Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« SQL Injection Attacks in Content Management Systems | Main | EU Proposing Software Liability Protections; Malpractice May Be Better Model »

US Missle Defense Details Found on Computer Purchased from eBay

A collaboration of researchers in US, UK and Austrailia trying to raise awareness risks of improperly disposing personal data found their poster child for the year: a computer with details on a US anti-missile defense system.

The Guardian reports the findings:

included a document detailing test launch procedures, blueprints of facilities and photos and personal data about employees - including their social security numbers.

No doubt the organization that owned the PC had policies and procedures in place for wiping the drive according to DoD standards. Having policies and effectively enforcing them are two different things. The organization might improve by sampling a larger number of disposed devices before they are released for recycling.

We IT professionals need to take responsibility for this kind of mistake, though. We are the ones that know the value of information on disposed devices and we now how to wipe data from a drive. Letting something like this slip by is like a surgeon leaving a scalpel inside a patient.

Check out Darik's Boot and Nuke for a free hard drive wiping program.

Tags:              
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on May 7, 2009 5:14 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/1044

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net