Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sensitive Data Stolen Via Digital Cameras

Zonk posted more than 8 years ago | from the camsnuffling-is-a-great-word dept.

Security 318

Jack writes "ITO is running an interesting story on a new security threat connecting digital cameras and hackers." From the article: "Following a spate of reports about Bluetooth and iPods devices being used to steal sensitive data from organizations, businesses are now urging to be vigilant as hackers use digital cameras to sidestep security measures. 'Camsnuffling', the latest IT managers headache being used to computer attackers to extract and store data with the help of digital camera." We've previously discussed this problem.

cancel ×

318 comments

Sorry! There are no comments related to the filter you selected.

That is why (1, Funny)

Anonymous Coward | more than 8 years ago | (#14195166)

I always log in as anonymous coward.

Re:That is why (0)

Anonymous Coward | more than 8 years ago | (#14195369)

But we can rest in peace; your fiendish anonymous coward plan will fail on Wikipedia!

...unless you register a throwaway account...

...Doh!

Memmory Sticks next? (5, Insightful)

Ironsides (739422) | more than 8 years ago | (#14195177)

Since the article seems to be more concerned about using cameras to store information, rather than taking pictures of sensitive documents, how long until USB Memmory sticks are targeted? Floppies? Geez, if they're that worried about security they need to be concerned about anything that stores info, not just what appears to be everyday items.

Re:Memmory Sticks next? (4, Insightful)

ergo98 (9391) | more than 8 years ago | (#14195243)

Since the article seems to be more concerned about using cameras to store information, rather than taking pictures of sensitive documents, how long until USB Memmory sticks are targeted? Floppies? Geez, if they're that worried about security they need to be concerned about anything that stores info, not just what appears to be everyday items.

Removable storage devices are the problem, and the invention of "camstuffing" seems like a lame gimmick to try to spin more news out of it. The article ridiculously claims that "many employees use digital cameras in their day to day work" - Maybe at a photojournalism shop, but in most real businesses you'd look pretty odd connecting your camera to the PC. It's vastly lower on the threat scale than PDAs, cell phones, burnable media, or flash cards/keys.

While I think the whole hacker vs cracker thing is a lame debate, in this case they're talking about people simply stealing or misappropriating data that they rightfully have access to. There is nothing (h|cr)ackeresque about that.

Re:Memmory Sticks next? (3, Informative)

schon (31600) | more than 8 years ago | (#14195433)

The article ridiculously claims that "many employees use digital cameras in their day to day work" - Maybe at a photojournalism shop, but in most real businesses you'd look pretty odd connecting your camera to the PC.

It's not as ridiculous as you think.

Perhaps most keyboard jockeys may not use digital cameras, but most of the businesses I know of who have employees that leave the building outfit their employees with digital camera.

Building inspectors use them for taking pictures of job sites. Insurance agents use them for making appraisals, insurance adjusters use them for taking pictures of accidents. Rig foremen use them to take pictures of their rigs. General contractors, cabling salesmen, and land surveyors use them to take pictures of job sites.. and this is just off the top of my head. I'm hard pressed to think of a company I deal with that doesn't have at least one digital camera for staff use.

Re:Memmory Sticks next? (1)

ergo98 (9391) | more than 8 years ago | (#14195527)

Perhaps most keyboard jockeys may not use digital cameras, but most of the businesses I know of who have employees that leave the building outfit their employees with digital camera.

I didn't say it doesn't happen, it just isn't quite that high on the risk chart (especially given that most organizations still have zero physical restrictions on removable storage beyond perhaps never enforced corporate policy).

Re:Memmory Sticks next? (5, Funny)

malraid (592373) | more than 8 years ago | (#14195244)

That why our IT department fills every hole in every computer with epoxy. It's bitch when we have to fix something, but then, a broken computer is not a security threat.

Re:Memmory Sticks next? (1)

Kelson (129150) | more than 8 years ago | (#14195268)

Many high-security workplaces (think defense contractors) already don't allow USB sticks. They store lots of data and they're easy to hide: just slip one in your pocket.

My secret hiding place (3, Funny)

Hoi Polloi (522990) | more than 8 years ago | (#14195551)

"just slip one in your pocket."

I could've been hiding it in my POCKET? Oh shit...

Re:Memory Sticks next? (1)

toleraen (831634) | more than 8 years ago | (#14195689)

Where I work (defense contractor), the emphasis is more that they don't want sensitive data stolen when you leave your ipod you used at work earlier that day in your friends car. USB sticks are fine to have, as long as it's approved by security (not too difficult). We're given memory sticks that use biometrics to use if the memory stick is going to leave the building. Regular storage mediums just aren't secure enough. Granted that goes for employees...if a visitor were to bring in something with a memory card, that's a whole different story. That they take quite a bit more seriously.

Defense Contractors, memory sticks, and cameras (4, Interesting)

SeanDuggan (732224) | more than 8 years ago | (#14195746)

I work in a building with defense contractors. Cameras are banned, even non-digital ones, for fear that someone might take a picture, but they have no problems with USB sticks and digital music players. I once had a guard ask after the headphones I was wearing. When I explained they were to my digital music player, he waved me on, saying that he just wanted to be sure they weren't plugged into a cell phone. (Cell phones are required to be turned off while in the building ostensibly because the signals can disrupt some of the RF experiments. Camera cell phones are, of course, banned.)

