Archive for the ‘Data Security’ Category
NASA sold Space Shuttle PCs without wiping secret data
December 14th, 2010 | 
Author: December 8, 2010 – 3:03 P.M.
For sale, used computer packed full of secret NASA Space Shuttle data. As part of a plan to securely end the Space Shuttle program, NASA is getting rid of old computers. However, NASA officials failed to delete sensitive data on PCs and hard drives before selling the equipment. The Office of Inspector General found “serious” security breaches at NASA centers in Florida, Virginia, Texas and California.
NASA is full of very bright minds, so how did it manage to make such a noob mistake of selling PCs without wiping the hard drives? An audit [PDF] found 10 of 14 computers that failed tests to ascertain they’d been wiped properly. One computer that was to be sold still contained sensitive Space Shuttle data, which was subject to export control by the International Traffic in Arms Regulations.
All electronic storage media is supposed to be wiped of data “to the degree that there is reasonable assurance that the data cannot be retrieved or reconstructed,” the audit stated. NASA approved software for sanitizing hard drives include DBAN (Darik’s Boot and Nuke), Secure Erase, and WipeDrive/WipeDrive Pro. Contractors in charge of deleting sensitive information used DBAN and Active@KillDisk – which is not NASA approved at Johnson’s disposition center. Ames used BCwipe, which is DOD compliant, but not NASA approved. USA used Symantec DateGone which is not approved by NASA, DOD or NSA.
Hard drives were missing from Langley Research Center in Virginia and from Kennedy. Some of those hard drives from Kennedy were later found inside a dumpster that was accessible to the public, the audit says.
Article Link: http://blogs.computerworld.com/17500/fail_nasa_sold_space_shuttle_pcs_without_wiping_secret_data
Related: http://www.bbc.co.uk/news/technology-11947721
Related: http://www.computerworlduk.com/news/security/3252509/nasa-sold-pcs-without-wiping-sensitive-data/
Posted in 
Tags: 
Data Security – Copy machines spill identity secrets
In 2009, the Canadian Anti-Fraud Centre fielded identity fraud reports from 11,095 Canadian victims. Identity thieves can get useful information from old photocopiers whose hard drives haven’t been cleared.
Personal information scanned into certain digital photocopier hard drives can be easily tapped, according to a CBC News investigation probing the second-life of older machines that are re-sold or leased.
CBC purchased a used Canon Image Runner Colour 3200 from a UPS franchise on Kijiji, an online classifieds website. The copier’s two hard drives were removed and plugged into a laptop, which revealed the units had not been wiped clean before being sold and shipped.
The drives were also sent to forensics experts at Digital Copier Security Inc. for further analysis. Experts called up more than 100 documents on one of the hard drives, said John Juntunen, chief operating officer of the California-based company.
Files included copies of income tax returns, health information gathered in a lab report, a driver’s licence, a citizenship card and business documents.
While some documents are harder to retrieve than others — and require a full forensics search of the hard drives — others can be called up quickly and easily, Juntunen said.
“Sometimes it’s as easy as walking up to a machine, pushing a couple of buttons and pulling up documents that were stored on the hard drive,” he said.
He also noted there appeared to be no attempt to clear the drives before they were sold.
“The job logs were still intact, the IP addresses were still intact, so we saw no effort of cleaning the machine at all,” Juntunen said.
Full Article: http://news.ca.msn.com/top-stories/cbc-article.aspx?cp-documentid=25998559
RSA Europe: Demonstrating actual compliance is a very costly business.
Posted 10.18.10
The RSA Europe conference opens in London tomorrow and, to kick off the three-day key security event, the organizers have published a report looking at the need for regulatory compliance in organizations.
According to the report, entitled `A New Era of Compliance: Raising the Bar for Organisations Worldwide’, regulations are becoming more and more prescriptive.
For example, says the study, US state laws are now mandating that encryption becomes more effective, whilst the enforcement of those same regulations is getting stronger, as witnessed by the Information Commissioners’ Office being granted increased powers and penalties.
The report, which has been authored by the Security for Business Innovation Council (SBIC), notes that breach notification laws are spreading across the globe and that responsibilities to assume business partners’ security is growing.
The first regulatory guidelines to assure cloud computing service providers’ security, for example, have just been issued by the data protection authority in Germany.
Full Article: http://www.infosecurity-magazine.com/view/13120/rsa-europe-demonstrating-actual-compliance-is-a-very
Copy Machines, a Security Risk?
Digital Photocopiers Loaded With Secrets
Your Office Copy Machine Might Digitally Store Thousands of Documents That Get Passed on at Resale
By Armen Keteyian
(CBS) At a warehouse in New Jersey, 6,000 used copy machines sit ready to be sold. CBS News chief investigative correspondent Armen Keteyian reports almost every one of them holds a secret.
Nearly every digital copier built since 2002 contains a hard drive – like the one on your personal computer – storing an image of every document copied, scanned, or emailed by the machine.
In the process, it’s turned an office staple into a digital time-bomb packed with highly-personal or sensitive data.
If you’re in the identity theft business it seems this would be a pot of gold.
“The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms,” John Juntunen said, “that information would be very valuable.”
Buffalo Reacts to CBS News Investigation
Juntunen’s Sacramento-based company Digital Copier Security developed software called “INFOSWEEP” that can scrub all the data on hard drives. He’s been trying to warn people about the potential risk – with no luck.
Link to Article: http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
Data Losses May Spur Lawsuits
eWeek
June 12, 2006
From the nation’s largest financial services institutions to the local YMCA, legal and privacy experts maintain that organizations that inadvertently or secretly expose their customers’ data will increasingly face legal action.
