×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

137 comments

oh, (3, Funny)

lolololol (1991780) | about 3 years ago | (#35661792)

How convenient...

Re:oh, (-1)

Anonymous Coward | about 3 years ago | (#35661810)

How can you help protect your data from loss, theft, or hackers? The answer: BitLocker. If you've got information on your PC that you need to protect, you can help prevent theft or loss by using BitLocker data encryption to put a virtual lock on your files.

Improved for Windows 7 and available in the Ultimate edition, BitLocker helps keep everything from documents to passwords safer by encrypting the entire drive that Windows and your data reside on. Once BitLocker is turned on, any file you save on that drive is encrypted automatically.

BitLocker To Go—a new feature of Windows 7—gives the lockdown treatment to easily-misplaced portable storage devices like USB flash drives and external hard drives.

Re:oh, (5, Insightful)

PsychoSlashDot (207849) | about 3 years ago | (#35661864)

How about an additional answer: consider well what data you carry on a mobile device.

I have serious difficulty figuring out what scenario was in play that required this particular data to be on a laptop in the first place. Some mobile sales guy needed the data to plug in at a hotel conference room and make a presentation? Some jet-setting bigwig needed to massage the data and do some data-mining while on a trans-oceanic flight?

Even if the laptop's user was tasked with "visit each of these people individually and tell them 'no' in plain English", the data should have been partial and redacted.

Sorry, but corporations - like the human beings they're comprised of - put data on theft-prone devices that shouldn't be there in the first place. Encrypted or not.

Re:oh, (1)

Solandri (704621) | about 3 years ago | (#35662276)

I have serious difficulty figuring out what scenario was in play that required this particular data to be on a laptop in the first place. Some mobile sales guy needed the data to plug in at a hotel conference room and make a presentation? Some jet-setting bigwig needed to massage the data and do some data-mining while on a trans-oceanic flight?

The obvious use that comes to mind would be a field agent going out to a town meeting where claimants are asked to come and discuss any issues they have with their individual claim. He doesn't know ahead of time which claimants are going to be there, and he doesn't know if he'll have Internet access or if it'll be fast enough for him to VPN into BP's servers to pull the data from there on an as-needed basis. So he needs a copy on his laptop so he can look up the details of each individual claim. I remember similar meetings being done after the Exxon Valdez spill, between Exxon and local fishermen. Well, minus the laptops; those weren't that common back then.

Not saying that's what's happened here. The scenarios you give are certainly possible too. Just saying that putting the data on a laptop isn't quite so far-fetched.

Re:oh, (1)

suomynonAyletamitlU (1618513) | about 3 years ago | (#35663028)

The obvious use that comes to mind would be a field agent

Which utterly fails to explain why they have the date of birth, much less social security number. If they can provide a valid photo ID with their name on it to prove their identity that ought to be good enough. You might argue for a masked SSN to differentiate Joe Smith #1 and Joe Smith #1, but name and address ought to be good enough for that; if they live at the same house you can probably treat them as part of the same household. And if not, take out a pen and paper and write a goddamned exception rather than trying to fit it into your database or whatever.

Re:oh, (1)

tlhIngan (30335) | about 3 years ago | (#35667420)

Which utterly fails to explain why they have the date of birth, much less social security number. If they can provide a valid photo ID with their name on it to prove their identity that ought to be good enough. You might argue for a masked SSN to differentiate Joe Smith #1 and Joe Smith #1, but name and address ought to be good enough for that; if they live at the same house you can probably treat them as part of the same household. And if not, take out a pen and paper and write a goddamned exception rather than trying to fit it into your database or whatever.

What if the field agent was going about collecting that data? Affected people come in, state your case and fill in the information, and done. For monetary compenation, I think SSN+DOB (the only way to ensure uniqueness) is required for tax purposes.

For mass disasters where the damage can be localized, it's often easier to just open a temporary office to collect all the information in person than try to handle some sort of mail in system. And human to human conversations add enough "je ne sais quoi" that people feel more comfortable that things are happening.

Re:oh, (0)

Anonymous Coward | about 3 years ago | (#35664366)

he doesn't know if he'll have Internet access or if it'll be fast enough for him to VPN into BP's servers to pull the data from there on an as-needed basis.

There it is, the ultimate argument for the Internet Interstate and local public facilities. Only this time private bypasses, bridges and superhighways can be added without limits similar to the highway system.

Re:oh, (3, Informative)

fuzzyfuzzyfungus (1223518) | about 3 years ago | (#35662086)

You sound like you were raised by Steve Ballmer and rocked to sleep each night by a loving marketing brochure. Lay it on a bit thicker, will you?

