Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Sensitive Data Stolen Via Digital Cameras 318

Jack writes "ITO is running an interesting story on a new security threat connecting digital cameras and hackers." From the article: "Following a spate of reports about Bluetooth and iPods devices being used to steal sensitive data from organizations, businesses are now urging to be vigilant as hackers use digital cameras to sidestep security measures. 'Camsnuffling', the latest IT managers headache being used to computer attackers to extract and store data with the help of digital camera." We've previously discussed this problem.
This discussion has been archived. No new comments can be posted.

Sensitive Data Stolen Via Digital Cameras

Comments Filter:
  • by Ironsides ( 739422 ) on Tuesday December 06, 2005 @02:27PM (#14195177) Homepage Journal
    Since the article seems to be more concerned about using cameras to store information, rather than taking pictures of sensitive documents, how long until USB Memmory sticks are targeted? Floppies? Geez, if they're that worried about security they need to be concerned about anything that stores info, not just what appears to be everyday items.
    • by ergo98 ( 9391 ) on Tuesday December 06, 2005 @02:33PM (#14195243) Homepage Journal
      Since the article seems to be more concerned about using cameras to store information, rather than taking pictures of sensitive documents, how long until USB Memmory sticks are targeted? Floppies? Geez, if they're that worried about security they need to be concerned about anything that stores info, not just what appears to be everyday items.

      Removable storage devices are the problem, and the invention of "camstuffing" seems like a lame gimmick to try to spin more news out of it. The article ridiculously claims that "many employees use digital cameras in their day to day work" - Maybe at a photojournalism shop, but in most real businesses you'd look pretty odd connecting your camera to the PC. It's vastly lower on the threat scale than PDAs, cell phones, burnable media, or flash cards/keys.

      While I think the whole hacker vs cracker thing is a lame debate, in this case they're talking about people simply stealing or misappropriating data that they rightfully have access to. There is nothing (h|cr)ackeresque about that.
      • by schon ( 31600 ) on Tuesday December 06, 2005 @02:49PM (#14195433)
        The article ridiculously claims that "many employees use digital cameras in their day to day work" - Maybe at a photojournalism shop, but in most real businesses you'd look pretty odd connecting your camera to the PC.

        It's not as ridiculous as you think.

        Perhaps most keyboard jockeys may not use digital cameras, but most of the businesses I know of who have employees that leave the building outfit their employees with digital camera.

        Building inspectors use them for taking pictures of job sites. Insurance agents use them for making appraisals, insurance adjusters use them for taking pictures of accidents. Rig foremen use them to take pictures of their rigs. General contractors, cabling salesmen, and land surveyors use them to take pictures of job sites.. and this is just off the top of my head. I'm hard pressed to think of a company I deal with that doesn't have at least one digital camera for staff use.
        • Add to the list: Agro research companies. Where I work (a plant biotech company), plants are being photographed almost every day. They use it to follow a trait called "stay green". Also for ilustrate some internal reports. We also have a server with a directory full of mp3 files, and people add their own using their pendrives (new additions on the mp3 server are announced in the internal billboard).

      • Camsnuffling, not camstuffing. This is camstuffing... nglish []
    • by malraid ( 592373 ) on Tuesday December 06, 2005 @02:33PM (#14195244)
      That why our IT department fills every hole in every computer with epoxy. It's bitch when we have to fix something, but then, a broken computer is not a security threat.
      • by gary73013 ( 856209 ) on Tuesday December 06, 2005 @03:35PM (#14195929)
        Don't laugh. The three letter Government Agency for which I work fills all the USB ports, etc., with epoxy. Wireless networking is NOT permitted and the buildings are shield to prevent RFI from leaving/entering the building. Additionally, security personnel "war-drive the perimeter of all buildings to ensure there is NO 802.11 traffic. Also,if I remember correctly (I'm at home now), the extra network port and parallel and serial ports on my PC have been filled with epoxy too! The infrared ports and such usually have a shield permanently glued over them too! LOL
    • Many high-security workplaces (think defense contractors) already don't allow USB sticks. They store lots of data and they're easy to hide: just slip one in your pocket.
      • by Hoi Polloi ( 522990 ) on Tuesday December 06, 2005 @03:01PM (#14195551) Journal
        "just slip one in your pocket."

