October 25, 2006
Data Security: Still An Oxymoron
Richard Kuper
The Kuper Report
http://TheKuperReport.com
I have written several times here about how data security is an oxymoron, and have given presentations on the subject. Here are excerpts from and links to two current ComputerWorld articles about some of the latest sad examples.
Identity thieves hit customers at TD Ameritrade, E-Trade
Overseas hackers broke into customer accounts at two popular online stock brokerages, TD Ameritrade Holding Corp. and E-Trade Financial Corp., in a "pump and dump" stock-trading scheme that led to at least $22 million in losses.
The attacks, which took place during the last three months, were launched by identity thieves in Eastern Europe and Asia who primarily used keylogging software delivered via Trojan horses or other malware to steal users' confidential information as they logged onto public computers or their own infected machines, TD Ameritrade CIO Jerry Bartlett said in an interview today.
The hackers then logged into existing customer accounts -- or created dummy accounts -- to buy shares in little-traded stocks, driving prices up so they could sell their own previously purchased shares for a profit.
8,500 victims in international data theft
British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from 8,500 people in the U.K. and others in some 60 countries, officials said Tuesday.
In total, cybercriminals targeted 600 financial companies and banks, according to U.K. authorities, who have worked over the past week to identify and notify victims.
The data was collected by a malicious software program nicknamed Haxdoor that infected victims' computers. Some 2,300 machines were located in the U.K. McMurdie said.
Haxdoor is a powerful program that can collect passwords and send them to another e-mail address plus disable a computer's firewall, among other functions, according to a description posted on security vendor F-Secure Corp.'s Web site. Symantec Corp., another security company, wrote it first detected Haxdoor in November 2003.
Computers can get infected with Haxdoor if they don't have security patches or up-to-date antivirus software. London police said it's believed many victims were infected through instant message programs.
* [Please post your job openings here] *
R.L. Kuper, Inc. - Management Consulting
The Kuper Report
http://TheKuperReport.com
I have written several times here about how data security is an oxymoron, and have given presentations on the subject. Here are excerpts from and links to two current ComputerWorld articles about some of the latest sad examples.
Identity thieves hit customers at TD Ameritrade, E-Trade
Overseas hackers broke into customer accounts at two popular online stock brokerages, TD Ameritrade Holding Corp. and E-Trade Financial Corp., in a "pump and dump" stock-trading scheme that led to at least $22 million in losses.
The attacks, which took place during the last three months, were launched by identity thieves in Eastern Europe and Asia who primarily used keylogging software delivered via Trojan horses or other malware to steal users' confidential information as they logged onto public computers or their own infected machines, TD Ameritrade CIO Jerry Bartlett said in an interview today.
The hackers then logged into existing customer accounts -- or created dummy accounts -- to buy shares in little-traded stocks, driving prices up so they could sell their own previously purchased shares for a profit.
8,500 victims in international data theft
British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from 8,500 people in the U.K. and others in some 60 countries, officials said Tuesday.
In total, cybercriminals targeted 600 financial companies and banks, according to U.K. authorities, who have worked over the past week to identify and notify victims.
The data was collected by a malicious software program nicknamed Haxdoor that infected victims' computers. Some 2,300 machines were located in the U.K. McMurdie said.
Haxdoor is a powerful program that can collect passwords and send them to another e-mail address plus disable a computer's firewall, among other functions, according to a description posted on security vendor F-Secure Corp.'s Web site. Symantec Corp., another security company, wrote it first detected Haxdoor in November 2003.
Computers can get infected with Haxdoor if they don't have security patches or up-to-date antivirus software. London police said it's believed many victims were infected through instant message programs.
| FindJobsPostJobs.com | CareerHotList.com |
October 21, 2006
Product Review: Kingston 4GB Data Traveler Secure USB Flash Drive
Richard Kuper
The Kuper Report
http://TheKuperReport.com
The maximum capacity of what are commonly referred to as "thumb" drives is getting larger. The need to secure the information stored on such portable devices has also increased. Enter the Kingston Technology (http://kingston.com) 4GB Data Traveler Secure USB Flash Drive.
The unit is a bit larger and heavier than other, smaller capacity thumb drives, but it stores up to 4GB of data, and you can secure that data from prying eyes if you so choose, using 256-bit data encryption.
There are no instructions on the outer packaging regarding how to secure data on the drive. I inserted the drive into an available USB port on a PC running XP. The "new hardware" popup appeared, and after a few moments XP identified it appropriately. I am used to also having another window pop up asking me how I'd like to use such a drive, or if only data is on the drive, windows explorer. Neither of these actions occurred, and so I manually started up windows explorer to see what, if anything, was on the drive. I found four files: Readme PDF files for mytraveler and mydatazone, and executables for the two. Mytraveler seems to be an additional interface if you want to use something other than windows explorer to move files back and forth. I did not load the program.
