Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Clear" Laptop Found, In the Same Locked Office

Posted by kdawson on from the never-mind dept.

jafo alerts us to an SFGate story reporting that the lost "Clear" Program laptop has turned up in the same office from which it was reported missing, but not in its previous location. "A preliminary investigation shows that the information was not compromised... The computer held names, addresses and birthdates for people applying to the program, as well as driver's license, passport and green card information. But, she said, the computer contained no Social Security numbers, credit card numbers, fingerprints, facial images or other biometric information... The information was encrypted on the server, but not on the laptop, although it should have been... However, it was protected by two levels of passwords." Reader jafo adds, "Pardon me if I have little confidence that an organization that loses a sensitive laptop for 9 days is able to tell if it was compromised."

7 of 264 comments (clear)

  1. no excuses by iveygman · · Score: 5, Insightful

    Even though this laptop was not actually stolen, that does not excuse the gross lapse of judgement by the people responsible. Two levels of passwords is fine, but unencrypted data still leaves potential victims vulnerable. This still raises the question of why sensitive data was on something as portable as a laptop. Oh and nevermind the fact that they managed to lose it in their own office completely kills any confidence I had in them.

  2. It wasn't by Digital_Quartz · · Score: 5, Insightful

    The truth is, they have no idea if it was compromised or not. All you'd need is an Ubuntu boot CD and you could read the data straight off the drive.

    Next time they should use THREE levels of passwords. ;)

  3. Two Passwords? by xanadu-xtroot.com · · Score: 4, Insightful

    However, it was protected by two levels of passwords.

    So... what does that actually mean? I know that TFA is a media fluffed version washed for the general masses, but they could've mentioned that part at least. If one was the NT login, were the admins smart enough to disable the LM Hash? Still, booting it with a *NIX CD and blanking the SAM password for administrator is trivial. What could the second be? A BIOS password? Open it and pull the battery. Big deal.

    Is there something I'm missing about this? Are there a (whopping!) two password scheme that could actually make something more secure then just booting it with something else and pulling data off?

    --
    I'm not a prophet or a stone-age man,
    I'm just a mortal with potential of a super man.
    1. Re:Two Passwords? by gruntled · · Score: 4, Insightful

      Hmm. Standard internal investigation procedure: Wait until suspected bad actor has gone home, go into his office, remove hard drive from computer, use Ghost to create reasonably accurate copy of existing drive on another drive, replace duplicate drive in computer. Take your original drive back to your forensics lab, use your forensics software to make a forensically sound image of the original drive, lock the original drive in your safe in case a judge ever wants to see it, drill down through your forensic image at your leisure.

      If you weren't especially interested in creating chain of custody documents, you'd just make a forensic image of the original drive and replace the original drive in the box. Then, absent tool marks or other evidence that the box had been opened, even a qualified forensic technician could swear under oath that there was no evidence that anybody had accessed the data on the box. And it wouldn't matter how many passwords you had on the box if it weren't encrypted...

  4. How Hard Did They Look? by whisper_jeff · · Score: 4, Insightful

    Lost for nine days? Found in the same office in which it was reported lost? How hard did they look for it? Talk about failing to build confidence...

  5. Correct response by 91degrees · · Score: 5, Insightful

    The laptop had either been stolen, and sold with the information wiped, stolen and the information sold, lost, destroyed, or left in an office.

    Whichever it was, the only information they had was that it was unaccounted for. It was actually a good response to automatically assume the worst case scenario and deal with the situation as if that had happened. If the worst case scenario was the case then at least it was dealt with as best it could be. If not then the only harm done is to them and not their customers.

    So while losing it was very inept, their response afterwards was actually fairly responsible of them.

  6. We'll just put it back by PMuse · · Score: 4, Insightful

    So, what we have here is starting to sound like: employee 'borrows' office computer for home use, manager raises alarm, news media panics, employee waits until dust settles a little to slip 'borrowed' property back into office.

    Either that, or the identity thieves who who masterminded the scheme to steal that data were really slow.

    --
    "We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)