        I could've been hiding it in my POCKET? Oh shit...
      • by SeanDuggan ( 732224 ) on Tuesday December 06, 2005 @03:18PM (#14195746) Homepage Journal
        I work in a building with defense contractors. Cameras are banned, even non-digital ones, for fear that someone might take a picture, but they have no problems with USB sticks and digital music players. I once had a guard ask after the headphones I was wearing. When I explained they were to my digital music player, he waved me on, saying that he just wanted to be sure they weren't plugged into a cell phone. (Cell phones are required to be turned off while in the building ostensibly because the signals can disrupt some of the RF experiments. Camera cell phones are, of course, banned.)

        Oh, and when the news reports came out, they did also briefly ban Furbies (remember when they were marketed as being able to mimic language? Security feared they'd be used as recording devices) and Coke cans (Coke was running that contest where prize cans had a GPS transmitter in them to lead in the prize team. This is more of the signal interference than a security thing, but people weren't hot on a GPS transmitter inside secured locations either).

      • The IT staff where I work are about to employ a product similar to SafeBoot Port Control []. I say similar because I forget the product name and it hasn't been pushed to my PC yet. Apparently the software we'll be getting will allow certain types of devices to be connected (keyboard and mouse) but will not allow others (thumb drive, mp3 players, cameras, etc...).

        Given the size of media (thumb drives in particular), having a policy to prohibit the media is certainly one part of the solution, but if anyone
    • by ATeamMrT ( 935933 ) on Tuesday December 06, 2005 @02:41PM (#14195328)
      Since the article seems to be more concerned about using cameras to store information, rather than taking pictures of sensitive documents, how long until USB Memmory sticks are targeted? Floppies? Geez, if they're that worried about security they need to be concerned about anything that stores info, not just what appears to be everyday items.

      They check everyone who enters, no cameras are allowed. Everyone needs a special Id issued by them to eneter. No jackets are allowed. No loose sweaters are allowed. They have lockers where any banned item can be kept, outside the secure area. Once you make it to the guards station, they stamp every sheet of paper you take in. When you leave, you can only take out papers they stamped. They check EVERYTHING. And they have a ton of security cameras in the building, and employees that keep track of who comes and goes. I needed papers which were in a secure area. They made me wear an ID tied around my neck, and I was escorted by an employee.

      They also make it a crime to try and decieve them (for example, sneak a camera in). People can go to jail, and there are heavy penalties. They have multiple checks. The first one is a metal detector and a police officer who is more than willing to use the hand wand. The next step is the security officer who checks you in.

      If companies want security, it is not hard to ban everything, hire 20 or 30 police officers, make it a crime to violate their policy, and treat everyone as dishonest liars who are more likely to steal.

      A chain is only as strong as the weakest link. That is the mentality these institutions have, so they don't trust anyone, not even thier own guards.

      • If companies want security, it is not hard to ban everything, hire 20 or 30 police officers, make it a crime to violate their policy, and treat everyone as dishonest liars who are more likely to steal.

        The last time I checked a private company can't just decree that something is a crime.

        Your story about the National Archives is pretty damn interesting though!

      • The company I work at has much the same policy, except for the stamping of papers and clothing requirements (I think anyway, they don't bother employees as much as guests). All the employees here wear ID's around our necks, guests have the same thing. We don't feel like we're being treated as criminals. It makes us feel empowered.

        We understand that the work we do has a potential for security risks that need to be handled. You'd be a fool, in this industry, to have lax security. In the long run it's in
    • "Geez, if they're that worried about security they need to be concerned about anything that stores info"

      I have a photographic memory so my employer forces me to work blindfolded.

    • Jeez, next they'll stop me from plugging in a 802.11g USB adapter and connecting with a friend in the parking lot. Talk about paranoid!
    • by Anonymous Coward
      There is no question that memory sticks can be a problem. "My" computer is locked down by my employer to the point that it is an expensive browser with no other functionality. I can't install anything. I use my USB device to run unauthorized software. CMD.EXE was locked out, but for whatever reason, COMMAND.COM wasn't, so I open a command window and run what I want (as long as it doesn't mess with registry settings, which are blocked). I detest Internet Explorer, so I run Portable Firefox!

