+ Reply to Thread
Results 1 to 16 of 16
  1. Senior Member
    Join Date
    Apr 2006
    Posts
    251

    Certifications
    Security+, CCNA, MCSE 2003: Security
    #1

    Default 800,000 stolen social security numbers: a 22-year-old scape?

    Reply With Quote Quote  

  2. SS -->
  3. Senior Member KGhaleon's Avatar
    Join Date
    Oct 2005
    Location
    California
    Posts
    1,347

    Certifications
    A+, Network+, Security+. MCP, CCNA, HP/Dell
    #2
    Wow, that's pretty bad. I blame the company for allowing such a thing to take place.

    KG
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2006
    Posts
    251

    Certifications
    Security+, CCNA, MCSE 2003: Security
    #3
    Quote Originally Posted by KGhaleon
    Wow, that's pretty bad. I blame the company for allowing such a thing to take place.

    KG
    You don't think letting an intern take the company's unencrypted tapes home is secure?

    I don't know what's safer for the tapes, living them in his car, or on top of his tv when he remembered to bring them inside. lol
    Reply With Quote Quote  

  5. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #4
    Quote Originally Posted by homerj742
    I don't know what's safer for the tapes, living them in his car, or on top of his tv when he remembered to bring them inside. lol
    The tapes were probably partially degaussed by the TV, so they may be unreadable.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  6. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #5
    Let's see...

    An intern reports to an intern, who reports to a $125/hour contactor consultant, who reports to a $200/hour contractor consultant...

    I wonder what else is going on RIGHT NOW that is putting Ohio tax payers data at risk. This is probably just the tip of the iceberg.
    Reply With Quote Quote  

  7. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #6
    That's a common mistake consultants make (sometimes it's intentional). You must make the entity aware (awareness training), of the risks associated with things such as losing any data (risk assessment). Consultants should be vehicles that bring value the process, and operations of securing information. They should enhance this concept, and NEVER be the final decision maker.
    Reply With Quote Quote  

  8. Where's Waldo Finalist
    Join Date
    Aug 2004
    Posts
    641

    Certifications
    I used to care what this said.
    #7
    1. First off who gives interns responsibility for backup tapes?
    2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.
    3. If they did have a tape reader there is no indication that they have any intentions of using the information.
    4. Shouldn't the data be encrypted?
    Reply With Quote Quote  

  9. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #8
    Quote Originally Posted by seuss_ssues
    1. First off who gives interns responsibility for backup tapes?
    In Ohio, apparently other interns.

    Quote Originally Posted by seuss_ssues
    2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.
    He probably tried pawning the tape, not even knowing what it was. If the pawn shop owner recognized the possible value, even if only for sale on ebay, the data could still be at risk.

    Quote Originally Posted by seuss_ssues
    3. If they did have a tape reader there is no indication that they have any intentions of using the information.
    Identity theft is a huge industry with ties to organized crime. If the 2-bit punk(s) pawned the tape to a pawn shop owner... see my note above.

    Quote Originally Posted by seuss_ssues
    4. Shouldn't the data be encrypted?
    Of course. This was just one of the dozens of mistakes made in this incident.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Aug 2007
    Location
    a NOC near you
    Posts
    322

    Certifications
    N+ CCNA
    #9
    Off site storage shoulda been something like a safe depost box or a some type of place that stores items. Things like these should never be in a persons home.
    Reply With Quote Quote  

  11. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    2,005

    Certifications
    CCNP, JNCIP-ENT, JNCIS-SP, JNCIA, JNCDA, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #10
    WOW is all i have to say...
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Apr 2004
    Posts
    1,939

    Certifications
    yes
    #11
    Thats what happens when an IT department becomes relaxed.

    Anyone have a contact number for this department? I would love to hire on as the $200/hr guy.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Apr 2006
    Posts
    251

    Certifications
    Security+, CCNA, MCSE 2003: Security
    #12
    Ohio Plans to Encrypt Data after breach:

    http://www.computerworld.com/action/...&intsrc=kc_top
    Reply With Quote Quote  

  14. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #13
    I hope they're planning on using something stronger this time than rot13.

    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Aug 2007
    Location
    Pittsburgh, PA
    Posts
    349

    Certifications
    Security+, Associate of (ISC)2
    #14
    Quote Originally Posted by JDMurray
    I hope they're planning on using something stronger this time than rot13.
    I hope they don't think some encryption software being installed all over the place is going to keep all of their data safe so they can leave it lying around in vehicles.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Apr 2006
    Posts
    251

    Certifications
    Security+, CCNA, MCSE 2003: Security
    #15
    Quote Originally Posted by Schluep
    Quote Originally Posted by JDMurray
    I hope they're planning on using something stronger this time than rot13.
    I hope they don't think some encryption software being installed all over the place is going to keep all of their data safe so they can leave it lying around in vehicles.
    Yeah, they're probably better off leaving it on top of the TV in the interns apartment.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Aug 2007
    Location
    Pittsburgh, PA
    Posts
    349

    Certifications
    Security+, Associate of (ISC)2
    #16
    Ressurecting this thread to post about yet another vanishing tape containing 150,000 Social Security Numbers and Credit Card information for 650,000 people with accounts at retailers such as JC Penny:

    http://hosted.ap.org/dynamic/stories...MPLATE=DEFAULT

    In the past few months most of the data breach stories have been primarily related to back-up media that goes missing. Clearly those with malicious intent have learned something from reading the stories, but the people responsible for properly securing and transporting such data have not.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks