Log in

Archive for May, 2010

Laptop Ghost Strikes at Peterborough District Hospital

May 15th, 2010

Hospitals appear to be a soft target for the invisible laptop ghost as is indicated by the increasing frequency with which they have been striking at various medical centers across the globe.

In a sensational incident, the laptop containing sensitive information about the patients has been stolen from Peterborough District Hospital (PDH). Apparently, the laptop contained names, hospital numbers, gender information and eye scan images of over 1,100 patients. The information was stored on a Toshiba laptop and according to the reports it was stolen from from PDH on April 26. Needless to say authorities are concerned about a potential identity fraud.

Nearly a couple of weeks after the theft happened it was publically announced by the hospital authorities on 12 May.

Strangely although all the information contained on IT network of the hospital is password protected and encrypted this laptop was left unsecure.

The point was stated by trust chief executive, Nik Patten “All patient information contained on the trust’s IT network is encrypted and password protected, however, on this occasion the data held on this standalone laptop was not”.

“The database of patients’ names was temporarily stored on the laptop’s hard drive while work was being carried out to connect the laptop to the Trust’s IT network enabling it to be protected by the Trust’s usual security measures.”

“Therefore, we are reinforcing our policy with staff that it is essential that all portable devices are encrypted if they contain patient information, even if they are just used temporarily.”

Mr Patten mentioned, “The trust has written to all the patients who were listed on the database and we have offered our sincere apologies for the loss of this data.”

Secure your Laptop against Theft: Choose Alertsec

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

No comments »

Posted in Alertsec Express, laptop encryption

Tags: Cryptography data Encryption Hard disk drive Hospital Password Personal computer security

Laptop Ghost Strikes at U.S. Government Contractor’s Office

May 14th, 2010

Laptop Encryption with Alertsec

Next in line for the laptop ghost are over 2million U.S. army reservists. Personal data of over 207,000 U.S. army reservists has recently been stolen as it was a part of the the three laptops which have gone missing from the office of a a government contractor (Serco Inc.). The U.S. Army Reserve Command has begun started informing the reservists of security breach by issuing letters. Primarily these letters offer apologies and provide assurances that action will be taken to prevent such things from happening again:

According to Jonathan Dahms, the chief public affairs officer of U.S. Army Reserve, the Reserve Command began alerting affected reservists on May 7 about a recent security breach.

Apparently, the unencrypted data was on a CD-ROM inside a laptop which was one of three stolen from the contractor’s office but also the only one known to contain personal data. It is also believed, that laptop also contained personal data on the spouses and children of some reservists.

Excerpts from the email sent to reservists,

The Army takes this loss very seriously and is reviewing current policies and practices with a view of determining what can or must be changed to preclude a similar occurrence in the future.

At a minimum, we will be providing additional training to personnel to ensure that they understand that personally identifiable information must at all times be treated in a manner that preserves and protects the confidentiality of the data.

Col. Jonathan Dahms also added, “We did have an extensive meeting with all key staff at U.S. Army Reserve Command to see what we can implement to make sure our soldiers and families are protected,”

This incident once again highlights the negligence on the part of the government authorities to use the correct encryption mechnanism and practices. It is something that really cannot be ignored and needs to be treaded with caution. Data encryption mechanisms should be made standards to control the severity of such incidents.

Prevent these incidents: Choose Alertsec

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

Position-Based Quantum Cryptography Proved Secure (science.slashdot.org)
Stolen VA Laptop Contains Veterans’ Personal Data (techdailydose.nationaljournal.com)
VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data (techdirt.com)

1 comment »

Posted in Alertsec Express, laptop encryption

Tags: Col. Jonathan Dahms Cryptography data data breach Encryption Identity Theft Resource Center laptop encryption laptop theft Personal computer security Serco Inc. U.S. Army Reserve United States United States Army United States Army Reserve

Laptop theft at New Mexico

May 11th, 2010

: Image via Wikipedia

Laptop encryption is vital not only from a perspective of providing protection against laptop theft but also from a view of ensuring the data present inside laptop is secure and upto date.

A couple of months back, an employee for a company that processes dental benefits claims filed for a stolen car report. Apparently, the vehicle’s trunk contained an ‘un-secure/unencrypted’ laptop which had loads of patient information. On learning about the incident, the New Mexico Human Services Department started sending notification messages to nearly 10,000 users of the government’s low-income health insurance program about potential for ID theft.

The information of patients included:

Name
Health plan identification number
A provider identification number but not the name of the provider

Additionally, the agency has also notified 9,500 New Mexicans who use its Medicaid Salud plan about a possible security breach.

Apart from notification letters, the group has set up a toll-free call line through DentaQuest, 1-877-453-8424, to address queries from people affected by the incident. The helpline operates from 9:00 a.m. to 5:00 p.m. MDT, Monday through Friday.

According to the agency, “The computer was password protected but otherwise did not have safeguards to prevent unauthorized access to the information. At this time, the stolen car and laptop have not been recovered and it is not known whether the information on the laptop has been accessed.”

