After Hours·5,428 discussions

Securiosity

Locked

blog root

Topic

Time’s getting even tougher for Vets

In reply to Securiosity

Veterans have been notified that their free 1 year of credit monitoring
from the government has been revoked. After a laptop containing
information on 26.5 million veterans was stolen, the Bush
Administration granted veterans 1 free year of credit monitoring to
help them watch out while the data was missing. However, since the
laptop hap has been found and supposedly the data wasn’t accessed, the
Bush Administration decided that $160 million was too much to spend on
a project that probably isn’t necessary anymore.

This is
definitely the economical way to go; however, is this the best way to
protect our veterans in any situation? According to MSNBC,
“FBI had determined with a ‘high degree of confidence’ that information
stored on the stolen laptop and external drive were not accessed or
compromised.” A high degree of confidence is much different than being
100% positive, so until they are 100% sure that the data wasn’t
accessed the vets should receive the credit monitoring. In this
instance, it appears like the government is caring more about their
budget than making sure that their own veterans get out of this
unscathed. Instead of caring about costs, the government should take
the high road and take every precaution to protect their vets.

In
addition, is this the government’s way of punishing the VA for their
lax security measures? Supposedly the government has reprimanded the VA
office for years about their poor security measures and this could be
their chance to give them the “I told you so” act. The biggest problem
is that the vets themselves are the ones most affected by this
decision, even though a majority of them have no part in the VA office
and their security practices. So in the grand scheme of things, the
government is punishing veterans, their former employees, for something
that was completely out of their control.

So much for protection.

Time’s getting even tougher for Vets

In reply to Time’s getting even tougher for Vets

Insert comment text here So What’s new?  The Vets start getting this treatment the moment they retire. Reference the medical benefits cuts and Cost of living allowances.

Poor guy – Doobie’s love email goes global

In reply to Securiosity

Poor guy…

http://www.metro.co.uk/weird/article.html?in_article_id=17795&in_page_id=2

While i feel remotely bad for this guy, that has to be one of the creepiest e-mails i have ever read. Did this guy seriously think he could capture the heart of some woman with cheesy lines and a confession that “it is enormously rare for (him)to stray as far from sobriety as (he) managed on Saturday night.” I hate to fit the steriotype and laugh in his face for this, but this email demonstartes why I have never written shot-in-the-dark love letters.

This is a complete clear-cut example of how encryption software could have helped this poor guy. If he would have protected his message with encryption software, then Kate would not have been able to forward it to her sister who forwarded it onto 100’s more. Sorry Joe, because you failed to encrypt that simple email, you are now the laughing stock of women (and men) all across the world.

Tully’s Coffee Shop to Offer Free Wireless

In reply to Securiosity

Tully’s Coffee, a Seattle founded, west coast coffee shop has decided to one up its competitor Starbucks by offering free Wi-Fi to its customers
starting on August 7th. Previously, Tully’s offered its customers Wi-Fi
for $3.95 per day and $19.95 per month, cheaper than Starbucks, which
still offers $9.99 per day and $29.99 per month. Tully’s has chosen to
team up with the ISP NetNearU for an unspecified amount while Starbucks
has been teamed up with T-Mobile for the past few years.

This
decision was made final by President John Dresel who feels that “This
is about our customers. The more we give them, the better and solid the
relationship is between our company and our customers.” It is hard to
say whether or not this change will have an impact on their overall
share of the market which is dominated by Starbucks. Right now
Starbucks has over 6000 stores worldwide while Tully’s has only 79
stores along the Western United States.

With the price of
technology equipment so low these days, this is an absolutely fantastic
idea for the company. Generally, in most downtown areas on the West
Coast, many Starbucks and Tully’s shops are within a block of each
other, so this offering could make a substantial difference. Not only
does Tully’s have the benefit of charging less for Wi-Fi, but they also
give their customers the benefit of going online without dealing with
signing up and putting their credit card online. If someone simply
needs to check his/her email while drinking a morning latt?, would they
pay $10 to go to Starbucks or walk half a block and pay nothing at
Tully’s?