      Bios changes were
  • by greyfeld ( 521548 ) on Tuesday December 06, 2005 @02:27PM (#14195179) Journal
    when you can just buy a thumb drive and plug it in to any machine and get almost whatever you want.
    • Heh, indeed. I'm doing that right now to avoid having to use IE in a library.

      The only downside is that some monitor that Dell packaged with the system keeps bitching about me "having low hard drive space" every few minutes because of the 128 MB thumb drive.
    • That's what I'm thinking. They're so damn small these days, you can plug one in and no one even notices. They make wristwatch drives now too, don't they? The possibilities are endless. I don't think cameras would be my first worry if I as in charge of data security at my place, but they'd be on the list.
    • by jonnythan ( 79727 ) on Tuesday December 06, 2005 @02:37PM (#14195296)
      Because lots of corporations and governmental bodies, particularly those dealing with sensitive data, have access to removeable media such as USB drives, CD-RW drives, and floppy drives, disabled by default.
      • But it appears that in this case the cameras are used as USB drives. Wouldn't they also already be disabled, then?
      • how about a linux install on the usb drive, or a liveCD, then you are free of whatever pathetic
        Windows things have been turned off, unless it happened in BIOS.
        • how about a linux install on the usb drive, or a liveCD, then you are free of whatever pathetic Windows things have been turned off, unless it happened in BIOS.

          Good luck getting that to work when the front-panel USB connectors (if present) are unplugged from the motherboard and the back-panel connectors are taped over.

        • Well hopefully any institution that has gone through the trouble of disabling removeable media in Windows has also gone through the trouble of finishing the job.

          This can include removal of floppy and CD drives, locking of the BIOS setup, removing CD, floppy, and USB drives from the boot order, etc.
  • by psyon1 ( 572136 ) on Tuesday December 06, 2005 @02:27PM (#14195181) Homepage
    Like the computers in a cabinet, and only allow bonded techs to get in to install peripherals :)

    I know its not realistic, but alot of security problems can be fixed if we give up convenience.
  • You know... (Score:2, Offtopic)

    You'd think a publication called the "IT Observer" could get the hacker vs "malicious hacker" or "cracker" wording right.
    • Re:You know... (Score:3, Insightful)

      by winkydink ( 650484 ) *
      Forget it. That ship sailed long ago. People were complaining about the misnomer since the Morris Worm (and probably before that too). The media has coopted the word hacker whether you want them to or not. While you can continue to use it "correctly" in certain small circles, the general public equates hacker with malice.
    • You are never going to get the rest of the world to use the word 'hacker' the way you want them to. Isn't it about time you came up with a new word to mean what you want 'hacker' to mean?
  • by winkydink ( 650484 ) * <> on Tuesday December 06, 2005 @02:30PM (#14195206) Homepage Journal
    If you or your company, is truly serious, then the steps to limit these sorts of things are pretty straightforward (no iPods/cameras in the workplace, locking the bios to prevent new usb, no admin rights on your machine, etc...).

    The problem starts when the copmpany talks the talke, but doesn't back it up with action, leaving IT staff with a mixed message.

    A clear, well-written security policy that has been bought off by and supported by exec mgmt is the only way to go. Sarbox is a great tool for scaring mgmt into line here. :)
  • by c0dedude ( 587568 ) on Tuesday December 06, 2005 @02:30PM (#14195210)
    Sensitive data should not be in plain view. Camera phones, then, are not a problem.
    • Okay, we'll hide this 200,000 square foot top-secret military jet aircraft assembly facility in the secretary's desk drawer at night, just so the janitors can't snap a pic on their Verizon cellphone. Thanks, you just saved us a TON of money!
    • Sensitive data should not be in plain view.

      And what about the people that work with the sensitive data?

