Posts Tagged ‘Data Security’
Data Security – Copy machines spill identity secrets
October 20th, 2010 | 
Author: 
In 2009, the Canadian Anti-Fraud Centre fielded identity fraud reports from 11,095 Canadian victims. Identity thieves can get useful information from old photocopiers whose hard drives haven’t been cleared.
Personal information scanned into certain digital photocopier hard drives can be easily tapped, according to a CBC News investigation probing the second-life of older machines that are re-sold or leased.
CBC purchased a used Canon Image Runner Colour 3200 from a UPS franchise on Kijiji, an online classifieds website. The copier’s two hard drives were removed and plugged into a laptop, which revealed the units had not been wiped clean before being sold and shipped.
The drives were also sent to forensics experts at Digital Copier Security Inc. for further analysis. Experts called up more than 100 documents on one of the hard drives, said John Juntunen, chief operating officer of the California-based company.
Files included copies of income tax returns, health information gathered in a lab report, a driver’s licence, a citizenship card and business documents.
While some documents are harder to retrieve than others — and require a full forensics search of the hard drives — others can be called up quickly and easily, Juntunen said.
“Sometimes it’s as easy as walking up to a machine, pushing a couple of buttons and pulling up documents that were stored on the hard drive,” he said.
He also noted there appeared to be no attempt to clear the drives before they were sold.
“The job logs were still intact, the IP addresses were still intact, so we saw no effort of cleaning the machine at all,” Juntunen said.
Full Article: http://news.ca.msn.com/top-stories/cbc-article.aspx?cp-documentid=25998559
Posted in 
Tags: 
RSA Europe: Demonstrating actual compliance is a very costly business.
Posted 10.18.10
The RSA Europe conference opens in London tomorrow and, to kick off the three-day key security event, the organizers have published a report looking at the need for regulatory compliance in organizations.
According to the report, entitled `A New Era of Compliance: Raising the Bar for Organisations Worldwide’, regulations are becoming more and more prescriptive.
For example, says the study, US state laws are now mandating that encryption becomes more effective, whilst the enforcement of those same regulations is getting stronger, as witnessed by the Information Commissioners’ Office being granted increased powers and penalties.
The report, which has been authored by the Security for Business Innovation Council (SBIC), notes that breach notification laws are spreading across the globe and that responsibilities to assume business partners’ security is growing.
The first regulatory guidelines to assure cloud computing service providers’ security, for example, have just been issued by the data protection authority in Germany.
Full Article: http://www.infosecurity-magazine.com/view/13120/rsa-europe-demonstrating-actual-compliance-is-a-very
Secret U.S. data found on cast-off hard drive
TheStar.com
June 23, 2009
Journalism students say they paid $40 in Ghana for a second-hand hard drive that contained information about multi-million-dollar defense contracts between the Pentagon, U.S. Department of Homeland Security and one of the largest military contractors in the United States.
One of the students said the hard drive was purchased in an open-air market in the coastal town of Tema from a local dealer who bought second-hand hard drives by the cargo load.
The drive contained information about hiring and personnel contracts and plans for U.S. defense agencies and the private military contractor Northrop Grumman, they say. The data on the hard drive included sensitive information about hiring practices, which could help people learn how to get into secured positions at places such as airports. The hard drive also contained information such as credit card numbers and family photos.
