15 City of London and Metropolitan Police officers alongside five fraud specialists from the banking industry will no doubt be able to save us from thousands of evil fraudsters - don't you think? Do they get a few of the Queens horses and some nice shiny
suits of armour? They may especially need butt-plates.
Given that the US had 8.1 million people with ID theft problems - a rough calculation for the UK might be 1.76 millon UK citizens in similar peril. Divide that and our 20 gallant and no-doubt enthusiastic 'knights' may each have around 360 incidents to deal
with every single working day. I wish them the best of luck.
That equates to 80 seconds per incident. Of course the British police are no doubt more productive than their US counterparts, but they won't have time for meetings, meals or toilet breaks. I'd say a knighthood would be the least they would deserve if they
can last 6 months.
More potential security problems for anyone with sensitive data.
I mentioned recently the defeat of encryption on laptops and hard drives, RFID hacking and now we have more exploits if you want to skip the detail - nothing is safe.
Wesley Grew of Grew security has revealed a tool designed to run from a USB thumb drive, using an onboard *nix OS (a very small Linux bootloader). He includes detailed instructions (complete with screenshots) on how to create a working thumb drive for booting
a computer and dumping memory straight to the drive.
This allows an attacker to simply plug in a usb into a cold machine to get the contents of memory which could include encryption keys. If you would prefer a faster firewire connection then simply use Adam Boileau's firewire program even on a laptop without
firewire but with PMCIA you can just use your own firewire card to hook into any live and 'locked' Windows machine and bypass the logon.
There could be considerable damage to your business reputation from data theft using these tools which anyone, your office cleaner, your son's friend, or the guy who stole your laptop last week could use to copy whatever they wanted from your laptop or even
You might trust your son, and vet your cleaner, but there's a whole world of risk out there which you cannot measure.
Treat laptops as you would treat a briefcase full of cash, keep those laptops under lock and key when not in use and the less information you have on them the better off you'll be.
The way we do business may need a little tweaking so that less information is floating around either in our laptops but probably more critically in your retail merchant customer's computers. Consumer sentiment about data loss is churn waiting to happen. Remember
though, we'll all be safe from churn if we all just do it equally poorly.
At the moment physical acces to your machine is required, however it could easily evolve into a remote threat delivered - via your camera for instance and transmitting data elsewhere when you go online. There is no way to defend against these attacks short
of locking all computers away. It will create headaches for IT an don't be surprised to find them lurking around with a tube of glue as they resort to blocking them. The insider threat is particularly problematic now.
This is by the way a another case where someone has had the means and kept it quiet for years.