March 5, 2014
Netanyahu's inaction to Obama's provocations sends powerful message
Kerry, after apparent criticism by Schumer, seeks to allay skepticism on diplomacy
How to ruin a perfectly good kid in 10 simple steps
2014 Oscars played it safe, but was faith lost in the shuffle?
Apple joins Hobby Lobby in touting corporate values beyond profit
March 3, 2014
Alina Dain Sharon: In the Hebrew calendar, a leap year has extra month, not day
Latest Obama appointment to prove Prez set on emasculating so-called Israel Lobby
Jewish World Review
July 7, 2006
/ 11 Tamuz, 5766
Notebook Data May Not Be Safe, Expert Warns
It's entirely possible, computer security expert Paul Henry said Jun. 30,
that the data on a laptop stolen May 3 from the Montgomery County,
Maryland ,home of a Veteran's Administration employee was compromised -
and the federal government may not know the data was taken until all
you-know-what breaks loose.
Here's what might have happened according to Mr. Henry, a senior vice
president of Secure Computing Corp., who is based in Ocala, Florida. The
thieves could have hooked up the hard drive to a Linux machine or other
system and made a bit-by-bit image - a digital "photocopy" - of the data,
without the trouble of copying specific files from the hard drive,
something that would have shown up as part of the disc's MAC time
records, the times of latest modification, access and change of status or
creation of a file.
"The statement that the data had not been accessed on the [hard disc] from
the recovered stolen laptop is a very 'convenient' [one]," Mr. Henry said
Friday. " There are multiple ways to have create an image of the HD
without modifying a single bit on it; further there is freely downloadable
software that can modify the MAC times for a file such that it appears not
to have been accessed even though it had been... it is a trivial matter to
have copied and accessed this data without leaving a trace."
Though there is no way - yet - to know whether or not the thief or thieves
have actually done this, my chat with Mr. Henry revealed a bunch of ways
the bad guys can try to get away with sensitive data. Yes, the pros know
about most of them, but with so many notebook computers around out there -
not to mention older computers and their less-than-perfectly-if-at-all
erased hard discs available secondhand or at scrap prices - there's more
than enough reason to worry.
The portability of laptop computers is one factor: what's easy for us to
carry to work is also easy for a thief to steal. Many notebooks offer
easily removed hard discs; almost every notebook has a Universal Serial
Bus, or USB, port.
"We have enough trouble alone with the fact that laptops automatically
come with multiple USB ports," Mr. Henry said. "While it may be
convenient, it's also an inherently insecure way for a malicious person to
gain access to that information."
His answer: IT managers can either password-protect or disable the USB
ports by reprogramming the portable's basic input/output, or BIOS, chip.
Some KrazyGlue in a USB port - carefully applied - might also be a
If there's "any corporate intellectual property, health care records or
personal data" on a notebook, it should be encrypted using software that
isn't easy to break or hack. Forget about PrettyGoodPrivacy , or PGP
as it's known. Use the full-disc encryption found in Microsoft Windows
Vista, due later this year, or PointSec, a Windows full-disc encryption
program from the firm of the same name (http://www.pointsec.com), is
another good choice, Mr. Henry said.
"When you're home, you're not protected by a corporate firewall. Be
careful about where you go on the public Internet," Mr. Henry warns.
Looking for illicit "keys" to unlock major software programs such as
Microsoft Word, or downloading "free" music and other programs, can leave
a computer open to "malware" such as keystroke loggers, which are great
for figuring out network destinations, IDs and passwords.
Mr. Henry's firm sells software to protect corporate systems, not laptops.
But his advice seems very sound, and may let you sleep more easily. More
on physical laptop security next week.
Every weekday JewishWorldReview.com publishes what many in in the media and Washington consider "must-reading". Sign up for the daily JWR update. It's free. Just click here.
JWR contributor Mark Kellner has reported on technology for industry newspapers and magazines since 1983, and has been the computer columnist for The Washington Times since 1991.Comment by clicking here.
© 2006, News World Communications, Inc. Reprinted with permission of The Washington Times. Visit the paper at http://www.washingtontimes.com