A little more information on the recent compromise of the VPMP and subsequent ransom demand has hit the wires since Wikileaks.org broke the news almost two weeks ago. It was admitted that the VPMP's information security measures were not all they were cracked up to be, as if this would come as a surprise to anyone. The article mentions that a backup system did not appear to be in place, nor a properly configured firewall to control traffic from the public Net. Governor of Virginia Timothy Kaine tried to save face by playing up the countermeasures in place and …

A basic maxim of information security is that when someone has physical access to a machine, all bets are off. If someone can touch a box, they can do pretty much whatever they want to it: if the console is unlocked they can poke around at whatever the access privileges of the logged in account will allow (how many of you configure your screensavers to require a password to turn off? how many of you walk away without logging out?), and possibly copy data to a removable storage device, such as a USB key. An intruder can also power the …