Forgot your password?
typodupeerror
Privacy Your Rights Online

"Clear" Laptop Found, In the Same Locked Office 264

Posted by kdawson
from the never-mind dept.
jafo alerts us to an SFGate story reporting that the lost "Clear" Program laptop has turned up in the same office from which it was reported missing, but not in its previous location. "A preliminary investigation shows that the information was not compromised... The computer held names, addresses and birthdates for people applying to the program, as well as driver's license, passport and green card information. But, she said, the computer contained no Social Security numbers, credit card numbers, fingerprints, facial images or other biometric information... The information was encrypted on the server, but not on the laptop, although it should have been... However, it was protected by two levels of passwords." Reader jafo adds, "Pardon me if I have little confidence that an organization that loses a sensitive laptop for 9 days is able to tell if it was compromised."
This discussion has been archived. No new comments can be posted.

"Clear" Laptop Found, In the Same Locked Office

Comments Filter:
  • Sorry (Score:5, Funny)

    by MyLongNickName (822545) on Wednesday August 06, 2008 @08:08AM (#24494363) Journal

    ... I borrowed it for the weekend to play WoW.

  • by something_wicked_thi (918168) on Wednesday August 06, 2008 @08:10AM (#24494373)

    Those are, like, needed to remove the hard drive, right?

    • by amazeofdeath (1102843) on Wednesday August 06, 2008 @08:12AM (#24494399)

      Yes, the screws on the bottom of the laptop will ask you the boot and Windows passwords before they'll open.

    • by Loibisch (964797)

      Yup, it's pretty much like the scene at the Bridge of Death in Monty Python's Quest for the Holy Grail.

      If you don't get all the answers right, you die!

    • by Siener (139990) on Wednesday August 06, 2008 @08:51AM (#24494819) Homepage

      You don't even have to remove the HD. If the data is not encrypted you can boot from a USB key or CD and just copy the files.

    • by PMuse (320639)

      Never mind that any thief who had the keys/access to the office to return the laptop is also rather likely to have had the passwords.

      • by flappinbooger (574405) on Wednesday August 06, 2008 @09:45AM (#24495561) Homepage
        Yes, Yes, Inside job it was, young skywalker. You are advancing in the force, you are!

        Reminds me of one time where my boss was in the field at a customer's factory. He had his "notebook" in which he writes everything down. (a paper notebook, old school, not a laptop)

        He left it on a table in the break room for a couple hours and forgot about it. Later, when he remembered, it was gone.

        A few hours LATER, it was back, pretty much where he left it.

        Luckily it didn't have any pricing or other such things in it, but it still wasn't a good thing.

        But Karma is interesting, this same customer a few months later set us an email which happened to have a high level very confidential spreadsheet attached, accidentally. It contained the companies strategic plan for the coming months - peoples salaries, names, locations, PLANT CLOSURE PLANS, savings from plant closures, all that stuff. "ummm, yes, there was a spreadsheet that you ... shouldn't have got... can you please erase that? Right now? And not look at it? Thanks!"

        My point is, and I have one, encryption is fine but it is no guarantee against mistakes and/or stupidity.
        • Re: (Score:3, Funny)

          by zip_000 (951794)
          The HR manager at my previous job accidentally sent out info (including SSN) on all of the employees to allusers. She then tried to "unsend" it - ha.
  • Wait, if it was not encrypted on the drive, but the device was physically compromised, how was it protected by any passwords, let alone two levels of passwords?
  • no excuses (Score:5, Insightful)

    by iveygman (1303733) on Wednesday August 06, 2008 @08:11AM (#24494383)
    Even though this laptop was not actually stolen, that does not excuse the gross lapse of judgement by the people responsible. Two levels of passwords is fine, but unencrypted data still leaves potential victims vulnerable. This still raises the question of why sensitive data was on something as portable as a laptop. Oh and nevermind the fact that they managed to lose it in their own office completely kills any confidence I had in them.
  • by oodaloop (1229816) on Wednesday August 06, 2008 @08:12AM (#24494393)
    and none of it came back today.
  • Two Passwords? (Score:5, Insightful)

    by xanadu-xtroot.com (450073) <[xanadu] [at] [inorbit.com]> on Wednesday August 06, 2008 @08:15AM (#24494425) Homepage Journal

    However, it was protected by two levels of passwords.

