http://honeystickproject.com/blog A window into the secret hidden lives of lost Mobile Storage Devices! Mon, 01 Sep 2008 17:07:32 +0000 http://backend.userland.com/rss092 en It's time to get streetwise about information security. One of the areas in which I think the security industry has been weak has been in giving small businesses affordable and practical tools for sifting through the mound of technical mumbo-jumbo created each day on the Web. I imagine that they must ... http://honeystickproject.com/blog/2008/09/01/practical-security-help-for-small-business-managers-the-streetwise-security-zone/ Thanks to Brian Honan (click HERE to view his site at BH Consulting) for noting The Honey Stick Project in this week's SANS Newsbites newsletter (click HERE). Apparently, the virus infecting the NASA laptops brought aboard the International Space Station was a type of worm that usually spreads by way ... http://honeystickproject.com/blog/2008/08/29/does-nasa-need-to-train-astronauts-about-honey-sticks/ This week I heard about two interesting devices. The first is a story of a digital camera that was stolen (click HERE). The owner was surprised to receive an email with pictures of the thieves. Apparently, the owner had forgotten that they had a $100 special SD card with Wi-Fi built ... http://honeystickproject.com/blog/2008/06/12/sd-phone-home-new-potential-honey-stick-threats/ While it has been a while since I updated the statistics on www.honeystickproject.com, there was still lots of activity. Stream 1 is now active with 8 sticks deployed in Las Vegas, Ottawa and Toronto (for a total of 33), and half of those have been accessed. This is becoming a fun ... http://honeystickproject.com/blog/2008/06/04/latest-honey-stick-statistics-42-of-lost-usb-drives-are-accessed/ Listening to a recent episode (#134) of the Security Now! podcast by Leo Laporte and Steve Gibson (at http://www.grc.com/securitynow.htm), Steve noted that he had left his USB Drive with his key chain when he took his car in for service. He felt safe because the drive was encrypted using TrueCrypt ... http://honeystickproject.com/blog/2008/05/26/is-your-mechanic-making-a-second-living-from-your-media-and-devices/ Here's a simple tip that can save you a lot of trouble. DON"T ENTER PASSWORDS WHERE YOU AREN'T EXPECTING THEM!!! I recently came across a suspicious email in my spam folder. It appeared to be from a payroll service I've actually dealt with.  There was almost no way to tell for sure ... http://honeystickproject.com/blog/2008/05/07/funny-ive-never-received-a-password-protected-pdf-from-payroll-before/ Dear Honey Stick Diary - It looks like my decision to let sleeping Honey Sticks lie was the right thing to do. I had initially discovered that if I returned to places where sticks had been dropped, people would sometimes have turned them in. This was interesting to know. However, I ... http://honeystickproject.com/blog/2008/04/12/do-bored-hotel-staff-get-curious-about-devices-in-their-lost-and-found/ There apparently is a rule-book somewhere that says "Never give a woman a gift with a cord or a handle, unless it is a purse filled with money..." The rationale is that the gesture will very likely be taken the wrong way by the recipient, possibly with thoughts of, "You ... http://honeystickproject.com/blog/2008/03/20/beware-security-vendors-or-anyone-bearing-gifts-with-a-usb-plug/ Nobody really knows what the long term effects of data loss are. The main differences between losing data and losing solid assets are: Data can be copied, or even broadcasted, instantaneously to many locations around the world. Once the bytes are out of the bag, you'll never be able to round ... http://honeystickproject.com/blog/2008/03/04/data-never-dies-so-the-aliens-know-where-we-are/ One thing I'm observing from the early results of the HSP is that a significant number of people are trying to find out how to locate the owner of the device they have found. In Stream 0, there are no outside markings with contact. In the first two cases of people ... http://honeystickproject.com/blog/2008/02/28/leave-a-calling-card/