Heathrow Airport security plans on USB stick found on street

[Homer J Simpson]

oops

http://www.cnn.com/2017/10/29/europe/heathrow-airport-security-usb-stick/index.html

[T3sl4co1l]

I imagine the probe is to figure out who is stupid enough to plug in a USB drive found on the street... (Because obviously its content wasn't their fault, right? )

Tim

[Mr. Scram]

Obviously there is a problem with the information on the stick not being encrypted and being left in a public place. However, we should also appreciate that a member of the public found an unknown USB drive and plugged it into a computer that isn't his, plus that the library computers allow random USB drives to be plugged and read.

There don't seem to be winners here.

[Mr. Scram]

I imagine the probe is to figure out who is stupid enough to plug in a USB drive found on the street... (Because obviously its content wasn't their fault, right? )

Tim

I'm afraid very few understand the risk associated with that. Not just that, but companies still hand out USB drives at trade shows.

[Cyberdragon]

So, what have we learned here?

The moral of the story is that if you put confidential information on a flash drive and may loose it, don't bother encrypting it, just include a complimentary virus to destroy the random computer some poor sod plugs it into.

[Mr. Scram]

So, what have we learned here?

The moral of the story is that if you put confidential information on a flash drive and may loose it, don't bother encrypting it, just include a complimentary virus to destroy the random computer some poor sod plugs it into.

Why not both? Just have it encrypted and have a bit of software reporting back where it got plugged in and by whom.

Oh, and we should note that even encrypted sensitive data being lost counts as a leak, according to EU data protection laws, which currently still apply to the UK.

[Cyberdragon]

Perhaps the complimentary virus could cause it to corrupt/wipe itself as well as any unauthorized machine it's plugged into.

[GreyWoolfe]

The same kind of thing happened in my company.  A tech left an unencryped flash drive with proprietary information, including a computer image behind and it was found by the client.  It raised quite a stink and, as a result, the company has issued all the field service techs Aegis encrypted 100Gb flash drives.  After keying in the numerical password of choice, you have 30 seconds to seat the drive in a computer or it locks back up.  3 failed attempts locks the drive for 20 minutes I believe.  I now have an encrypted USB hard drive for all my backed up information as it exceeds the capacity of the flash drive after having that hard drive unencrypted for years as it never leaves my home office.