<![CDATA[[SecurityRatty] tag: usaf]]> http://securityratty.com/tag/usaf Mon, 31 Dec 2007 21:15:46 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[U.S. Army challenges USAF on network warfare]]> http://securityratty.com/article/483763bb914f060ef416fa3af24cf614 http://securityratty.com/article/483763bb914f060ef416fa3af24cf614 Sun, 06 Jul 2008 20:00:00 +0000 official activation army sister service air force cyber command competition time hands U.S. Army challenges USAF on network warfare <![CDATA[You think stayin safe online is tough!]]> http://securityratty.com/article/b58388f9ecaec6ad36f0a9de2a0fba30 http://securityratty.com/article/b58388f9ecaec6ad36f0a9de2a0fba30 Things have sure changed alot since I was in the USAF (1976-1980).
Its almost like they want something bad to happen?
clipped from blog.wired.com
After Losing Nukes, Air Base Flunks Security Tests

Boom_2Perhaps you expected the crowd at Minot Air Force Base to get its act together, after it lost track of six nuclear warheads last fall. Think again.?

  blog it
]]> Mon, 02 Jun 2008 10:44:51 +0000 lost track nuclear warheads crowd usaf blog alot bad nukes wired You think stayin safe online is tough! <![CDATA[Cyber Command Goes LOLCATS]]> http://securityratty.com/article/208695a8f86a52e3692966b3c2af9354 http://securityratty.com/article/208695a8f86a52e3692966b3c2af9354 USAF Cyber Command:  We don’t know what our mission is, much less our organization or where we’re going to find lots of smart geeks who don’t mind being E-1s.  We have some really good commercials, though.  =)

But hey, that’s why it’s still “Provisional”.

funny pictures

]]> Thu, 22 May 2008 10:06:21 +0000 usaf cyber command smart geeks commercials mission hey provisional e-1s lots bookmark Cyber Command Goes LOLCATS <![CDATA[10,501 USAF members informed of missing laptop]]> http://securityratty.com/article/f7c854edc58f4326d2503fbdf85efdd6 http://securityratty.com/article/f7c854edc58f4326d2503fbdf85efdd6 Security Breach

Date Reported:
12/28/07

Organization:
United States Air Force (USAF)

Contractor/Consultant/Branch:
None

Victims:
Active-duty and retired veterans

Number Affected:
10,501

Types of Data:
Names, addresses, Social Security numbers, dates of birth, and telephone numbers.

Breach Description:
A laptop containing sensitive personal information belonging to active-duty and retired members of the United States Air Force has been reported missing from the home of a USAF band member at Bolling Air Force Base in Washington, D.C.  The laptop has been missing since November 19, 2007.

Reference URL:
WSFA Channel 12 News Story(Original)
WSFA Channel 12 News Story(Updated)

Report Credit:
WSFA Channel 12 News

Response:
From the online sources cited above:

Air Force Officials contacted WSFA 12 News telling us the personal information of 10,501 people are on a missing military computer.

a military laptop computer is missing and it contains personal information including social security numbers, birth dates, addresses, and telephone numbers of active and retired Air Force members.

The laptop belonged to an Air Force band member at Bolling Air Force Base in Washington D.C.
[Evan] I had to read this twice.  A member of the Air Force band was permitted to take personal information home on a laptop?

He reported it missing from his home.

the laptop turned up missing November 19, according to the Air Force. It didn't send out the letter until nearly a month later.

Air Force officials say because the laptop was under strict access control they do not believe the information could be taken.
[Evan] Obviously the laptop is not under strict access control or it wouldn't be missing!

They add the Air Force is reviewing its policies and practices to determine what might need to change to prevent a similar situation in the future.
[Evan] Hey, I have a couple of ideas!

The Air Force tells WSFA 12 News it was intended to be used for an Air Force Band Historical Documentation.
[Evan] What kind of historical documentation requires Social Security numbers be taken home on a laptop?

Victim Reaction from J.J. Evans, a 24 year USAF veteran:

"When you trust someone with that, you expect better."

"When someone gets a hold of a computer, they can wreck things,"

"It's in the best interests of businesses and the government to know as much about us as possible. If a few people get compromised along the way, oh well; it's the cost of doing business,"
[Evan] I can see this logic.  Actions by organizations seem to support it.  Until people take a stand against it, this is also business as usual.

Commentary:
I am assuming that the laptop in this breach was not encrypted, otherwise it would have been mentioned.  It seems really suspicious to me that a band member would need access to Social Security numbers in the first place.  To be allowed to copy the information to a laptop and take it home without further restriction (i.e. encryption) is nuts.

A business analogy for this breach might be a member of Research & Development (R&D) being given an HR file so that he/she can keep track of who worked within the department in the past.  Social Security numbers would definitely be required!

Past Breaches:
Unknown


]]> Mon, 31 Dec 2007 21:15:46 +0000 sensitive personal information personal information air force air force base laptop personal information home usaf band air force officials band 10,501 USAF members informed of missing laptop