Another laptop stolen with unencrypted data on.

http://news.bbc.co.uk/1/hi/uk/7197045.stm

Hopefully it’s been formatted and is running some naff games but maybe it has passed a whole load of personal info on to criminals or worse to terrorist who are very interested in soldiers home addresses, parents, spouses, …

There really is no excuse, yes stuff can get nicked however careful you intend to be but windows has it’s own directory encryption options - right click in explorer, properties, encrypt. Not that I’d recommend it. I did that but various exe’s wouldn’t run from it and then I couldn’t unencrypt it. I managed by copying the data out into another directory, deleting the original and renaming the copy back to the original.

These days I use true crypt which has all sorts of sneakies. Not only does it do serious encryption it can hide the data your encrypting so no one knows it’s there and so can’t force you to reveal the password.

http://www.truecrypt.org/

My main complaint with it is it is another of those invisible apps. Maybe the version I have is for windows 3.11 but it doesn’t appear on the task bar & I forget I haven’t entered the password and get all confused when the encrypted drives aren’t there.

And… both options are free, so where is the excuse?

Is your data encrypted? Is your personal data at home encrypted? Is your personal data at work encrypted? You could hide your cv & mp3’s!

I’ve just had an ad pop up on a website that says use original

One thing I almost appreciated with my new big company is the need to use a hard password. They require you to use a 12 digit mixed case with numerics and you must change it every 12 months. A bit of a pain but I can appreciate the need for it.

However (you knew that was coming!) I’ve just discovered that each machine has an admin level account set with no password! Der, how secure is that? This is (I assume) to let support get access but to leave it blank? Maybe the logic is that even if it was set to a serious value then it would soon become well known and so pointless - but it would still be an improvement. A proper password hashed against the m/c serial number would be better.

Given the general efficiency round here it could just be the original account setup to allow config (these m/c’s arrive with user name accounts and passwords hashed against personal details so someone has set them up individually and we don’t use the Administrator account) and no one thought to remove it or give it a password.

As ever, it’s talk the talk, make the employees jump the hoops but at company level don’t even attempt to do it right.

So, have you checked your m/c - just nip into control panel, user accounts and see what accounts are there and if you don’t like them delete them or reset their passwords to something sensible.

A bit of a fuss about the selling on of tickets…

http://news.bbc.co.uk/1/hi/entertainment/7179834.stm

Promoter Harvey Goldsmith said at the time: “eBay are an absolute disgrace. They have no right to be doing what they are doing.

What a load of twaddle. We all have the right to sell what we are lucky enough to get don’t we? Whether it’s my skill as a s/w engineer or my winning lottery ticket. Even my kidneys