      The only thing that works is a strict, multi-layered security policy that enforces both physical and electronic security. I've been in some facilities where entry is similar to the airport with a metal detector and X-ray machine, except the people working the machines are soldiers with M-16s. Anyone with a "visitor" badge that doesn't have a clearance is escorted by an employee with a designated "es
  • by ScentCone ( 795499 ) on Tuesday December 06, 2005 @02:31PM (#14195223)
    Why not just repeat this article on a regular basis, updating a list of things with some sort of commonly used comm port/interface and simple file-system storage? Right now it's phones, PDAs, pens, music widgets, camerads, fobs... but next it will be eyeglasses, shoes, student ID cards, car keys, fake fingernails, or someday your pre-frontal cortex. This article is mostly about how you can't trust people you can't trust. Cameras don't have much to do with it, per se. If cameras provided a way around an established lack of trust, then we'd have an article to read.
  • cannot be helped (Score:4, Insightful)

    by middlemen ( 765373 ) on Tuesday December 06, 2005 @02:32PM (#14195229) Homepage
    Most of us must have read the story about a crow wanting to drink from a jug of water, but the water being too low, the crow could not drink it. So it dropped some pebbles/stones in it and then the water rose so that the crow could drink it. If a crow can be resourceful like this applying its brain (however small), so can humans. And "hackers" (why lord why! it is crackers) are resourceful and how much ever technology progresses, there will be people who will defeat the technology by sheer brainpower and kludges. So, such things are inevitable and in fact extremely necessary to spinoff the growth of new better technology.
  • by baryon351 ( 626717 ) on Tuesday December 06, 2005 @02:33PM (#14195245)
    A friend of mine has one of the big zoom cameras, an 18x canon, and has often found the info revealed in one of them is insanely high. zooming in to take a photo of an aged guy on a park bench reading a newspaper brought out a picture that revealed every word on the front page of it. I found myself zoomed in and reading that article before realising how simple it was, and that we were more than a hundred feet from him.

    Anyone here run a business with a display visible from a window, even one half a city block from the next window?
    • Anyone here run a business with a display visible from a window, even one half a city block from the next window?
      Yeah, especially considering the more senior an exec becomes the bigger/more windows his office gets to have...
    • Isn't Jennifer Anniston suing / considering suing some photographer for getting a topless photo of her from like a mile away? I'd imagine that the scumbag paparazzi's camera could get detail through a business window just as easily. I wonder if information gathered that way is considered just as acceptable as photos taken of people in public places?
      • Isn't Jennifer Anniston suing / considering suing some photographer for getting a topless photo of her from like a mile away?

        Technically (and probably relevant to this discussion) I think Jennifer Aniston wouldn't be suing a photographer for taking the photos, but for publishing them. I don't keep up to date with the intricacies of copyright law, model releases etc, but from the basics I do remember there is a very big difference between taking photos and having them in your possession, and taking them then
      • Could you, uh, point us to some, uh....evidence? I would like to review the legitimacy of the case...yeah...that's it.
    • by frostman ( 302143 ) on Tuesday December 06, 2005 @04:12PM (#14196352) Homepage Journal
      That's a great point, but isn't limited to digital cameras per se. You can do the same thing with film (and that's been the subject of a few movies).

      The digital angle mostly means it's much more convenient, and with Photoshop very convenient indeed. Plus the whole memory card angle, though in the kind of scenario under discussion here a film canister wouldn't be too hard to smuggle out of a sensitive location.

      I was recently walking by a ground-floor open-plan office - architects, I think - and the guy closest to the window had his back to the window. Presumably to avoid distractions. Which of course meant his ginormous LCD monitors were facing the window...
  • by grumpyman ( 849537 ) on Tuesday December 06, 2005 @02:36PM (#14195278)
    Disallow pen and paper, and blind-fold visitors until they are escorted to where they are supposed to go.
    • will escort the escorters? It's the blind leading the blind! Not much different from the present state of affairs, I suppose.
  • When I left my previous job I had agreement from the firm to copy some personal files off the laptop I was using (kids pictures, etc.)

    My son had been begging me for an MP3 player especially a 1GB model that was on sale.

    Now, an MP3 player isn't much more than a memory stick with some extra intelligence to recognize music files.

