ESET Threat Blog

If sensitive information is stored on your hard drive (and if you don’t have -something- worth protecting on your system, you’re probably not reading this blog…), protect it with encryption.

Furthermore, when you copy or move data elsewhere, it’s usually at least as important to protect/encrypt it when it’s on removable media, or transferred electronically. Even if the target storage device is secure from malware or hacking, you also need to be aware of other dangers such as physical risks, transit risks, business-related risks such as an escrow site going out of business and so on.

Consider (seriousl!) regularly backing up your data to a separate disk (as a bare minimum) and, where possible, a remote site or facility. Sounds extreme? Think about it.

You can’t rely on backing up to another partition on the same disk as the original: if the disk dies, the chances are that all partitions will be lost.

You can’t rely on backing up to another disk on the same system. If the system is stolen, or there’s a fire, for instance, then in the immortal words of Tom Lehrer they’ll "all go together". In the latter instance, the chances are that you’ll lose your thumb drives, CD-RWs and so on as well.

And if you’re working in a corporate environment, you might want to avoid doing what one site I know of did, and back up data to a server, but forget to back up the server itself.

I’m sure I don’t need to remind you to take care of your passwords as well, do I?

David Harley BA CISSP FBCS CITP

Well, not so much about punishment, but I’m sitting in the lounge with Andrew Davies’s version of Dr. Zhivago in the background, so I’m in a Russian mood…

My colleague Jeff Debrosse, Director of Research in our San Diego office, drew my attention to the latest FBI challenge at http://www.fbi.gov/page2/dec08/code_122908.html. Like many people in this business, I’m fascinated by encryption and decryption, but I don’t have a particular talent for it, so I probably won’t attempt the challenge. I was interested enough to follow this link, though, which is a short primer on "Analysis of Criminal Codes and Ciphers" by Daniel Olson, a cryptanalyst forensic examiner with the bureau. As an introduction to some basic cryptographic techniques with some real-life (criminal) applications, it looks very readable. If you’re interested in something a bit more comprehensive but not particularly technical/mathematical, Simon Singh’s "The Code Book" is also very readable. Bruce Schneier has written a couple of books that are still practical rather than theoretical, if you fancy something with a bit more meat to it…

Speaking of Jeff Debrosse, he was recently featured on Fox 5 News, talking about cybercrime. We posted a link here. Nice one, Jeff. And since we’re blowing our own trumpets here, thank you Paul Lilly for a very positive review of ESET Smart Security in MaximumPC.

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence