Main Menu

Banner
Home
Welcome to Security Active

Security ActiveSecurity Active is a website dedicated to Information Security and the related threats, vulnerabilities and technology. On this site you will find information and resources on the Security Risks that concern you and what you can do to protect yourself both at home and work and everything in between.

Please take some time to visit the forums, and read the blog .

 
Manchester Council lose laptops containing personal data

Manchester City Council has been rapped over the knuckles for the loss of two laptops containing sensitive personal information on teachers and workers at local schools.

The local authority was sent to detention obliged to sign a promise to improve its performance following the loss of two unencrypted machines from the Town Hall, one of which held personal details about 1,754 employees at local schools. Neither of the laptops were physically secured to desks.

Sir Howard Bernstein, chief exec of Manchester City Council, signed a promise to encrypt laptops and other removable devices in future. The council chief also promised to apply security policies that mean laptop and other computing devices are either secured to desks or locked away, out of the reach of Manchester's many light-fingered citizens.

In a statement (PDF), data privacy watchdogs at the Information Commissioner's Office criticised the council for carelessness with personal data, and for clear violations of the Data Protection Act. Any future transgressions by the council could result in enforcement action by the ICO.

Manchester City Council is far from alone in experiencing problems with lost laptop or other incidents that result in information security breaches, and the potential disclosure of personal information. The latest figures from the ICO include 140 incidents involving the NHS and other health bodies, 53 within central government, 60 by local authorities, 72 within quangos and other public sector bodies and 161 by the private sector

* Source The Register
 
The UK's Digital Future Revealed

Culture secretary Ben Bradshaw has been outlining the main strands of the Digital Britain report in parliament.

It includes a "small levy" on all fixed telephone lines to establish a national fund for next generation broadband.

The government will legislate to curb unlawful peer to peer file-sharing with regulator Ofcom given new powers.

To encourage take-up of broadband services the government has appointed online entrepreneur Martha Lane-Fox as the Digital Champion.

Mr Bradshaw told the Commons that the government intended to upgrade all national radio stations from analogue to digital by 2015.

The report, commissioned by government last year, offers a blueprint for the UK's digital strategy.

The main points outlined in the report include:

• a three year plan to boost digital participation

• universal access to broadband by 2012

• fund to invest in next generation broadband

• digital radio upgrade by 2015

• liberalisation of 3G spectrum

• legal and regulatory attack on digital piracy

• support for public service content partnerships

• changed role for Channel 4

• consultation on how to fund local, national and regional news

One of the biggest surprises in the report was the promise to introduce a levy on fixed telephone lines in order to pay for the government's universal broadband commitment.

This will see speeds of 2Mbps (megabits per second) rolled out to every home in the UK by 2012.

It will amount to a 50p a month tax for every household in the country with a fixed phone line.

It is one of the most concrete announcements in the report, said Forrester analyst Ian Fogg but it will not mean faster speeds for everyone.

"It is basically a tax to fund wider broadband availability. While it may offer rural areas better speeds than are available today it will still be slower than in urban areas. There will still be a two-tiered internet and for rural homes it is going to be a case of yesterday's speeds tomorrow," he said.

Alex Salter, from broadband measurement firm Sam Knows, doubts the levy will create enough money to bring broadband to every home.

"It answers the main question from the last report which was who is going to pay. This is less expensive per capita than similar schemes, for example in Australia, but is unlikely to generate the full budget required - this will still have to come from the providers," he said.

Download the Report in PDF Here

 
Read more...
 
ParcelForce expose personal data on its website

Personal data including the signatures of recipients has been exposed to those tracking deliveries on the Parcelforce website, the BBC has discovered.

A failure in the system allowed people using the mail tracing service access to the name, postcode and signature of various addressees.

The breakdown put Parcelforce at risk of breaching data protection rules.

The delivery service, part of the Royal Mail Group, apologised. It said the problem had been resolved.

Fail track

Customers sending a package with Parcelforce Worldwide are given a reference number which allows them to track the progress of the delivery.

However, when the BBC News website entered reference numbers into the "track and trace" feature on the Parcelforce website, a series of unconnected deliveries was revealed.

Although the same reference number was typed in, the specifics of parcels with other reference details were displayed.

Within the space of 30 minutes, the system handed out details of parcels in Cleveland, Swansea and even awaiting customs clearance en route from Shanghai.

These included some parcels that had already been delivered. On the page declaring "proof of delivery", the name and postcode at its destination were shown, alongside a reproduction of the signature of the recipient.

Such information would give an identity fraudster easy access to people's names, addresses and signatures.

During the BBC's investigations, we saw the details of Linda Mitchell, of Farnham in Surrey, and the signature of her mother who signed for the parcel.

Mrs Mitchell noticed a problem when she entered the reference number on the website and it said her parcel was in Glasgow, then Coventry.

"The more you think about it, the more you wonder what is going on," she said.

And BBC News website reader Steve Davis, of Twickenham, said he was left confused by the tracking service fault.

"I thought that the bike I had been waiting for all week had been delivered and accepted in Germany," he said.

Read more...
 
Vaserv lose data for 100,000 sites

A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.

Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.

"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing."

Foster said he's been unable to reach anyone at LXLabs to discuss the suspected vulnerability. The Register has also received no response to inquiries sent to the company, which according to its website is located in Bangalore.

According to Foster, data for about half of the websites hosted on Vaserv was destroyed all at once sometime Sunday evening, shortly after administrators noticed "strangeness" on the system. The attackers had the ability to execute sensitive Unix commands on the system, including "rm -rf," which forces a recursive delete of all files.

Some 50 percent of Vaserv's customers signed up for unmanaged service, which doesn't include data backup, Foster said. It remains unclear of those website owners will ever be able to retrieve their lost data, he said. As a result, at least half the websites that were hosted on the site remain offline.

"Since last night, I've had probably 40 phone calls from clients saying 'Why is my website down,'" said Daniel Voyce, a web developer for Nu Order Webs who uses Vaserv to host customer sites. "It's making me look bad."

Voyce said the hackers, given the high level of server access they gained, were likely able to intercept a wealth of sensitive data stored on Vaserv's servers. Voyce said his customers are safe because all sensitive information was encrypted.
Read more...
 
More Articles...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 12

Advertisement

Back to the top
© Security Active