Oh, and when the news reports came out, they did also briefly ban Furbies (remember when they were marketed as being able to mimic language? Security feared they'd be used as recording devices) and Coke cans (Coke was running that contest where prize cans had a GPS transmitter in them to lead in the prize team. This is more of the signal interference than a security thing, but people weren't hot on a GPS transmitter inside secured locations either).

What the USA National Archives do... (5, Interesting)

ATeamMrT (935933) | more than 8 years ago | (#14195328)

Since the article seems to be more concerned about using cameras to store information, rather than taking pictures of sensitive documents, how long until USB Memmory sticks are targeted? Floppies? Geez, if they're that worried about security they need to be concerned about anything that stores info, not just what appears to be everyday items.

They check everyone who enters, no cameras are allowed. Everyone needs a special Id issued by them to eneter. No jackets are allowed. No loose sweaters are allowed. They have lockers where any banned item can be kept, outside the secure area. Once you make it to the guards station, they stamp every sheet of paper you take in. When you leave, you can only take out papers they stamped. They check EVERYTHING. And they have a ton of security cameras in the building, and employees that keep track of who comes and goes. I needed papers which were in a secure area. They made me wear an ID tied around my neck, and I was escorted by an employee.

They also make it a crime to try and decieve them (for example, sneak a camera in). People can go to jail, and there are heavy penalties. They have multiple checks. The first one is a metal detector and a police officer who is more than willing to use the hand wand. The next step is the security officer who checks you in.

If companies want security, it is not hard to ban everything, hire 20 or 30 police officers, make it a crime to violate their policy, and treat everyone as dishonest liars who are more likely to steal.

A chain is only as strong as the weakest link. That is the mentality these institutions have, so they don't trust anyone, not even thier own guards.

Re:What the USA National Archives do... (1)

Shakrai (717556) | more than 8 years ago | (#14195467)

If companies want security, it is not hard to ban everything, hire 20 or 30 police officers, make it a crime to violate their policy, and treat everyone as dishonest liars who are more likely to steal.

The last time I checked a private company can't just decree that something is a crime.

Your story about the National Archives is pretty damn interesting though!

It's more complicated for companies (1)

manifoldronin (827401) | more than 8 years ago | (#14195498)

While your recount of the security procedure at the National Archives is informative and interesting, there are a few differences between the National Archives and an average company:

1. The NA can afford to spend a lot on the security, while a company has to watch the bottom line.

2. It's acceptable for the NA to annoy or even "piss off" some visitors with an overly stringent security proecess, whereas a company usually wouldn't want to offend guests or employees.

3. A company needs to balance between productivity and security.

Re:Memmory Sticks next? (0)

Anonymous Coward | more than 8 years ago | (#14195444)

Remember the mid-nineties?

Most (all?) of the computer films made in that epoc out of Hollywood all had a plot that involved a 3.5" disquette that contained data that [must not fall into the wrong hands|must be made public].

(Didn't it ever occur the screen play authors that, the contents of a floppy disquette could be copied off in under a minute?)

Worrying about IPods and usb-drives just seems like this decade's nod to a B-movie scenario that was just as tired last decade.

Re:Memmory Sticks next? (2, Insightful)

ergo98 (9391) | more than 8 years ago | (#14195594)

Worrying about IPods and usb-drives just seems like this decade's nod to a B-movie scenario that was just as tired last decade.

iPod 60GB - $460
USB cable - $8
Misappropriating the financial database because you're the DBA - Priceless

Well, maybe not priceless. Billions of dollars in actual and capitalization damage, destroyed market image, thousands or tens of thousands who'll have issues for years.

It isn't tired - it's a very, very real risk. Too much data is being treated sloppily, and while this is only one of many steps that need to be taken to secure data, it is a concern.

Re:Memmory Sticks next? (2, Funny)

size1one (630807) | more than 8 years ago | (#14195603)

"Geez, if they're that worried about security they need to be concerned about anything that stores info"

I have a photographic memory so my employer forces me to work blindfolded.

Re:Memmory Sticks next? (2, Funny)

AndroidCat (229562) | more than 8 years ago | (#14195763)

Jeez, next they'll stop me from plugging in a 802.11g USB adapter and connecting with a friend in the parking lot. Talk about paranoid!

Why go to all that trouble... (4, Insightful)

greyfeld (521548) | more than 8 years ago | (#14195179)

when you can just buy a thumb drive and plug it in to any machine and get almost whatever you want.

Re:Why go to all that trouble... (1)

Pantero Blanco (792776) | more than 8 years ago | (#14195236)

Heh, indeed. I'm doing that right now to avoid having to use IE in a library.

The only downside is that some monitor that Dell packaged with the system keeps bitching about me "having low hard drive space" every few minutes because of the 128 MB thumb drive.

Re:Why go to all that trouble... (1)

jasen666 (88727) | more than 8 years ago | (#14195291)

That's what I'm thinking. They're so damn small these days, you can plug one in and no one even notices. They make wristwatch drives now too, don't they? The possibilities are endless. I don't think cameras would be my first worry if I as in charge of data security at my place, but they'd be on the list.

