Laptop Security Report

Man chokes woman, steals laptop

Laptop Security — Sat, 18 Feb 2006 21:28:23 +0000

Here is an interesting little blurb in a Rhode Island newspaper about a stolen laptop. Apparently a woman was choked before her laptop was stolen.

WARREN, RHODE ISLAND — Ceferino Nunez, 27, whose last known address is 27 Sunset Ave., East Providence, was charged with second degree robbery, a felony, and simple assault, a misdemeanor, early yesterday in the home of a 24-year-old Warren woman.

Detective Sgt. Roy Borges said the woman, whom he declined to identify, initially had called the police about 6:20 p.m. and complained that an acquaintance had walked into her bedroom, choked her, ripped her shirt, and stole a laptop computer and printer belonging to her.

via the Providence Journal

Stolen Ameriprise Laptop Has Customer Data

Laptop Security — Thu, 26 Jan 2006 22:41:55 +0000

It was reported by various news outfits that Ameriprise Financial Inc., the former brokerage unit of American Express Co., has acknowledged that a company laptop computer which contained information on about 158,000 customers had been stolen.

Ameriprise said the theft occurred when an employee’s vehicle was broken into at “an off-site location.” MacMillan declined to say where the incident occurred except that it was not in Minneapolis, the Midwestern U.S. city where Ameriprise is headquartered.MacMillan said the Ameriprise employee, while cleared to have the information on his laptop and in his possession outside the office, had not complied with company security policies and had been terminated.

“The data didn’t have the security it’s supposed to have when it’s off premises,” MacMillan said. “That was a violation of policy.”

MacMillan said the 158,000 customers listed in the laptop — 5.6 percent of Ameriprise’s 2.8 million clients — had one thing in common: they’d recently changed their advisers.

The theft is the latest in a series of high-profile data breaches that have raised concerns about identity theft.

Source Money/CNN

Devestating Theft of Laptop

Laptop Security — Sat, 21 Jan 2006 22:21:02 +0000

Look how sad losing her laptop made this student in New Zealand. On January 13 2006, Tara Olsthoorn a third year nursing student and volunteer surf life guard noticed the window of her car was down. Her worst fears were confirmed and her laptop computer was missing.

They took my laptop, all my school work, all my notes - everything,” she says.

“It just sucks that I have to go back to school without anything. It’s all gone.”

Ms Olsthoorn also lost a back pack full of clothes, toiletries and a phone charger - a total haul worth $6000.

via Manawatu Standard

Did Cuban Spies steal an activist’s laptop?

Laptop Security — Sat, 21 Jan 2006 22:12:10 +0000

A group of anti-Castro activists wonders if spies may have stolen a laptop computer from their office during Hurricane Wilma. The office of the Cuban Liberty Council was not forcibly broken into and nothing was taken except for the Apple laptop. The burglary of the laptop seemed to have occured as Miami shut down in October, 2005 during Hurricane Wilma.

The laptop contained information about donors to the council, as well as the dissident groups in Cuba that receive the council’s contributions. The office building where the council has a suite had been closed for a week and it is unclear exactly what day the laptop was taken.

Recently, two Florida International University staffers were arrested for not registering as foreign agents and allegedly providing information about the exile community to Cuba.

‘’It could be a burglary like any that happens a thousand times in this city,'’ council president Ninoska Perez-Castellon said Thursday. “But there’s always the possibility when you hear about cases of Cuban spies.'’

via MiamiHerald

Former Official Pleads Guilty to Computer Theft

Laptop Security — Sat, 17 Dec 2005 00:54:48 +0000

A former Labor Department official is guilty of stealing 12 government laptop computers. The former official was the Supervisory Program Manager for the Employment and Training Administration (ETA).

Basit Chaudhary pleaded guilty to a one-count criminal information this morning at U.S. District Court in the District of Columbia. The information, filed on Nov. 2, 2005, charged Chaudhary with felony theft of government property for stealing and converting to his own use a total of 12 laptop computers belonging to ETA. The computers were valued at approximately $24,000.
…
As part of his plea agreement, Chaudhary admitted that he stole a total of 12 laptop computers from ETA during 2003 and that he sold six of these computers to private parties.

source

Microsoft OneCare zaps Computer Tracking Software

Laptop Security — Fri, 16 Dec 2005 15:18:19 +0000

The new spyware remover and ‘pc health’ product from Microsoft, Microsoft Onecare has ended up disabling a popular computer tracking software, Absolute Software’s Computrace LoJack. Onecare has since been patched to prevent this from occuring. From the CNET article:

The OneCare product detects one of our modules as belonging to another application that it does not like, so it puts in place a defense that it does not need to,” Philip Gardner, chief technology officer at Absolute Software in Vancouver, British Columbia, said Tuesday.

