Let me elaborate on Himanshu article of Data protection / privacy. As he rightly said that our trash (any tech gadget capable of storing some information by means of HDD, Memory Stick/Card, SIM cards offcourse) could be an attacker's key to successfully gathering private information about any individual or any company.
The techinque involved here that can be used by attacker is called as Dumpster diving. The standard defination is as follows: *Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network.* Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. Information security practitioners need to be on intimate terms with their organizations' garbage. While the thought of rooting through the trash may not top your list of desirable activities, dumpster diving can be a highly effective way for attackers to gather confidential information about your business, processes and systems. Trash cans yield all sorts of interesting information. During various assessments I have been involved, I have evidenced all of the following things: - Site plans of hotels, airports, railways, etc - Customer names and address - Bank account numbers and balances - Credit card numbers - Travel plans of key employees, which could reveal business plans - Product design documents of critical information systems - Marketing studies / confidential research - Goverment / Federal / Legal / Vendor / etc informations To prevent dumpster divers from learning anything valuable from your trash, experts recommends that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash. Finally, as an individual you can find out what's in your dumpster that could fall into the wrong hands, and measures for secure trash disposal. Regards Sandeep Thakur On Tue, Jun 22, 2010 at 4:20 AM, Himanshu Saraswat < [email protected]> wrote: > I just came across the CBS News video that gave me pause for thought.This > once posted in April http://www.cbsnews.com/video/watch/?id=6412572n. The > video talks about the modern digital copy machines, those sold after 2002, > contain a hard drive.These hard drives store the images copied. These > machines are traded in for new models and then refurbed and resold.However, > the hard drives more than likely are not getting scrubbed to remove the > content. One of the copy machines in the video notonly contained content on > the hard drive but also still had documents. > > One of the copy machines in the video notonly contained content on the hard > drive but also had documents on the bed,the images are stored on the hard > drive.there was some interesting discussion going on this video. > > > What does your company do if anything to ensure that no confidential > data is leaked by disposal of old equipment? > > > I think first you need to prepare a list of equipments which contain hard > drives. > > > > HS > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
