Log in

Posts Tagged ‘Computer security’

Tracking software helps track laptop thief

August 22nd, 2011

Macbook Pro stolen from an ex- FBI

Of all the people, this laptop thief had to rob a an IT security specialist and former FBI and NASA employee!

Interesting story ahead

When Greg Martin, an IT security specialist and former FBI and NASA employee, returned home late night he was shocked to see his house burgled. His laptop, a Macbook Pro, and other valuables were stolen. The thief had used a scaffold pole to open the security bars on his basement window! But Martin did not react the way most of us would. Had we been in his place, we would have panicked, right? Well, this guy is a former FBI and had installed a tracker on his laptop. So he knew that sooner or later the thief is going to get caught.

More about Greg

Greg Martin runs a blog called InfoSecurity 2.0. Is it not ironic to be stealing a laptop from a security guy? — Apparently Martin had installed an open source tracking software called Prey on his computer. According to the product’s website the software “lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen,”.

What happened later?

Martin registered a case of stolen laptop and waited for the thief to surface on the Internet. Two days later he received an email – that meant the thief had logged on to his machine. With the help of the tracking software Martin was able to get a clear picture of the user, as well as details of the IP address and wireless network that he was using and his location. As if Martin needed more, he was able to capture a screenshot of the user when he was logged into his Facebook thus giving away his name and the school that he had been to.

The thief is caught

Martin passed on this valuable piece of information (Facebook screenshot) to the London police who tracked down the thief in no time. Martin lived in an affluent neighbourhood where robbery is a rare phenomenon. The thief was hoping to take advantage of the fact that there were riots in the city and that the Police would be too occupied to look into a laptop theft.

Details about the thief

The thief was an 18-year-old young man by the name of Soheil Khalilfar. The police raided his apartment and recovered the laptop. It was later returned to Martin.

Martin’s wish

“My hope was I was going to watch him being arrested from my laptop camera — that would have been the perfect ending. But they arrested him when I was on the plane back to London,” Mr Martin said

Tracking software from Alertsec

The above case is a classic example of why security software needs to be a part of any laptop/computer. Your laptop is practically your life. It contains valuable data like financial documents, passwords to important files, business deals etc.

Alertsec Xpress offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution.

No comments »

Posted in Uncategorized

Tags: Computer security Enter your zip code here Facebook Federal Bureau of Investigation IP address laptop MacBook Pro NASA Theft

Sony’s mainstay insurance provider refuses to accept liability for damages and compensation

July 25th, 2011

Battle between Sony and Insurer Zurich American Insurance Co. over Playstation hacks

After reading this piece of news you might wish you were not a PlayStation Network (PSN) user!

Sony’s mainstay insurance provider, Zurich American Insurance Co., is refusing to accept liability for damages and compensation regarding the recent hacks where 77 million PSN customer accounts were compromised.

The insurance provider has filed legal papers covering a total of 55 pending class-action lawsuits that customers have lodged against Sony.

The firm has brushed off its responsibility of covering data breach monetary damages as well as any other miscellaneous claims made by Sony.

History

Sony’s PlayStation Network and Qriocity networks were compromised in the month of April. According to their statement “An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services,”

On Tue April 26 Sony confirmed that personal data of millions of customers had been compromised.

On Wed April 27 a class-action lawsuit was filed in the U.S. accusing Sony of failing to protect, encrypt and secure the private and sensitive data of its users.

Present

Nevertheless, Sony has gone ahead and filed insurance claims as it feels it is a fair coverage under previously agreed upon terms.

According to Sony the financial loss from the breaches is more than $178 million this year. The Japan based firm wants the insurer to cover costs related to the 55 class-action lawsuits under a general liability insurance policy written by Zurich.

Customer reactions and cyber risks

Customers are furious about their loss of privacy and waiting for settlements. It is time to redefine cyber security and the legalities there in. Companies are under the impression that general liability insurance covers everything. According to Ty Sagalow, an insurance consultant and founder of Innovation Insurance Group, “There are probably still some risk managers out there that think that their comprehensive general liability policy cover breaches,” says Sagalow, who was one of the main experts in charge of first drafting cyberinsurance policies for Zurich when he worked for the company prior to starting his own consulting shop. “These types of cyberevents are not covered in the typical standard forms of insurance.”