    So, I buy the MP3 player, copy the files off to the player then offload those to my home PC.

    My son will get the MP3 player he wanted for Christmas.

    Having proven that this is possible,
  • Oh no (Score:3, Insightful)

    by varmittang ( 849469 ) on Tuesday December 06, 2005 @02:37PM (#14195294)
    The Camera Phone, they must all be disallowed in the work place. That is going to be difficult, since most phones have a camera, and people are going to want them in case the kids get sick.
    • 12345? Have the combination changed on my luggage immediately!
    • Camera phones, and in some cases mobile phones of any kind, are banned in all sorts of secure facilities. Your kid better know your office number...
      • Well damn, I'll have to tell my CEO and his top execs that his Treo 650 has to go, because it has a camera in it. No more email on the road for him, or his execs.
  • by digitaldc ( 879047 ) * on Tuesday December 06, 2005 @02:38PM (#14195300)
    I thought 'camsnuffling' was breathing heavily through the nose while taking a picture?
  • Let's consult the Oracle []:

    "Your search - camsnuffling - did not match any documents.


            * Make sure all words are spelled correctly.
            * Try different keywords.
            * Try more general keywords."
  • by L0neW0lf ( 594121 ) on Tuesday December 06, 2005 @02:38PM (#14195308)
    Someone will get in, if they have access to your local intranet. It's that simple.

    I'd bet everyone here has seen a picture of the USB flash drive disguised as a PEZ(tm) dispenser. What about the new Swiss Army Knife that has one built in? Heck, you could mod a USB drive to look like a Zippo or a Bic lighter. As others have said, I can't even see why camera phones are such a hot deal other than for their ability to take pictures; storing documents can be done in a far less noticeable way when there's access to USB ports.
  • What are they doing? Taking pictures with the camera of the data on the screen? Sending video over the net?

    I read TFA, and both the article and the title would lead a nontech savvy person to believe that's how they were being used. I think /. already covered data loss via USB ports before.
  • If stuff is really sensitive, cameras should have been kept out long before. Lock up the USB ports but allow camera? People will just print and snap.

    Didn't anyone learn anything from watching old James Bond Movies? [] Those old Minox camera even had the lanyard marked to let you know the proper focus distance for shooting a document.
  • by giorgiofr ( 887762 ) on Tuesday December 06, 2005 @02:44PM (#14195363)
    Yo, there was this guy long time ago, you know, called C.J. Caesar MC, and he was, like, worried that the Man would steal his secretz, 'namean?, so he came up with this gimmick where he wrote something on a piece of dead skin, how gross is that?, man, but if you had read it it wouldn't have made no sense, but if you had known HOW to read it, then hell yeah, lotsa sense there... than his buddy later called this thingamajig ROT-13 or some such nerdy word, and then lotsa other guys did the same, but more powerful...

    I hope you liked this short intro to ENCRYPTION and understand how it can solve some of your problems. Thank you and goodnight.
  • I can't bring a camera to work, so this isn't a big deal to me at all. Considering how small flash drives are getting, and how much storage can be kept in phones/PDAs today, how does anyone expect this to work?

    Someone has a PDA that can store 2 GB of data in a SD card. If they want, they can have as many of these as they need.

    2.5" drives are very discret, and are normally powered by USB.

    Don't give anyone access to USB/Bluetooth/WiFi.
  • by ewg ( 158266 ) on Tuesday December 06, 2005 @02:47PM (#14195404)
    The human larynx is the biggest security risk. It's a ubiquitous device that can broadcast via sound waves any proprietary information a knowledge-worker has been exposed to.

    Of course this description is (intended to be) humorous, but the serious point is one we've heard often enough: you can't solve a human problem with a technological solution.

  • I have heard of a company that does a good job of plugging these types of 'holes' through effective management of the desktop environment... (the guy I know complains that he can't attach *anything* USB to his machine). The funny thing is, after all that, they let him and other people (sales team, managers, etc) walk out of the front door with their laptops ;) Well at least they aren't putting the stuff on an iPod/Camera/Pen !!!