That said, disk encryption(almost certainly full disk; because you Do Not Want to have to puzzle out all the possible locations that a modern OS and suite of common programs may stash temporary files, caches, etc.) is more or less a must for sensitive information that leaves the site. It reduces the hazards of sloppy disposal even for desktops that are only supposed to leave the building at EOL.

You can get disks that do it in hardware, there are a variety of software options; but it is pretty much the bare minimum of responsible handling of sensitive data. Even better, of course, is never actually having the data on the device in the first place. With the comparatively low cost of broad internet coverage today, forcing people working on really sensitive stuff to do so only in a terminal session that actually lives on a nice cozy server back in your locked cage, with only pictures and input device events going back and forth over the (SSL secured) wire is fairly practical and means that even a badly rooted client is limited to some screengrabs and a stolen client gets nothing but a stock OS with one of the terminal clients installed.

3g mobile is far from cheap and some areas (1)

Joe The Dragon (967727) | about 3 years ago | (#35662152)

3g mobile is far from cheap and some area the speeds may to low to have a good VPN / remote speed and the cost over 5GB is like $10 + per GB and don't even think about roaming Adam Savage hit $11,000 just with a few hours of web surfing in Canada on a iphone.

Re:3g mobile is far from cheap and some areas (-1)

jelizondo (183861) | about 3 years ago | (#35662644)

Sorry pal, eh?

We're talking about British Petroleum here, not your average Joe Sixpack, so they can afford whatever is necessary to keep the data safe.

And why would you want SSN on everyone? If it is a preliminary meeting, you are not going to card everyone and make sure their SSN and DOB are correct, are you?

Re:3g mobile is far from cheap and some areas (1)

hedwards (940851) | about 3 years ago | (#35663140)

Because when you call for a hit, you want to make sure that the correct person ends up in lavender.

Re:3g mobile is far from cheap and some areas (1)

Hognoxious (631665) | about 3 years ago | (#35664712)

We're talking about British Petroleum here

Are we? Did we get transported back to 1998 [wikipedia.org]? Think I'll put a few hundred on the Broncos!

Darn! I've checked. It's 2011 and you're an ignorant, fat, bigoted asshat.

Re:3g mobile is far from cheap and some areas (1)

biek (1946790) | about 3 years ago | (#35666986)

Are we? Did we get transported back to 1998? Think I'll put a few hundred on the Broncos! Darn! I've checked. It's 2011 and you're an ignorant, fat, bigoted asshat.

BP acquired Amoco. That doesn't change the fact that they still have a ton of money they can use for securing important data. In the future why don't you take some time to explain whatever point you're trying to make instead of casting bile everywhere.

Re:oh, (1)

Anonymous Coward | about 3 years ago | (#35662950)

You sound like you were raised by Steve Ballmer and rocked to sleep each night by a loving marketing brochure. Lay it on a bit thicker, will you?

Naw, if the AC in question had been actually shilling for M$ instead of just parodying our recent influx of Microsoft shills, he'd have said that the whole incident could have been prevented by not hosting any of the data on the laptop in the first place. Bitkeeper was last year's buzzword. This year's buzzword appears to be all about yelling "To the Cloud!"

Yelling "To the Cloud!" has become my office's equivalent of yelling "Bingo" when playing Bullshit Bingo. Some salesweasel starts yakking on about SAAS, someone responds with "What, like dickless workstations in the early 90s?", and while the salesweasel tries to figure out what we're talking about (because he was still in high school when "the network was the computer" and diskless workstations were all the rage, running SunOS on the front end and talking to to Oracle databases on the back end) someone yells out "To the Cloud!" and everybody (except the hapless salesweasel) collapses in laughter.

Re:oh, (0)

Anonymous Coward | about 3 years ago | (#35665592)

To a proper M$ shill, "To the Cloud!" is synonymous to "To the Azure!" A corporate shill would not forget to mention a proper branded solution instead of a general notation used by an independent consulting house shill.

Re:oh, (2, Funny)

Ethanol-fueled (1125189) | about 3 years ago | (#35662102)

As an ardent Microsoft product user(they're better than Linux and they work too :), I have to agree.

Bitlocker hides all of my interspecies porn and evidence of my Ponzi schemes like a blanket over an underage ladyboy. And since I make lots of money and work for the Mormon church(they're kinda like Scientology except that they get 4 wives), it's not like anybody would be coming up to me asking to see those or anything, LOL!

Microsoft software is so good that their e-mail services don't allow those populist terrorists to hide in Tunisia, Egypt, and Yemen. Microsoft are an American icon, like Narus [narus.com] and AT&T are!

