By Jeff Stanton on 7/7/2006 3:13 PM

Last week (7/1/06), the Red Cross reported that a laptop containing thousands of records of blood donors' personal data had been stolen from a locked closet in one of their local offices. They reported that there was no sign of forced entry into the closet. Obviously this implicates someone with a key to the closet. An employee? Janitorial staff?

Bizarrely, the Red Cross spokesman, Darren Irby, said, "We haven't viewed this as a security breach at this point." I guess he is resting comfortably with the idea that because the donor data were "encrypted," that they are safe even on a stolen laptop. Let's just take a moment to remember that there are lots of different types of encryption, some more secure than others, and that all forms of encryption are subject to attack. Further, for the most common kind of file encryption (symmetric key encryption), the security of the data also depends on keeping the "key" (like a p ... Read More »

By Jeff Stanton on 7/6/2006 4:23 PM

Partly as a public service and partly as a marketing technique, antivirus vendor Sophos (http://www.sophos.com) publishes an update on the state of computer security every six months or so. The latest report just came out (July 2006) and it highlights an ever-increasing array of security threats that affect business and home users.

Among other problems, Sophos has documented the increased use of subtle social attacks that encourage users to perform dangerous behaviors such as clicking on attachments. While these attacks used to entice victims with the possibility of seeing Brittany Spears or some other celebrity "lightly clad," new enticements to click on evil attachments include political scandals, crime descriptions, and other newsworthy headlines. These threats are considered social attacks because they prey on natural human curiosity (or other common motivations) as a method of encouraging u ... Read More »

By Jeff Stanton on 7/5/2006 5:00 PM

Well the day has finally arrived. Next Tuesday (7/11/06), Microsfot will officially discontinue support for Windows 98 and Windows ME. no more security updates, no more operating system patches. Good riddance, you may say! These operating systems were never very stable, and were not well suited for the thorny security environment that is the modern Internet.

The only probably is that there are tens of thousands of schools, non-profit companies, and small businesses across the country and the world that still have a substantial number of working computers that are running Windows 98 and Windows ME. I hate to admit it, but I have one of each myself! (Strictly for non-critical applications you understand - think gaming and mp3 playback.)

I've visited a number of these smaller organizations in the course of my research and I've found that they are struggling with enough IT problems already and are under enough budgetary pressure that there is no w ... Read More »