Forwarded from: William Knowles <wkat_private> http://www.nandotimes.com/technology/story/595644p-4624460c.html By HIL ANDERSON, United Press International LOS ANGELES (October 28, 2002 4:46 p.m. EST) - A chain is only as strong as its weakest link, and one of the weakest links in the sprawling field of information technology these days can be found piling up in the back seats of taxis, airport lost-and-found departments, and hotel rooms. Laptops, cell phones and the burgeoning number of personal desk assistants - also known as PDAs - might make life easier for employees in the field, but short of chaining them to their owners' bodies, these labor-saving devices are being lost and stolen at an alarming rate. And there are growing amounts of sensitive information stored inside. Small wonder that security was a leading issue on the agenda at the recent Pocket PC Summit, a trade show held in Hollywood, Calif. last week that was devoted exclusively to the increasingly popular PDA. "People like to stay in touch wherever they are," said Arlo Halonen, global accounts manager for F-Secure, a San Jose, Calif. company that is developing security specifically for PDAs. "They want to be able to do all things, except become security experts." Vexed for years by non-tech types who were barely functional with Windows and baffled by the concept of hitting "start" to shut down their computers, information technology specialists in government and business are now also finding themselves having to protect their networks from their own equipment. Improvements in wireless communications, digital subscriber line networks and processors have made PDAs and laptops as versatile and capable as desktop computers. They have found users across the spectrum of society from students to sales reps to doctors. The stored information is often mundane, but it can also include lucrative gems such as credit card numbers, computer passwords, intellectual property, and confidential company financial or trade secret product information. In addition, portable devices can also be used to access both the Internet and restricted in-house computer networks. "Hundreds of thousands of these devices are lost and stolen every year," David Elfanbaum of Asynchrony Solutions in St. Louis, Mo. told United Press International. "They can be a gateway to your entire network." A growing phenomenon at U.S. airports is the steady flow of passengers who run their $2,000 laptops through X-ray scanners and walk off without them, presumably obliviously flying off to their destinations sans their property. Folks who run the lost-and-found departments at major airports attribute the losses to new stresses and security measures implemented since Sept. 11. One frazzled frequent flyer who asked not to be identified told UPI that getting from Point A to Point B often requires passing through a maze of distractions. "I always have my game face on (at airports), scouring the crowds for potential hijackers and I'm focused on security and mentally taking inventory of my purse and carry-on, making sure I left my Swiss Army knife at home," she said. "I really can't concentrate 100 percent on a computer these days when I fly. It would be so easy to forget it." There are also potentially more dangerous types of data that can be lost or stolen as the use of laptops and PDAs becomes more common among intelligence agents, military officials and law enforcement officers. Britain's military and intelligence services have lost more than 200 laptops since 1997, many of which were believed to have contained classified information but went missing in restaurants, pubs and on public transportation. And on this side of the pond, a report by the U.S. General Accounting Office released in August concluded that the bean counters from the Internal Revenue Service alone had mislaid 2,300 laptops. "I'm worried that just as clothes dryers have the knack of making socks disappear, the federal government has discovered a core competency of losing computers," Sen. Charles Grassley, R-Iowa, said in a statement released in response to the dismal GAO report. "This inventory control problem is serious and must be addressed. It involves tax dollars and potentially confidential taxpayer information and data related to national security and criminal investigations." American intelligence agencies, of course, also realize the potential value of laptops. The FBI seized scientist Wen Ho Lee's laptop in 1999 while investigating the alleged theft of nuclear secrets downloaded from the computer at the Los Alamos National Laboratory. U.S. officials have also been prowling through computers seized from al Qaida for clues of the terrorist group's plans. Because computer files can be downloaded so quickly, experts are concerned that a skilled spy or terrorist could copy a stolen machine's entire memory in minutes, possibly before the owner even knew it was missing - even an unsophisticated snoop could glean information by reading e-mails on a stolen machine. Companies such as F-Secure and Asynchrony have been developing software solutions in recent years that beef up the security features of the devices by encrypting the information inside or making it more difficult to log in without the right passwords. Elfanbaum said that one of its products would completely overwrite the entire contents of a PDA if the wrong password was entered repeatedly - and even if the machine isn't used as frequently as it should be. "It can't even be recovered electronically," Elfanbaum told UPI. Government agencies dealing in secrets are an obvious target audience. But Elfanbaum said the private sector was fueling the security software market as an improved economy freed up more money in corporate IT budgets for the purchase of PDAs and laptops. At the same time, companies are concerned that their servers could come under attack by hackers or cyber-terrorists, who could conceivably gain access to major computer systems through a stolen laptop. As more employees become adept in the use of PDAs, company IT managers have found themselves having to become equally as adept at handling security measures for a variety of PDA models often built by companies that may not have security as a strong point. Halonen said PDAs and laptops were becoming the new "headache" for IT departments and pointed out that even adding security software was not the ultimate answer to the problem of theft and loss. Since companies and other organizations tend to purchase computer supplies in bulk, a weakness found by an enterprising hacker could conceivably place a firm's entire network at risk. "It has been an evolutionary development," said Elfanbaum. "These devises were originally designed for personal use, so security wasn't an issue." There is also the need to balance security sophistication against the skills of the people in the field who will be using the devices. As a result, the most impregnable security software might not necessarily be the one that becomes a commercial success. "Many people find it confusing and don't want to make it too hard to use," Halonen said. "The development all has to be driven by the needs of business." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 05:34:47 PST