You know what is also good about Microsoft? They don't hire black people! No hootin' and hollerin' in that shop, nosiree. In fact, the Windows 7 EULA specifically states that,

"If your skin is darker than a paper grocery bag, you must immediately return this product in exchange for its equivalent value in food stamps"

It's no wonder why increasing numbers of Slashdot(a forum for linux and unux geeks) are seeing the light and converting to Microsoft software for their computing needs.

Re:oh, (1)

countertrolling (1585477) | about 3 years ago | (#35663248)

Yes, my Windows machine runs exclusively Microsoft. None of that 'Firefooks' and 'Googlidoo' for me. Only Microsoft. Microsoft and Adobe. Yes, Microsoft and Adobe.. and Java.. these three programs I run on my Windows machine. There's no reason to run anything else. And your machine stays squeaky clean. For safe computing use only Microsoft recommended products. Four out of five dentists agree..

Re:oh, (1)

GameboyRMH (1153867) | about 3 years ago | (#35666782)

Or if you'd rather not spend the cost of a game console on an operating system just to use its OS-specific encryption, just use Truecrypt, a multi-platform encryption solution that costs $0 and can do everything BitLocker can and more.

Re:oh, (0)

Anonymous Coward | about 3 years ago | (#35662194)

i wonder if that laptop was the only one with the data gathered...

silly me... of course it was, otherwise there's no pont in 'loosing' it.

Re:oh, (0)

Anonymous Coward | about 3 years ago | (#35662250)

BP : You mean Libya & Syria haven't diverted EVERYONE's attention yet? Who the fuck is still paying attention to us? Can we sue them into submission? Somebody get SONY's legal team on the phone.

Re:oh, (0)

PopeRatzo (965947) | about 3 years ago | (#35662328)

How convenient...

And let this be a lesson for anyone else who would seek to extort money from those fine humanitarians at British Petroleum.

Coincidentally, I saw this earlier today:

(Reuters) - Shares in oil major BP fell on Tuesday on a report the company's managers could face manslaughter charges following the Gulf of Mexico oil spill, which could lead to much higher fines over the disaster.

I for one do not welcome our new corporate overlords.

Re:oh, (0)

Anonymous Coward | about 3 years ago | (#35662892)

How convenient...

And let this be a lesson for anyone else who would seek to extort money from those fine humanitarians at British Petroleum.

Coincidentally, I saw this earlier today:

(Reuters) - Shares in oil major BP fell on Tuesday on a report the company's managers could face manslaughter charges following the Gulf of Mexico oil spill, which could lead to much higher fines over the disaster.

I for one do not welcome our new corporate overlords.

Since when are the executives of large corporations held responsible in any meaningful way for disastrous things that happen due to their company's actions or inaction?

(captcha was "unveil")

Re:oh, (5, Insightful)

mwvdlee (775178) | about 3 years ago | (#35663660)

Never attribute to malice that which is adequately explained by stupidity.

With such enormous levels of stupidity, the entire company should just be shut down and the entire management thrown into a mental hospital.

Re:oh, (0)

Anonymous Coward | about 3 years ago | (#35666200)

Never attribute to stupidity that which is adequately explained by a desire to hurt those that bother you.

Just typical, I'm afraid. (1)

jd (1658) | about 3 years ago | (#35663666)

Not malicious, just another spill. Likely into deep water. It'll now take them three or four months to figure out how to recover it.

Chronically incompetent (1)

Anonymous Coward | about 3 years ago | (#35661830)

These people defy belief ...

Do they seek out morons in their corporate recruitment program, or are they just unlucky.

Re:Chronically incompetent (1)

jd (1658) | about 3 years ago | (#35663680)

The morons are the ones who would work best under the managers. It's not deliberate selection, merely a compatibility issue.

SSN? (3, Insightful)

innocent_white_lamb (151825) | about 3 years ago | (#35661840)

Why do they need your SSN to process a damages claim?

Re:SSN? (0)

Anonymous Coward | about 3 years ago | (#35661868)

Probably to report it to the IRS.

Re:SSN? (1)

yeshuawatso (1774190) | about 3 years ago | (#35661872)

My same thoughts about the DOB too. Driver's license number I could understand, but SSN and DOB? Are they going to fill out a w-4 for them? Maybe a 1099-MISC.

Re:SSN? (1)

zippthorne (748122) | about 3 years ago | (#35662658)

They're going to be paying them reparations, or at least some fraction of them... So, yes, there are almost certainly going to be tax implications.

Re:SSN? (0)

Anonymous Coward | about 3 years ago | (#35667120)

reparations are like insurance payments for damaged property - no tax implications - repair payments aren't taxable.

Re:SSN? (1)

mpe (36238) | about 3 years ago | (#35663600)

My same thoughts about the DOB too. Driver's license number I could understand, but SSN and DOB?

