Pontification on the guy who stole a bag full of stuff.

You might have seen on the news a couple of weeks ago a video of a guy on a bike sweeping a bunch of stuff off of a shelf into a garbage bag (local copy) (video.hackers.town) and exiting the Walgreens with alacrity on a bicycle. Unsurprisingly, there was a brief wave of outrage, jokes in questionable taste, hellthreads on Nextdoor, and a run on strings of pearls to clutch. Rather than join in those particular fun and games it reminded me of something I saw in the Before Times while out and about.

Please note that the two …

Read more...

Wow, I feel ever so much safer.

Unless you're dealing with the federal government, it has long been a given that the police can't enter and search the place you live without a properly filed and signed search warrant, as guaranteed by the fourth amendment to the US Constitution, which reads thus: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Sounds …

Read more...

Just when you thought your morning commute couldn't get any worse.

In the DC metroplex it isn't uncommon for people to drive to a Metrorail station (which aren't always just down the block), grab a space somewhere in the daily parking lot, and then walk inside to catch the subway. The down side of this is that you have to leave your car sitting unattended and unmonitored for something like ten hours out of the day... as a few people have recently discovered one's catalytic converter, which contains non-trivial amounts of rhodium¸ platinum, or sometimes palladium (which is why they're so damned expensive to replace) are being stolen right out from …

Read more...

Just like your friends, don't abandon your boxen, either.

A basic maxim of information security is that when someone has physical access to a machine, all bets are off. If someone can touch a box, they can do pretty much whatever they want to it: if the console is unlocked they can poke around at whatever the access privileges of the logged in account will allow (how many of you configure your screensavers to require a password to turn off? how many of you walk away without logging out?), and possibly copy data to a removable storage device, such as a USB key. An intruder can also power the …

Read more...

Just when you thought it was safe to make your data safe...

A common procedure at many companies is to send the backup tapes offsite, on the off chance that if the building burns down or something, the computers will be lost but the data can be restored to replacement hardware and business will pick up apace a day or two later. In the industry, this is referred to as 'disaster mitigation planning'. At smaller companies, either the tapes never get taken offsite (common) or one of the sysadmins takes the tapes home to put them into a safe or strongbox (a bit more common). Larger companies and organizations with more rules …

Read more...

HIPAA doesn't imply that you can trust those in control, now does it?

Joseph Nathaniel Harris, a former branch manager at the San Jose Medical Group in California was sentenced to 21 months in prison and fines in excess of $145kus for stealing medical data. When Harris left his position after allegations that he'd been stealing money and medication from the facility, he is said to have stolen two computers and a DVD-ROM disk containing sensitive information about 187,000 patients, including Social Security numbers, medical histories, and diagnoses. The computers were found to have been sold for cash, but kept the disk containing the patient data. Thankfully none of that data got …

Read more...

If anyone else did this, they'd have been fired faster than you can blink.

One Jerry Miller, head of the payroll team for the Administrative Knowledge System project of the Ohio Department of Administrative Services screwed up in a pretty major way - he let one of his interns take a backup tape containing, among other things, data on better than 130,000 employees of the state of Ohio, former employees and contractors of same, and sundry Ohio residents. Seeing as how it was payroll information, I'll leave it to you to guess what kinds of information were encoded on that tape. The tape was stolen from the back of said intern's car in June …

Read more...

Talk about beer money...

A couple of weeks ago, the city of Carson, California discovered that it was a couple of thousand dollars short in its coffers - $450kus, to be exact. As it turns out, the laptop computer used by Karen Avilla (city treasurer) was infected by a keystroke logger installed through unannounced means (probably a website she visited, or a malicious e-mail, though it's entirely possible that the intruders managed to get in some other way, like through a clandestine wireless access point). An unknown group of crackers managed to snaffle the access codes to the bank that the city kept its money …

Read more...