Royal laptop theft 'will expose picture'
Fergie fails on password security
Security experts said it would be child's play for thieves to access sensitive data on the Duchess of York's stolen laptop, despite the use of password protection.
Fergie's computer, swiped during a break in to a photography studio last Thursday, reportedly revealed
Manchester United's January transfer window targets unreleased tracks by the Black Eyed Peas pictures of the Duchess, together with photos of her two daughters and her ex-husband Prince Andrew, The Daily Telegraph reports.
Claims that the laptop might have been password protected cut little ice with security experts. "Given the fact that the Royal Family was involved with the pictures held on this laptop, the data should have been encrypted - full stop," said Michael Callahan, senior vice president and chief marketing officer at security firm Credant. Callahan expressed surprise that the laptop - rather than a CD or USB stick - was used to take photos into the studio.
"Even if the pictures couldn't have been securely emailed, an encrypted CD-ROM or USB stick is a pretty standard format in most firms these days, so it beggars belief that the Royal Family's security staff - who are supposedly drawn from the upper echelons of the Police and UK Security Services - didn't pick up on the need for IT security on the photos." ®
Maybe I should offer my services... Infomation security advisor to the Royal Family... Nice.
Sensitive is objective
Encrypt stuff you don't want other people to look at.
This will be different for me, for you, for the Financial Organisation I work for, for the government, the police and for the military.
Thats why the first step in Information Security is classification. Only when you put a value on Information can you establish the appropriate method/s of protection.
Unfortunately this is not appreciated by many... even though many of us make these kind of decisions everyday (whether to go ex-directory, withhold our telephone numbers etc)
It makes me laugh!
One the fact that this has made the news and Two the fact that a laptop with sensitive date on was not encrypted.... We might not deem this to be sensitive but someone clearly does... Which brings me to Password protection is not good for anything other than delaying the outcome of getting the information. Hacking a password takes a matter of minutes and if you have not encrypted the Laptop then its your own fault. Encrypt to 256 bit and have the login at pre boot... We have installed Check Point FDE for this very reason and have ticked all the boxes for FIP 140-2 requirements...
These so called IT bods are getting paid a lot of tax payers money for nothing!