[SecurityRatty] tag: secures

Meru secures leaky wireless LANs

Mon, 28 Jul 2008 20:00:00 +0000

Meru Networks is using Wi-Fi signals to "cloak" wireless LANs and make it impossible for hackers to decipher them outside the office building.

NAC secures U.N. agency

Sun, 20 Jul 2008 20:00:00 +0000

The United Nations Population Fund (UNFPA) is using network access control at 11 regional offices around the world to keep potentially dangerous non-compliant machines from compromising the agency's core network in New York City.

MessageLabs secures e-mail backup

Tue, 08 Jul 2008 09:00:00 +0000

MessageLabs introduced a managed e-mail backup service that has the same security features built into the company's other products.

Calyx secures deal with ISE

Tue, 08 Jul 2008 07:34:02 +0000

Irish ICT firm Calyx has signed a deal with the Irish Stock Exchange (ISE) to provide it with a range of security solutions.

Security Briefing: June 24th

Tue, 24 Jun 2008 07:00:07 +0000

Another day, another coffee.

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

Former SEMO Employee Found with Data Files of Personal Information of Students | KFVS 12
Ruby flaws send security researchers into shock | The Register
WhiteHat Secures $7 Million Round of Funding | Earth Times
UK firm offers web-based software audit | vnunet
Educating Employees Reduces Security Breaches | Small Business Computing
New Trojan Leverages Unpatched Mac Flaw | Washington Post
Secrecy an effective legal tool The Star

Tags: News, Daily Links, Security Blog, Information Security, Security News

Free tool secures VMware servers

Mon, 09 Jun 2008 09:00:00 +0000

ConfigCheck compares active virtual settings against best practices guidelines, and recommends ways of fixing less-than-optimal settings.

Security Briefing: June 9th

Mon, 09 Jun 2008 07:29:02 +0000

What fresh hell is this? Monday morning and the coffee machine decides to tangle with me. The missus saves the day and potentially my sanity.

So, will the iPhone (officially) come to Canada in the WWDC keynote this morning? What say you Vegas?

Click here to subscribe to Liquidmatrix Security Digest!

And now, the news…

Security firm asks for help cracking ransomware key | Computer World
Revisiting the Safari Vulnerability on Windows | Washington Post
A rallying cry against cyberbullying | CNET
HP secures data center assets with RFID tags | Network World
Hans Reiser Offers To Lead Cops to Nina’s Body | OS News
Full-featured IE 8 beta announced (smashy, smashy) | NZ Herald
Fraudsters hack into Home Office website | Telegraph
IBM sings a Symphony to rival Office | Silicon
Military Supercomputer Sets Record | NY Times

Tags: News, Daily Links, Security Blog, Information Security, Security News

HP secures data center assets with RFID tags

Sun, 08 Jun 2008 20:00:00 +0000

RFID tagging for data center assets is a new service introduced today by HP under its “Factory Express RFID Service.”

Siemens Healthcare Diagnostics employees at risk from stolen laptop

Wed, 16 Apr 2008 11:47:48 +0000

Technorati Tag: Security Breach

Date Reported:
4/3/08

Organization:
Siemens AG

Contractor/Consultant/Branch:
Siemens Healthcare Diagnostics Inc.

Victims:
Employees

Number Affected:
3,542

Types of Data:
"personal information, including names, birthdates and Social Security numbers"

Breach Description:
Siemens Healthcare Diagnostics Inc. states "Please be advised that a Company laptop was stolen from the home of one of our employees. We believe the laptop contained personal information, including names, birthdates and Social Security numbers, on approximately 3,542 individuals"

Reference URL:
The New Hampshire State Attorney General breach notification

Report Credit:
The New Hampshire State Attorney General

Response:
From the online source cited above:

Please be advised that a Company laptop was stolen from the home of one of our employees.

This letter is to notify you that one of our employees had a Company laptop computer, as well as some of the employee's personal items, stolen from the employee's home on March 26, 2008.

We believe the laptop contained personal information, including names, birthdates and Social Security numbers, on approximately 3,542 individuals
[Evan] Is the storage of confidential information on laptops and/or other mobile media without encryption go against Siemens policy? It probably should be.

The police were alerted to the theft and an investigation is underway.

We plan to begin notifying the affected individuals in the next several days.

we have and continue to take steps to protect the security of the personal information.
[Evan] This is a common and generic statement in breach notifications. What does it really mean? It's too subjective and open for interpretation. In the case of this breach it is obvious that the "steps to protect the security of personal information" were inadequate (assuming that controls such as encryption were absent). Was Siemens aware of the risk?

Also, in addition to continuing to monitor this situation, we are reexamining our current data privacy and security policies and procedures to find ways of reducing the risk of future data breaches.

We continue to assess and modify our privacy and data security policies and procedures to prevent similar situations from occurring.

we believe it is unlikely that the personal information on the laptop was accessed or downloaded by the person who committed the theft.
[Evan] Why? What leads a company to make such a statement? Is it evidence at the scene of the crime? Is it some type of security control that was in place?

Nonetheless, because we take the possibility of identity theft very seriously, we are sending this precautionary advisory.

The purpose of this letter is to make you aware of this incident so that you can take steps to protect yourself, minimize the possibility of misuse of your information and mitigate any harm that could result.

Based on what we know to date, we are not aware of any specific cases of misuse of personal information obtained in connection with the incident.

We apologize for this situation and any inconvenience it may cause you.

We treat all sensitive employee information in a confidential manner and are proactive in the careful handling of such information.

Please contact Sue Chalupnik at 847-267-1723 if you have any questions.

Commentary:
Throughout this posting I assume that the stolen laptop was not encrypted. If the laptop were encrypted then I would also assume that Siemens would have mentioned it. The State of New Hampshire does not have an encryption exemption for breach notification, so Siemens would have been required to report it either way.

This breach notification does not provide much insight into how Siemens secures confidential information with most of the language being very generic.

I'm taking bets. How many more companies will report lost or stolen mobile media (laptops, flash drives, CDs, etc.) storing sensitive information without encryption in 2008?

Past Breaches:
Unknown

Cisco AXP blade manages, secures remote servers and PCs

Wed, 09 Apr 2008 20:00:00 +0000

Cisco partners with management vendor Avocent to put server management and remote control wares onto a Cisco's Application eXtension Platform card, a blade residing in Integrated Services Routers.

Succeeding with Seagate® is an Easy Decision.	Advertisement
REGISTER FOR THE SEAGATE® PARTNER PROGRAM and Win a Barracuda® 1-TB drive!