http://www.it-observer.com/articles.php?id=966 By IT Observer Staff 6 December 2005 Following a spate of reports about Bluetooth and iPods devices being used to steal sensitive data from organizations, businesses are now urging to be vigilant as hackers use digital cameras to sidestep security measures. "Camsnuffling", the latest IT managers headache being used to computer attackers to extract and store data with the help of digital camera. The digital camera device, just like iPod and Bluetooth, is a simple digital storage devices. Hence, simply plugging it into a computer's USB can allow hackers to obtain sensitive data. Ian Callens, Icomm Technologies, explains: "This is a very difficult issue to manage and a real threat to business continuity and data security. If someone is seen in the workplace using an iPod it's more than likely that it's for the wrong reasons - either podslurping or downloading music without permission. This is relatively easier to police." Many companies use digital cameras as part of their working day. This fact makes it difficult at first glance to determine if cameras are being used for work, or for hacking. In these businesses it's very hard to enforce USB usage policies and not feasible to simply block USB port. "There are, however, steps that can be taken to reduce rogue behaviour," said Callens. "Firstly, regularly change system passwords that employ both letters and numerals. Secondly, issue internal memo's to ask all to be vigilant, stating that observations are being undertaken. Thirdly, consider adopting specific software to monitor activity to actively manage the access rights to removable storage devices. This should ensure that business productivity is not affected, while actively guarding against the removal of data or the introduction of inappropriate or malicious content to the network." _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Tue Dec 06 2005 - 23:04:35 PST