The theft and security breach has been reported to the U.S. Department of Health and Human Services.

Stay Secure with Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For more information, visit our website right now.

Encrypting part of /home (bgoglin.livejournal.com)
Health insurance will be reformed by a little known department (kevinmd.com)
Security Breach Threatens Soldiers’ & Civilians’ Personal Information (homesecuritysource.com)

No comments »

Posted in Encryption

Tags: Cryptography Encryption Hard disk drive Health insurance laptop New Mexico security United States Department of Health and Human Services

Laptop Encryption & Alertsec Xpress

May 9th, 2010

: Image via Wikipedia

In today’s competitive business environment organizations are making increasing investments on IT infrastructure, devices and software. Needless to say, laptops are an inherent part of your organization’s growing business plan.

Today, laptops hold critical business data including sensitive customer information and this is where encryption is constantly considered to the best method to ensure data security.

Organizations must deploy encryption as a part of their overall security protection methods. One thing that needs to be considered is the pitfalls of encryption. Today, many of the encryption softwares come security flaws and loopholes which allow attackers easy ways leading to compromise in the organization’s data. Some of the common issues are Algorithm Management, Key Length, Key Recovery, Scope of Protection.

A stolen laptop without encryption is often the first step towards identity theft and fraud. 80% of information theft results from lost or stolen equipment. 50% of network intrusions take place using credentials from lost or stolen equipment. With laptop security, none of the information or credentials would have been lost.

Goal of laptop encryption/disk encryption

Assuming the unthinkable happens and one of your laptop is stolen, what would you do? That missing laptop contained intellectual property and critical data which included the information of customers, their financial records and information on future business strategy and product roadmaps.

Let us say you’re caught in a similar situation, you would want the data on your computer hard-drive to be nullified or in other words you would want your hard-drive to be encrypted.

To protect information stored on a desktop or laptop is by using encryption. Alertsec Xpress offers full disk encryption and offers stronger options to other encryption methods when comparing security, performance, robustness.

Why Alertsec Xpress is different?

Strong Support: Users who forget their password simply call the Alertsec helpdesk. No matter when or where you are, our helpdesk can always assist legitimate users regain access to their information, using the Alertsec Xpress Authentication Method.
Secure disposal of old laptops: You can easily move away from your old laptop. When it is time to decommission your laptop or PC, you can simply reformat the disk and it will be impossible for anyone to ever recreate the information.
Secure & Trusted: The Check Point Full Disk Encryption software solution is trusted by companies, governments, military organizations, and individuals around the globe and its secure design has been approved through independent security tests and certifications.
Built in security measures: Alertsec Xpress will detect boot viruses or debugging programs and prevent these from interfering with the authentication process.

For features and benefits of our computer protection software please visit our website.

For round of updates, news and latest bits from the computer security world, follow us on our Twitter handle.

No comments »

Posted in Alertsec Express, full disk encryption, laptop encryption

Tags: Computer security Cryptography data encryption data security disk encryption Encryption full disk encryption Hard disk drive Hard Disk Encryption identity theft laptop encrytion Personal computer security

New Worm Hitting Skype & Yahoo Messenger Users

May 8th, 2010

A new backdoor program is affecting windows machines which are using Yahoo messenger and Skype clients on the desktop. Apparently, the malware arrives via instant message through Yahoo or Skype with various types of messages. In a blog-post written on the Bkis Blog, the link looks like a jpeg/ image file link. When the user clicks on the web-page link he is taken to a website that has an interface very similar to rapidshare.com (a freel file-sharing service). Users can download the zip file from the website and when they extract it, they are lured to a .com executable file instead.

Examples of such messages are: “Does my new hair style look good? bad? perfect?” or “My printer is about to be thrown through a window if this pic won’t come out right. You see anything wrong with it?”

Folks at Bkis did analysis of the form and found it to be W32.Skyhoo.Worm. The properties of the worm include:

Automatically exits if the victim’s computer is not installed with Skype or Yahoo! Messenger.
Automatically sends messages with different contents containing malicious URLs to user names in Skype/Yahoo! Messenger friend list of the user
Automatically injects malicious link in to Word, Excel files or email that being composed.
Connects to IRC server to receive commands from hacker
Blocks operations of antivirus software
Anti virtual machine and sandbox
Uses rootkit technique to hide its files and processes
Prevents users from accessing more than 700 websites of security or antivirus
Automatically copies itself along with file Autorun.inf into USB drives to spread

What the worm does?

According to BKIS, “The malware sends messages with varying content and malicious links to contacts in the victim’s IM list and automatically injects a malicious link in e-mail messages and Word or Excel files that the user is composing”.

The worm also connects to an IRC server to receive remote commands, blocks antivirus software, uses a rootkit technique to hide its files and processes and automatically copies itself onto USB drives to spread, according to Bkis.

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

For security and technology observations, consider following us on Twitter.