It’s that time of year again. Black Friday, Cyber Monday, holiday deals, they all bring out the masses who hurry into computer stores or go online to gobble up cheap stocking stuffers like new one gig USB drives with U3 technology. Why are these gifts a problem for CSOs? Because many of these “toys” will be connecting to your infrastructure at some point.
This has been going on for years. Toys that are opened on Christmas morning soon find their way into work. Historically, PDAs, cellphones, new software, even games and movies, have caused us problems. One colleague told me that January was always his worst month for security problems because of these Christmas presents.
Now the latest security nemasis – USB drives with U3 technology, is sure to entertain the masses and create havoc for cybersecurity staff around the country. In a nutshell, everything is on that little drive, and not much left on the PC. Good luck with forensics.
For more on these devices, just google “Usb drives with u3” Yes, this new technology is powerful, even amazing, when put in the context of where we've been with storage over the past ten years. My kids love this stuff, especially the drives that double as pens and other devices. I must admit that they are handy for my home sneakernet as well.
One summary article from PC World has this quote from U3's CEO Kate Purmal, "From the consumers we questioned, the most frequently requested programs they would like to see are secure browsing, e-mail, and financial programs such as Quicken and QuickBooks."
Remember, this is on a small USB drive. What do these consumers mean by “secure browsing?” Secure from who? Your family members or co-workers or your friendly security staff at work?
There are plenty of other security-busting presents that will be sure to please this Christmas. The Multi-State Information Sharing & Analysis Center (MS-ISAC) just sponsored a program called: Cyber Security: What does the future hold? An article in Government Technology Magazine summarizes the presentation well. Presenter Mark Fabro lays out some of the security challenges we face from cell phones and other mobile Christmas presents.
One final note: don’t think that this is just for the “bad guys” in our midst. As I described in my last few blogs entitled: “Are You For Us or Against Us,” internal IT (even security) staff are often the worst offenders.
Any comments on your favorite (or your least favorite) Christmas present seen in January by your network or security staff?