[SecurityRatty] tag: restore

It makes good sense to just re-install

Tue, 02 Dec 2008 13:35:34 +0000

This article offers a different approach to fighting malware infections.
There is that stigma that users have with a re-install, they are not familiar with how to do it. Many dont even know if they have a restore CD that may have come with their puter when they bought it.

clipped from www.isyougeekedup.com

The Only Way To Permanently Remove Viruses, Spyware, and Malicious Code

If you ask any experienced and competent IT professional what to do about an infected system, they should only give you one answer: format your hard drive and reinstall your operating system.? Why skip straight to the format/reinstall and disregard the anti-virus and anti-spyware removal tools?

Bill allows victims of identity theft to obtain restitution

Wed, 17 Sep 2008 19:28:07 +0000

Finally, criminals can be held responsible for the theft of our personal data.

clipped from www.eweek.com

Congress Approves Computer Fraud Bill

The bill amends the federal criminal code to expand
interstate and foreign jurisdiction for prosecution of computer fraud offenses
and imposes criminal and civil forfeitures of property used to commit computer
fraud offenses. In addition, the legislation makes it a felony to damage 10 or
more protected computers used by or for the federal government or a financial
institution.

The legislation also expands the federal definition of
cyber extortion to include a demand for money in relation to damage to a
protected computer, where such damage was caused to facilitate the extortion.
It also allows victims of identity theft to obtain restitution for time and
money spent to restore credit and imposes a fine and imprisonment for
installing spyware on a computer.

From one geek to another, back up your data!

Sat, 09 Aug 2008 12:02:32 +0000

Hello all, hope all is well.

Last week my wifes puter went BSOD. I ended up doing the Ghost restore back to day one. As I began to put her puter back together with her favorite programs, I hoped she had a current backup of her emails and Firefox favs put away somewhere.

She did! I was a happy toad! But for some reason, the backups were not compatible with the restore options with Firefox and Thunderbird.

So she lost all her emails for the last 2 months. The Firefox favs and settings are not a worry so much, but those emails she lost, sad.

So I come to you today thru the zeros and ones of the Internet to tell you,,,,,

Back up you data and make sure the restore options will work. Now I use Mozy and Ive had to do a restore with it in the past and it works great. So dont just be satisfied that you have backups, make sure the restore will work! Try it out. Do a backup and then right away, restore the data and check it.

Heres the Mozy link I promote on SpywareBiz.com, give it a try.

Decrypting and Restoring GPcode Encrypted Files

Tue, 01 Jul 2008 04:26:39 +0000

The futile attempt to directly attack the encryption algorithm used by the GPcode ransomware, is prompting Kaspersky Labs to invest in a more pragmatic solutions to the problem, with a new version of the StopGpcode tool released last week. More info :

"It turns out that if a user has files that are encrypted by Gpcode and versions of those same files that are unencrypted, then the pairs of files (the encrypted and corresponding unencrypted file) can be used to restore other files on the victim machine. This is the method that the StopGpcode2 tool uses.

Where can these unencrypted files be found? They may be the result of using PhotoRec. Moreover, these files may be found in a backup storage or on removable media (e.g., the original files of photographs copied to the hard disk of a computer that has been attacked by Gpcode may still be on a camera’s memory card). Unencrypted files may also have been saved somewhere on a network resource (e.g., films or video clips on a public server) that the Gpcode virus has not reached."

As the customer support desk behind GPcode pointed out in an interview, the malware is prone to evolve, and the simplistic file deletion process will be replaced by secure file deletion in order to render all data recovery tols useless, unless of course backups of the affected data are available. They often aren't, and depending on the importance of the files encrypted, the successful ransom is all a matter of the momentum.

"A person, presumably the author of Gpcode, contacted at one of the e-mail addresses left behind by the program stated that future development efforts will likely increase the key size to 4,096 bits, "if AV companies or other (people) crack the current key, but (that's) impossible. The self-proclaimed author, who used the name "Daniel Robertson," also said that other standard techniques to defeat antivirus will be added, including polymorphic encryption, anti-heuristic features and the ability to self propagate, turning the program into a computer virus. It well pays back itself," he said"

There are even more pragmatic approaches to dealing with this problem, next to backups undermining their business model. Try following the virtual money for instance.