Mydatazone appeared to be the program that needed to be run in order to be able to make part or all of the thumb drive secure. Being a careful reader, two things came to my attention: If I ran the mydatazone program without first backing up the files that were on the thumb drive, those programs would be gone because it reformats the drive. And, at least according to the PDF file, the maximum amount of the drive that could be secured was the greater of 1GB or 1%. More on that in a moment.
So I copied all the files to my hard drive, then executed mydatazone.com. For some reason all sorts of windows popped open on my PC, including duplicate ones for running the program. I closed all but one asking me to create a password and containing the ability to set how much of the drive I wanted to be secure, from 0GB to 4GB. So it would seem that the PDF file was incorrect when it said I could only secure up to 1GB of the drive.
I decided to secure half the drive, and moved the provided slider to as close to 2.0 as I could get. I was able to either select 1.9GB or 2.01 GB. I selected 1.9GB and created my password. There is also the option to create a hint, which will come in handy if you ever forget the password. More about this in a moment. I then pressed the reformat button.
After the drive was reformatted there was only one program showing on the drive: mydatazone.com. Even the PDF file explaining how to use it was gone, so it is a good thing that I backed it up. I decided it was time to remove the drive and plug it in again to see what would happen. So I clicked on the "safely remove hardware" icon in my system tray and proceeded to safely remove and then reinsert the drive. This time windows explorer popped up, and so did a login window. I logged in. To windows explorer, I was accessing a 1.9GB thumb drive, which was the secure part of the drive. However, I now wanted to copy back the files I'd previously backed up (except for the new version of mydatazone.com), and did not need them to be in the secure section of the drive, so I logged out. To windows explorer, I was now accessing a 2.1GB thumb drive, which was the insecure part of the drive. I copied the other files back to the drive. I then wanted to switch back to the secure part of the drive, but couldn't figure out how to do that. So once again, I clicked on the "safely remove hardware" icon in my system tray and proceeded to safely remove and then reinsert the drive.
This time, only windows explorer opened. No login window. I forgot to mention that during the setup of the drive, I had the choice to turn 'off' login/logout confirmation and to turn 'off' the welcome window on startup. I did not select any of those options and so I expected to see them when inserting the drive. There are also options to "trust this machine" so that one could potentially bypass the login requirement. I did not choose that and personally think that is a bad idea, as any machine could be compromised at some point.
The good news is that Kingston provides toll-free support, so I called. I explained what I'd done and that now the drive was not asking me to log in and I couldn't figure out how to get to the secure portion of the drive. I was passed along to second level support. I was informed that in order to get to the secure portion of the drive, I needed to execute the mydatazone.com file that was on the drive. I did and that indeed brought me to the login window. While I was on the phone I pointed out the error in the PDF file about how much of the drive could be secured. During additional conversation I found out that there was a similar drive available that did not have the option of an insecure portion if one wanted only a totally 100% secure drive with no option of having an insecure portion.
An important note. You must log out of the secure part of the drive before safely removing, so always remember to log out.
Now I promised to say more about passwords, so pay close attention. You get a maximum of 10 tries to type your password correctly. Use the hint you provided yourself if you don't remember it (but please don't make a hint that anyone would then be able to guess your password, and do create a secure password). If, on the tenth try, you still haven't gotten the password right, you will not be able to access the secure data on the drive. Ever! Tech support will not be able to help you access it. Your only option at that point will be to start over and reformat the drive. All data will be lost.
Also note: The password protection/data encryption features of this product are only available for Win 2000 SP4 and Win XP operating systems. The website says that neither the password protection/data encryption features, nor the file transfer features are available (I guess that means it just won't work) on PCs running Win NT, Win 95, Win 98, Win98SE, or Win ME. The website does say, however, that the drive is "Enhanced for Windows ReadyBoost on PCs preinstalled with Windows Vista™". Not having a PC preinstalled with Vista, I'm not really sure what that means.
The bottom line: If you need more portable storage, and some or all of it needs to be secure, get the Kingston 4GB Data Traveler Secure USB Flash Drive and follow the instructions and advice in this article. And in case you are using this drive near water, Kingston says this drive is waterproof (up to 4 feet).
* [Please post your job openings here] *
R.L. Kuper, Inc. - Management Consulting
The Kuper Report
http://TheKuperReport.com
The maximum capacity of what are commonly referred to as "thumb" drives is getting larger. The need to secure the information stored on such portable devices has also increased. Enter the Kingston Technology (http://kingston.com) 4GB Data Traveler Secure USB Flash Drive.
The unit is a bit larger and heavier than other, smaller capacity thumb drives, but it stores up to 4GB of data, and you can secure that data from prying eyes if you so choose, using 256-bit data encryption.