Once installed, Windows OneCare’s flags multiple vital Computrace LoJack files as “Win32NewMalware.B” and recommends that users quarantine the files, said David Hackett, a Computrace LoJack user and OneCare tester in Edmonds, Wash.

“These files are not identifiable to users as components of Computrace LoJack, but once quarantined, LoJack will be rendered useless,” Hackett wrote in an e-mail to CNET News.com. He reported the issue to Absolute Software after discovering his trouble with its product was related to OneCare.
…
Absolute Software is readying a fix for the issue, but has also alerted Microsoft to the problem. “We believe it is their error,” Gardner [chief technology officer at Absolute Software] said.

Laptop computer tracking software would want to appear like a hidden system process, so I wonder if the programming of Absolute’s software had anything to do with it being identified as a suspect.

Kevin Costner’s Laptop Stolen

Laptop Security — Thu, 15 Dec 2005 23:33:42 +0000

It looks like Keven Costner’s Apple laptop was stolen a little over a year ago. From the Scotsman’s article:

An upmarket hairstylist [Pascal Bensimon, age 44], has been charged with stealing actor Kevin Costner’s laptop computer, which had private photos of his wedding. [Bensimon] surrendered to Pitkin police officials in Colorado this week after a 14-month investigation.

The computer contained private photos of Costner’s 2004 wedding to Christine Baumgartner, which took place at his Aspen-area ranch.

Celebrities are especially vulnerable due to their large bank accounts and financial information that may be available on the laptop. And also their personal photos and information are vulnerable, which appears to be the motive in the theft of Kevin Costner’s laptop. At least they found the accused thief, probably because he released some of the photos attempting to make money from them.

EU to require ISPs retain your data

Laptop Security — Wed, 14 Dec 2005 17:25:35 +0000

The register reports about a new proposal passed in the EU Parlimant.

The European Parliament has approved proposals on data retention that would compel telecom firms to keep customer email logs, details of internet usage and phone call records for between six months to two years.

The plan - designed to assist law enforcement in the fight against terrorism and serious crime - leaves it up to individual governments to decide how long service providers will be obliged to keep data.

It is vital to understand that any data stored on a remote server has been backed up and now forcibly retained by governments in the EU for at least 6 months but probably 2 years or more, depending on the country and ISP.

The obvious solution is public key encryption, and we will soon detail the available e-mail encryption and IM encryption solutions.

How many laptops are stolen each year?

Laptop Security — Wed, 14 Dec 2005 16:49:58 +0000

The estimate is that from 2002-2004, U.S. PC owners filed over 600,000 claims each year for computer theft— with the majority of the claims being resulting from stolen laptops.

For the UK, police forces figures from 2005 show that over 34,000 laptops, almost 100 per day, are reported stolen each year, and almost 72000 computers are stolen each year in the UK.

Most companies do not have laptop security policies. This is unfortunate, as their data is probably unprotected, and the chance of recovery next to nil. 97% of stolen computers are never recovered, but there are ways prevent being a vicitim of theft, and to be part of the 3% recovered.

The Myth of E-mail Privacy

Laptop Security — Tue, 13 Dec 2005 21:26:08 +0000

E-mail systems were a crucial tool in creating the Internet, and actually predate the Internet in existence. Many people believe that e-mail privacy is inherent and guaranteed, psychologically equating it with the postal system. While the ability to access your personal e-mail messages is secured with a password, this is insufficient to guarantee legitimate security. There are additional security considerations when using laptops to access e-mail systems.

Businesses are increasingly relying on electronic mail to correspond with clients and colleagues. As more people find the need to transmit sensitive information through the internet, the need for e-mail privacy becomes more apparent.

The e-mail message is perpetually exposed to unauthorized access as it travels along this unprotected Internet from the composer to the reader. If routers between the source and destination of an e-mail message are compromised, potentially any e-mail message passing through that router could be accessed.

Unencrypted e-mails should be regarded as postcard, in that anyone who receives it can read it. Intelligence agencies screen unencrypted e-mails with ease and conduct these screens regularly.

Some e-mail you may send and receive could be considered company property. It is unwise to associate personal e-mails of any kind with a company address.

When using laptop notebooks to send and receive e-mail, you may often be using someone else’s network. You must be aware if using a wireless network if the network is encrypted. If the network is not properly encrypted any e-mail you send or receive is accessible to any skilled person within the wireless signal range. Even when using secure networks, everything you send and receive is going through their system. It is imperative that one uses TLS encryption when sending mail, and to use a send mail server other than the foreign network. When reading e-mail make sure your mail server supports SSL and use the encrypted access only.

If you delete an e-mail do not have the misconception that the existence of the e-mail is gone forever. This is not so as most electronic documents are backed up and recoverable, and most e-mails are backed up on a remote server at some point in time.