Backup Exec System Recovery Server Edition 8 Trialware

Thu, 19 Jun 2008 09:00:00 +0000

(Source: Symantec) Symantec Backup Exec™ System Recovery 8 is the gold standard in complete Windows® system recovery with the ability to restore systems in minutes, even to dissimilar hardware or virtual environments. Now includes flexible offsite protection and enhanced data recovery capabilities, integration with Symantec security and systems management solutions, and support for Windows Server 2008.

Best Practices for Backup and Recovery Webcast

Wed, 18 Jun 2008 09:00:00 +0000

(Source: Symantec) Data and system loss - from a hard drive failure, malicious attack, natural disaster, or simple human error - can happen anytime. Dont leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.

Sandown Health Centre backup tape is missing

Tue, 27 May 2008 09:14:16 +0000

Technorati Tag: Security Breach

Date Reported:
5/19/08

Organization:
NHS Trust

Contractor/Consultant/Branch:
Isle of Wight NHS Primary Care Trust
Sandown Health Centre
City Link (the courier)

Victims:
Patients

Number Affected:
38,650

Types of Data:
Medical records

Breach Description:
"The Isle of Wight NHS Primary Care Trust and the Sandown Health Centre are taking action to reassure patients after a computer tape containing their personal details went missing."

Reference URL:
Isle of Wight NHS Primary Care Trust News
The Press Association
BBC News
eHealth Insider

Report Credit:
The Press Association

Response:
From the online sources cited above:

The Isle of Wight NHS Primary Care Trust and the Sandown Health Centre are taking action to reassure patients after a computer tape containing their personal details went missing.

The tape was sent in March to a London-based specialist GP software company who are responsible for maintaining their clinical software.

They carry out checks on computer back-up tapes to make sure they could be used effectively to restore information to the practice computer system in the event of a system failure or other emergency such as a fire.

Unfortunately, the tape has not been received back at the Health Centre, having been despatched by the company through a courier service in March.

Sent on 11 March, it took two months before the tape’s disappearance was discovered by INPS and the PCT.
[Evan] The amount of time that it took to notice that the tape was missing is cause for concern.

The tape was meant to be tracked at every stage by City Link to ensure it reached its destination - the courier firm admitted this had not happened and it is now investigating the loss.

A spokesperson said: "We are naturally very concerned by the loss of our customer’s consignment and a rigorous search for the parcel continues. We are doing everything in our power to resolve the matter and return the package as quickly as possible."

It is presumed that the tape has been lost, possibly permanently, although all possible efforts are being made to try and find it.

The tape contains medical records of 38,650 current and past patients of the Health Centre from July 1996 onwards.

It includes all current patients and large numbers of patients who registered on a temporary basis whilst visiting or working on the Island and patients who have since transferred to practices elsewhere.

It is standard practice for GPs to hold patient details for at least ten years after they are no longer registered with them.
[Evan] Some of the information on the tape dates back 12 years, but that is still in accordance with "at least ten years".

the risk of the tape being misused is extremely small

The tape requires specialist computer equipment to run it and the data is password protected.

In addition, highly advanced computer skills and/or access to a specialist programme only normally used by GPs and the data verification company are needed to make any sense of the information on the tape.
[Evan] According to the eHealth Insider story the tape was encrypted. Is the "specialist programme"? If this is the case, and presuming that good password management practices were followed, then I agree with the assessment that the risk of disclosure is probably small.

The PCT is working with the practice to contact as many patients as possible and is in the process of writing to those who are currently still registered with the practice.

a dedicated telephone helpline has been set up and can be contacted on 0845 602 6834 between 8am and 8pm from Monday to Friday

The Interim Chief Executive of the PCT, Margaret Pratt, said: "Although there is very little chance of anyone being able to do anything untoward with this tape, should they find it, it is potentially a very serious loss of confidential information.

"It is important that everyone concerned continues to do everything possible to try and locate the tape and that is happening. It is equally important that we provide reassurance to patients over the level of risk that their personal information could be misused and I am confident that risk is extremely small."

"I should stress that neither the Health Centre nor the NHS more widely on the Island are in any way responsible for this tape going missing. However, we will, of course, be reviewing the procedures used for data verification by practices to see if there are lessons to learn."

Dr Peter Randall, Senior Partner at the Sandown Health Centre, added: "We have another copy of the back-up tape and our main computer records system is not affected by this. So we still have access to all the information we need and patient care is not compromised in any way."