The only issue with free and open wireless connections
is that security could become a problem. Now that it costs nothing to
connect, people will be more inclined to join these networks and
potentially watch what other people are doing on their computers. If
Tully’s wants this idea to be successful they must invest in strong
security systems for these connections or else it will be trouble all
through the digital Tully’s world.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Securiosity

According to CNET,
two 19 year old Maryland teens were arrested and convicted of stealing
the VA laptop on May 3rd. Jesus Alex Pineda and Christian Brian Montano
were arrested and convicted of first-degree burglary, however it was
reported that neither knew that the computer contained such sensitive
data until the news went public. The question I now ask is: Are these
boys being scapegoated by the government to deflect who’s really at
fault?

Since the announcement of the theft, the government has
been under a lot of heat regarding their lax laptop security practices
and skeptical decisions when dealing with the theft. It took the VA
office over three weeks to report the theft because of their fear of
public humiliation. If they would have reported the theft right as it
happened it would not have taken so long to find the laptop and it was
less likely the computer would have been infiltrated.

Their
second poor decision was how they dealt with the public after finding
the laptop. Upon discovering the computer, it took them nearly two
weeks to publicly announce how they had done so. Those shady,
inconclusive two weeks almost sound like a ploy to get everyone off
their backs for the time being while they really wait to locate the
computer.

Could it be that the VA is so embarrassed that the
government needs any kind of credit they can get on this issue?
Throughout this entire scenario it seems like the government has done a
great job of blaming others while taking any sort of credit they can.

The
most recent example is when they turned these two teens into scapegoats
to cover their own troubles. It still seems like the government is
putting all the publicity and blame on these teens to take as much
attention as possible away from them. Here’s a concept, take the blame,
fix your problems so they don’t happen again in the future, and move on
so we don’t have to hear about this issue anymore.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

I agree. While the boys are thieves,?sensitive data like that should never have been put on a laptop.?

The real?culprit was the fool that made it possible for this to happen.?

We hear it over and over again, people taking?sensitive data home on laptops. I’m not an expert on this topic but I know of at least one software solution from HP that keeps data like this on a server but?allows real time access from a remote location. I don’t what, if any, security measures it uses, but it meant for?large visual effects companies who have people working remotely, and don’t want secret images to getting out.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

I agree. While the boys are thieves,?sensitive data like that should never have been put on a laptop.?

The real?culprit was the fool that made it possible for this to happen.?

We hear it over and over again, people taking?sensitive data home on laptops. I’m not an expert on this topic but I know of at least one software solution from HP that keeps data like this on a server but?allows real time access from a remote location. I don’t what, if any, security measures it uses, but it meant for?large visual effects companies who have people working remotely, and don’t want secret images to getting out.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

So let me get this straight, the guy who does not lock his door at night is responsible for the theft, not the criminal who decided to take something that is not his?  Come on, sensitive information is in the eye of the beholder.  There is information that I think is critical that you may not care one bit about, so how do you distinguish between the two?  The way the administration handled the situation was apalling, but lets not go and start blaming the guy who took the laptop home to do extra work on his time.  I’m sure he was reprimanded, but the people who stole the laptop are responsible for the information on it, as well as the guy who put the information there.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

The VA employee had written permission to take the information home.  His supervisor knew he had it, then they tried to pin it all on him then hide the fact that it happened.  This is not the first time this has happened either.  The VA must take a good hard look at their policies and procedures reguarding the accessability and use of personal information.  As a vet, what makes me angry is the fact that they (the VA)  sat on this information about the solen laptop and did nothing for three weeks.  The employee reported it stolen the next day.  His supervisors should have been fired for that disregard for policies and procedures.

angry vet.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

The VA employee had written permission to take the information home.  His supervisor knew he had it, then they tried to pin it all on him then hide the fact that it happened.  This is not the first time this has happened either.  The VA must take a good hard look at their policies and procedures reguarding the accessability and use of personal information.  As a vet, what makes me angry is the fact that they (the VA)  sat on this information about the solen laptop and did nothing for three weeks.  The employee reported it stolen the next day.  His supervisors should have been fired for that disregard for policies and procedures.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

I disagree with mkeiser. Sensitive data is NOT in the
eye of the beholder and that is exactly the kind of lax attitude that led to this
situation.