    This article is just the latest in a never-ending trend of "danger ! these
  • Their cash registers were the old fashioned ones where you have to hand your card to the cashier. Naturally, the cashier loves to wave your card around and expose your numbers to everyone. Not a big hassle, except the really poor looking couple behind me WAS AIMING THEIR PHONE RIGHT AT MY CARD AND CONTINUOUSLY TAKING PICTURES!
    • I hope you notified security in the store, and contacted your credit card company immediately. If they went on to try to use your card to commit ID theft, there's a chance that they left some of their own ID evidence at the grocery store (images on security cameras, used their own credit card, paid with a check, etc.)

      If they did, and were successfully prosecuted because you raised the issue, the chances are good that you could receive a fat reward from Visa.

  • People have been using cameras to sneak around for dozens of years.... Be it as a data storage medium, or going through someone's secret files and taking pictures of them (ala TV spies), it'll always be a threat....
  • collateral damage (Score:4, Interesting)

    by AxemRed ( 755470 ) on Tuesday December 06, 2005 @02:54PM (#14195478)
    This is becoming more of a problem for me too... I'm an amateur photographer. I have enjoyed photography for about 10 years, but over the last 3 years or so, businesses have become much more paranoid about cameras. Concert venues have cracked down, and many stores will kick you out for walking around with a camera, let alone taking pictures. Personally, I have always thought that (for the most part) you should be able to photograph anything that you are allowed to freely look at, but because of abuses, that isn't usually the case. It's sad really.
    • Cameras are potentially accountability, and thus potentially liability. They don't like anything taking pictures that could be evidence (except for their own cameras--with those, evidence could be "lost" or "inadvertently destroyed").
  • Warning... (Score:5, Interesting)

    by Pedrito ( 94783 ) on Tuesday December 06, 2005 @02:55PM (#14195496)
    Photocopiers can be used to copy sensitive data. Please dispose of all photocopiers in your company...

    Okay, I did RTFA, but I'm not entirely sure "how" a digital camera is a threat other than being used to take snapshots of sensitive data. Sure, you can plug it into a USB slot, but for a lot of cameras, they're little more than thumbdrives when they're connected via USB, so a thumbdrive would certainly be less conspicuous, but then you have to ask how this is much different from say, floppy disks, which until recently, were pretty ubiquitous.

    The article mistakenly states: "Hence, simply plugging it into a computer's USB can allow hackers to obtain sensitive data." How? Does plugging in a camera suddenyl disable all security in a computer? Suddenly all your encrypted data is decrypted? Suddenly the camera has access to everything? This is a completely unqualified statement that means nothing. It's a thumb drive and you have no more access to sensitive data than the person at the keyboard which is presumably the same person with the camera.

    Sorry, maybe I'm missing something, but this seems like a pretty stupid article.
  • by ndansmith ( 582590 ) on Tuesday December 06, 2005 @03:04PM (#14195573)
    a local kid decided to steal software with his iPod. The kid walks into an Apple store, plugs in his iPod to one of the demo machines, and downloads all of the expensive software (ProTools, Photoshop, etc.). I guess he eventually got caught but there were no charges pressed (probably had something to do with the fact that he did not agree to a EULA, haha).

    That is to say that the conveniece of plug-n-play mass storage (whether it be usb stick, camera, iPod) can be a major security risk. Add that to unsecured systems running as administrator (or root, etc.) in the workplace or showroom, and you have a great potential for mischief.

  • Classification of information and treating that information accordingly is at the heart of the issue. It is impracticle to have to protect all information. Organisations need to decide what needs to be protect and to what extent and then implement policies based on those decisions. If you have highly senstive information, clearly classify it so, limit who has acesses it and how they access it.

    When I did defense work, classisfied systems sat on seperate networks behind locked doors. Only those who knew
  • It's so new, that I can't find one reference on Google [] about it!
  • so, what is new in this ?
    there are companies that prohibit music recording devices, because they had cases when somebody was playing data (with special software) and recording it (through analog port), later reconstructing files.

    so, if you are concerned about security at this level, you probably limit devices allowed and working components of computers.

    now, most companies do not balance these measures - they get extensive security systems, restrict their users to the point where they can not perform their d
  • From TFA (My emphasis)

    Ian Callens, Icomm Technologies, explains: "This is a very difficult issue to manage and a real threat to business continuity and data security. If someone is seen in the workplace using an iPod it's more than likely that it's for the wrong reasons - either podslurping or downloading music without permission. This is relatively easier to police.