"My own view is also that the risk of any harm resulting is minimal. My own family are registered as patients at this practice which means their details are amongst those on the tape. I have no worries about the information falling into the wrong hands and being used improperly."

The incident comes five months after NHS chief executive David Nicholson wrote to all NHS trust chief executives telling them to review and tighten their information governance and data transfer arrangements.
[Evan] Unfortunately, it took a number of breaches before Mr. Nicholson issued his directive. Better late than never. He should be commended in regards to the directive. My hope is that the NHS follows good information security governance practices and continually strives to improve their information security program(s).

Commentary:
There was no mention (unless I missed it) of encryption in the official Isle of Wight NHS news announcement. The encryption mention comes in the eHealth Insider report. It is also not clear what "medical records" entails exactly.

Past Breaches:
NHS Trust:
March, 2008 - Stolen NHS flash drive contained adolescent information
February, 2008 - Laptop missing from Russells Hall Hospital (UK)
January, 2008 - Stolen Bolton Hospitals Laptop affects cancer patients
January, 2008 - Queen Mary's Sidcup Hospital microfiche film goes missing
January, 2008 - Stockport Primary Care Trust flash drive goes missing
January, 2008 - Oldham Primary Care Trust NHS loses two data sticks
January, 2008 - Highly sensitive medical information found in the road
December, 2007 - Laptop stolen in Royal Bolton Hospital break-in
September, 2007 - Dudley Group of Hospitals NHS Patient Data For Sale on eBay

Ted Kennedy: a lifetime of achievement, regrets of a world that could have been

Tue, 20 May 2008 20:04:43 +0000

I usually stay away from politics on my blog. As I have said before, it is my blog and I can write what I want, but politics usually is just to controversial for me to write on. Upon hearing the terrible news about Ted Kennedy's malignant brain tumor, I was moved to write something, than thought twice about it and thought yet again. However, Ted Kennedy and his life and times has been such an influence and part of my life, that I am compelled to write. So on this night where it appears that an African-American has won a majority of the pledged delegates of the Democratic Party, while running against a woman, I think it only fitting to remember Ted Kennedy. I do not mean this as a eulogy or obituary and in fact hope against all that I have read and heard that a miracle will grant him many more years of serving in the Senate. But it seems Teddy has a tough road ahead and this is as good as a time as any to speak out.

One of my earliest memories of current events was when Ted's brother John was assassinated. I was a little boy playing catch with my Dad when my Mom came to the door and called us in because something terrible had happened. I didn't really understand, but my parents told me that the President (who I had seen with VP Johnson drive by in a motorcade months before) had been shot. I don't remember a lot more of the details, but do remember Oswald getting shot and some pictures of the funeral. The mind of a young boy is quickly filled with other things though and I moved on past that horrific November day.

Next when I was a bit older, the crazy year of '68 was upon us. I was still fairly young, but I remember riots in the cities, pictures on the news of the war and Bobby Kennedy, the Senator from NY running for President when President Johnson said he would not run. Martin Luther King was shot and killed and so was Bobby shortly after. By now I was old enough to realize the tragedy of these killings. I remember hearing Teddy's eulogy of Bobby and thinking what a terrible thing to have happened to this family, losing two of their sons like this.

For me it was the start of a life long interest in all things Kennedy. I read many books about all of the Kennedy's and lamented what could have been if not for the bullets that killed first John and than Bobby. A key part of my core political beliefs was that if John Kennedy would have served out his first term and been re-elected, how different the world would have been. If Bobby Kennedy had been elected President instead of Nixon, what would the world look like now? There was always a sense that Teddy, the baby Kennedy brother would rise up and take the mantle and place that seemed to belong to this family. He would restore Camelot. Alas it was not to be. His time just never came. Though he ran a noble race, Chappaquiddick haunted and doomed his candidacy. After that Teddy was the patron of a family that just seemed unable to escape tragedy. One mishap after another befell this family that had been previously granted so much good fortune. It truly did seem as if they were cursed. Teddy himself had his ups and downs with drinking and divorce and the health of his children. Though he asked us to never let the dream die, the legacy of Camelot did seem to pass on.

Through it all Ted Kennedy continued to do good work for this country in the Senate. Looking back Teddy's legislative record has probably had more of an influence on this country than either of his brothers had. His name is attached to many of the greatest laws passed over the last 40 years. Teddy was also a great orator. Many say that his finest speech was as the keynote speaker at the 1980 Democratic Convention, when he mounted his challenge to a sitting President Carter. But for me Teddy's finest moment was in delivering the eulogy for his brother Bobby. The "some man ask why, Bobby dreamed of what could be and asked why not" speech never ceases to move me. I include this You Tube as a tribute to Ted Kennedy and all that he and his brothers meant to me along with my prayers for a recovery from this terrible condition.