Why should only people who drive be able to claim? Even in the parts of the US affected driving is not mandatory...

Re:SSN? (1)

yeshuawatso (1774190) | about 3 years ago | (#35663646)

Well, let's see. Most banks require an ID to open an account. Most check-cashers want an ID to cash a check. So, besides toting your social security card and your birth certificate around with you to prove your identity, it's more convenient to use a state issued ID. In this example, I used a driver's license as a quick example of a state issued identification card with a number, since ALL states use a unique number on these cards, be it a driver's license or a plain ID card.

I don't have anything against those without a driver's license, I just used the term for convenience. You're just being an asshole.

Re:SSN? (1)

osu-neko (2604) | about 3 years ago | (#35664700)

Well, let's see. Most banks require an ID to open an account. Most check-cashers want an ID to cash a check.

Most banks use some form of identity verification. However, at least the last bank account I opened, this did not involve the presentation of any physical paperwork. I certainly didn't need a birth certificate, I simply told them my SSN, and I didn't present any state issued ID. IIRC, when I opened a bank account back in the 80s I had to go through something like that, but not recently. As for check-cashers, I assume you're talking about people to stand around in the bank talking to people who go in? Do they still have those? I haven't been physically inside a bank in over a decade. I certainly haven't had any of the machines I've given checks to require me to show any form of ID beyond the ATM card itself, although I haven't used my ATM card in years, either. My web browser, which has been from where I've sent and "cashed" checks for the last few years, has never once demanded I show it any ID... which is good since I lost my webcam.

Re:SSN? (-1)

Anonymous Coward | about 3 years ago | (#35665372)

My same thoughts about the DOB too. Driver's license number I could understand, but SSN and DOB? Are they going to fill out a w-4 for them? Maybe a 1099-MISC.

Too many acronyms. I tried to google/wikipedia them, SSN = Social Security Number, but I could not find out what DOB (Department of Buildings? Dykes on Bikes? Daughters Of Bilitis? 2,5-dimethoxy-4-bromoamphetamine???) is, so I did not even try the others.

Re:SSN? (3, Informative)

nedlohs (1335013) | about 3 years ago | (#35661928)

For a lost income claim, the money is taxable (just as the income it is supposed to be replacing would be).

Other types aren't but that doesn't mean they don't report them to the IRS anyway.

Re:SSN? (3, Interesting)

vlm (69642) | about 3 years ago | (#35665094)

For a lost income claim, the money is taxable (just as the income it is supposed to be replacing would be).

The problem is tax evasion. There's a million "bubba gump shrimp boats" down there, that "on paper" never make more than a couple K of taxable income per year. But under the table they were absolutely raking it in. Cash sales to restaurants. Cash sales at the pier to brokers. Cash sales to general public and/or local fisherman whom happen to be at the pier. The only guy in LA with more cash than a dealer is a fishing boat owner. Now with the spill, there is a huge dilemma of how much money they should get from B.P., what they actually made, or what they reported to the IRS.

I'm told by relatives in LA that the IRS takes people down because they are so dumb that they buy diesel for their boat on a credit card, so its easily tracked, and they spend more money JUST ON DIESEL than they report as gross income to the IRS. Theres a whole folklore as to which marina cooperates with the feds and which marinas take cash for fuel, and how its better to buy diesel at a "gas" station for cash, pay the diesel road tax, and pour it into your boat, than to get busted, apparently offroad has a dye added so you can't burn it onroad, and boat owners buy the dye to make it look like they're burning marina diesel instead of truck diesel.

That gives some idea of how bad the tax evasion is down there. I would not be surprised if this is all a show, and the laptop mysteriously is found in the local IRS office.

Re:SSN? (0)

Anonymous Coward | about 3 years ago | (#35666372)

Thanks for explaining the issue.

It sucks, but in my opinion these tax-evading boat owners should pretty much just be fucked by the oil spill. If they've reported income of a couple grand for the past 10 years... that's all they should be able to get in lost income. Now, the honest fishers who report their income to the IRS, I'd say they're due plenty from BP. As is the rest of the country who are indirectly affected by the spill in dozens of ways.

Re:SSN? (1)

headhot (137860) | about 3 years ago | (#35662118)

Well, some people have the same name. You dont want to justify not paying a claim to the same person twice would you?

Re:SSN? (0)

Anonymous Coward | about 3 years ago | (#35662168)

Why do they need your SSN to process a damages claim?

Because they'd ask you for a SSN when you get a Kleenex if they could. The US is remarkably dysfunctional when it comes to identification numbers. Ostensibly the SSN is supposed to be private, but everything wants it, and they only give it to you on a paper card. How useful!

