[Newsbot]

Title: Fake �White House' eCard steals sensitive documents.
Category: Tech
Posted By: DrCaleb
Date: 2011-01-05 08:50:24

[DrCaleb]

But it's Julian Assange that needs assassinating.

[BartSimpson]

It's just another permutaion on classic phish/Trojan stuff.

All you need to do is just not open junk from untrusted sources and then verify that a person actually sent you something when you get something odd from a trusted source.

[Scape]

Better idea:

Block access to malicious TLD’s.
Monitor and prioritize access to web/ftp (download/upload)
Encrypt sensitive documents
Block executable file downloads (.exe / .bin)
Ban all smartphones/cameras.

That should be in place before an employee decided to download a Christmas card off a Russian web site routed through a Chinese server.

[BartSimpson]

Scape, my 'better idea' is to show people the door who do these things despite being told not to. I'm not their nanny.

[Scape]

This is how secrets are leaked though. Sensitive data is like handling nuclear waste, it's a huge undertaking that requires near draconian measures just to maintain internal integrity. One leak, however trivial, could be disastrous. You have a level of trust with the workers but that trust in their good judgment should only go so far. There should be some limits in place for the workers safety so that they don't end up breaching either intentionally or not.

These measures would be if anything for the workers benefit. The employer should be a nanny but they should be letting sensitive documents be handled with no protocol at all either. That just asking it to be leaked.

[DrCaleb]

Every 'secure' system I've ever dealt with was on a completely physically segregated network. No email. No Internet. No USB ports. No CD burners. The really sensitive stuff was on paper in file cabinets, in a big concrete room that only has controlled physical access through a man-trap, controlled by a person in a cage.

[Scape]

That is clearly what is required. The cage is a gateway and is there for the protection of people on both sides of the glass.

[BartSimpson]

DrCaleb DrCaleb:

Every 'secure' system I've ever dealt with was on a completely physically segregated network. No email. No Internet. No USB ports. No CD burners. The really sensitive stuff was on paper in file cabinets, in a big concrete room that only has controlled physical access through a man-trap, controlled by a person in a cage.

Hate to say, but it's easier to defeat the person in the cage then it is the computer that doesn't care who you say you are.

[BartSimpson]

Something that happened at Intel back in 2002/2003 - security firm was hired to test Intel security and what they did was to salt the parking lot with USB sticks that had a Trojan on them. People picked up the 'free' USB sticks on their way into the office, took them to their desks, and plugged them in. Voila.

[Thanos]

Yeah, there's obviously a huge problem with people being allowed to bring outside media devices into work. If someone had bothered to make sure that the Lady GaGa CD case that Bradley Manning had at his desk had actually contained a Lady GaGa CD instead of a blank one then Julian Assange would have been SOL for most of this past year.

I'm fairly certain though, putting all treason aside, that Manning still deserved some time in the slammer just for even buying a Lady GaGa CD in the first place.

[BartSimpson]

Hate to admit it, but I like her music.

[DrCaleb]

BartSimpson BartSimpson:

DrCaleb DrCaleb:

Every 'secure' system I've ever dealt with was on a completely physically segregated network. No email. No Internet. No USB ports. No CD burners. The really sensitive stuff was on paper in file cabinets, in a big concrete room that only has controlled physical access through a man-trap, controlled by a person in a cage.

Hate to say, but it's easier to defeat the person in the cage then it is the computer that doesn't care who you say you are.

Quite so. But that's why he's the last line of defense to get into the secured archive, not the first. A person has to go through many card reader controlled doors to get to the secure archive, and needs several forms of authentication to get through the man trap.

Some places take research information and security quite seriously.