Any company laptop that leaves the premises should have hardened security (key
dongle, hardened passwords, encrypted files, etc) and regular auditing.
As the holder of that laptop you should treat everything on it as
sensitive. It could contain personal information on individuals, private
company information, and information about internal data structures, even
something as innocuous as an internal phone list that can provide a social
engineering entry point.

Any non-company laptop that is permitted to access company data needs to be hardened as well and audited at least once a month both for security settings and data contained on the machine.

If you’re a responsible person taking the laptop home to do work, all of this
should be perfectly clear.

Personally I think that the individual who carried the laptop out should no
longer be permitted to remove equipment or data from the premises. If the
individual was a contractor, they need to be fired. Unfortunately, the VA has such a depth and breadth of incompetence that I’m confident this will happen again.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

Why are we even trying to choose a side of right and wrong?  We need to stop trying to make everything about who is good and who is evil.  Both sides are at fault, how could they not be?  People are notoriously lazy.  People who take laptops home treat them like a home computer and I’ve read multiple articles where some employee got his computer hacked and sensitive information stolen for doing something he wasn’t, whether it was from looking at porn sites or downloading something he shouldn’t have, yet inevitably getting a virus or spyware on their computer.  I know I keep writing he, but this applies to both sexes.  The lax security and the foolish pride for taking two weeks to make the stolen laptop public are also feed into that.  Of course, stealing is wrong and the two teens should get what they deserve.  But sometimes the only way to learn is to learn the hard way.  Hopefully, this sort of thing won’t be happening again.  Lesson learned or doomed to repeat history?  I think that is what we should take from all this and not to say who was right and wrong or who was more wrong.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

Come on, sensitive information is in the eye of the beholder.  There is information that I think is critical that you may not care one bit about, so how do you distinguish between the two

The type of information that was on the laptop that was stolen (Veterans full names, birthdates, SSAN, etc…) is protected by a bevy of laws and regulations. Disclosing any VA information is a felony. Therefore, internally the VA should have had verifiable checks in place to protect this information. Annual audits should be in place to ensure compliance. The Feds have no problem putting in restrictive laws that cost the private sector billions; but when it comes to thier own compliance and or lack of due diligence they look for scapegoats. If a private investigations company negligently lost consumer credit information, that company would face huge fines as well as civil liabilities.

 

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

The antiquated VA systems may require that data be manipulated locally.  If the systems are anywhere near current, the work should have been done through a secure interface, with the remote device being pretty stupid and containing no sensitive information.

The central issue is making excuses for thieves.  If a carjacker pops a car with a child in the back seat, he is a kidnapper.  If he wrecks out and kills the child, he is (in Texas, at least) a capital murderer.  We need to focus on what people do, not what their intentions may or may not have been at the time they did it, or how badly they were treated as children.  These teens stole an asset of very great value.  They need to be treated accordingly.  A little bit felonious is like a little bit pregnant.  If their serious sounding conviction carries a correspondingly serious sentence, and if that sentence is advertised sufficiently, laptops will be at least a little bit safer.

Scapegoats? Two teens arrested for stolen VA laptop

In reply to Scapegoats? Two teens arrested for stolen VA laptop

The antiquated VA systems may require that data be manipulated locally.  If the systems are anywhere near current, the work should have been done through a secure interface, with the remote device being pretty stupid and containing no sensitive information.

The central issue is making excuses for thieves.  If a carjacker pops a car with a child in the back seat, he is a kidnapper.  If he wrecks out and kills the child, he is (in Texas, at least) a capital murderer.  We need to focus on what people do, not what their intentions may or may not have been at the time they did it, or how badly they were treated as children.  These teens stole an asset of very great value.  They need to be treated accordingly.  A little bit felonious is like a little bit pregnant.  If their serious sounding conviction carries a correspondingly serious sentence, and if that sentence is advertised sufficiently, laptops will be at least a little bit safer.

[Author]

Replies