Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/22/2008
11:23 AM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Vote. Get Your Identity Stolen

Fortunately, the stolen notebook was recovered. Unfortunately, it's now up to the forensics experts to determine if any of the data, including the names and Social Security numbers of register voters, was accessed or tampered with. I'm talking about the notebook that was allegedly stolen from the Election Commission in the Nashville area last month. According to this report, the notebook held the names and Social Security n

Fortunately, the stolen notebook was recovered. Unfortunately, it's now up to the forensics experts to determine if any of the data, including the names and Social Security numbers of register voters, was accessed or tampered with. I'm talking about the notebook that was allegedly stolen from the Election Commission in the Nashville area last month. According to this report, the notebook held the names and Social Security numbers for 337,000 registered voters.The story goes on to detail that a suspected homeless man broke into the offices and walked away with some computer equipment. Judging by the background on the suspect, this was probably a case of a thief targeting the computer, not the data inside. But that doesn't matter much to anyone involved, since the only assumption that can be made is that each registered voter is now at significant risk of identity theft.

Now comes the cost from the fallout of the theft:

  • The cost for those whose Social Security numbers were stolen: Agony.
  • The price of freedom for the suspect: $80,000 bond.
  • The forensic analysis for analysts to sweeping through the drive to see if any sensitive information was accessed, or changed: $200 an hour.
  • Defending the upcoming lawsuits: To be determined.
  • For at least one security guard: His job.
  • The estimated to cost to provide 337,000 registered voters "identity theft protection:" $1 million.
  • The relief for everyone (except the thief) from government officials having used encryption that comes with many versions of Windows, and costs nearly nothing: Priceless.

    Comment  | 
    Print  | 
    More Insights
    Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/25/2020
    Malware Attacks Declined But Became More Evasive in Q2
    Jai Vijayan, Contributing Writer,  9/24/2020
    Startup Aims to Map and Track All the IT and Security Things
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-24565
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
    CVE-2020-25770
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
    CVE-2020-25771
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
    CVE-2020-25772
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
    CVE-2020-25773
    PUBLISHED: 2020-09-29
    A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.