Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/22/2008
11:23 AM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Vote. Get Your Identity Stolen

Fortunately, the stolen notebook was recovered. Unfortunately, it's now up to the forensics experts to determine if any of the data, including the names and Social Security numbers of register voters, was accessed or tampered with. I'm talking about the notebook that was allegedly stolen from the Election Commission in the Nashville area last month. According to this report, the notebook held the names and Social Security n

Fortunately, the stolen notebook was recovered. Unfortunately, it's now up to the forensics experts to determine if any of the data, including the names and Social Security numbers of register voters, was accessed or tampered with. I'm talking about the notebook that was allegedly stolen from the Election Commission in the Nashville area last month. According to this report, the notebook held the names and Social Security numbers for 337,000 registered voters.The story goes on to detail that a suspected homeless man broke into the offices and walked away with some computer equipment. Judging by the background on the suspect, this was probably a case of a thief targeting the computer, not the data inside. But that doesn't matter much to anyone involved, since the only assumption that can be made is that each registered voter is now at significant risk of identity theft.

Now comes the cost from the fallout of the theft:

  • The cost for those whose Social Security numbers were stolen: Agony.
  • The price of freedom for the suspect: $80,000 bond.
  • The forensic analysis for analysts to sweeping through the drive to see if any sensitive information was accessed, or changed: $200 an hour.
  • Defending the upcoming lawsuits: To be determined.
  • For at least one security guard: His job.
  • The estimated to cost to provide 337,000 registered voters "identity theft protection:" $1 million.
  • The relief for everyone (except the thief) from government officials having used encryption that comes with many versions of Windows, and costs nearly nothing: Priceless.

    Comment  | 
    Print  | 
    More Insights
    Comments
    Newest First  |  Oldest First  |  Threaded View
    Stop Defending Everything
    Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
    Small Business Security: 5 Tips on How and Where to Start
    Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
    Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
    Jai Vijayan, Contributing Writer,  2/13/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    How Enterprises Are Developing and Maintaining Secure Applications
    How Enterprises Are Developing and Maintaining Secure Applications
    The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-9024
    PUBLISHED: 2020-02-17
    Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.
    CVE-2020-9025
    PUBLISHED: 2020-02-17
    Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script.
    CVE-2020-9026
    PUBLISHED: 2020-02-17
    ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.
    CVE-2020-9027
    PUBLISHED: 2020-02-17
    ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
    CVE-2020-9028
    PUBLISHED: 2020-02-17
    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).