Forwarded from: Russell Coker <russell@private> On Thu, 16 Oct 2003 16:24, InfoSec News wrote: > http://abclocal.go.com/wpvi/news/101403_nw_computertheft.html > > good cash for it at a pawnshop. Police and FBI agents swarmed into > the Embassy Suites hotel on Bartram Avenue near the airport shortly > after the theft. Lockheed Martin under contract to the > Transportation Security Administration was conducting a training > seminar for 25 new screeners hired at Philadelphia International. > The instructor was using a laptop computer to project security > procedures onto a large projection screen. Around noon the group > broke for lunch leaving the computer behind. To summarise, someone had a computer with information so critical that FBI needed to respond in such a rapid manner. They displayed ALL the material in question to 25 people, then left the computer totally unguarded while having lunch. Is the responsible person being facing charges of criminal negligence? I protect my laptop much better than that. I never leave it in offices, and when staying in a hotel I leave it under my bed when I sleep. Yet my laptop has no such critical information, all it has is my email (and the important stuff is encrypted). > If there's a piece of equipment missing, that's one piece of > equipment, however they are restraining 50 people, that means they > have 49 innocent people." No. That means that they have AT LEAST 49 innocent people. Let's not assume that grabbing the nearest 50 people gets the thief. > Meantime questions were raised as to why a computer with sensitive > information about security at the nation's airport would be left > behind at a conference during a lunch break. A TSA spokesman says > the instructor had locked the door but didn't realize there was a > back door that had been left unlocked. Authorities seem to think > whoever took it works in the hotel. Even if all doors were locked that would not do any good. Hotel employees have access to all the keys, therefore locking the door will not keep them out. Also if the thief was not an employee, a locked door still is no guarantee, on a few occasions in hotels I often observe cleaners leaving doors unlocked for long enough for a quick thief. Also there have been several occasions when I have returned to my hotel room to find it being cleaned and said "my room is clean enough thanks" and had the cleaner leave without checking my identity! Finally, no-one ever seems to check ID when someone claims to have locked their keys in their room. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 17 2003 - 04:11:10 PDT