category
data leakage

Steganography – NOT The Study Of Stegosaurs!

There has been a recent news story about researchers at Princetown University who are working on a new form of steganography that could allow information to be leaked out of an organization on compact disks (CDs) without being detected. Steganography takes one piece of information and hides it within another. Computer files (images, sounds recordings,

Deus ex machina

It will likely come as no surprise to regular readers of ESET's Threat Blog that we are somewhat gadget aficionados here in the Research Department. Our focus, however, is usually on issues such as malware, spam and privacy so we do not spend a lot of time discussing gadgetry.  Every once in a while, though,

Is it my Business?

Do you ever use a public computer? Do you realize that potentially everything you type and read may be public information? I was checking a hotel business center computer this weekend. I found some interesting stuff. A military document for a local air force base. It wasn’t classified. The confidential test results for a semi-synthetic

Public Health and the BCS

SC Magazine included an interesting item today on security and confidentiality in the UK’s National Health Service. Anders Pettersson has suggested that the NHS is too busy to be harrassed over data protection/data leakage issues, and that the security industry should "come together to educate NHS Trusts and other organizations on simple measures to protect

Data Breaches – It’s All Greek to Me

The results (released yesterday) from a study conducted by the Ponemon Institute yielded some interesting data points. The most visible of these was the finding that 85% of U.S. organizations experienced data breaches of varying magnitudes. This study, entitled "U.S. Enterprise Encryption Trends", has completed its fourth annual publication.  The data was directly obtained from

California Healthcare Breaches

Sadly, I’m now back in not-so-sunny England, but one of my colleagues forwarded me an item about security breaches reported by healthcare organizations. On January 1st it became mandatory in California for such organizations to report incidents where non-anonymized patient data may be been intentionally or unintentionally disclosed to someone unauthorized. In the first five months,

Go Phishing with the city of Bozeman, Montana

The City of Bozeman, Montana effectively joined the ranks of phishers when they asked job candidates for their usernames and passwords for social networking sites that the applicant belongs to. In a report at , after considerable outcry the city rescinded its mindless policy. To begin with, the city was asking applicants to breach their

Data Protection: not a priority?

Data protection in the UK and Europe may mean something a little different to the way most Americans would understand it. The UK’s Data Protection Act is, like other local legislation in EC countries enacting the EU directive Data Protection Directive 95/46/EC, concerned less with the security mechanisms you use (or don’t use) to protect your

T-Mobile Data Breach – Or Not…

Just last Saturday, June 6th; there was a new posting on the Full Disclosure mailing list from a source that calls themselves pwnmobile (at least that’s part of their email address). In the post, pwnmobile claims they have harvested information from T-Mobile USA’s servers. The data they claim to have acquired is: various databases confidential

NHS: healthcare security and national insecurity

I really ought to be concentrating on some writing deadlines, but I couldn’t ignore this item, flagged by Graham Cluley, Sophos blogger-in-residence and karaoke star. (I have to say that because I was rather rude about his singing at Infosec last month.) Graham and I both live in the UK, so the state of health

Confused about Conficker?

CNN reported that there a new sleeper virus out there. http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html There is nothing sleepy about the Conficker worm, it is wide awake and looking for people who are asleep at the security wheel. CNN reports that Conficker could allow hackers to steal personal and financial data, and they also report that it “it is

HIPAA is not privacy

Many people in the US associate HIPAA with the rules required to protect medical data. It actually is a lot more than that, but the HIPAA laws do require some minimal standards for medical providers. I recently came across an example of where HIPAA is ineffective. The medical providers are required to protect your data,

What an Honor

I recently received an email stating “It is a privilege to inform you that you are being considered for inclusion into the 2009/2010 Princeton Premier Honors Edition Registry. This recognition is an honor shared by only the most accomplished professionals who have demonstrated excellence within their careers and communities.” I had always assumed these were

(One out of) Ten Ways to Dodge Cyber-Bullets

It’s that time of year when everyone wants a top ten: the top ten most stupid remarks made by celebrities, the ten worst-dressed French poodles, the ten most embarrassing political speeches, and so on. Our research team came up with a few rather more serious ideas, most of which are considered at some length in our about-to-be-published

Cybercrime and Punishment, and a little Cryptanalysis…

Well, not so much about punishment, but I’m sitting in the lounge with Andrew Davies’s version of Dr. Zhivago in the background, so I’m in a Russian mood… My colleague Jeff Debrosse, Director of Research in our San Diego office, drew my attention to the latest FBI challenge at http://www.fbi.gov/page2/dec08/code_122908.html. Like many people in this

Data Leakage, Politics, the Universe and Everything…

There is no way of eliminating the risk of data loss completely because systems, however good they are, are implemented, administered and used by human beings.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.