Economic Downturn Reduces Security

Tue, 13 May 2008 07:55:19 +0000

Even if the tech industry itself is still steaming along at full speed (questionable), the overall tilt of the American economy has an ominous feel for the near future of info and network security.

Today Allan Pomerantz at the InfoSec blog takes a look at how the sub-prime crisis in particular might be affecting security at financial institutions —

In order to help restore their balance sheets, these institutions are announcing extensive expense reductions, particularly layoffs. Of course, the details of these cutbacks are not announced, so the result of this situation on their information security cannot be known. However, there are three results that are quite feasible in this situation.

* First, the staff reductions likely include security personnel.
* Second, the capital spending reductions may include security infrastructure.
* Third, and perhaps most important, the number of “insiders” (i.e., employees and contractors) who have a motivation to cause harm to their employers will probably increase.

This could be a volatile mix.

He also offers a couple suggestions. Go read the full post to learn more.

Former employee exposes Purdue Pharma personal information

Mon, 12 May 2008 14:44:52 +0000

Technorati Tag: Security Breach

Date Reported:
4/14/08 (delayed)

Organization:
Purdue Pharma L.P.

Contractor/Consultant/Branch:
None

Victims:
Employees

Number Affected:
~5,000

Types of Data:
"names, dates of birth, Social Security numbers and other pension related information"

Breach Description:
"a former employee accessed a disk containing personal information about individuals employed by Purdue Pharma and its associated U.S. companies prior to December 31, 2003 and attempted to email some of the information on the disk to another person"

Reference URL:
The New Hampshire State Attorney General breach notification

Report Credit:
The New Hampshire State Attorney General

Response:
From the online source cited above:

We are writing to inform you about an incident affecting information maintained by Purdue Pharma L.P. ("Purdue Pharma")

Purdue Pharma is a privately held pharmaceutical company.

we recently learned that a former employee accessed a disk containing personal information about individuals employed by Purdue Pharma and its associated U.S. companies prior to December 31, 2003 and attempted to email some of the information on the disk to another person.
[Evan] Attempted? What prevented the former employee from actually sending the information? It's not clear why the former employee wanted to send the information either.

We have determined that the disk contained information concerning approximately 5,000 individuals, and included names, dates of birth, Social Security numbers and other pension related information.

The former employee retained the disk when his employment ended, in direct violation of our policies and standard confidentiality agreement.
[Evan] This former employee may not have given a damn.

As soon as we learned of the unauthorized access, we promptly demanded that the information be deleted and returned to us.

The original disk has been returned and we believe that all copies of the information have been deleted.
[Evan] Once information confidentiality has been compromised it is very difficult (some would argue impossible) to restore it. How can you be certain that the information has been deleted?

We have undertaken a thorough investigation of this matter and, based on results of that investigation to date, we have no reason to believe that the personal information was misused.
[Evan] Actually, there is EVERY reason to believe that the personal information was misused! If the information was used in a manner that was not permitted by the owner (the victim), then it was misused. That’s my definition anyway.

We are continuing to investigate the incident and are examining the measures we can take to help prevent incidents of this kind from happening again.

Even though we believe that there is little risk of fraud or identity theft against the individuals as a result of this incident, we are providing the potentially affected individuals, at our cost, with the identity theft protection services in the attached notification letter, for two years.
[Evan] If there is "little risk of fraud", then why spend thousands of dollars in notification (because it’s the law, I suppose) and identity theft protection (not required by law)?

Purdue has contracted to provide a two year subscription to TrustedID's IDFreeze.
[Evan] The cost of IDFreeze is $8.25/mo. I am almost certain that Purdue isn't paying this full price and there is a good chance that not all affected persons will enroll, but for demonstration purposes only, $8.25/mo. x 5,000 subscriptions x 24 months = $990,000!

We deeply regret that this incident occurred and take very seriously our obligation to protect the privacy of personal information.

Commentary:
Employee and former employee information misuse is a very challenging issue for information security professionals. It's tough to comment because we don't have much detail about what controls are already in place.

Past Breaches:
Unknown