Re:Why go to all that trouble... (4, Informative)

jonnythan (79727) | more than 8 years ago | (#14195296)

Because lots of corporations and governmental bodies, particularly those dealing with sensitive data, have access to removeable media such as USB drives, CD-RW drives, and floppy drives, disabled by default.

Re:Why go to all that trouble... (2, Informative)

Carthag (643047) | more than 8 years ago | (#14195460)

But it appears that in this case the cameras are used as USB drives. Wouldn't they also already be disabled, then?

Re:Why go to all that trouble... (1)

djdavetrouble (442175) | more than 8 years ago | (#14195721)

how about a linux install on the usb drive, or a liveCD, then you are free of whatever pathetic
Windows things have been turned off, unless it happened in BIOS.

Crap article (0)

Anonymous Coward | more than 8 years ago | (#14195313)

Other than the obvious typos, the article pretty much sucked.

when you can just buy a thumb drive and plug it in to any machine and get almost whatever you want.

Really the point of the article is to remind IT folk that cameras should fall into the same category as memory sticks, thumb drives, mp3 players. Not that they should focus on dig cameras to the exclusion of the other technologies. Anyone who cares about this article probably already has banned thumb drives and mp3 players.

Top-Secret Information Leaking (0, Troll)

PlayfullyClever (934896) | more than 8 years ago | (#14195180)

I recently came into contact with a similar policy at a consulting firm that was concerned that top-secret information might escape through my USB watch, and made me leave it at the front desk every day. In that case, I know it was absurd overkill ... but is this concern a legitimate concern?
Not to skirt the question, but is this really "absurd overkill?" I'm sure that USB pens/watches/etc have been a boon to corporate espionage. With a USB storage device, you don't have to worry about burning CDs or emailing your stolen information off-site.

Having said that, I do think that some companies need to quit treating their employees like potential criminals. But if you work for a company like mine, where the data is the company's life-blood I can completely understand why they'd want to keep your USB and other storage devices (like iPods) out of their space. (thin clients would have gone a long way towards solving this problem, but that's another discussion)

Re:Top-Secret Information Leaking (4, Insightful)

ergo98 (9391) | more than 8 years ago | (#14195330)

But if you work for a company like mine, where the data is the company's life-blood I can completely understand why they'd want to keep your USB and other storage devices (like iPods) out of their space.

Employees don't need to be treated like criminals, but they shouldn't have more access than they need. For instance USB storage devices should be disallowed as a matter of security policy (not as a lame "leave what you tell us about at the door", but as an actual OS enforced system policy [microsoft.com] ). I care about this from a user and customer perspective, where random employees of banks, insurance companies, and other businesses have access to an enormous amount of my data: I've worked at a large bank and a large insurance company, and the controls aren't anything like most people imagine.

Re:Top-Secret Information Leaking (2, Insightful)

Shakrai (717556) | more than 8 years ago | (#14195558)

I've worked at a large bank and a large insurance company, and the controls aren't anything like most people imagine.

No they are not. The stuff I that I saw go on in the insurance industry would scare the living daylights out of people.

The biggest one I can think of would be the offsite tape backups at the agency I worked for. These were run every business day. How do you think they were offsite? Safe deposit box? Fire proof safe at the owners house? Nope! They gave the chief CSR the tapes and made her responsible for them. She took them home in her purse. More then once she lost a tape or forgot to bring it back in.

Despite that glaring amount of stupidity they refused to give me (the in-house IT) administrative access to the network or servers. I was supposed to talk to my boss if I needed him to log in for me. They trusted nobody but they let this woman take the companies entire database and image archive home with her every night. They justified this because "Tape drives are expensive and nobody else is likely to have one or know what's on the tape if she loses it."

I wonder how many of those tapes are floating around out there.

Re:Top-Secret Information Leaking (1)

Guido von Guido (548827) | more than 8 years ago | (#14195681)

My employer has insurance companies as clients, too. Almost universally they're penny wise and pound foolish.

Re:Top-Secret Information Leaking (1)

lowrydr310 (830514) | more than 8 years ago | (#14195410)

I work for a company with a similar policy. Virtually all personally owned electronics are prohibited (except for clocks, watches, coffee pots, fans, one-way (receive only) pagers, and the remote transmitters to open our car doors. It would be easy to sneak something in, but if someone gets caught they can easily be fired on the spot. I worked for a similar company before, though we were allowed to bring in our own cellphones as long as there was no camera. I don't see how a cellphone is any different than a landline for information security, except for the fact that the company phone can easily be monitored.

I think one important step that an IT department could take would be to prohibit connecting a USB removable drive, or at least keep a log when a device is attached and what files were transferred. Is this even possible?

And the fat moron on reception knew because.. (1)

kt0157 (830611) | more than 8 years ago | (#14195476)

..you told him it was a USB watch? Hmmn. And what if a data thief has a Sandisk combo SD/USB stamp-sized card in his belt buckle? Ah, but *he* lied about having it.

Great security. Relies on thieves being honest enough to confess. About as smart as the DHS asking whether you are a terrorist or not (yes, they really do: read form I-94W).

K.

Easy fix, remove access to the usb ports (4, Insightful)

psyon1 (572136) | more than 8 years ago | (#14195181)

Like the computers in a cabinet, and only allow bonded techs to get in to install peripherals :)

I know its not realistic, but alot of security problems can be fixed if we give up convenience.

