up for a few lines of code that has been very well placed, hidden from view. Firewalls were supposed to prevent intrusion to links of the organization from the outside and inside but if the firewall was not to know the workings of the said code, it would recognize it as a legitimate process and allow the transfer of data without taking a second look. Corporate espionage has rival companies trying to get at the other’s secrets in hopes of getting ahead of other competitors. In the US, the FBI and other Internal security forces continuously monitor such activities such as the problem when stocks were manipulated within the Stock Exchange itself to boost the value of a particular stock to favor investors.
The risks the information we entrust to companies who serve us is great and sure they do take all necessary preventive measures as much as they could, but a threat from within is truly an adversary to be dealt with.
It Security – The threat from within
It Security, is a cat and mouse business comprised of people trying to get the best of the other. People are always trying to get into a company’s servers to get information and the other half is the ones who are trying to prevent them from doing so.
This is quite a difficult task for these people use very sophisticated techniques in the form of code to do so. One very difficult problem is that if the treat and protector are the same. In the industry, these security experts are a select few and many have been all over the place in terms of companies they have worked for. With ever soaring prices paid for privileged information either for industrial espionage or personal gain it does pose a serious temptation to these professionals.
Most maintain their integrity by playing by the rules, but a few fall to the lure of a quick buck. Many instances of threats to many companies being discovered to have originated from within are on the rise and companies are going to lengths to getting people to look after the other. After all, we are only humans and many of us do need the extra cash but don’t you think there’s a more honest way to make it. People just don’t realize the importance of their information stored within say an insurance company of which they are a client of. If that information were to leak out into the open that can reek havoc on the finances of an individual or worst a whole client list full of it. Such leakages have ruined companies before resulting in bankruptcy and subsequent closure.
So to you guys, keep it clean for all of us depend on it. Maybe not me, but a whole lot of other innocent people out there can fall victim to a tragedy just because of a CD full of information you get paid a few hundred bucks for. And a warning, never ever think that no one is watching for someone surely is…
Dangerous XP Vulnerabilities continue to be discovered… and re-discovered.
Many of us have been using Windows XP for quite sometime in it’s many forms and versions. We have Media Center Edition, Windows XP SP1 and the one which is now most common Windows XP SP2. An independent demonstration of vulnerabilities by the British Government and Private industry (which was also an indirect drive to get more people to shift to the more recently released Windows Vista) to show a wide open gap in the security measures implemented by computers still using Windows XP SP1 without any protection (anti-virus, firewall and other upgrades implemented by the parent company after the products were released to the public).
The test involved two officers from a special task force that handles crimes such as those related to computer fraud, piracy etc. It showed how easy it was to get hold of tools that searched for vulnerabilities on a computer running the said Operating system without the owner/user even knowing about it. These tools are widespread on the internet and can be downloaded for free. After getting knowledge of the vulnerability list which can include open ports and much other wireless vulnerability, the second officer then proceeded to make a program in MS-DOS which was then sent and executed onto the victim computer.
Viola, in a matter of minutes the second officer has gotten hold of many vital files such as password lists, credit card information, bank statements and other personal information that may be stored into the said victim unit under a quarter of a minute.
Many such vulnerabilities have been discovered in the XP generation of Operating Systems since its release in 2003 and Microsoft has continued to come out with patches to resolve such issues. Vulnerabilities such as simple programs that can disable the windows firewall have been publicly released on the internet and are quite numerous. To date, Microsoft has managed to keep up with these vulnerabilities but XP remains open malicious attack. Asked for their opinion, a Microsoft executive replied that it truly was alarming but that all those vulnerabilities have been addressed with the release of XP SP2 and all subsequent updates and patches.
Still failure prone….. The INTERNET…
Many events both as a result of actions by man or by nature that have spelled disaster to all of us who rely on the internet for communications and many other neat stuff we just like to do. Many of us forget how complicated the Internet really is and that a failure in the many parts that make it up can ruin all our day’s. The recent earthquake in Taiwan that resulted in a collapse of one of the net’s major arteries to and from Asia to the rest of the world resulted in billions of damages in terms of revenue of internet based companies all around the world. Sabotage still remains a major risk to the information highway for a properly placed explosives device can disrupt internet traffic if it were to sever the fiber optic and high speed copper based links that inter-connects all our computers.
May it be natural or man-made disasters; there is good news and bad news for all of us. First the bad news, for the net however great a leap it has become from its first implementation will fail again. It is just a matter of when and not if it will happen. All technology has an Achilles heel that can bring it down to its knees. The good news, well it would be good to know that the cables used on newer inter-link installations may they be under ground or water is protected by some of the most technologically advanced materials in the world. Kevlar and Nomex are synthetic materials that form the sheathing or casing that protects these cables which makes them so tough allowing them to withstand the rigorous conditions under the sea or under ground. What better way to protect these sensitive and vital cables that with the same materials used for bullet and fire proof vests and coats used by the police and firemen.
They are quite expensive and costly to lay but they do allow us to stay connected. One of the best news for us is the laying of new links between the continents rather than having to rely on one single cable. Many links have been laid across the seas to form a redundant web on inter-connected links that allows a severed path to travel through another path.
Flash drives… Blessing or curse?
Flash drives have become commonplace in just about anyplace where we use computers. These compact digital storage devices have replaced floppy disks, cd’s and other bulkier forms of storage that used to be the easiest way to transport data from point A to B. It also has the convenience of being as small as a keychain or an eraser so it fits just about anywhere like your coat pocket.
Enough of the good sides and to the bad sides of this technology for they are truly a security risk for they can become a propagation media for many problems such as viruses, worms and even be used to sneak information in and out of the workplace. Tis’ true that many a security programs such as programs that check for viruses and other problematic stuff contained within them but it is still very hard to determine if it does indeed pose a threat to the company or others who might be using the systems they are connected to.
Even the portable media players have the capability to be formatted to not only carry music but information as well. Products like the Apple’s Ipod series can be configured to carry video, audio and data in the form of files and documents. The only sure way to screen these products for stolen information is to scan them individually for any suspicious data/information. Their ability to connect to just about anything that has a USB port tends to raise the risks further.
Responsible use and strict control in their use and bringing into the workplace might sound a bit too paranoid but when conducted in the proper manner might provide some protection. Entry into restricted areas such as data centers and other server areas must also be looked into due to the potential for information leakage and the introduction of viruses and other dangerous programs.