By DCarmody -
In the wake of the 2010 Wikileaks controversy, the United States Congress ordered the Office of the Director of National Intelligence to conduct an audit of all the security clearances granted by the US Government. The results were surprising to some. A total of 4.2 million people – which the Washington Post notes “rivals the population of metropolitan Washington” – have active security clearances to access government-classified data.
Although we’re just learning of this report, the numbers are dated to October 2010, which means this number has most likely grown over the past 11 months. It also dwarfs some experts’ expected numbers, raising some concerns about the security of our nation’s important data.
Others don’t think this number is high – and argue that it is a result of increased Government secrecy in the recent years. Additionally, figuring all military personnel and the entire workforces of the FBI and CIA agencies will have some level of clearance, the number seems much more palatable.
Regardless of the number, the security of our government’s most important and sensitive data should be very closely monitored. As technology has made accessing data exponentially more efficient and immediate, the safety and security of the transfer and storage of this sensitive data should be of top priority.
Read the full article and comments favoring both sides over at the Huffington Post: http://www.huffingtonpost.com/2011/09/20/security-clearances-government-classified-information_n_972492.html
By ADuch -
Have you ever accidentally mistyped a recipient’s email address and sent information to the wrong person? If so, you may want to double check what you send and to whom you’re sending it to.
In a recent post on gizmodo.com, two researchers were able to grab 20 gigabytes worth of data from Fortune 500 companies in a span of six months. The researchers set up doppelganger domains to mimic legitimate domains that belonged to Fortune 500 companies. Doppelganger domains are domains that are spelled almost identically to legitimate domains. Therefore, users are vulnerable to email interception when they mistype a recipient’s email address.
To test the vulnerability of a few Fortune 500 firms, the researchers set up 30 doppelganger accounts to see what they would come up with. To their surprise, the accounts they set up attracted 120,000 emails in their six month experiment. Within these emails, the researchers received employee usernames and passwords, trade secrets, employee personal data and contracts for business transactions.
Out of the 30 doppelganger accounts, only one firm noticed what was going on once they registered the domain. Also, out of the 120,000 emails they received, only two senders recognized their mistake.
As you can see, the two researchers were able to grab a ton of valuable information in a short span of time. This information can be extremely harmful to an individual and/or company if an attacker got his/her hands on it. For future notice, please be careful when sending out emails.
For more on this story, follow gizmodo and their latest posts on Security:
http://gizmodo.com/5838708/how-researchers-stole-20-gb-of-e+mail-from-fortune-500-companies
By Erik Small -
With the growing number of ‘devices’ available to us, the number of ways we can connect and share information is ever increasing.
Here is a great read from the Knowledge Transfer blog at Ipswitch File Transfer (the Planet’s parent company).
Information Sharing Wake-Up Call: Customers Now Pushing Organizations to Reconsider How They Transfer Sensitive Files
In a new report from Ipswitch, findings revealed that employees are using risky workarounds to share information and avoid corporate information-sharing roadblocks:
- Personal Email: 60 percent of individuals said they use personal email to send sensitive files because their company systems hinder productivity, a major compliance and security risk. And 50 percent of those people admitted to using personal email as a means to hide sensitive information from management.
- Remote Devices: Employees are also relying on remote devices – like USB drives and smart phones – to transfer information that can’t be handled by corporate systems. More than 25 percent of employees have lost a USB drive containing confidential information. Even worse: Out of that 25 percent, 40 percent said they did not report the lost device to the IT department.
By Erik Small -
In our world of file transfer, security and encryption are paramount to properly protecting data. Some unfortunate security news has hit the wire regarding Dropbox, an online file storage and file sharing service.
Similar to FTP, Dropbox files are stored and encrypted with AES-256 and transmission of data occurs over an encrypted channel, like SSL.
The unfortunate part of this story is the major failure to limit access into each user’s account.
Wired.com reported:
“Dropbox did the unthinkable Sunday — it allowed anyone in the world to access
any one of its 25 million customers’ online storage lockers — simply by typing
in any password.”
Read the full story from Wired.com regarding the Dropbox security breach:
http://www.wired.com/threatlevel/2011/06/dropbox/
By Erik Small -
Frank Kenney, Ipswitch’s VP of Global Strategy, discussing the new iPhone OS 4.0 and it’s file sharing capabilities…and what it means for IT departments concerned with security, policy, and governance.
By Erik Small -
An interesting blog post popped up in March (seems like ages ago, but only a few short months) by Jonathan Lampe, VP of Product Management at Ipswitch. He poses a relevant question regarding file transfer — “Why is FTP still prominently used to move files in the business field — why not use SOAP (simple object access protocol)  or a transaction-friendly process?” Lampe explains his opinion on the subject by using his previous experience with customers in the banking industry.
“But why bother moving FILES around when we could all be doing little bitty TRANSACTIONS to each other using SOAP or other transactional-friendly schemes?  The answer to that question didn’t come to me until I’d spent several years in the field, traveling between banks, data centers and large corporations in support of distributed, enterprise-class file transfers.”
Read the full blog post on the Knowledge Transfer blog from Ipswitch File Transfer.
By Erik Small -
Have you used any of Google’s popular apps? How about the personalized iGoogle or Google Docs or Google Talk? All are great services, but will they open up unwanted security risks for many organizations?
Have a read through this latest security risk article from NextGov, a technology and business for government website.
“Google’s large following, which includes federal contractors, will find it quick, easy and inexpensive to transfer company documents — and potentially unencrypted government files, said former Gartner research director L. Frank Kenney.”
By Erik Small -
A new study by Ipswitch, Inc. found that more than 70 percent of IT executives surveyed at the RSA Conference earlier this month have absolutely no visibility into files moving out of their organizations. A full 64 percent said that they have no visibility into files moving internally, either. Overall, 83% lack any visibility.
“USB flash drives, removable disk drives and cell phones are making it easier than ever for employees who need to transfer large files – and harder than ever for companies to monitor and protect sensitive information.”
The survey stats are truly incredible. At File Transfer Planet, we talk frequently about the need to protect sensitive information - especially when using FTP. It’s important to be aware of the risks involved in transferring files over FTP. Many FTP programs offer encryption during transfer, which you should consider when installing, using and purchasing FTP software. If you are in a small or large business environment, know how your data is being transmitted and shared.
Read more details from the Ipswitch survey regarding data security and enforcement policies.
By Erik Small -
Ipswitch File Transfer launched a brand new file transfer product today – WS_FTP Server Ad Hoc Transfer Module.
This new module eliminates the need for email attachments which burden corporate email servers. IT managers can use WS_FTP Server Ad Hoc Transfer Module to enforce file sharing policies and have full visibility into the company’s file sharing activities.
Ipswitch’s website has been updated with all the details and features of the new module.
The simple benefits are summed up like this:
 1.Complete visibility into all file sharing activities
2.Proactively manage all file sharing interactions, both internal and external to the company, organization or domain
3.Enforce administrator defined policies and rules for sending files to other people
4.Remove the “file attachment†burden from the email server
Monday, September 26, 2011
2
