Saturday, January 24, 2009

It is never "Just an 'information' loss."

Eavesdropping.
Wiretapping.
Data theft.

Sure, the lost information is very valuable, but the collateral damage can be the real killer.
Investigation costs.
Stockholder suits.
Attorney's fees.
Evaporated customer "good will."
Lost competitive standing.
Public embarrassment.
...and even this unexpected PR cost...

Discounter TJX Cos. today is holding its long-anticipated "Customer Appreciation" sale, related to the massive consumer data breach that compromised as many as 100 million accounts.

The one-day promotion, advertised yesterday for the first time, gives customers 15 percent off purchases, excluding gift cards and layaways. The sale is being held at more than 2,100 TJ Maxx, Marshalls, HomeGoods, and A.J. Wright stores nationwide.

The customer appreciation sale was initially negotiated as part of a court settlement connected to the breach, which was first disclosed by TJX in January 2007. Ultimately, the sale was not included in the court agreement, but TJX - which rarely holds storewide sales - said it decided to hold the promotion anyway. (more)

Moral: Proactive security is cheaper, much much cheaper. Call us.

You've hired a great security consultant when...

...they think like this!

Kevin,
I trust all is well with you.
This was sent to me by one of my kids.

SoundBulb - lighting and wireless speakers

My thought was gee….could it not be converted into a microphone?


Pat Murphy
, President
LPT Security Consulting

www.lptoday.com
713.899.2402
Houston, Texas

Thank you, Pat!
(Although this bulb is not available yet,
the SpyCam light bulb is here.
)

How a Leak Created Information Security Policy

Canada - First, they disconnect the phone lines. Then they lock the doors. And nobody gets out for 27 hours.

Ottawa goes to extreme lengths to shield the printing of the federal budget from prying eyes – a process that begins again this weekend in preparation for the huge stimulus package the Harper government will unveil on Tuesday.

“It's like Fort Knox,” one former Finance Department official said of the secrecy and security deployed to ensure that nothing like the 1989 leak of a budget pamphlet to Global TV reporter Doug Small ever happens again.

Twenty years after the embarrassing incident, the department refuses to discuss any aspect of printing the budget. (more)

Eight Charged With Illegal Wiretapping

Before
Peru's attorney general presented criminal charges Friday against eight people, including a recently demoted rear admiral, accused of making illegal wiretap recordings...

Attorney General Gladys Echaiz said six suspects run a private security company, Business Track SAC, that allegedly tapped the phone lines of as many as 30 people. Two others worked for a subcontractor. (
more)

After

70% Spy On Their Partner Online

UK - More than 70 percent of people spy on their partners online activity, many at least once a month, it has been found.

The worried spouses are not only spying on internet histories to see if adult websites have been viewed, but also monitoring each others social networking. 68 percent of Brits also admitted they would check their partner's private emails if they knew the password.

Steffen Ruehl, of yasni which commissioned the study said: "There really is nowhere to hide on the web anymore; especially now that people are so active online, with social networking sites and forums." (more)

Quote of the day - Grapes of Wrath

"I hate cameras. They are so much more sure than I am about everything."
--John Steinbeck

Friday, January 23, 2009

A business map which shows the trolls and traps!

There is a new threat assessment kid on the block, run by old pros with a great reputation.
iThreat®

The iThreat® Global Intelligence Monitor (GIM) is a near-real-time Web application that displays potential threat data on a map, right alongside your organization’s assets.

Potential threats are proximity-matched according to your organization’s facility locations. You can also uncover threats that refer to products, employee destinations and your executives’ names.

Test-Drive GIM for Free! (Due to the sensitive nature of Red Flag threat data, demos are restricted to qualified security professionals only.)

Thursday, January 22, 2009

You Need A Smart Information / Data Attorney

I am at Princeton University yesterday, giving a counterespionage presentation to InfraGuard.
Surprise!
I left with more than I brought:
-
Recommended Data Security Best Practices -- a lucid and 'doable' White Paper.
- And, a valuable business card...

One of my fellow presenters turned out to be "data legalities" guru, Scott S. Christie, a Partner at McCarter & English (160 years old, 400 lawyers, excellent reputation). He concentrates his practice in the areas of Information Technology, Intellectual Property, White-Collar Criminal Defense and Complex Commercial Litigation.

Scott provides counseling to companies on protecting the confidentiality, integrity and availability of their proprietary business information and computer networks and on complying with information security and electronic privacy laws and regulations.

He really knows his stuff!

Additionally, he assists companies in developing computer network incident response plans, provides guidance after network security breaches, conducts internal investigations and litigates against those responsible for network intrusions.