Cyber insurance

Cyber insurance is the insurance which covers loss occurred over the internet . The phenomenon is a recent one and yet to stabilize. Hence organizations like Sony must take into account adding additional coverage that can hold up to court scrutiny when things go haywire.

How can Alertsec help in cases of data breach?

Alertsec Xpress is the security service that protects data stored on your PC. As laptops are used in place of desktops, chances of data getting hacked are more. Unless your laptop is encrypted, you are running a big risk of your data getting compromised.

Encryption software helps enhance the laptop security. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software that simplifies data protection.

No comments »

Posted in Data Protection, Encryption, Hackers, Identity and Information loss, Uncategorized, identity theft

Tags: breach notification Class action Computer security data breach data security data theft prevention Enter your zip code here Games insurance Liability insurance PlayStation 3 PlayStation Network Qriocity security Sony United States Video game Zurich

Wake Forest Baptist suffers data breach

July 18th, 2011

Data breach at Wake Forest Baptist Medical Center

Medical records are the most vulnerable lot. Umpteen cases of hacking into medical data have been making headlines.

The latest joining the bandwagon is the Wake forest Baptist.

What happened?

Winston-Salem, N.C.-based Wake Forest Baptist Medical Center suffered a data loss of medical records and documents that affected 357 people.

Wake Forest Baptist Medical Center had fired an employee, Linda Bowden Turner, on June 1. It appears she had taken pages from 136 patient medical records and 221 employee documents that included Social Security numbers of past and current employees.

Ms. Turner was charged with larceny by employee. According to her attorney and WFBMC Ms. Turner was a hoarder and did not commit this deed intentionally.

Here is the statement issued by the Medical Center “On the afternoon of May 31, 2011, Wake Forest Baptist Medical Center received a call about documents, belonging or pertaining to the medical center, discovered in the basement of a rental home. Following an immediate response by our Privacy and Compliance Offices and with assistance from the Winston-Salem Police Department, our staff removed boxes from properties and storage units owned by former employee, Linda Turner”.

“None of the documents discovered comprised a complete patient medical record,” the center said. “The employment records date from a time when many hospitals used Social Security numbers as the employee identification number. Wake Forest Baptist discontinued this practice several years ago.”

Investigation showed that there were employment and medical documents mixed in with large volumes of the former employee’s personal documents, newspapers, magazines and trash.

There was no evidence found that said that the information was misused in any way. The documents appeared to be undisturbed in storage areas till the discovery.

Post breach

Wake Forest Baptist mailed Thursday a letter to affected individuals offering a free year of Debix credit-monitoring services, which require registration for use.

Soon after the incident the medical center has started training employees regarding the proper handling of paper documents containing personal or protected health information. Training program also includes training new staff and implementing this program in the annual mandatory compliance training.

The medical center has submitted a report to the appropriate regulatory agencies, including the U.S. Department of Health and Human Services, the North Carolina Attorney General and The Joint Commission. A review of the case has been completed by the North Carolina Department of Health Services Regulation (DHSR). DHSR found no discrepancies.

Implementing security measures with Alertsec

Time and again it has been proven that most laptops are stolen or valuable document taken from the place of work. Alertsec Xpress is the web-based service powered by Check Point Full Disk Encryption – the global leader in encryption for laptops and is used by big and small organizations that have recognized the need to protect their information.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption.
Powered by Check Point – the market leader

.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: Baptist breach notification laws computer encryption software Computer security data breach data encryption data security Enter your zip code here Health care Hospital identity theft Joint Commission Medical record Medicine North Carolina Social Security number Winston-Salem Winston-Salem North Carolina

A major hacking attack on Pentagon

July 18th, 2011

The dept. of defense unveils a new cyber security program

The U.S. Defense Department yesterday made a startling revelation. It admitted becoming a victim of a massive cyber-attack and also announced a new strategy to deal with online threats to national security.

The story

Hackers belonging to a foreign government broke into a Pentagon contractor’s computer system and stole 24,000 files in late March. They wanted access to files related to missile tracking systems, unmanned aerial vehicles and the Joint Strike Fighter.

According to William J. Lynn III, deputy defense secretary, the U.S. government knew what country the hackers belonged but refused to comment in the interest of diplomatic discretion. The breach coincided with the Thursday announcement of the Pentagon’s latest cyber-security initiative.

