Biscom Delivery Server is now “in process” for FIPS 140-2 certification. FIPS 140-2 (Federal Information Processing Standard) certification is a US Government security standard for accrediting cryptographic modules. The National Institute of Standards and Technology (NIST) defines the cryptography requirements in its FIPS 140-2 publication, and software like BDS must pass the Cryptographic Module Validation Program (CMVP) in order to receive certification. Level 1 is geared towards software solutions, whereas level 2 is required for hardware solutions that have physical security mechanisms.
This just in from Mesa County, Colorado: Long-term Employee Responsible for Mesa County Data Breach.
It’s unclear whether this was malicious or unintentional. It seems to be something that was “an honest mistake.” Well, honest mistakes do not mitigate the potential for fraud. According to the article, “Hundreds of thousands of pieces of personal information have been leaked onto an un-secure file-transfer website, or FTP.” That’s a lot of information, including social security numbers, and names and addresses of sherrif’s office employees. This breach was open from April through October, and they tracked IP addresses from all over the world that have accessed this confidential information.
At the end of the article, the helpful author lists the contact information for three credit organizations’ fraud departments. Here’s to hoping the unfortunate Mesa County employees will not have to deal with this.
I could probably keep this blog filled with all the data breaches happening these days, but that would be an exercise in futility — there are just way too many to report, and for every one reported, there are probably hundreds that aren’t.
One data breach, however seems particularly scary — President Barack Obama’s ride (when he’s not flying in Air Force One) had its blueprints and details of its avionics package leaked. Tiversa, a company that monitors P2P networks, discovered the information on an IP address in Tehran, Iran, and traced the leak back to a defense contractor’s computer in Bethesda, MD.
First, the person who installed this P2P sharing software should have known better. Second, the company should have these network sharing applications locked down, especially for anyone who has access to sensitive information. But we all know that where there’s a will, there’s a way. I’m sure this isn’t the only sensitive military secret that’s escaped from a computer on a P2P network.
Who knows what the P2P software on this computer was installed for — most likely sharing music, but what if the person used it to share legitimate business information because it was the easiest way to get his or her job done? It just goes to show you that it’s so important to have the tools in place, like a secure file transfer solution, so that employees don’t resort to non-secure methods to share information.
