Alrighty, that sounded bad… Deleting a file probably won’t land you in jail unless you are doing something illegal in the first place.

The idiot who attempted to extort money with a “collar bomb” was most likely caught due to leaving a message on a USB flash drive that he had deleted files from.

The ONLY safe way to remove data from a hard drive, flash drive, tape drive or other types of media is to physically destroy it. Our friend Brent over at ShredDisk can help you with that. Don’t make the mistake of deleting files only to find they are recoverable.

Here’s a link to the original article which mentions additional clues that were used to find the “collar bomber”, such as meta data in a recovered Microsoft Office Word document.

The Spartanburg Regional Healthcare System notebook that was stolen from an employee’s car this year has caused concern for many individuals who’s records were contained on that device. (Story Here)

What can you do to protect your data from prying eyes in the event your notebook or even a desktop computer is stolen?  Easy, you can utilize disk or file encryption…  In many cases, it is available to you absolutely free of charge.

One form of encryption that you may already have, if you are using Windows Vista or 7 Ultimate or Enterprise (or Server 2008 or Server 2008 R2) is to use BitLocker drive encryption. This is built into those operating system versions and gives you the choice of three different authentication mechanisms, including a mode that requires a USB key to be in place before the data can be accessed.

Some people have opted for TrueCrypt, an open source encryption package that works with Microsoft Windows 7, Windows Vista and Windows XP, as well as Mac OS X and Linux.  It has the capability to create a virtual encrypted disk that resides inside a file on the hard drive, which it mounts as a normal system disk, or to encrypt an entire partition or hard drive, including the Windows boot partition.

There are countless methods to protect your data, from the two listed above, to a plethora of commercial products in software and even hardware form. Some would argue that a “free” tool such as TrueCrypt could not be as robust as XYZ commercial offering, and while that argument has some validity, one thing is for certain; A system protected with *any* type of encryption is 100% more secure than an unprotected system.

Should you wish to talk to someone about options available to you or your business, please call us and arrange for a free, no obligation consultation here in the Greenville / Upstate, SC area.  864.990.4748 or info@homelandsecureit.com

One of the newsletters I read regularly had a link to this video… So I figured it would be a great password to use…

Data from Star Trek TNG emulates Picard’s voice with a very long password.

Trend Micro is offering a service called SafeSync which allows you to access and share your files anywhere, anytime.

For as little as $39.95 a month, you can store your data online, instantly and share it between multiple devices, including iPhones, iPads and Androids. You can even share with friends and family with complete permissions!

You can get more information directly from Trend Micro, and even try it out for free!

http://us.trendmicro.com/us/products/personal/safe-sync/

As your Upstate / Greenville, SC Trend Micro partner, we can offer this all of the Trend Micro product line, including installation, support and consultation. Call us at 864.990-4748 for more information or email info@homelandsecureit.com

Brent Amyette over at ShredDisk wanted to perform an experiment to determine just how well data was being protected by those selling used equipment, so he purchased a used server off of the online site, Craigslist.

He then brought the server to us and we examined it. The three hard drives had previously been in a RAID array, but had been formatted and broken apart into three separate drives. Then an operating system (Windows XP) had been loaded onto one of the three drives.

Using a file recovery application, we then ran it on the three individual drives and managed to recover approximately 100,000 files from the previous installation.

This particular server was from a medical system in Texas, so were under the assumption that either the data would be totally unrecoverable due to some sort of “secure wipe” or “DoD” erase taking place before disposal, however, that was not the case at all. The data was easily retrieved and what we found was simply frightening!

We opened a few log files, attempting to determine versions of software applications, and it turns out those log files were transaction logs, possibly from their patient management system, and though it was easy to see the names of patients, social security numbers, dates of birth, street addresses and phone numbers. These logs contained the typical information one would be asked during the intake procedure at a hospital. Nature of the visit, what led up to the issue, medical history, etc.

Without giving details, there were people who had visited for physical and sexual abuse, sexual infections, digestive problems, etc. Extremely personal information about these people’s lives….

Brent had contacted WYFF and they did a segment on the news about this… You can find it HERE.

The moral of this story is – if you are charged with disposing of an old computer, server, hard drive, or backup media, consider having it professionally destroyed… And by destroyed, I mean, physically destroyed! ShredDisk can provide those services at very reasonable rates and can do it at your facility!

For the record, the hard drives contained in the medical system’s server have been shredded now. So fortunately, that information did not fall into the wrong hands.

Maybe you should ask your medical and legal providers how THEY dispose of their old drives and equipment. It could be your records at risk!

I’ve said this before, but I think I will say it again. Should you leave a job and have personal files on your system, sure, by all means, delete your PERSONAL files, that’s okay, right?

Maybe…  In fact, laws on the books that state that everything you do at work is property of the employer, however, I am not a lawyer, so I won’t get into that.  What I WILL harp on is that if you do decide to delete a folder containing *your* personal files, not files belonging to the soon-to-be-ex-employer, then everything should be okay, but when you cross the line and either delete *everything* you can, including important system files, or possibly use a “secure wipe” application to write 1s and 0s to the drive, or even attempt to format a drive, then you have moved from protecting your privacy to destruction of property, malicious mischief, and a whole plethora of laws that cover this.

There is an entire field dedicated to recovering data intentionally deleted or destroyed. These “forensic” technicians are very good at it and also come with a hefty price tag. So, if you should happen to delete files, and it causes your former employer to enlist the assistance of an expert in recovery, then you can expect the associated costs to be passed on to you.

My advice is as follows:

If you are at work, why not work? Try to keep your personal files and emails totally off the business network. Use your Android or iPhone to read emails, or optionally web based email (gmail) if your company policy allows accessing external email accounts via the web on work computers.

Failing that, keep all your non-work email in a folder named something like “John’s Personal Email”, and personal files in a similarly named folder. Upon leaving, delete those and ONLY those folders.

What about your browser cache, all those cookies, auto-logged on sites, etc? Well, if your personal life did not intertwine with work, then you wouldn’t have this problem, but now you do, so what to do?  You COULD empty the cache, or you could use a tool like “CCleaner”, but those will remove legit work-related data too. Of course you could have enabled privacy mode and attempted to browse without leaving a trace, but you didn’t.

Okay, so just what CAN be recovered should you decide to delete your files and email before you leave?

Depending on how the Exchange server is configured, your mail may be backed up, possibly archived, forever, so even if you delete your mail today, last night’s backup got it all up until it ran.

Your desktop may be backed up as well, and it is possible that you do not even know it is happening. More and more businesses are opting for nightly, weekly or monthly imaging of all PCs.  Some computers are set to sync the documents folders to a centralized server.

And there’s always the chance that an employee will FEEL you did something bad, even if you had no intent to defraud them of their data and they will hire someone like me and my company, Homeland Secure IT to retrieve data from the hard drive. As I write this post, I am doing that for a new client in a similar situation.

Just what can we recover? Most everything. A “DELETE” doesn’t get it. Actually, we have successfully recovered files from a hard drive that had a “secure wipe” performed on it.

If your business needs data recovery services, please contact us in the Greenville / Upstate, SC area at 864.990.4748 or email info@homelandsecureit.com – If it’s there, we’ll get it.

I am reposting this from WatchGuard Security Center blog in its entirety below.  I have kept fairly silent on this subject as everyone has said everything that needs to be covered. Corey did a fine job of outlining the situation though, so for your reading enjoyment:

On Tuesday, Sony officially disclosed a humongous data breach against the Playstation Network or PSN (recently renamed to Qriocity), which allowed external attackers to get their hands on the Personally Identifiable Information (PII) of around 77 million gamers. Worse yet, they may have even stolen their credit card information, too.

If you read security news, or follow me (@SecAdept) on Twitter, you’ll know this incident has been brewing for around a week now. It first started last Wednesday, when PSN went down for all Playstation 3 users. At the time, I’d imagine that most customers assumed the outage was some sort of routine maintenance. However, with Sony recently coming out of a DDoS battle with “Anonymous” over the Geohot Playstation hacking lawsuit, paranoid security professionals like me suspected this outage might be related to more “Anonymous” hijinks. Unfortunately, we have since learned that that wasn’t the case (I wish it was).

Over the next few days, the story continued to slowly unfolded, mostly on security and gaming sites. Sony blog posts (some which were later removed) eventually admitted that the issue may be related to an “external intrusion.” However, Sony was not quick to confirm the details, or share what the attackers got. If you are interested in how the story slowly unfolded, PCWorld has a great timeline of the incident. In any case,  Sony finally sent an email to all its PSN subscribers Tuesday night, sharing exactly what the bad guys stole — and unfortunately the cretins hit pay dirt.

If you’d like to read Sony’s email in full, check out this forum post, but I’ll quickly highlight what it claims the attackers stole from all PSN subscribers:

• Your name,
• address (city, state, zip),
• country,
• email address,
• birthdate,
• PSN password and login
• PSN online ID and handle
• purchase history,
• billing address (may be different than normal one),
• security answers,
• and possibly even your credit card information (excluding security code)

Unfortunately, this is a huge repository of valuable information for identity thieves and attackers wishing to target your other online accounts. On the surface, the biggest concern is whether or not attackers gained access to credit card (CC) numbers.  Sony is not very clear on this count. They claim they have no evidence to suggest so. However, they immediately backpedal, saying they cannot rule out the possibility. A more recent Sony Blog update has at least shared that the CC date was encrypted, and that they didn’t store any security code info for CCs. Well, at least that’s semi-good news.

So what’s a PSN subscriber to do?

Being one myself, I immediately asked myself that very question. Here’s what I’ve come up with:

1. Do you follow best password handling practices? If not, change your passwords. One well known, but often ignored, password security practice is that you should NOT use the same password everywhere. Unfortunately, many people, including security professionals, don’t follow this practice. If you are one of those people, the first thing you need to do is go to all the important sites you visit and change your password. If someone has your email address and a password, that will get them into many popular sites you may frequent.
2. Cancel/change your credit card. This one really sucks. It can be a pain to get new credit cards, mostly when you don’t know for sure whether it is entirely necessary. Unfortunately, I have to lean towards being safe and not sorry. If you shared your CC with PSN (it’s possible you may not have), you should probably get new cards. Granted, Sony does say the CC data was encrypted. So ultimately, it is up to you if you want to take the chance.
3. Watch your credit information. There’s really nothing you can do about that fact that a lot of your PII data is out there. This is the same data bad guys use to setup fraudulent accounts in your name. Luckily, attackers didn’t get one crucial (at least in the US) piece of data; your social security number. Without this, they probably can’t setup financial accounts in your name. Nonetheless, you should still monitor your credit via your country’s credit agencies. You may even considering submitting a fraud alert or credit freeze, which will make it harder for attackers to create new accounts in your name.
4. Remain vigilant for follow-up attacks. Since the attackers didn’t get Social Security numbers, they don’t have all they need to totally steal your identity. However, they often follow up there sorts of attacks with other attacks (email phishing), trying to gather any additional info they need. Furthermore, they can often leverage the information they’ve already stolen to help trick you into trusting them. So remain vigilant against phishing and social engineering attacks, asking you for private info.

The last question that I’m sure is one everyone’s mind, is how did Sony actually get hacked. The short answer is, we don’t know yet. Sony’s not sharing. There has been a number of rumors, though:

• Geohot did it. This is the guy that hacked the Playstation 3′s DRM and copy protection. Sony sued him for it, and he settled the case (saying he’d leave Sony stuff alone). This guy’s smart enough to breach networks, but I’m pretty sure he didn’t go after PSN, mostly after settling with Sony. So I doubt this is the case.
• “Anonymous” did it. Anonymous is that random group of hackers that went after HBGary. They also sided with Geohot during the PS3 hacking case, and likely launched DDoS attacks against Sony in early April. However, they claim they had nothing to do with this breach. I tend to believe it as Anonymous tends to stick more with headline grabbing stunts, than these highly illegal, malicious breaches. That said, some solo-Anonymous hackers may have acted alone.
• The attack is the result of a custom PS3 firmware (called Rebirth). When Geohot hacked the PS3 DRM, he made it possible for homebrew coders (and pirates) to load their own modified firmware onto the PS3. These modification could allow playstation users to do all sorts of cool things that Sony didn’t originally intend the PS3 to do. However, some of the latest custom firmwares coming out of the PS3 “scene” included modifications that would allow hacked PS3 to regain access to PSN, or worse, the PSN developer network. One of those firmwares was called Rebirth. Due to the timing of Rebirth’s release, and some of it’s features, some people suspect it has something to do with how the PSN attackers were able to breach Sony’s PSN  network. In fact, it seems very likely that the modified firmware was at least used to fraudulently download PSN games without valid CCs. Of the rumors presented, this one seems most possible to me. That said, the creators of Rebirth have claimed they weren’t responsible either. However, they admit users have found interesting ways to use their firmware.

Besides those rumors, other experts have shared their own guesses about how this breach might have happened. For instance, one mentioned that it could have been a spear-phishing email, that got malware on an administrator’s computer. That guess is as good as any. After all, that’s basically how the Aurora attackers got into Google — it’s certainly possible.  Yet, it’s still just a guess. Until Sony, or someone else, shares the real story, all we can do is wonder.

Not  knowing exactly how the breach happened, makes it harder to give you a specific defense that can help prevent this from happening to you, but that’s where good ‘ole “Best Practices” come ins (something we also learned during the HBGary incident). Two things come to mind for me:

1. Defense-in-Depth. Security guys hear this so often that it stops feeling relevant. It still is. It’s simple math. The more defensive layers you build up — things like Firewalls, IPS, AV, application control, cloud reputation, etc. — the better statistical chance you have of detecting and blocking an attack. That is why WatchGuard created our XTM appliance. We want to make it as easy as possible to incorporate as many defenses as possible, in one easy to manage appliance, and to have a platform that allows you to evolve your defenses in the future. That said, when most people think “Defense-in-Depth,” they only think about the hard, preventive technology measures, such as the ones I’ve mentioned above. They don’t think as much about the softer security measures, such as visibility tools that may also help you recognize unusual incidents, like security breaches. When you are building your layers of defense, don’t forget to include products that offer visibility tools as well (we have great visibility tools, and plan to make them even better).
2. Focus your perimeter on your data center! One of my predictions for this year was that your perimeter will not go away. It will just shrink, harden, and focus on your data center. The huge increase in mobile workforce and technologies, has caused the security industry to largely focus on mobile security technologies — for good reason. However, just because you need mobile defenses, doesn’t mean you can tear down the walls around your castle. Instead, the huge increase in big data breaches, like this PSN incident, has shown that we need strong, evolving perimeter defenses around our data centers, today more than ever. Your perimeter shouldn’t only protect your data center from the world, but also from your own workforce. Based on what Sony’s doing to improve their PSN security, it sounds like they now agree with my prediction.

This PSN data breach will surely have resounding affects on network security for years to come. I wouldn’t be surprised to see it cause PCI changes, trigger politicians to suggest new laws, and result in new business regulations. I will continue to follow the story and post any interesting new details I find. –  Corey Nachreiner, CISSP. (@SecAdept)

—

Find more on the Watchguard Security Center blog…

Homeland Secure IT is a WatchGuard partner offering sales, service, support and consultation in Greenville & Upstate, SC. If you would like more information about WatchGuard products, please call 864.990.4748 or email info@homelandsecureit.com

Every year about this time, millions of people spend hours or even days cleaning up their computers. They weed through mail, files and other data, trying to determine what is to be kept and what should be deleted.

I suggest NOT cleaning. Sure, you can ORGANIZE, but why risk losing an important file?

External hard drives are inexpensive and easy to connect, as in plugging in! Then you can use the built-in archive functions in your Microsoft Outlook to move mail to a .pst file that can be saved to the USB drive.

I also advise using MULTIPLE means of archiving, whether it is a DVD disk and a USB drive, or two USB drives, just something that will be stored elsewhere. You could try one of the various cloud computing solutions as well, like DropBox…

With files stored on your system, say in the Documents folder, you can sort them by the date they were last modified and then move them to an external drive. Again, having data in more than one place is always desirable. You can never have too many backups in my humble opinion!

What do YOU do to archive your data, mail or do you? Do you just delete it?

I believe when it comes to data, MORE IS BETTER! Yeah, so call me a hoarder, it’s okay. I have plenty of room and hard drives are cheap!

Case in point…  Yesterday I received a call from the IT administrator for a corporation based out of MA about a router that was down. When I arrived, I found an old Cisco 2500 router that would not boot up. Sure, you can replace a nonoperational router, but what about that configuration? You see, when an IT service dude or dudette walks into a business in this kind of mess and no records are available, you are left with a bunch of question marks…

What is the WAN IP? What is the WAN gateway? What’s the netmask? What’s the LAN information? Are there VPNs? Where do they point to? What about access in from the outside world to internal resources, what goes where?

You can get some of this information by calling the internet service provider, you can get some by checking a desktop for where it might already be pointing for it’s gateway, but some of it is a certain blank without having notes.

One thing better in this situation is having a backup of the running configuration from the router.  Guess what? The IT administrator at the main office has the foresight to save a copy 4 or 5 years ago, and he was able to provide that information to me, allowing for a very rapid replacement of the equipment and a reconfig!

The moral of this story is – hang on to those old emails, keep those old configs, even if they are 4 years old.

Hard drives to store data on are inexpensive, the cost to recreate the data is NOT when you consider the downtime, the service charges for a technician to sit on hold to find out simple information, etc.

-

Homeland Secure IT provides computer, server & network sales, service & support to Greenville / Upstate SC businesses and individuals. Call 864.990.4748 or email info@homelandsecureit.com for more information.

LG-Ericsson LIP-8050V IP Phone

Homeland Secure IT, LLC has become an LG-Ericsson Elite Partner in order to provide Greenville & the Upstate the entire line of data and telephony products that the manufacturer has to offer!

LG-Ericsson’s product lineup include their Hybrid VoIP phone systems, IP phones, switching technology from unmanaged to managed and stackable, routers, wireless routers and other data products.

These are perfectly suited to our primary clients, the Small & Medium Business market!

More information will be forthcoming as our relationship develops further…  If you would like more information about the LG-Ericsson product line, please call 864.990.4748 or email info@homelandsecureit.com