The country would benefit so much from any number of systems but there's a crew of Jesus freaks who think it's an unconstitutional sign of the Beast and so it won't happen.

Re:SSN? (1)

hazem (472289) | about 3 years ago | (#35664054)

They probably have to file a 1099-something to the IRS for any payments they make to claimants.

It will be interesting to see if they end up getting a bigger payment for the lost personal data than they will for their ruined lives and environment.

Re:SSN? (0)

Anonymous Coward | about 3 years ago | (#35664256)

SSN is used to validate claims, ie, each SSN is given it's own settlement. Not everyone has a driver's license or state id.

Re:SSN? (1)

GameboyRMH (1153867) | about 3 years ago | (#35666830)

The same reason any non-government entity needs it: because it would be more convenient if you had a government-issued serial number, and the closest thing you have to that is your SSN, which they have no right to whatsoever.

Bad Faith... (4, Interesting)

aralin (107264) | about 3 years ago | (#35661842)

Any sufficiently big level of stupidity is indistinguishable from malice :)

Actually it is better for you to assume malice than stupidity, because if you go after a fool, he kinda sorta deserved it anyway, if you think a malicious enemy is stupid, you are gonna pay twice for being fool yourself. Game theory in action. :)

Sorry folks (0)

Anonymous Coward | about 3 years ago | (#35661870)

I thought it was a good idea to carry the entire claimant database on my laptop. That way I could familiarize myself with the details of the claims, and show it to BP employees I was going to meet at another location to give them an idea of the kind of data we had collected. And if anyone happened to ask whether they were on the list, I could fire up my spreadsheet and give them an answer on the spot.

Isn't saying "no allegation of bad faith"... (0)

Anonymous Coward | about 3 years ago | (#35661884)

... making one?

Whew!! Not Stolen At Least! (1)

Anonymous Coward | about 3 years ago | (#35661904)

just misplaced .. it'll turn up any old time ..

Huh? (4, Insightful)

cultiv8 (1660093) | about 3 years ago | (#35661912)

Was it not encrypted? How long after it was "discovered" missing was it remotely disabled? Were they able to wipe it? Why do you keep this type of data on a personal laptop? Seriously BP, you guys make a lot of cash, care to tell us how much of this is going into your IT infrastructure to prevent this from happening?

Re:Huh? (4, Insightful)

Yo Grark (465041) | about 3 years ago | (#35662006)

Oh, IT told them how to securely store the data on the laptop. Him being at the executive level, promptly ignored IT directives because it was "too complicated".

I'm in a large organization, it's INCREDIBLE what hoops IT makes little ol me jump through to do things on my laptop but Executives routinely able to do and get the most insane stuff happening on their laptop. Autologin because they keep forgetting their passwords? No duh, changed every 20 days, must contain an non-alpha-numeric character, must contain upper and lowercase, not dictionary based, and not similar to the last 20 passwords.....you have ANY idea how fricken hard it is to keep track of not only the main login but all the subsystems we use?

Oh, what's that? the exec has autologin with roboform installed? And this is allowed HOW? Oh right, they're the execs.

- Yo Grark

Re:Huh? (4, Insightful)

PolygamousRanchKid (1290638) | about 3 years ago | (#35664064)

No duh, changed every 20 days, must contain an non-alpha-numeric character, must contain upper and lowercase, not dictionary based, and not similar to the last 20 passwords.....

I read an editorial a long time ago in the Wall Street Journal, written by a security consultant. The executive had three secretaries working for him, and they had to use the PCs from each other. The executive proudly stated that the passwords needed to be changed every week!

The consultant said that no one could deal with a different password every week. He did a MacGuyver, and used a pocket knife to open the drawers in one of the secretary's desk. There were the passwords, all written down and stored in the top drawer.

The point here is that you go off all crazy on security policies that are impossible to follow, someone will find a work-around that defeats the purpose.

Re:Huh? (3, Informative)

vlm (69642) | about 3 years ago | (#35665138)

The point here is that you go off all crazy on security policies that are impossible to follow, someone will find a work-around that defeats the purpose.

The worst part of your story is the actual failure mode is failure to understand the difference between encryption and authentication.

You're "supposed" to share encryption keys to transfer data, and you've got a huge known plaintext problem with encryption. So you have to change keys / passwords every week or whatever.

In comparison, the only person that knows your authentication password is one human. The computer, if done correctly, only knows a salted hash. Changing passwords is cargo cult science, it pointless. Its applying a solution from one problem to a completely unrelated problem. And it makes it worse by making password changing and resetting common and trivialized (in addition to making human management of passwords so difficult that they subvert the system as per your report). Finally it feeds illogic and stupidity, in that good security can be a PITA, therefore anything that is a PITA must be good security, right, and the more of a PITA it is the better the security must be?