Free Luna! (2, Funny)

Thud457 (234763) | more than 8 years ago | (#14195338)

How am I supposed to smuggle jokes for Mike into the computer complex if you instate a policy like that?!!!

Re:Easy fix, remove access to the usb ports (1)

gcw1 (914577) | more than 8 years ago | (#14195393)

Where I work we still have problems with users giving out their login passwords to everyone in their department... they have no idea why that is a security risk. A lot of users don't seem to understand the simplest of computer security measures.

Re:Easy fix, remove access to the usb ports (0)

Anonymous Coward | more than 8 years ago | (#14195530)

"alot of security problems can be fixed if we give up convenience"

In that case go back to pencil and paper; computer security problems solved!

Re:Easy fix, remove access to the usb ports (1)

E8086 (698978) | more than 8 years ago | (#14195683)

That would work in most cases, but only where there is no need for periphals. If there is a reason to use a digital camera, not sure why, maybe insurace agents taking pictures for claims, the peripheral has already been installed and an authorized device is being used to steal company data. A 1GB memory card can hold millions in business secrets. In most cases a 'no usb devices' policy will work. You can bring in your iPod, but not the USB/firewire cable, if you want to charge it, you cna spend the $10-$20 for an AC charger. I'm sure if enough companies were serious enough, Dell would make a PC with no USB ports or floppy or CD/DVD recorders. Of course then you run into problems with the company laptop,unless you want to cover it with tamper evident stickers and encrypt the hdd so it can't be removed and copied. The only other fix I see is to pay the employees enough to encourage them not to even consider "borrowing" company data. The RIAA doesn't do that and look at all the copies of CD that find their way onto the Internets.

Cameras in the workplace? (1)

rahuja (751005) | more than 8 years ago | (#14195182)

Not sure if I understood the problem completely, but don't most companies disallow cameras in the workplace anyways? I used to work with Intel and we were supposed to declare even camera phones at the entrance, let alone digicams.

You know... (1, Offtopic)

Pantero Blanco (792776) | more than 8 years ago | (#14195203)

You'd think a publication called the "IT Observer" could get the hacker vs "malicious hacker" or "cracker" wording right.

Re:You know... (2, Insightful)

winkydink (650484) | more than 8 years ago | (#14195264)

Forget it. That ship sailed long ago. People were complaining about the misnomer since the Morris Worm (and probably before that too). The media has coopted the word hacker whether you want them to or not. While you can continue to use it "correctly" in certain small circles, the general public equates hacker with malice.

How serious are you about security? (4, Insightful)

winkydink (650484) | more than 8 years ago | (#14195206)

If you or your company, is truly serious, then the steps to limit these sorts of things are pretty straightforward (no iPods/cameras in the workplace, locking the bios to prevent new usb, no admin rights on your machine, etc...).

The problem starts when the copmpany talks the talke, but doesn't back it up with action, leaving IT staff with a mixed message.

A clear, well-written security policy that has been bought off by and supported by exec mgmt is the only way to go. Sarbox is a great tool for scaring mgmt into line here. :)

Re:How serious are you about security? (1)

cloudmaster (10662) | more than 8 years ago | (#14195509)

What BIOS lets you stop "new USB" from working?

Re:How serious are you about security? (1)

karmatic (776420) | more than 8 years ago | (#14195739)

Almost all of them - just set "Integrated USB" to "OFF". Then don't use USB peripherals.

Let's start with the obvious... (2, Insightful)

c0dedude (587568) | more than 8 years ago | (#14195210)

Sensitive data should not be in plain view. Camera phones, then, are not a problem.

rtfa (0)

Anonymous Coward | more than 8 years ago | (#14195413)

If you read the article, you would know that there's nothing in it about taking *pictures* of sensitive data. Rather, the article is talking about how difficult it is to prevent employees from removing data from the workplace via storage media which is not traditionally used for transporting data (other than the data it's supposed to transport, mp3's, pictures, etc).

Re:Let's start with the obvious... (1)

Speare (84249) | more than 8 years ago | (#14195443)

Okay, we'll hide this 200,000 square foot top-secret military jet aircraft assembly facility in the secretary's desk drawer at night, just so the janitors can't snap a pic on their Verizon cellphone. Thanks, you just saved us a TON of money!

Re:Let's start with the obvious... (1)

jskiff (746548) | more than 8 years ago | (#14195597)

Sensitive data should not be in plain view.

And what about the people that work with the sensitive data?

The only thing that works is a strict, multi-layered security policy that enforces both physical and electronic security. I've been in some facilities where entry is similar to the airport with a metal detector and X-ray machine, except the people working the machines are soldiers with M-16s. Anyone with a "visitor" badge that doesn't have a clearance is escorted by an employee with a designated "escort" badge, and as soon as that employee swipes their badge, the lights in the secure area change to indicate that the uncleaned masses are in the area.

Their electronic security policy was just as strict. No one I spoke to was an admin on their machine, usb and other peripheral options were disabled, etc.

Defense in depth...

