Risky IT managers

Posted on September 7, 2008 by wunderbarb

Company Cyber-Ark has conducted an interview of 300 IT managers. According to their press release, there are some interesting (worrying) outcomes:

88% of the interviewed IT managers admit that they would steal sensitive data if being layed off. A third of them would leave with the list of privileged passwords that give access to root resources!
More than a quarter of the interviewed managers announced to have faced problems of leaking or stolen data. Economic intelligence (nice euphemism for industrial spying) is a reality.

The report seems to show that bad practice with sensitive data and password are still very generalized.

88% is awfully worrying. With the generalization of outsourcing storage (Sharepoint, …) or outsourcing computing power (cloud computing), this problem will become more and more problematic. Outsourcing is changing the trust model of IT. Some trust hypothesis may weaken. Will you trust as much IT administrators from outsourcing companies than your ones. Are you sure that they can be trusted? Will you audit their security policies and their compliance to them? Storage of sensitive data will become more and more complex.

I have not read the report. I will try to get access to it (not directly available on their site) and will come back to you with the best parts.

A very pragmatic guide to protection of prerelase content

Posted on September 3, 2008 by wunderbarb

German GVU, Austrian VAP and Swiss SAFE recently edited a 16 page booklet with very pragmatic guidelines to protect prerelease content from piracy. Its title is: “Filmschutz vor und bei Kinostart”. You understood that it is in German (It seems I am in my German mood :Wink:, sorry for non-German speaking readers). It analyses the complete chain from production, delivery and actual performance and gives some advises. Some are extremely low tech but efficient, for instance:

Request to get back any screener you delivered
If using post mail, do only send screener from Monday to Thursday. Avoid the other days. The risk the parcel will be blocked during week-end is too high…

The appendix provides a list of companies offering solutions, ranging from anti camcording to guard companies. Of course, THOMSON STS is in the list!

The document can be found at Filmschutz vor und bei Kinostart (in German)

French CNC edited last year a document which provides also a set of guidelines. Its scope is larger. It is available in French and English. It si available at Fighting audiovisual piracy: a good practice guide for the industry

IRBI: A nice initiative from Microsoft

Posted on September 2, 2008 by wunderbarb

Microsoft Germany and Ludwig-Maximilians-Universität München (LMU) designed an evaluation of the Internet Risk Behaviour Index (IRBI). It is a set of tests to educate users in different situations that they may encounter while using Internet.

The tests are interesting and well designed. I must confess that I failed one scenario. I will not tell you my mistake, just that it was situation 3. The advises are also extremely good. Some situations seem complex for a non tech savvy such as 6 or 11. It is a good educative tool although in real environment, you may be less vigilant than during the tests.

Some small critics:

The display was awfully slow on my computer. I don’t know if it comes from it or from SilverLight.
It did not work with Firefox!!!! I know that it is a Microsoft study, nevertheless many internet users are using this browser.
It is in German. I did not find an English version. Is it planned?

So for people who read German, the address is https://www.irbi.de/iHome.IRBI?ActiveID=1008 I will try to see if there is an English one

Paranoia, laptop and border

Posted on September 1, 2008 by wunderbarb

Holiday season is finishing. Business travels will start again. If you are paranoid about your sensitive data then you may worry when crossing some borders such as US or UK. Border officers are allowed to scan your computer, download data and even cease it for further investigation. They may look for any type of infringements such as pornography, copyright infringement and of course terrorist documents.

If you are seriously paranoid (and even if you are serious about security), then you will have encrypted your hard disk. This is good (if well done) against theft but not against inquisitive border officers. They will ask your password. And you will have to give it unless you are ready to risk computer ceasing or even refused to enter the country.

Thus, if you want your sensitive data to be safe for paranoia sake, for confidentiality reason, or for privacy (pick up your choice), some tricks:

Securely delete everything you do not want to be viewed. Do not forget the tons of temporary files and cookies that are stored by software. I usually uses CCleaner.
I would recommend encrypting sensitive data in discrete non obvious locations. The chances that the officer will spot it are lower. Do not use my xxx directories.
One important action is to switch off the computer before crossing the border. The sleep mode leaves a lot of data available for forensic tools.
Even better is to store the sensitive data in encrypted format on removable media such as USB sticks or even better memory cards. Memory cards have a small form factor that you may easily “hide”. Most modern laptops have such card readers. And even if they find it, they will cease it rather than the laptop. If your password is strong,
The optimal solution is to use a VPN. In that case, all sensitive files will be securely stored on your company’s network rather than on your computer.

I must confess that my computer was never scanned at any border. Nevertheless, several people reported this type of scanning. Only once, when entering a US federal building, I was asked to switch on the computer to test it was not fake.

Your feeling?

Back to security

Posted on August 31, 2008 by wunderbarb

<KENOX S1050 / Samsung S1050>” width=”600″ height=”377″ /><br />
Holidays are over. :Sad:<br />
I took this picture during our travel. I find it summarizes nicely security. How would you title it? Add your proposals through comments.</p>
<p>Soon news from August.</p>
</div>
</div>

<footer class= Posted in Uncategorized | Leave a reply

I’ll be back on 1st September

Posted on August 10, 2008 by wunderbarb

MINOLTA DIGITAL CAMERA

Blocking theft of cycles using RFID

Posted on August 8, 2008 by wunderbarb

In UK, an interesting experiment, called WASP, uses RFID against theft of bicycles. Kryptonite designed a lock equipped with RFID and a motion sensor. The concept combines several elements:

The lock
A detector of RFID that covers a zone
A CCTV system that covers the same zone.

If ever the lock is moved, it activates the RFID. This is detected by the RFID readers which trigger a signal in the CCTV central. It is then possible to visualize who is trying to steal the bike.

The more constraining part of the system is the activation of the system. When the user stores his bike, he has to phone to a central system to indicate the identification of the area of protection. This starts the protection phase. When the user wants to take back his cycle, he has to phone back to the central system before unlocking the bike. WASP system is currently being tested at the University of Portsmouth.

Law 6 is once more interesting. As could have been expected, many people are already not anymore activating the phone call. The lock being blinking, they expect it to be deterrent enough. The activation phase seems to me very constraining. You will have two types of false positive: people who inadvertently move the bike, thus the lock, and of course the owner who forgot to call back to trigger deactivation.

In any case, an interesting combination.

To learn more, a presentation and the operator SOS Response

The blog of content protection

A site managed by Eric Diehl

Author Archives: wunderbarb