Re:Huh? (1)

Anonymous Coward | about 3 years ago | (#35662020)

BP laptops can't be remotely wiped, but they are password protected.

Re:Huh? (1)

zippthorne (748122) | about 3 years ago | (#35662718)

"password protected?"

If the password doesn't get mangled into an encryption key somehow, it's not protecting anything. "Password Protection" on a laptop is like putting up a forty-foot high steel (.. colored.. plastic..) door next to a patio and hoping thieves are too distracted by the door to notice it's not actually enclosing anything.

Re:Huh? (2)

vlm (69642) | about 3 years ago | (#35665160)

"Password Protection" on a laptop is like putting up a forty-foot high steel ...

... blow-out preventer on a well, and then not keeping its batteries fully charged?

Just trying to put it in terms B.P. can easily understand given their recent history...

Re:Huh? (0)

Anonymous Coward | about 3 years ago | (#35666910)

If this really is a BP laptop, this will be a BitDefender/SafeGuard type technology which encrypts the hard disk using a fairly strong key which is in turn encrypted by a boot password. The boot password could come from a token but is more likely from something the executive has to memorize. Tech support usually have a way of recovering without the boot password but that is all. Password policies govern how strong the boot password is.

Re:Huh? (0)

Anonymous Coward | about 3 years ago | (#35667376)

RTFA. What you and most commenters are missing here is that the laptop CAN be remotely disabled, and most likely has. Probably one of those "Lojack for Laptops" companies like Absolute Software.

"Lost" (0)

Anonymous Coward | about 3 years ago | (#35661950)

Lost=Run over by a truck, finely ground, incinerated and buried under a dead horse.

speaking of BP... (3, Interesting)

magarity (164372) | about 3 years ago | (#35662028)

There hasn't been much coverage lately of how the independent engineering team decided the blowout prevention valve's malfunction was to blame and not some active corporate malfeasance after all. On the other hand, there also hasn't been much coverage of how BP owns a lot of the oil facilities in Libya that the US military is now busy defending.

It seems to be just a loss (2)

pankajmay (1559865) | about 3 years ago | (#35662030)

It seems they do have a copy of the data (the original article alludes to that) -- so this is in effect just a loss of a laptop that contained a copy of this data.

Shit happens! Seems like they are doing appropriate damage control (by offering free credit monitoring to affected people). And hopefully, as soon as it comes online if it gets turned on by a novice finder/stealer, it will be wiped/locked by the company's software agent.

Such data is usually copied by many on their laptops or devices so they can run some quick analyses or answer questions -- there is nothing out of the ordinary. It should be treated like any other company laptop loss, except in this case it had a copy of some rather news-worthy data.

Re:It seems to be just a loss (1)

osu-neko (2604) | about 3 years ago | (#35664776)

It seems they do have a copy of the data (the original article alludes to that) -- so this is in effect just a loss of a laptop that contained a copy of this data.

Indeed. No doubt they put a copy of this data on every laptop, and keep in a public server somewhere so anyone can copy it, so they always have many copies around just in case something like this happens. /eyeroll

That whooshing sound you heard when you read the summary was the whole point going over your head. The issue was never that they might no longer have access to the data. The issue is that they aren't doing a particularly good job of making sure not everyone has access to the data.

Such data is usually copied by many on their laptops or devices so they can run some quick analyses or answer questions -- there is nothing out of the ordinary.

If the data is sensitive, it shouldn't be copied, it should be accessible in such a way that they can do this without requiring an individual copy of the entire database on the laptop. Alternately, if this isn't feasible for the task that needs to be done on that laptop, then much higher levels of security should be required and extra care should be taken to ensure that the machines that do have the data are not stolen or lost.

This is only "nothing out of the ordinary" is the sense that irresponsible behavior and gross negligence are nothing out of the ordinary at BP.

Re:It seems to be just a loss (1)

pankajmay (1559865) | about 3 years ago | (#35665990)

Indeed. No doubt they put a copy of this data on every laptop, and keep in a public server somewhere so anyone can copy it, so they always have many copies around just in case something like this happens. /eyeroll

The issue was never that they might no longer have access to the data. The issue is that they aren't doing a particularly good job of making sure not everyone has access to the data.

You would never know that with the ruckus everyone here was raising at the start of the thread. And by the way - you conveniently ignored the fact that they are doing damage control.

If the data is sensitive, it shouldn't be copied, it should be accessible in such a way that they can do this without requiring an individual copy of the entire database on the laptop. Alternately, if this isn't feasible for the task that needs to be done on that laptop, then much higher levels of security should be required and extra care should be taken to ensure that the machines that do have the data are not stolen or lost.