Re:Let's start with the obvious... (1)

valdezjuan (83925) | more than 8 years ago | (#14195669)

You are 100% correct, any sensitive data should be kept secure and from prying eyes. However, this does not solve the problem. The users you have to watch out for are the ones that have legitimate reasons for viewing/accessing the data. They are in the position to abuse trust. People would notice someone walking around the office taking pictures of sensitive data. Have you ever tried to photograph a piece of paper? It's not like in the movies where you just lay it flat and start snapping pictures. If you are using a regular digital camera, you have to get the document in focus, if you are trying to get the whole document you have to make sure that all of it can be read from the shot (also make sure that the flash doesn't go off - nothing like attracting attention). If you are taking the picture in sections, you need to make sure that you get the whole thing with enough overlap that you can reasemble the document. If you are using a camera phone, then you can't be casually walking around snapping pictures over peoples shoulders. To get a readable shot on most camera phones you need to be up super close, and you are only getting a few lines at a time. Even if you have one of the super duper spy cameras you still need to be over the document.

The article seems to be talking about using the 'hard drive' capabilities of the cameras and not the photo angle (which a clean desk policy would not help prevent). Most of the newer cameras have usb connecters, some have firewire, and almost all of them support some sort of removable storage. Adapters for these storage cards are all over the place, and some of them are supper small. This is just like people going into computer stores and using iPods to steal applications off the demo computers.

"Cameras" is a little misleading/shortsighted... (4, Insightful)

ScentCone (795499) | more than 8 years ago | (#14195223)

Why not just repeat this article on a regular basis, updating a list of things with some sort of commonly used comm port/interface and simple file-system storage? Right now it's phones, PDAs, pens, music widgets, camerads, fobs... but next it will be eyeglasses, shoes, student ID cards, car keys, fake fingernails, or someday your pre-frontal cortex. This article is mostly about how you can't trust people you can't trust. Cameras don't have much to do with it, per se. If cameras provided a way around an established lack of trust, then we'd have an article to read.

"Guns" is a little misleading/shortsighted.. (1)

LoonyMike (917095) | more than 8 years ago | (#14195455)

Guns don't kill people, per se. People do.

Re:"Guns" is a little misleading/shortsighted.. (2, Insightful)

Pantero Blanco (792776) | more than 8 years ago | (#14195535)

You missed the point. They only listed a single device capable of causing the problems they listed, when there are many more that would be more likely to. He wasn't saying that the employees were the only factor.

To use your analogy, it would be like someone writing an article on why a pocket knife could be dangerous in a criminal's hands.

cannot be helped (5, Insightful)

middlemen (765373) | more than 8 years ago | (#14195229)

Most of us must have read the story about a crow wanting to drink from a jug of water, but the water being too low, the crow could not drink it. So it dropped some pebbles/stones in it and then the water rose so that the crow could drink it. If a crow can be resourceful like this applying its brain (however small), so can humans. And "hackers" (why lord why! it is crackers) are resourceful and how much ever technology progresses, there will be people who will defeat the technology by sheer brainpower and kludges. So, such things are inevitable and in fact extremely necessary to spinoff the growth of new better technology.

Crackers (-1)

Anonymous Coward | more than 8 years ago | (#14195761)

Where i's a from, CRACKERS be country folk or dem flat crackers you puts in yo soup. I be a Florida Cracker.

iPods only for illegal use? (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14195233)

From the article
----
If someone is seen in the workplace using an iPod it's more than likely that it's for the wrong reasons - either podslurping or downloading music without permission.
----

This guy needs a solid whack with a clue-by-four. I work with a lot of people who use their iPods at work to.... SURPRISE listen to music.

duh.

Re:iPods only for illegal use? (2, Insightful)

Kelson (129150) | more than 8 years ago | (#14195304)

Not only that, but I imagine many of them are playing music they bought legally -- on their own time -- either in round plastic form or from iTMS, on their home computer.

Big zoom cameras are something too. (4, Interesting)

baryon351 (626717) | more than 8 years ago | (#14195245)

A friend of mine has one of the big zoom cameras, an 18x canon, and has often found the info revealed in one of them is insanely high. zooming in to take a photo of an aged guy on a park bench reading a newspaper brought out a picture that revealed every word on the front page of it. I found myself zoomed in and reading that article before realising how simple it was, and that we were more than a hundred feet from him.

Anyone here run a business with a display visible from a window, even one half a city block from the next window?

Re:Big zoom cameras are something too. (2, Insightful)

manifoldronin (827401) | more than 8 years ago | (#14195346)

Anyone here run a business with a display visible from a window, even one half a city block from the next window?
Yeah, especially considering the more senior an exec becomes the bigger/more windows his office gets to have...

Re:Big zoom cameras are something too. (1)

cloudmaster (10662) | more than 8 years ago | (#14195538)

Isn't Jennifer Anniston suing / considering suing some photographer for getting a topless photo of her from like a mile away? I'd imagine that the scumbag paparazzi's camera could get detail through a business window just as easily. I wonder if information gathered that way is considered just as acceptable as photos taken of people in public places?

Re:Big zoom cameras are something too. (1)

spawnofbill (757153) | more than 8 years ago | (#14195569)

Becuase by law, if it's viewable from a public place, it's legal.

Sesame Street Hackers (1)

itoleck (304334) | more than 8 years ago | (#14195261)

I know that Snuffleupagus was up to something.

May as well... (3, Funny)

grumpyman (849537) | more than 8 years ago | (#14195278)

Disallow pen and paper, and blind-fold visitors until they are escorted to where they are supposed to go.

Camera phones? Phht, how about MP3 players? (1)

ashitaka (27544) | more than 8 years ago | (#14195290)

When I left my previous job I had agreement from the firm to copy some personal files off the laptop I was using (kids pictures, etc.)

My son had been begging me for an MP3 player especially a 1GB model that was on sale.

Now, an MP3 player isn't much more than a memory stick with some extra intelligence to recognize music files.

So, I buy the MP3 player, copy the files off to the player then offload those to my home PC.

My son will get the MP3 player he wanted for Christmas.

Having proven that this is possible, will companies now have to ban MP3 players from being used in their offices?

Re:Camera phones? Phht, how about MP3 players? (1)

jasen666 (88727) | more than 8 years ago | (#14195352)

If they're too lazy to disable the USB ports on machines they think may be security risks, then yes. MP3 players really are nothing more than glorified thumb drives.

Re:Camera phones? Phht, how about MP3 players? (1)

trogdor8667 (817114) | more than 8 years ago | (#14195461)

Personally, where I work, personal mp3 players and cameras are banned (we obviously have cameras for business use, not mp3 players). We also have our USB ports locked out. You can't just plug in a flash drive or anything without prior admin approval, so even if you brought your mp3 player in from home, it wouldn't work. Companies simply need to implement this to solve this problem. I know there are always ways around it, but this would simply be a step in the right direction.

Oh no (2, Insightful)

varmittang (849469) | more than 8 years ago | (#14195294)

The Camera Phone, they must all be disallowed in the work place. That is going to be difficult, since most phones have a camera, and people are going to want them in case the kids get sick.

Re: parent sig (1)

Kelson (129150) | more than 8 years ago | (#14195480)

12345?

That's the kind of combination an idiot would have on his luggage!

Re:Oh no (1)

plover (150551) | more than 8 years ago | (#14195617)

12345? Have the combination changed on my luggage immediately!

Re:Oh no (1)

jskiff (746548) | more than 8 years ago | (#14195634)

Camera phones, and in some cases mobile phones of any kind, are banned in all sorts of secure facilities. Your kid better know your office number...

Camsnuffling (3, Funny)

digitaldc (879047) | more than 8 years ago | (#14195300)

I thought 'camsnuffling' was breathing heavily through the nose while taking a picture?

"Camsnuffling?" (2)

quinby (865589) | more than 8 years ago | (#14195307)

Let's consult the Oracle [google.com] :

"Your search - camsnuffling - did not match any documents.

Suggestions:

        * Make sure all words are spelled correctly.
        * Try different keywords.
        * Try more general keywords."

Re:"Camsnuffling?" (1)

ComputatusMaximus (544615) | more than 8 years ago | (#14195572)

I think they mean "snarf", but more likely they're trying to invent jargon.

snarf /snarf/ /vt./

1. To grab, esp. to grab a large document or file for the purpose of using it with or without the author's permission. See also BLT. 2. [in the Unix community] To fetch a file or set of files across a network. See also blast. This term was mainstream in the late 1960s, meaning `to eat piggishly'. It may still have this connotation in context. "He's in the snarfing phase of hacking -- FTPing megs of stuff a day." 3. To acquire, with little concern for legal forms or politesse (but not quite by stealing). "They were giving away samples, so I snarfed a bunch of them." 4. Syn. for slurp. "This program starts by snarfing the entire database into core, then...." 5. [GEnie] To spray food or programming fluids due to laughing at the wrong moment. "I was drinking coffee, and when I read your post I snarfed all over my desk." "If I keep reading this topic, I think I'll have to snarf-proof my computer with a keyboard condom." [This sense appears to be widespread among mundane teenagers --ESR]

Also, this is no where near anything you could classify as "cracking" or even inaccurately as "hacking" unless the USB device is used to upload a virus to the computer, in which case there is no "snuffling" about it.

Re:"Camsnuffling?" (0)

Anonymous Coward | more than 8 years ago | (#14195601)



Your search - camsnarfing - did not match any documents.

Suggestions:

        * Make sure all words are spelled correctly.
        * Try different keywords.
        * Try more general keywords.

Re:"Camsnuffling?" (1, Funny)

Anonymous Coward | more than 8 years ago | (#14195628)

Your search - camsnarfing - did not match any documents.

Suggestions:

        * If you make up words that sound absolutely ridiculous, it's unlikely that a page already exists for it.

Re:"Camsnuffling?" (1)

ComputatusMaximus (544615) | more than 8 years ago | (#14195650)

heh, I meant snarfing in general, not using the obviously contrived cam- prefix..

Unless you lock the USB ports... (3, Interesting)

L0neW0lf (594121) | more than 8 years ago | (#14195308)

Someone will get in, if they have access to your local intranet. It's that simple.

I'd bet everyone here has seen a picture of the USB flash drive disguised as a PEZ(tm) dispenser. What about the new Swiss Army Knife that has one built in? Heck, you could mod a USB drive to look like a Zippo or a Bic lighter. As others have said, I can't even see why camera phones are such a hot deal other than for their ability to take pictures; storing documents can be done in a far less noticeable way when there's access to USB ports.

News? (1)

P3NIS_CLEAVER (860022) | more than 8 years ago | (#14195314)

Any big company I worked for banned cameras from their campus. What is old is new.

I was going to browbeat the OP but... (1)

TheTranceFan (444476) | more than 8 years ago | (#14195316)

...then I read TFA, and the OP copied verbatim the first couple of the article's grammatical blunders. There used to be editors, fact checking...it's sad when this kind of article is called journalism.

Data stolen via digital cameras (1)

g0bshiTe (596213) | more than 8 years ago | (#14195336)

What are they doing? Taking pictures with the camera of the data on the screen? Sending video over the net?

I read TFA, and both the article and the title would lead a nontech savvy person to believe that's how they were being used. I think /. already covered data loss via USB ports before.

James Bond Minox Camera Trick (1)

MDMurphy (208495) | more than 8 years ago | (#14195342)

If stuff is really sensitive, cameras should have been kept out long before. Lock up the USB ports but allow camera? People will just print and snap.

Didn't anyone learn anything from watching old James Bond Movies? http://www.mwbrooks.com/submini/flicks/ [mwbrooks.com] Those old Minox camera even had the lanyard marked to let you know the proper focus distance for shooting a document.

Julius Caesar (4, Funny)

giorgiofr (887762) | more than 8 years ago | (#14195363)

Yo, there was this guy long time ago, you know, called C.J. Caesar MC, and he was, like, worried that the Man would steal his secretz, 'namean?, so he came up with this gimmick where he wrote something on a piece of dead skin, how gross is that?, man, but if you had read it it wouldn't have made no sense, but if you had known HOW to read it, then hell yeah, lotsa sense there... than his buddy later called this thingamajig ROT-13 or some such nerdy word, and then lotsa other guys did the same, but more powerful...

I hope you liked this short intro to ENCRYPTION and understand how it can solve some of your problems. Thank you and goodnight.

Phones and PDAs next .. (1)

un1xl0ser (575642) | more than 8 years ago | (#14195388)

I can't bring a camera to work, so this isn't a big deal to me at all. Considering how small flash drives are getting, and how much storage can be kept in phones/PDAs today, how does anyone expect this to work?

Someone has a PDA that can store 2 GB of data in a SD card. If they want, they can have as many of these as they need.

2.5" drives are very discret, and are normally powered by USB.

Don't give anyone access to USB/Bluetooth/WiFi.

Hal reads lips (1)

Hao Wu (652581) | more than 8 years ago | (#14195403)

Stealing a password's as easy as filming a person's keystrokes at the next terminal.

If you're a HAL9000, you do it from across the room.

Human larynx as security risk (5, Insightful)

ewg (158266) | more than 8 years ago | (#14195404)

The human larynx is the biggest security risk. It's a ubiquitous device that can broadcast via sound waves any proprietary information a knowledge-worker has been exposed to.

Of course this description is (intended to be) humorous, but the serious point is one we've heard often enough: you can't solve a human problem with a technological solution.

Re:Human larynx as security risk (1)

Surt (22457) | more than 8 years ago | (#14195556)

With the surgical removal of the larynx, your company can be protected from this attack as well.

plugging the Laptop hole ? (1)

Dave21212 (256924) | more than 8 years ago | (#14195406)


I have heard of a company that does a good job of plugging these types of 'holes' through effective management of the desktop environment... (the guy I know complains that he can't attach *anything* USB to his machine). The funny thing is, after all that, they let him and other people (sales team, managers, etc) walk out of the front door with their laptops ;) Well at least they aren't putting the stuff on an iPod/Camera/Pen !!!

This article is just the latest in a never-ending trend of "danger ! these devices can be used in bad ways" that seem to come out of the security INDUSTRY (go figure). Anyone remember back when email, or even printers were the prime danger ?

At the grocery store... (1)

AtariDatacenter (31657) | more than 8 years ago | (#14195440)

Their cash registers were the old fashioned ones where you have to hand your card to the cashier. Naturally, the cashier loves to wave your card around and expose your numbers to everyone. Not a big hassle, except the really poor looking couple behind me WAS AIMING THEIR PHONE RIGHT AT MY CARD AND CONTINUOUSLY TAKING PICTURES!

Re:At the grocery store... (1)

plover (150551) | more than 8 years ago | (#14195749)

I hope you notified security in the store, and contacted your credit card company immediately. If they went on to try to use your card to commit ID theft, there's a chance that they left some of their own ID evidence at the grocery store (images on security cameras, used their own credit card, paid with a check, etc.)

If they did, and were successfully prosecuted because you raised the issue, the chances are good that you could receive a fat reward from Visa.

Uhhh... Isn't this common sense? (1)

ShyGuy91284 (701108) | more than 8 years ago | (#14195450)

People have been using cameras to sneak around for dozens of years.... Be it as a data storage medium, or going through someone's secret files and taking pictures of them (ala TV spies), it'll always be a threat....

Everything old is new again... (0)

Anonymous Coward | more than 8 years ago | (#14195474)

Just like in the long, long trailer!

Seriously though, cameras have been used for copying documents since they were made portable. The big news here is some tech-related publication is making noise about it. Whoopee.

collateral damage (4, Interesting)

AxemRed (755470) | more than 8 years ago | (#14195478)

This is becoming more of a problem for me too... I'm an amateur photographer. I have enjoyed photography for about 10 years, but over the last 3 years or so, businesses have become much more paranoid about cameras. Concert venues have cracked down, and many stores will kick you out for walking around with a camera, let alone taking pictures. Personally, I have always thought that (for the most part) you should be able to photograph anything that you are allowed to freely look at, but because of abuses, that isn't usually the case. It's sad really.

Warning... (4, Interesting)

Pedrito (94783) | more than 8 years ago | (#14195496)

Photocopiers can be used to copy sensitive data. Please dispose of all photocopiers in your company...

Okay, I did RTFA, but I'm not entirely sure "how" a digital camera is a threat other than being used to take snapshots of sensitive data. Sure, you can plug it into a USB slot, but for a lot of cameras, they're little more than thumbdrives when they're connected via USB, so a thumbdrive would certainly be less conspicuous, but then you have to ask how this is much different from say, floppy disks, which until recently, were pretty ubiquitous.

The article mistakenly states: "Hence, simply plugging it into a computer's USB can allow hackers to obtain sensitive data." How? Does plugging in a camera suddenyl disable all security in a computer? Suddenly all your encrypted data is decrypted? Suddenly the camera has access to everything? This is a completely unqualified statement that means nothing. It's a thumb drive and you have no more access to sensitive data than the person at the keyboard which is presumably the same person with the camera.

Sorry, maybe I'm missing something, but this seems like a pretty stupid article.

Take a picture why don't ya? (0, Redundant)

hal9000(jr) (316943) | more than 8 years ago | (#14195502)

Just wait until those rascally hackers start taking pictures of a screen because the USB port is all gummed up. That'll learn ya!

This reminds me of the time . . . (2, Interesting)

ndansmith (582590) | more than 8 years ago | (#14195573)

a local kid decided to steal software with his iPod. The kid walks into an Apple store, plugs in his iPod to one of the demo machines, and downloads all of the expensive software (ProTools, Photoshop, etc.). I guess he eventually got caught but there were no charges pressed (probably had something to do with the fact that he did not agree to a EULA, haha).

That is to say that the conveniece of plug-n-play mass storage (whether it be usb stick, camera, iPod) can be a major security risk. Add that to unsecured systems running as administrator (or root, etc.) in the workplace or showroom, and you have a great potential for mischief.

Security requires a bit of paranoia (1)

SlashAmpersand (918025) | more than 8 years ago | (#14195592)

I worked at a government installation about 15 years ago where we were required to flip the venetian blinds such that a satellite overhead couldn't take a picture of what was on your desk. To have good security you have to look at what's possible and try to prevent it. If you can't afford for the data to leak you have to close off the leaks, even if it seems ridiculous at the time. There are companies where you can't enter the premises with your cell phone (or any other electronic device for that matter). If they are really serious about it, they'd have you go through a metal detector before entering (I've had to do that). We have a mix of security here. Our PCs have firewall and security software, but nothing prevents use of the USB port. Granted, you have to login, but if somebody were to fail to logout... We run a Wifi network here, but it only goes as far as the public side of a VPN router - you have to establish a tunnel to go any further, but if you've got a laptop and ethernet cable you can plug right in and use DHCP to get an ip address and you're good to go. My point is that there will always be holes, some of them glaring. Removing a threat like a camera would require banning them at the gate - anything else is useless.

Information Classification (2, Insightful)

Ferment (168584) | more than 8 years ago | (#14195632)

Classification of information and treating that information accordingly is at the heart of the issue. It is impracticle to have to protect all information. Organisations need to decide what needs to be protect and to what extent and then implement policies based on those decisions. If you have highly senstive information, clearly classify it so, limit who has acesses it and how they access it.

When I did defense work, classisfied systems sat on seperate networks behind locked doors. Only those who knew the combinations to the locks and had electronic key cards with the right pins could access the rooms. There were no connections from the machines to the outside world and in fact many rooms were RF sheilded to prevent EM snooping. Cameras, IPods, Thumb-drives and USB watches were certainly not allowed in these rooms.

I am not suggesting that all organisations need this kind of security but using seperate physical networks, limiting physical access, and disallowing the presence of certain devices around these machines is not beyond the pale.

India (1)

OtakuMan (27083) | more than 8 years ago | (#14195666)

This is why cameras of any kind are banned from the Indian call center I work with.

Pointy-haired Idiot Quote (1)

GogglesPisano (199483) | more than 8 years ago | (#14195674)

Ian Callens, Icomm Technologies, explains: "If someone is seen in the workplace using an iPod it's more than likely that it's for the wrong reasons - either podslurping or downloading music without permission."

Apparently the millions of people who listen to music on their iPods are "more than likely" criminals and spies.

Talk about sowing FUD -- I wonder how much the RIAA pays this guy?

Camsnuffling? (1)

toupsie (88295) | more than 8 years ago | (#14195685)

It's so new, that I can't find one reference on Google [google.com] about it!

Wrong Solution (1, Redundant)

yapplejax (931268) | more than 8 years ago | (#14195729)

Instead of banning cameras, then memory sticks (as one poster said, they can be potentially hidden to look like just about anything), then iPods...remove the capability from the computer itself! Make them more of a "dumb terminal", no floppy, no CD writer, no accessible USB.

THIS JUST IN! (0, Redundant)

akad0nric0 (398141) | more than 8 years ago | (#14195767)

Devices capable of storing data used to steal data!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?