Is anything truly secure...

3 Comments on “The Data You Left Behind! (Part 1)”

  1. Richard
    Anybody remember Zip disks? I did a similar experiment years ago on Zip disks purchased off of ebay. I didn't find any military or gov info, but I did recover a LOT of PII (and porn). I guess the times have changed... Never forget the time I found a complete computer system behind Bestway Rentals...sitting by, not in, the dumpster. Loaded it in the car with the permission of the store owner (they had just completed an equipment upgrade) and took it home. Thing fired right up and booted, without any password requirement, into the JDE POS system which was still populated with over 250 user/customer accounts. Names, addresses, phone numbers, balances, everything. Did the right thing and overwrote the data, installed Win98 (been awhile) and sold this to my brother in law after a second verification the overwrite worked. I have been making the point, or trying to, that we need to allocate some training $$ to the folks that USE the systems, not just those that administer the systems. I don't find it hard to believe the data you discovered, but I am concerned that it came from anyone at that rank/level. I'd bet there were a lot of downstream leaks as well. If he couldn't/didn't contain his own data, chances of it happening under his watch would be slim as well.
  2. Scott
    This proves my point. Supporting the military, you see it over and over again. High ranking officers and their senior civilian counterparts desire to be 'special' and insist on exceptions which allow them to cut corners on security. Perfect example being not requiring a logon token and allowing removable media to be used on their systems. Rank hath is privileges. I get it. The real-wood furniture and plush carpeting and awesome executive chairs are a nice. Wasteful of our tax-dollars, probably. Am I envious of the working conditions, yeah. But information security is different. As your rank and clearance increses you should have MORE security, not less. Our military and government service leaders should lead by example and insist that NOONE in their command be exempt from the security rules. I hope that O-8 faces at least an IG complaint, if not security clearance review. If he exposed MY PII like that, I'd be out for blood.

Comments are closed.

Copyright © 2014 SudoSecure LLC. All rights reserved.

rvn_polyon_theme rvn_polyon_theme_tv_1_7 rvn_polyon_theme_fwv_2_2