This is only "nothing out of the ordinary" is the sense that irresponsible behavior and gross negligence are nothing out of the ordinary at BP.

There is a lot of difference between theory and practice. You would know that if you work for a big organization. I am not condoning the lack of precautions on the executive's part -- the executive needs to reprimanded properly, but all I am saying is that this stuff happens.
True BP may be bad and evil, but this does not mean that every incident is a sinister plan unless proven otherwise. You are coloring the incident with your own biases and opinion about the company.

And as far as the laptop is concerned -- almost all such companies have multiple layers of security to log on to such machines. The machine is probably encrypted by default and will be erased as soon as its turned on. (There usually is a pre-Operating System level locking)

This leads to my original opinion that if a machine is turned on by a novice, it will be wiped out immediately. Unless someone who is determined to get at this data acquires it, and I am almost 100% sure that the data is stored on the HDD encrypted. (Why? Because almost all organizations with sensitive customer info need to)

Re:It seems to be just a loss (1)

rfrenzob (163001) | about 3 years ago | (#35665192)

What happens before the laptop in question comes online?

Re:It seems to be just a loss (1)

pankajmay (1559865) | about 3 years ago | (#35666052)

What happens before the laptop in question comes online?

As I said earlier, I am sure that the info is encrypted on the laptop -- it will probably be inaccessible without a proper key. And if the machine comes on, they will be able to wipe it before the OS loads.

Big organizations usually do hedge for such scenarios and have precautions and procedures in place in such events. You don't think they supply their executives with plain vanilla laptop with Windows on it with no serious authentication measures?

Incentives at play (1)

sethstorm (512897) | about 3 years ago | (#35662144)

Why would they want to lose it after paying large sums of cash?

What other events are going on with BP that would make this a distraction?

What do they gain about making this front-and-center public?

Try an exploding tanker in a german harbor (0)

Anonymous Coward | about 3 years ago | (#35664774)

It is ridiculously hard to find in the international news, but here goes: a BP tanker exploded in a german harbor [newser.com]. This after they had touted their horn about their stepped up safety measures.

I can understand why they could do with a diversion in the news...

Re:Incentives at play (1)

vlm (69642) | about 3 years ago | (#35665182)

Why would they want to lose it after paying large sums of cash?

Well, the IRS is gonna be really pissed, but the general public getting money tax free is going to be happy. Assuming "the general public" got the cash and not some politician. Hmm.

Oh, Dear God No! (1)

mug funky (910186) | about 3 years ago | (#35662164)

there's been a data spill!

i bet they find the laptop in the Gulf of Mexico.

Re:Oh, Dear God No! (1)

sethstorm (512897) | about 3 years ago | (#35662526)

If it were that case, they'd try a few ineffective things and seize proof that their measures were ineffective.

Re:Oh, Dear God No! (1)

vlm (69642) | about 3 years ago | (#35665196)

And someone on /. would suggest the best way to cap the data leak would be to nuke it ...

Is this anything like (1)

twoears (1514043) | about 3 years ago | (#35662286)

"my dog ate my homework" or the iPhone 4 left in the Silicon Valley bar by the Apple employee?

How foooortunate (0)

Anonymous Coward | about 3 years ago | (#35662784)

Theeees seeemplifies eeeverytheeng

BP, gunning for the prize... (0)

Anonymous Coward | about 3 years ago | (#35663026)

This is clearly a stunt to boost their odds in the Worst company in America contest [consumerist.com]. They are already a favorite to make the final match up, but this might just be the boost they need to go all the way and claim the golden poo.

Failed Design (1)

Gastrobot (998966) | about 3 years ago | (#35663044)

In my mind it seems like a failure in security to have this quantity of personal information on a laptop. If someone needs quick access to it then it should be in a database back in home base with some canned queries for whatever functions are typically needed. This approach should be sufficient anywhere that an internet connection exists. I've never used one myself but my understanding is that these days you can purchase USB sticks that connect to the internet from anywhere in reach of a cell tower and so it should be an especial rarity for a business such as BP to find themselves hindered by a lack of connectivity.

Hopefully the drive on the laptop was encrypted but even if it was the wrong way to handle this sort of data. Haven't these people been through enough from BP already?

"Bad faith" (3, Insightful)

rhizome (115711) | about 3 years ago | (#35663158)

The bad faith isn't in losing the laptop, it's in the BP policy allowing workers to have this information on laptops that can be lost.

More like bad proceedures. (0)

Anonymous Coward | about 3 years ago | (#35663778)

They learnt their secrecy from the British government and security services. They seem to distribute secret information like this all the time.

