Wednesday, 27 August 2008

News and views

Hello again

I had a phone call from my father yesterday who wanted me to write about a “computer from a bank that had been sold on eBay and was full of customer records”. Ok, that sounded interesting. Maybe someone used a sector editor or forensic tool to recover badly erased data. I could write about that. A little research led me to this story which was a little different but the origin of the (perhaps) less than accurate initial news reports: It appears from the news reports that came a little later than the report that my father referred to me that someone took and sold a bit of kit that was sitting in a nominally secure facility that apparently had been used in an environment where it reasonably contained customer data. It was a network storage device after all. So, what was the failure here? Well, it seems likely that a couple of things were wrong. Oh, I must stress that I don’t have any inside information here and I am just going by the statements from the companies involved.

If the data was not being retained for archival purposes then it should have been wiped before being allowed offsite. It doesn’t seem very likely that you would archive data that was so that is probably the first failure.

The second failure was that the data was unencrypted. Encrypted data can be a bit slower to access but archived data normally doesn’t need that rapid access. It might have been seen as an unnecessary step. Well, since you are reading this, I think that we can be pretty sure that events proved otherwise.

The third failure would seem to be that the owner of the kit that was rotated out of the bank should be archived any data that should be retained and then wiping the kit securely with a process that overwrites the data multiple times with random junk. That is pretty standard procedure and there are tools like WipeDrive, Unishred or a few others. Of course, if you really want to be 100% sure, there is another way:

Radical? Perhaps. However, a cheap SATA drive from a major manufacturer will cost about 70 pence ($1.30) per Gigabyte of storage. When you compare that to the possible loss… well, it doesn’t seem that expensive to me.

It also appears that the kit was removed from the owner’s site (not the bank) without the permission of the company and so physical security was probably the fourth failure. Sometime things will go wrong despite the best efforts of all those involved and sometimes… well, sometimes things just go wrong.

Another item much in the news has been an announcement from Microsoft that IE 8 will contain a feature that allows you to browse the web without the entries going into your history – they are calling it InPrivate Browsing. Much of the discussion of this feature has focussed on negative - "ZOMG, Microsoft are helping teh Paedophiles!!1!"

Well, what does this change really mean? Not a lot, to be honest.

You have always (1E1 to IE6) been able to delete your history and cookies but in IE7 under Vista, the deletion was more complete and the file was multiply overwritten making the forensics of limited use. However, downloaded images would still be there unless the cache was deleted and overwritten.

In IE8, you will have an option not to include this session in the history and not to accept cookies - which was always an option anyway but the two are linked here. This means that bad people like those who download indecent images or pirated mp3 files or whatever will have the option of setting a switch in settings rather than clicking a button after the end of the browser session. It doesn't make it easier to hide, it doesn't (and can't) erase server logs and doesn't remove forensic traces of downloaded content as far as I can see.

In other words, it does pretty much what the same feature in Safari does. Of course, Apple were held up as protecting the privacy of users rather than being in league with child abusers but one man's terrorist is another man's freedom fighter.

As for whether it is a good thing, that is for each user to decide... but once one browser did it, there was an option that allowed abuse. All enabling technologies seem open to such things. It seems most likely to be used to hide porn browsing habits from parents and spouses in my opinion.

Finally, I read an excellent writeup of the greyware XP Antivirus 2008 written by Jesper M Johansson for the register. It neatly shows how professional and organised the malware gangs are these days. Well worth a read of this fine analysis.

Signing off

Mark Long, Digital Looking

No comments: