This is just a common sense business tip: do not use shredded checks as packing material.

The WHH Ranch Company has been using shredded paper from a Texas-based bank for 20 years. Some of that paper came in the form of shredded checks.

When Michelle McBride ordered some food from WHH Ranch, she found it packed in shredded checks. The shredded paper was in wider strips (it was not cross-shredded) that could be easily pieced together. In fact, that’s what Michelle McBride did - she was able to easily re-assemble some checks and plainly read off account numbers and routing information for hospitals, medicare, schools, businesses and personal accounts.

After learning of the problem, WHH Ranch says they’ll ensure it doesn’t happen again.

So, two things to learn from this:

• If you are shredding sensitive information, use a good cross-shredder or confetti shredder. Particularly if you’re a business.
• If you are using shredded paper as packaging material, ensure it’s finely shredded material that contains only non-sensitive papers.

After the jump is a video of the CNN report about this incident (the video auto-plays): Read the rest of this entry »

The AMW Safety Center and the National Consumers League have put together a public awareness video about secure online shopping.

Some of the tips in the above video include:

• Looking for https or shttp domain names
• Don’t fall for pop-up boxes
• Look over return and privacy policies
• Use a credit card to protect your interests (fraud departments can help you get money back)

Of course, if you remember the survey we posted last week, legitimate websites host 68% of the malware online, so trusting a website is not a guarantee of safety any longer.

Tags: online shopping, security, web security, shopping, secure shopping, consumer, awareness, web security

A friend of ours, Chris Pirillo, runs a live video stream fairly regularly. In a live streaming he did several months ago, he made mention of Computrace LoJack for Laptops, an Absolute Software laptop recovery service for consumers.

Who Breached: US Department of State
Number Affected: 3
Information breached: Passport records (including SSNs)
How: insider breach

The passport records for three presidential candidates (Obama, Clinton and McCain) has been breached.

Thursday, the US Department of State admitted that three or four contract workers illegally accessed the passport records of Senators Barack Obama, Hillary Clinton and John McCain. The breaches affecting Barack Obama occurred on January 9, February 12 and March 14, but were not reported to higher-level State employees. The Clinton and McCain files were accessed once each.

Passport records include date and place of birth, physical health, birth certificates, medical records and financial reports. Any investigative reports compiled during the passport approval process would also be available. Social Security Numbers are also included in the files.

The US Department of State has characterized the incident as that of "imprudent curiosity." The information was kept in secured file cabinets or in restricted areas, or in databases that are password-protected. An audit trail of all data accessed is kept.

Two of the curious employees worked for Stanley Inc, a government contractor, and have been fired as a result of the breach. The other contracting company has not been disclosed - it is known, however, that the curious employee at that company has been disciplined (not fired).

Here is a video report of the incident by the Associated Press:

Via computerworld, newsweek Tags: obama, clinton, mccain, breach, data breach, presidential data breach, presidential race, id theft, government breach, passport records

Intel decided to lighten things up with a new music video comparing software and hardware in IT Security. Directed by Christopher Guest, starring Dan Finnerty and Rob Giles.

The video was created as a part of Intel’s “IT Gets Easier” campaign.

Tags: intel, set it managers free, intel ad, intel music video, it managers, it security, security, it gets easier

This is a video created for the US Federal Courts on IT Security. The video illustrates the challenges of defending against security threats (the video uses the online digital world). SecondLife was used as an illustration of a layered security defense approach.

The video talks about building layers to your security policy: putting up strong layers of defense against security issues. This layered approach is being described as a “walled” approach in the discussions on Schneier’s blog, and has sparked quite a debate about the approach to security.

Aside from differences of opinion, the video illustrates many of the questions that corporations face when creating IT Security policies.

Tags: security policy, it security, security video, walled security, layered security, security defence, computer security, network security

Bruce Schneier, a strong voice in computer security, gave a presentation on identity theft to the IT Security Summit in Johannesburg, South Africa. The opening reception featured a theatrical example of the dangers associated with identity theft. The skit involved an actor pretending to be Bruce, carrying examples of his identity:

An impostor burst in on the scene and claimed to be Bruce. He produced a passport that identified himself as Mr. Bruce Schneier. He then had his interlocutor check images on Google, FBI.gov and CIA.gov, all of which identified this bloke as Bruce. It was only after Bruce solved a simple block cypher of the words “I am Bruce” that the impostor fled the scene.

The real Bruce Schneier then explained the point of this exercise in a video you can watch here:

Bruce points out the problems with authenticating an identity. Government identifications and websites can all be manipulated to associate a person with a stolen identity. If your identity is solely tied to information that can be breached and stolen, authentication of identity becomes a major issue. This is an issue we all face today.

Via ZDNet Tags: identity theft, identity authentication, identity, bruce schneier, security

Here is an interesting way to alert your employees to their bad security habits. It’s a guerilla marketing campaign created by Groove 11 and Sun Microsystems. It poses as an online resume for one Matt Bennett, looking to work in IT. This Matt Bennett creates blog posts and video content to point out security flaws and bring awareness to security issues.

Although I don’t like the lack of disclosure on the site, I do admire the vision. The material is engaging and could be a great addition to your security training program. You could show the video(s) to break the ice, and encourage employees to subscribe to the blog for entertaining - and enlightening - updates.

Here is the video resume created by ‘Matt Bennett’:

Hat tip to Bob Bragdon ; Tags: laptop security, security, sun microsystems, viral campaign, guerilla marketing

Here is some security video footage of a laptop being stolen in broad daylight from a computer store.

One of the employees of the store posted this security footage and recounts the experience on his blog:

He walks around the shop a bit more, looks out the back to where he can see our security monitor, so he can see exactly what we’re recording, and then heads over to one of the laptops. He folds the lid down, then looks up at the counter where there’s still the couple and our retail lady are. He gets in between the line of view from those three and the laptop. He picks it up with one hand, walks away with it a bit, does a kinda swing around motion, and then slips it into his jacket, grabs his cellphone out of his pocket, and pretends to talk on it as he walks out of the shop!

I couldn’t believe my eyes when I was watching this, it was insane, there were four staff members plus two customers in the shop and this guy tries his luck, and gets away with it! He’s gotta be fucking stupid though, he blatantly looks towards the cameras on several occasions.

If you read through, you’ll see a very interesting story that resulted from posting this video online. The video became very popular and was featured in many news articles and even on tv. At one point, a police officer was able to identify the thief, and from the last update to the post, they were charging him with the theft.

Now, this is a very extraordinary case of laptop theft and recovery, but it sheds some light on just how bold thieves can be.

Tags: laptop theft, caught on video, laptop thief