The program has been designed to proactively discourage cyber-criminals. It is the final step in the Obama administration’s push to secure U.S. military and civilian online networks. The plan consist of “five pillars” which outline the Pentagon’s general goals, for example classifying cyberspace as a military “operational domain,” like land, sea, air and space. Military personnel are being trained to deal with cyber-security issues.

“It is a significant concern that over the past decade terabytes of data have been extracted by foreign intruders from corporate networks of defense companies,” Lynn said.

The cyber-security program

The U.S. government wanted to make sure that cases like Sony and Citigroup where the companies informed their users very late about the breach, don’t happen again.

The cyber security program has been jointly created by the Defense Department and department of homeland security. This pilot program is called Defense Industrial Base Cyber-Pilot and is used to share classified information with defense contractors and commercial ISPs.

Under this program the government won’t be monitoring, intercepting or storing any private-sector communications. The goal is to collect the threat intelligence and use it to identify and stop malicious activity within their networks.

In addition, the Pentagon will integrate cyber-scenarios into military exercises and training. The Defense Department also plans to set up cyber-capabilities in the Reserve and National Guard.

Cyberspace has been listed as the “fifth domain” of warfare, after air, land, sea and space in the 13-page unclassified document that was released with the speech.

Defense department’s reaction

More than 60,000 “new malicious software programs or variations are identified every day, threatening our security, our economy and our citizens,” Defense Secretary Leon Panetta said in a statement.

“Our assessment is that cyber-attacks will be a significant component of any future conflict, whether it involves major nations, rogue states or terrorist groups,” Lynn said

The other side of the coin

“The reality is this is really a document focused on cybersecurity efforts, which are not unimportant, but it’s only one or two slices of the pizza,” said Dr. Dan Kuehl of the National Defense University. “Where’s the DoD’s strategy for the use of cyberspace to influence operations?”

Plan cyber-security with Alertsec

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

No comments »

Posted in Data Protection, Hackers, data breach, data encryption

Tags: breach notification computer encryption software Computer security Cyberwarfare data breach data security Enter your zip code here Leon Panetta Obama administration Pentagon United States United States Department of Defense William J. Lynn III

Computer containing personal data of Meridian Health Workers stolen

July 14th, 2011

Meridian Healthcare employee victim of laptop theft

It just takes one quick grab to steal a laptop or mobile. Users make it easy for thieves by putting such stuff out in the open in a restaurant, in an outside pocket of a backpack or leaving windows open at night.

One such incident took place recently in Meridian.

The incident

According to Asbury Park police Detective Capt. Anthony Salerno the theft occurred between 2 and 7 a.m. June 25.

It appears that a 55-year-old woman had left a window open at her home on Locust Drive before going to bed. In the morning she found that the screen had been cut and the window had been opened more. Her house was burgled and items taken were her work laptop computer and seven thumb drives containing financial documents for her employer, Meridian Health. The heist also included second laptop owned by the woman, two credit cards, a 19-inch television set and a bicycle. The items were around $5,000.

The woman’s laptop contained personal information of Meridian health care’s employees. There is no indication that any of the employee information was accessed. Probably identity theft was not the thief’s intention.

As to how many employees are affected is still not known. The police are also trying to find out whether the Asbury Park woman was authorized to bring the computer equipment home. The woman’s designation or profile in the company is also not known.

Laptop theft part of Cybercrime

Cyber-crime is defined as an intentional crashing of the servers, the stealing of important data, or the release of a virus or other malicious software.

Cyber criminals are getting more creative and big and small companies are in a frenzy to deploy new tools and procedures to deal with these new attacks

Security Measures taken by Meridian Healthcare

Meridian is the parent company of Jersey Shore University Medical Center in Neptune, Riverview Medical Center in Red Bank, Ocean Medical Center in Brick, Southern Ocean Medical Center in Stafford and Bayshore Community Hospital in Holmdel. Its partner companies include home health services and rehabilitation centers.

A national identity theft consulting company, appointed by Meridian Healthcare, is notifying the employees and providing them with comprehensive identity theft protection at Meridian’s expense for three years.

Learning from the incident, Meridian leaders are reforming security policies by offering continued protection of team members’ personal identification information in-house as well as hiring a security consultant to conduct an independent audit of Meridian’s policies and procedures.

Hire Alertsec

This incident stresses the need for data protection applications. The need of a Data encryption software and recovery software is felt by big and small companies in today’s vulnerable data world. The threat could have simply been reduced to an insurance matter by a mere investment of $13/month. Certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.