Proactively, Mr. Christie instructs companies on protecting information and provides guidance concerning their obligations when responding to breaches of security.

You want Scott on your side... before it all hits the fan.
He knows where the switch is. Call him. Say hello.


Would you like a copy of Scott's Best Practices, too?
Click here!
~Kevin

An Industry Leader Speaks Out on Espionage

You have seen the "Employees Steal Company Secrets" stories here, and in WhiteRock's newsletter, WhiteSparks. Here is what a top insider thinks... (via WhiteSparks)

In response to WhiteSparks article ‘Enemy Within: 60% of Employees Happy to Steal Company Secrets’ (Issue 1, 7 January 2009), we recently received an email from a senior figure in the industry. He provides a compelling reason for why employees are willing to steal company secrets:

"You know, there would be less of this going on if companies did not actively recruit staff with the intention of taking client lists with them..... It's like drugs - if there is no market, there is no point in being the supplier...."

Stories in the media about the theft of trade secrets tend to focus on individual employees who are caught red-handed, but here we are invited to consider the wider issue – that of corporate demand for proprietary information.

If you enjoy Kevin's Security Scrapbook you will also want to receive WhiteSparks. Contact WhiteRock's Managing Director, Rali Maripuu, for your free subscription.

Wednesday, January 21, 2009

Top actress’ cell phone cloned to eavesdrop

Korea’s top actress Jun Ji-hyun’s cell phone has been illegally cloned to allow eavesdropping by her management company whose contract with her expires next month, police say. The company denied the allegation.

Police had earlier questioned three people from a private detective agency, including a 42-year-old man identified only by the surname Kim, and two Sidus HQ officials about the alleged phone duplication.

The private agency was hired by Jun’s company exclusively for the job, police say. (more)

In 2000, an intimate videotape of a singer taped by her manager was leaked. There was a feeling that the formation of huge entertainment agencies in recent years has meant less intrusion into stars' privacy, but some managers say discreet "monitoring" of the private life of stars still goes on and is considered necessary supervision. (
more)

UPDATE ...a representative from the police department revealed that the two Sidus HQ employees under investigation have admitted to the illegal eavesdropping of Jeon Ji Hyun’s mobile. (more)

UPDATE II ...Prosecutors cleared the chief of Sidus HQ, a major entertainment agency, of replicating a cell phone of top actress Jeon Ji-hyun, 27, to track her phone calls and text messages... The outside expert, who was hired to help copy and rig Jeon's handset, was given a one-year jail sentence last month. (more)

World's Biggest Data Breach

Credit card payment processor Heartland Payment Systems may be the victim of the largest breach to date.

The Princeton, N.J.-based firm said Tuesday that it discovered malicious software in its systems that compromised the security of the data traversing its network.

It's unclear what data may have been tampered with or stolen, but Heartland said no merchant data, cardholder Social Security numbers, unencrypted PIN numbers, addresses or telephone numbers "were involved in the breach."


The company also advised consumers to examine their monthly statements closely.

Heartland told The Washington Post that it processes 100 million credit and debit card transactions per month. This volume led analysts to surmise that the company's breach could be the world's biggest to date. (more)

SpyCam Story #511 - $29.90 Mini SpyCam

...from the seller's web site.
"The Eyecam all-in-one color video (and audio) camera is one of the world's smallest color video cameras with built in transmitter available. ...at a low low price, you can have the coolest spy gadget in the world! Amazing!" (more)
Why do we mention it.
So you will know what you are up against.

VoIP Hackers Strike (as predicted)

Australia - A hacker recently obtained unauthorised access to the IP telephony (VoIP) system of a Perth business, making 11,000 calls costing over $120,000, according to the Western Australian police.

The calls were made over a period of 46 hours, the police said, and the business only became aware of the imposition when it received an invoice from its service provider. (more)

Pet Eye View Digital Camera

What have Kitty and Fido been up to all day, anyway?
Find out with this amazing device!
The ultra-compact and extremely durable digital camera clips onto your pet's collar, just like an ID tag. Its water-resistant ABS housing will keep it secure while your best friend roams the world, giving you the chance of a lifetime to actually see all the stories your pet has been dying to tell you for years! The internal memory stores lots of photos, and the timer can be set to automatically take a shot every 1, 5, or 15 minutes. (more)
FutureWatch...
Wireless Color Real-Time Video with Sound.
No, wait...
that's the next story.

"And now for something completely different."

Like cheese?
Like it with a nice drink?
Find your skoal-mate at cheesecupid.com
Very cool site. ~Kevin