The Air Force Institute of Technology has published a paper regarding an algorithm for mining email data to help identify patters of transmission that can alert management when employees are keeping a secret.The algorithm identifies subjects that are communicated outside the organization and not shared within an organization.The algorithm is titled “Potential Insider Threat Detection Algorithm” and they are working to expand their research to include web traffic.
Researchers with Princeton University and the Electronic Frontier Foundation have found a flaw that renders disk encryption systems useless if an intruder has physical access to your computer — say in the case of a stolen laptop or when a computer is left unattended on a desktop in sleep mode or while displaying a password prompt screen.
The attack takes only a few minutes to conduct and uses the disk encryption key that’s stored in the computer’s RAM.
Encrypted drives are no longer enough to protect data in cases of theft. What to do? GadgetTrak actually launched new laptop theft recovery software this week. The software is unique in that it utilizes privacy-safe tracking technology so that there is no monitoring center that can trace your movements or rely on backdoors into your system. Recovery of the laptop in cases where a laptop was stolen for its data I think is crucial. Not only do you get the laptop and data back, but you are also able to identify who stole the laptop and what they did with the data.
If a laptop was stolen by a mole for example, identifying who stole the laptop and what they did with the data such as providing it to competitors, selling personal data etc can be more important as it can help plug a security hole and reduce the risk of future data thefts.
Although this hack requires a bit of technical knowledge, identifying who stole the laptop can help to discover if the data has been breached or not, as well as plug a security hole of the human kind.
If the “advanced” pole of your threat model is “rainbow tables”, stop working on your social shopping cart calendar application right now: I can’t trust you with my Reddit karma score, let alone my credit card number.
This question has come up a few times via the contact form. This is actually one of the most frustrating things about iPods to me. If you format you iPod for a Mac it will only work with a Mac. So say you have a Mac at home and a PC and work, you cannot connect the iPod to your work system. However if you format your iPod on a PC (FAT32) your iPod will work with both a Mac and a PC, which I am seeing is pretty much the norm even for die-hard Mac geeks. Another practical benefit of this is that when you put your iPod into Disk mode the storage will work with both Mac and PC.
Now what I find REALLY frustrating is Apple’s response to the issue. Instead of fixing the problem, they simply state that they do not support using a Windows formatted iPod on a Windows system, even though it works perfectly fine. WTF? Although my wife has an iPod, I personally have a Cowon player (X5L), I love it. Not only is the sound quality better than an iPod, but it uses USB mass storage out of the box, so I can connect it to my Windows, Mac and even Linux box with no problems. It also supports FLAC and OggVorbis, it is just a much more open system than Apple. Don’t get me wrong I like a lot of Apple products (love my iPod Touch…it it only had a freaking disk mode), but I think their control freaks and some of their monopolistic and controlling practices are starting to make Microsoft look like the good guys.
Just a little note to some of the folks who have emailed in asking for help on hax0ring websites, banks and other stupid and illegal acts. Apparently a systems administrator has gotten himself into some hot water when he realized he was not as l337 as he thought he was. He has received the longest federal prison sentence for attempting to damage a computer system. Mr. Andy Lin will be serving 30 months jail time for planting malicious code that would delete data from the companies server. Not only did his little time-bomb code fail miserably( which is little more funny considering he had root access as sysadmin ), but he also got caught when he tried to reset it for a year later.
To be frank I think he got off easy. Considering the fact that the data he was trying to delete was a database with prescription and billing information, this could have affected quite a few people if it had succeeded.
This just goes to show you that the weakest link in any security plan sits between the computer and the chair. You can trust a computer, that is until it starts executing code humans wrote. If people have malcious intent no technology can really protect you and no degree of paranoia will save you. More than 70% of all security breaches and mass data thefts occur from BEHIND the firewall. The threat nowadays is not so much from those evil Russian and Chinese hackers like the media and Hollywood have us believe, but from inside our networks, or to be more precise, our virtual network that takes into account our increasingly mobile workforce.
Endpoint security has become a new buzz word, mostly by companies that are trying to sell you a product that monitors connections to your systems, encryption, passwords, content distribution, etc. But really endpoint security is much more than this, it is a fundamental attitude and approach that should take “soft systems” into account.
Hard systems are what we currently know, it is the network infrastructure, the devices on that network that are concrete and easily understood through diagrams and data visualization, it is predictable. Soft systems are not so easy or concrete, it deals more in the realm of social science. Soft systems introduces the human element into the system. It takes into account social attitudes, prejudices, paranoia, opinions and all of those other wonderful ambiguous things that makes us so unpredictable.
The sysadmin here was the security failure, he was “corrupted’ and shipped back to the manufacturer for repairs (or in this case a correctional facility). Another sysadmin found the flaw and reported it, so maybe the answer to a more secure network is more is oversight and accountability, or maybe just a personality test But, then again I might fail, as sometimes I don’t even trust myself.
But, then again I might fail, as sometimes I don’t even trust myself.