    So if you use an iPod at work you are assumed to be a criminal regardless of what you are doing with it? Like for instance .. um let me think
  • I just got a new Motorola v360 phone. It came with a 64 MB Trans Flash memory card and a USB cable. Just plugging the phone into a USB port automatically mounts the Flash card on the desktop.

    Next up is cellsnuffling.

  • roll your own (Score:2, Interesting)

    by catalyst ( 77856 )
    How arrogant of $INDUSTRY_GROUP to think that they can actually solve $SECURITY_HOLE by pushing this $TECHNICAL_FIX fix down our throats! All they'll ever catch with this are the really casual users, who aren't capable of anything worse than annnoyance; any *real* villain would get around $TECHNICAL_FIX in heartbeat by just $10_SEC_CIRCUMVENTION. Why does /. keep shilling 2-bit press releases from $INDUSTRY_GROUP, anyway?

    $SECURITY_HOLE="data smuggling"
    $TECHNICAL_FIX="camera ban"
  • by AeroIllini ( 726211 ) <> on Tuesday December 06, 2005 @03:52PM (#14196121)
    Wow. This is a terrible article.

    From all the grammar mistakes, to the pointless buzzwords ("camsnuffling", "podslurping"), to the mention of how USB devices instantly give anyone access to any data on a computer, to the fact that "hackers" and "computer attackers" are mentioned several times when the data being taken is clearly being taken by employees who have access to it in the first place.

    And "Bluetooth" is apparently a USB storage device. Way to go.

    But in all seriousness, companies do have security issues regarding sensitive data leaving their computers in the hand of employees. How can these companies be sure that their data is secure while still maintaining access for the people who need it and not treating their employees like criminals?

    If I were Dell, or some other prebuilt Windows box company, I would offer a desktop computer with no external ports at all. No USB, no serial port, no floppy disk, no CD writer, no nothing. Just a hard drive and a network connection, and a DVD/CD-ROM drive. That way, companies can make all their data available over the internal network (c'mon, is setting up shared server space really *that* difficult?) and it's much harder to get the data out of the company. If the company is truly paranoid about people taking hard drives out of their desktops to take home with them, set up the computer with an encrypted file system which asks the main server for the passphrase every time the computer boots. If you're worried about people sending themselves things as attachments, then don't allow emails with attachments from your servers. If outside companies need access to sensitive data in order to do business with you, then set up a secure server for data exchange. No sweat.

    Precautions can be taken on the server side that make it very difficult for employees to steal sensitive data, but that still allow for efficient data flow within the company. And, of course, none of these ways will prevent anyone who is truly determined to get your data, but it will stop the casual stealers, and your chances of sensitive data getting out are much lower.
  • by xoip ( 920266 )
    If companies are so concerned about data theft from the desktop access points go back to client/server and give people nothing more than a keyboard and monitor.
  • Why this is on slashdot I don't really care, but why did this get published in the first place, anywhere??

    What does this have to do with cameras, or ipods, or anything of the sort? This is a security issue that has existed since the dawn of the idea of computer security.

    Whether it's taking a reel of paper tape out the door with you, or bluetooth copying data to your cell phone what's the freaking difference?

    This article reads like a writer just discovered that you can put data other than music on a c

  • PostIt now! (Score:5, Insightful)

    by mlush ( 620447 ) on Tuesday December 06, 2005 @05:14PM (#14197103)
    From TFA
    "Firstly, regularly change system passwords that employ both letters and numerals."

    ...resulting in a new security breach know as PostIt snatching

  • by Millard Fillmore ( 197731 ) on Tuesday December 06, 2005 @05:30PM (#14197273) Homepage Journal
    Anybody else agree that they're tired of flavor-of-the-moment words coined to describe this kind of thing. From the article, we get "camsnuffling" and my favorite: "podslurping." The recent "splogs" also comes to mind.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling