Latest Data management and data security News

Facebook privacy changes do not go far enough to protect users
posted on 28/05/2010

Facebook users have been organising boycotts over accusations the site has made it too simple for criminals and stalkers to see personal information because privacy settings were too complex. The social networking site has now announced it is boosting privacy protection for members in the face of growing anger at security controls. Facebook have focused on three things: a single control for content, more powerful controls for basic information and an easy control to turn off all applications. They will be rolling out these changes over the next few weeks. However, F-Secure feels these changes do not go far enough to protect the social networking site’s users. Sean Sullivan, F-Secure Security Advisor believes that “the site remains a real opportunity for any committed cyber criminals and the new settings will do little to assuage the concerns of those that feel they are being targeted by commercial interests.” “In essence, this is nothing more than a cosmetic change. The site remai... [more]

Encryption and passcode can be easily bypassed on iPhone 3GS
posted on 27/05/2010

To implement security simply, but effectively is very difficult. Unfortunately for businesses or consumers who think their iPhones are secure, they are incorrect. Experts at Sophos noted that when they plugged in their iPhone 3GS to a Ubuntu 10.4 (Lucid Lynx) workstation, they were able to access some of the data without authenticating to the phone or OS. On initial examination all that is required to access the "user content" areas of a fully encrypted iPhone is Ubuntu. No passcode required. Many have pointed out that the most sensitive information is still unavailable like SMS history, email, address books, etc. If you use full disk encryption on your computer you will notice that it cannot boot until you have provided the passphrase. This is because the key that encrypts the volume is protected by your passphrase. If you turn on an iPhone, it boots all the way up and allows access from USB. If the device boots, it must be able to access the encryption key without a passphrase. ... [more]

Aceso enables users to recover evidence from mobile phone handsets, SIM cards and media cards
posted on 27/05/2010

Radio Tactics Ltd has announced the launch of Aceso v5. The Aceso v5 is an upgrade to the existing Radio Tactics Aceso device, which enables users from government and law enforcement agencies as well as the corporate sector to recover evidence from mobile phone handsets, SIM cards and media cards. This evidence can be used directly in a prosecution or as intelligence to assist an ongoing enquiry. The Aceso enables fast extraction of data from a mobile phone by a user with minimal training, allowing forensic experts to focus their time on more specialist areas. • Aceso v5 introduces a new database of handsets, making the Aceso a knowledge base for the forensic examination of mobile phones as well as an evidence recovery device • Aceso v5 gives users complete control over the type of data they can extract from an acquisition whatever their level of technical expertise • The v5 upgrade reduces the time taken to retrieve evidence from mobile handsets • For the first time, the softwa... [more]

IT departments require more than encryption to securely track manage and protect mobile data
posted on 25/05/2010

The increasingly mobile nature of data has resulted in growing pressures on IT departments. There was a time, not too long ago, when data was secured primarily due to the physical security of the building where it was located. Now, with the ubiquitous use of laptops and handheld devices, a secure physical environment, while requisite, is no longer sufficient. As we enter a new decade, IT departments are faced with a proverbial “perfect storm” when it comes to securing data. Departments are dealing with reduced operating budgets resulting in them having to do more with less. There is a growing movement from various levels of government to regulate the security of data, such as the recent announcement by the UK Ministry of Justice that the Information Commissioner's Office (ICO) would have the power to organisations up to £500,000 for serious breaches of data protection principles. The European Council has approved a data breach notification rule for Europe's telecommunications fi... [more]

Two thirds of data security breaches come from small companies
posted on 20/05/2010

Under the new rules, the Information Commissioner’s Office (ICO) is able to fine businesses up to £500,000, equivalent to 10 per cent of the highest annual turnover of a small company, if they lose individuals' confidential data. Previously the ICO had the power to fine just £5,000 for serious breaches of the Data Protection Act, but these new measures are expected to act as an effective deterrent to improve data security within the UK economy. Shred-it welcomes these new powers as a sign of progress for UK data protection but warns that as fraud persists, small businesses must be vigilant as they are often the most vulnerable targets for information thieves. Robert Guice, Executive Vice President of Shred-it, said: “With fraud on the rise, information security is more important than ever for businesses looking to protect their financial standing and corporate reputation. These new measures highlight the urgent need for small businesses to invest in data security practices that protec... [more]

Other Security news and resources