logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 313 days ago
Via: http://lists.jammed.com | Tags: isn home office laptop disc bought ebay comments Discuss  


http://news.zdnet.co.uk/security/0,1000000189,39352977,00.htm



By David Meyer

ZDNet.co.uk

28 Feb 2008



The Home Office is investigating the apparent sale of one of its

laptops, along with an encrypted data disc, on eBay.



The laptop had been bought on the auction site then taken to an IT

company near Manchester for repairs. The technicians at the repair

centre, at Leapfrog Computers in Westhoughton, subsequently found an

encrypted Home Office disc underneath the keyboard.



Leapfrog sales manager Jonathan Parry told ZDNet.co.uk on Thursday that

the person who had bought the laptop had brought it into the shop on

Monday because "it wasn't working properly".



"Underneath the keyboard in the laptop was a CD labelled 'Home Office:

Private and Confidential'," Parry said. "We tested it and it was fully

encrypted, and so was the laptop. We contacted [the police] and they

seized the equipment."



Parry pointed out that, as optical disc drives are sealed units, "the

only way that disc can get there is by taking the laptop keyboard off

and putting the disc in there". He added that the presence of a CD

underneath the keyboard was probably linked to the laptop not working.



We understand that encrypted IT equipment has been handed to Greater

Manchester Police," a Home Office spokesperson said on Thursday. "Both

the laptop and the disc were encrypted, thus safeguarding any

information that might be stored on them. Investigations are now

underway. It would be inappropriate to comment further while they are

ongoing."



Security companies were quick to issue statements on the discovery. "The

good news with this latest data breach is that the data was encrypted,"

said Lumension Security vice president Alan Bentley on Thursday.

"However, encryption alone is not infallible computer hackers are

determined individuals with the potential to crack one layer of

security. We certainly shouldn't be relying on one line of protection

when it comes to our national security."



"With the statistics showing that nearly 500 government devices have

gone missing since 2001, it was only a matter of time before a

confidential disc inadvertently ended up on eBay," said Brian Spector,

the general manager for content protection at Workshare. "Luckily, the

public sector finally seems to be learning from repeated mistakes, as

the laptop and disc were encrypted. Unfortunately accidents like this

are not going to stop happening so we can only hope that other

government departments follow the Home Office's lead and adopt full disc

encryption."



Governmental departments have suffered a spate of laptop thefts in

recent years, recently leading to a Whitehall-wide ban on the the

movement of unencrypted data.





___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security