CyberSecurity Institute

Michael Colao, director of information management at merchant bank Dresdner Kleinwort Wasserstein, says this has little to do with bolstering information security and everything to do with ensuring there is no risk of senior managers going to jail.

Failure to apply with tighter compliance laws can result in criminal sanctions. Breaches to Italy’s rigorous data security and privacy laws, for example, are punishable by up to three years imprisonment regardless of whether an information security breach has taken place. So far, Italian authorities have not served any notable enforcement action against data slackers. But some multinationals are taking no chances: Microsoft, for example has revised its global policy to apply with Italian regulations, according to Colao, speaking yesterday at the Computer and Internet Crime Conference in London.

California’s security breach disclosure law obliges companies to notify their customers of security breaches exposing personal information, such as social security numbers, applies only to the state. But US banks are beginning to use it as a model for their national policy.

Although the most security conscious organisations are applying the most restrictive policies nationally or internationally other firms remains apathetic about establishing a security policy of any description. According to Calao, tighter rules could could perversely create a wider gap between the security-conscious and the apathetic, with some IT directors simply burying their heads in the sand.

http://www.theregister.co.uk/2005/01/25/international_security_policy/

The international survey of 900 taxi drivers reveals that absent minded passengers are leaving sensitive information up for grabs because they fail to use password and encryption facilities on mobile devices.

In the last six months in London, 63,135 mobile phones (an average of three phones per taxi), 5,838 PDAs and 4,973 laptops have been left in licensed taxi cabs. Cab drivers in Helsinki, Oslo, Munich, Paris, Stockholm, Copenhagen, Chicago and Sydney also took part in the study which revealed wide international differences.

Londoners left more than double the number of laptops in the back of taxis compared with other cities. In Chicago, the mobile device most likely to be left behind were PDAs, with one taxi driver reporting finding 40 in his taxi in the past six months.

Danes were most forgetful when it came to mobile phones, leaving seven times as many in the back of cabs as Germans or their Swedish neighbours.

The survey in London was conducted by TAXI, the magazine for the Licensed Taxi Drivers Association magazine, and sponsored by Pointsec, a mobile security outfit. Pointsec carried out a similar study in London three and a half years ago and recorded 71 per cent fewer PCs left in the back of cabs. Magnus Ahlberg MD of Pointsec commented “It is alarming to see that the problem of losing mobile devices has accelerated so dramatically since 2001, with more people than ever losing their mobile devices in transit.

In fact, mobile users are in a worse position now, because they are far more reliant on using their mobile devices to store massive amounts of sensitive information, with very few concerned about backing it up or protecting it.”

With such forgetful passengers it’s just as well that taxi drivers are generally an honest bunch. According to the survey, an average of 80 per cent of passengers were reunited with their mobile phones and 96 per cent with their PDAs and laptops – with the cab drivers in almost all cases tracking down their owners. However, the case was very different in Australia, with only 46 per cent of laid-back passengers bothering to reclaim their mobiles and only 18 per cent being reunited with their laptops.

Stuart Pessok, editor of TAXI commented: “Often people are working whilst being driven around in taxis and its common-place for them to forget their mobile devices.

Luckily if they forget them in a taxi, there is a good chance they’ll get them back, but will they be so lucky if they forget them in an airport, restaurant, train or tube?

UK taxi drivers reported finding a “harp, a throne, £100,000 worth of diamonds, 37 milk bottles, a dog, a hamster, a suitcase from the fraud squad and a baby” in their cabs.

http://www.theregister.co.uk/2005/01/25/taxi_survey/

The danger of attacks with insider information was illustrated earlier this month with the arrest of a California man accused of breaking into mobile phone network T-Mobile USA’s database and reading e-mails and files of the U.S. Secret Service, and by the exploits of a hacker who breached a hospital’s database and changed mammogram results.

The nature of threats to network security has changed as sophisticated hackers learned to tap into sensitive information flowing through telecommunications’ servers, especially those that provide wireless and Internet access.

Security experts at Intrusic captured 4,466 passwords and 103 master passwords allowing global access to corporate databases while monitoring one Internet service provider for a 24-hour period, Intrusic President Jonathan Bingham said.

“Telecoms and cable companies are pretty high on the list simply because of their huge customer bases,” Koetzle said. “If they can crack T-Mobile’s database they can get user names and passwords for (millions of) subscribers at all once.” In a statement, T-Mobile, a Deutsche Telekom AG unit, said it “quickly put in safeguards to prevent further access and began an investigation” after a hacker broke into its internal computer systems in 2003 and accessed data on 400 customers.

The key to cutting down on damage from inevitable insider attacks is to constantly monitor data flow and train employees to guard passwords and access to computers, he said. Stan Quintana, director of managed security services at AT&T Corp added that among the “best practices” AT&T advocates is that its customers periodically hack into their own networks.

http://www.usatoday.com/tech/news/computersecurity/2005-01-24-hackers-listening-in_x.htm