Re:"Bad faith" (1)

thegarbz (1787294) | about 3 years ago | (#35664022)

Ahhh yes policy. I take it you don't work in IT? IT policies in most companies are generally widely regarded as a waste of time to write and are rarely followed. I mean I work for a multinational company who actually had to send out an email communication to all staff saying, "Yes downloading 5GB of porn on your lunchbreak is definitely a breach of the terms of services, which incidentally are longer than a typical EULA and expressly state things such as never keep company information on the desktop, my documents, or anything other than the network folders which we have access to from anywhere in the world anyway. But try telling the users this. ... I'm guilty of this too, I've taken my entire network drive and ticked "use offline". Between that and the use of Firefox (unauthorisied software) I'm definitely on the naughty list.

Re:"Bad faith" (1)

emt377 (610337) | about 3 years ago | (#35664316)

The bad faith isn't in losing the laptop, it's in the BP policy allowing workers to have this information on laptops that can be lost.

At least without crypto to protect it. I keep a lot of sensitive paperwork (contracts, etc) on my laptop, but it goes in an encrypted file system that's only mounted as needed, then unmounted.

Can Haz Consequences? (1)

ohnocitizen (1951674) | about 3 years ago | (#35663358)

At this point is there any expectation that actions like this will carry consequences outside of an apology for a company like BP? After the oil spill, the Texas incident and their subsequent handling of both - it seems like an issue like this will disappear from the media's attention span in short order.

Each and everytime... (1)

geogob (569250) | about 3 years ago | (#35663810)

It doesn't happen that often, but each and every time I read a story about a laptop being lost that held critical information, I'm asking myself the same question: How do you lose a laptop?! I've never personally heard of anyone losing a laptop. Not even misplacing one. One got stolen, but I wouldn't count this as "lost", although it is a loss.

Incompetants. Fire them. (0)

Anonymous Coward | about 3 years ago | (#35664650)

How do the employees of these companies keep on losing laptops?

If it was stolen, then it would say it was stolen.

So this is a case of laptops being left behind in hotels, or taxis, or trains.

These incompetents should be fired, especially when they're holding personal data on their laptops.

I'm sure that BP's IT group has BIOS level passwords and encryption set of course. And that sensitive data is encrypted when being transported. Or maybe they should all be fired too.

Worst case scenerio (1)

Zac_G (2029862) | about 3 years ago | (#35665748)

I'm always amazed at the communities limited understanding of the media world and how it does its reporting. The media is reporting how BP is treating the issue, not what has actually happened. BP is handling this in a worst case scenario: the laptop has been stolen/lost, the information on the laptop has been compromised, and the individual responsible is maliciously using the claimants information in a mischievous way. They have only confirmed they do not have in their possession a laptop with claims information. Let's also not forget just how often local politicians, lawyers, and claims adjusters have asked for this information on the spot with little regard to the claimants privacy. If BP had the option I imagine they would have this information on servers behind a DMZ with little to no outside access, but we have demanded that they be transparent with everything as quickly as possible (spill cam, reporters on a drill rig, live video feed of their ROVs, daily technical reports during the spill...). I don't know about you but when good 'ol Bobby Jindal asks for claims information I doubt he is wanting to do log shipping of encrypted data base tables. He just wants a damn excel file.

Why is this data on a laptop, again? (1)

Vrtigo1 (1303147) | about 3 years ago | (#35666218)

In the age of uniquitous connectivity, why is it that this data is stored locally on a laptop? BP surely has boocoo IT infrastructure, so why didn't they just set up a secure website that their minions could've used to input people's data instead of storing it in Excel on a laptop where it could be lost? Seems to me that it'd be a lot more difficult to lose the data when it's sitting on your SAN which is probably in an access restricted datacenter. Asshats...

WTF IT (1)

the_hellspawn (908071) | about 3 years ago | (#35666844)

Why would someone store data on a laptop? Connect through a secure link and get your data from a server that can't be lost. Hacked maybe, but not lost. For crying-out-loud; some IT folks are Duh and not WINNING. Storing shit on a laptop is just retarded. Don't care it is retarded. Store it on a server. I do and Duh, WINNING!

I lost my laptop. My dog ate my homework. I was... (1)

mschaffer (97223) | about 3 years ago | (#35667090)

So, is BP is trying to implement the "I lost my laptop" excuse to keep from paying all of those claims?

What I want to know is: why do people store all of this information on individual laptops?
Things like this have happened so many times before. When will those pinheads learn?

Laptop can be remotely disabled... (1)

FlipperPA (456193) | about 3 years ago | (#35667400)

...you think this tidbit from the article might have been included in the teaser. Lojack for laptops, encryption and passwords should be required for any company or academic laptop containing sensitive information.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...