| About | Buy Stuff | News | Products | Rants | Search | Security | |
Home » News » Roundups
The Splash of Glamorgan23 March 2005 10:41 UTC What a shocker - what a surprise.
http://www.comp.glam.ac.uk/staff/ajcblyth/ Recently his team at the School of Computing purchased a whole carload of used PCs from primarily eBay to see what they could find. And they came up with quite a lot. Andrew's team didn't use any advanced forensic hardware; in fact they didn't use any forensic hardware at all. They used EnCase, Mailbag Assistant, NetAnalysis, and Perl. Forensic software. Meaning the data recovered did not represent data that had been shredded or even purged - it was simply left willy-nilly on the drives. http://www.glam.ac.uk/news/media/002512.php The one hundred eleven boxes they bought cost them less than £1,000. More than half still had confidential information on disk. What Was FoundThe data found included social security numbers, evidence of a married woman's affair, and detailed biographical information about minors. Hard drives from staff members of Hull University, Southampton University and Harrow College included details of special interest sex sites visited by users and a document template for one of the university's degrees. Information retrieved from a drive owned by a charity included emails from a married female employee in which she discussed intimate details of her marriage and an apparent affair. Information retrieved from a Church of England primary school head teacher's computer in East Yorkshire included school reports, an extensive list of pupils, personal letters to parents, and psychological information on several children. A hard drive from the Swedish insurance giant Skandia, which has invested heavily in data destruction, still contained private information. A spokeswoman for Skandia welcomed the investigation but described the findings as 'absolutely horrifying'. Monsanto, the US firm involved in the production of genetically modified plants, confirmed that the company would begin an investigation after details of its crop research appeared on one hard drive. National insurance numbers for employees of Scottish & Newcastle's pubs division, since sold to the Spirit Company for £2.5 billion, were found on another drive. 'This demonstrates how easy it is to access information which is not adequately protected', said Tony Neate, industry liaison manager for the UK National High-Tech Crime Unit. The SplashThe story splashed all over the place, initially at the Times of London. http://www.timesonline.co.uk/article/0,,2-1487674,00.html After the splash in the Times, it quickly splashed elsewhere. Devil's Advocate: Buying secrets on eBay Warning on waste PC data danger The Moral?What's the moral of the story? Easy: people are stupid. But worse than that: they simply don't care. It's one thing to just dispose of a computer and not worry what people will find; it's quite another to engage in 'shady' activities and still not care (bordering on the moronic here); it's quite another to have full knowledge that the data on the computer is confidential and still be such an idiot... And it's another to be fully aware, as corporations in the UK are, that there are laws which require corporations to adequately dispense with such information - and still not do anything about it. DIYThen there's the charity feeling hard hit by the bad news, wishing to assure everyone that their security practices are better and your sensitive personal and corporate data will not fall into the wrong hands. Charity hits back at 'destroy your PC' claims (Something like MI5 and the NSA outsourcing their disk cleansing to Outer Mongolia: it's not going to happen.) Let this be a warning:
|
| About | Buy | News | Products | Rants | Search | Security |
| Copyright © Radsoft. All rights reserved. |