There are no instructions on the outer packaging regarding how to secure data on the drive. I inserted the drive into an available USB port on a PC running XP. The "new hardware" popup appeared, and after a few moments XP identified it appropriately. I am used to also having another window pop up asking me how I'd like to use such a drive, or if only data is on the drive, windows explorer. Neither of these actions occurred, and so I manually started up windows explorer to see what, if anything, was on the drive. I found four files: Readme PDF files for mytraveler and mydatazone, and executables for the two. Mytraveler seems to be an additional interface if you want to use something other than windows explorer to move files back and forth. I did not load the program.
Mydatazone appeared to be the program that needed to be run in order to be able to make part or all of the thumb drive secure. Being a careful reader, two things came to my attention: If I ran the mydatazone program without first backing up the files that were on the thumb drive, those programs would be gone because it reformats the drive. And, at least according to the PDF file, the maximum amount of the drive that could be secured was the greater of 1GB or 1%. More on that in a moment.
So I copied all the files to my hard drive, then executed mydatazone.com. For some reason all sorts of windows popped open on my PC, including duplicate ones for running the program. I closed all but one asking me to create a password and containing the ability to set how much of the drive I wanted to be secure, from 0GB to 4GB. So it would seem that the PDF file was incorrect when it said I could only secure up to 1GB of the drive.
I decided to secure half the drive, and moved the provided slider to as close to 2.0 as I could get. I was able to either select 1.9GB or 2.01 GB. I selected 1.9GB and created my password. There is also the option to create a hint, which will come in handy if you ever forget the password. More about this in a moment. I then pressed the reformat button.
After the drive was reformatted there was only one program showing on the drive: mydatazone.com. Even the PDF file explaining how to use it was gone, so it is a good thing that I backed it up. I decided it was time to remove the drive and plug it in again to see what would happen. So I clicked on the "safely remove hardware" icon in my system tray and proceeded to safely remove and then reinsert the drive. This time windows explorer popped up, and so did a login window. I logged in. To windows explorer, I was accessing a 1.9GB thumb drive, which was the secure part of the drive. However, I now wanted to copy back the files I'd previously backed up (except for the new version of mydatazone.com), and did not need them to be in the secure section of the drive, so I logged out. To windows explorer, I was now accessing a 2.1GB thumb drive, which was the insecure part of the drive. I copied the other files back to the drive. I then wanted to switch back to the secure part of the drive, but couldn't figure out how to do that. So once again, I clicked on the "safely remove hardware" icon in my system tray and proceeded to safely remove and then reinsert the drive.
This time, only windows explorer opened. No login window. I forgot to mention that during the setup of the drive, I had the choice to turn 'off' login/logout confirmation and to turn 'off' the welcome window on startup. I did not select any of those options and so I expected to see them when inserting the drive. There are also options to "trust this machine" so that one could potentially bypass the login requirement. I did not choose that and personally think that is a bad idea, as any machine could be compromised at some point.
The good news is that Kingston provides toll-free support, so I called. I explained what I'd done and that now the drive was not asking me to log in and I couldn't figure out how to get to the secure portion of the drive. I was passed along to second level support. I was informed that in order to get to the secure portion of the drive, I needed to execute the mydatazone.com file that was on the drive. I did and that indeed brought me to the login window. While I was on the phone I pointed out the error in the PDF file about how much of the drive could be secured. During additional conversation I found out that there was a similar drive available that did not have the option of an insecure portion if one wanted only a totally 100% secure drive with no option of having an insecure portion.
An important note. You must log out of the secure part of the drive before safely removing, so always remember to log out.
Now I promised to say more about passwords, so pay close attention. You get a maximum of 10 tries to type your password correctly. Use the hint you provided yourself if you don't remember it (but please don't make a hint that anyone would then be able to guess your password, and do create a secure password). If, on the tenth try, you still haven't gotten the password right, you will not be able to access the secure data on the drive. Ever! Tech support will not be able to help you access it. Your only option at that point will be to start over and reformat the drive. All data will be lost.
Also note: The password protection/data encryption features of this product are only available for Win 2000 SP4 and Win XP operating systems. The website says that neither the password protection/data encryption features, nor the file transfer features are available (I guess that means it just won't work) on PCs running Win NT, Win 95, Win 98, Win98SE, or Win ME. The website does say, however, that the drive is "Enhanced for Windows ReadyBoost on PCs preinstalled with Windows Vista™". Not having a PC preinstalled with Vista, I'm not really sure what that means.
The bottom line: If you need more portable storage, and some or all of it needs to be secure, get the Kingston 4GB Data Traveler Secure USB Flash Drive and follow the instructions and advice in this article. And in case you are using this drive near water, Kingston says this drive is waterproof (up to 4 feet).
| FindJobsPostJobs.com | CareerHotList.com |
Who links to me?