    So... what does that actually mean? I know that TFA is a media fluffed version washed for the general masses, but they could've mentioned that part at least. If one was the NT login, were the admins smart enough to disable the LM Hash? Still, booting it with a *NIX CD and blanking the SAM password for administrator is trivial. What could the second be? A BIOS password? Open it and pull the battery. Big deal.

    Is there something I'm missing about this? Are there a (whopping!) two password scheme that could actually make something more secure then just booting it with something else and pulling data off?

    • Re:Two Passwords? (Score:5, Insightful)

      by gruntled (107194) on Wednesday August 06, 2008 @08:29AM (#24494585)

      Hmm. Standard internal investigation procedure: Wait until suspected bad actor has gone home, go into his office, remove hard drive from computer, use Ghost to create reasonably accurate copy of existing drive on another drive, replace duplicate drive in computer. Take your original drive back to your forensics lab, use your forensics software to make a forensically sound image of the original drive, lock the original drive in your safe in case a judge ever wants to see it, drill down through your forensic image at your leisure.

      If you weren't especially interested in creating chain of custody documents, you'd just make a forensic image of the original drive and replace the original drive in the box. Then, absent tool marks or other evidence that the box had been opened, even a qualified forensic technician could swear under oath that there was no evidence that anybody had accessed the data on the box. And it wouldn't matter how many passwords you had on the box if it weren't encrypted...

    • by mpe (36238)
      If one was the NT login, were the admins smart enough to disable the LM Hash? Still, booting it with a *NIX CD and blanking the SAM password for administrator is trivial.

      Makes more sense to take a copy of the disk first. Which leaves the original unaltered.

      Is there something I'm missing about this? Are there a (whopping!) two password scheme that could actually make something more secure then just booting it with something else and pulling data off?
      A HDD password will make things more difficult...
    • Re:Two Passwords? (Score:5, Informative)

      by jamesh (87723) on Wednesday August 06, 2008 @08:49AM (#24494801)

      What could the second be? A BIOS password? Open it and pull the battery. Big deal.

      It could be a big deal. We do warranty and service work for HP hardware and in the past laptops have come in with BIOS passwords and we were not able to remove them. The password is actually part of the ATA protocol and so the disk is unusable without it, even in another machine. I think the only operation you can do is an ERASE. If you remove the battery then the BIOS forgets not only the BIOS password, but the disk password too.

      I'm sure there are backdoors for some drives, but the customer in question in this case certainly wasn't willing to pay for us to investigate it so the data was as good as lost.

      TPM, if implemented correctly, provides fairly good protection too. As does Microsofts BitLocker.

      Physical access reduces security by a whole heap, but if things are done right then it doesn't reduce it to zero.

      Of course as others have mentioned, an organisation that loses laptops like that probably isn't 'doing things right'...

      • by fabs64 (657132)
        They specifically said the files were not encrypted, barring encryption, physical compromise is 100% compromise, no ifs or buts.
        • Re: (Score:3, Informative)

          by sumdumass (711423)

          A hard drive password wouldn't technically be encryption. It's just a level of access restrictions. It works with the firmware of the micro-controller board to regulate access to the device.

          If I remember right, swapping the control boards on identical drives and placing it in a different computer could get around that. There are some issues with that though, the the encryption places some code in the boot sector which if read by the drive's controller (on the drive, not the main board) will block access to

    • However, it was protected by two levels of passwords.

      So... what does that actually mean? I know that TFA is a media fluffed version washed for the general masses, but they could've mentioned that part at least. If one was the NT login, were the admins smart enough to disable the LM Hash? Still, booting it with a *NIX CD and blanking the SAM password for administrator is trivial. What could the second be? A BIOS password? Open it and pull the battery. Big deal.

      Is there something I'm missing about this? Are there a (whopping!) two password scheme that could actually make something more secure then just booting it with something else and pulling data off?

      If the data is not actually encrypted, all the passwords in the world won't save you.

      If you can get your hands on the HDD for a couple hours you can make an image of it. Then you can return the original HDD and work on the image at your leisure. You can blank the SAM, or try to brute-force the password, or just boot off a different drive and copy the data. Without encryption backing it up a password is nothing more than a polite request...not an actual barrier.

      These folks have no idea if the information

  • Found it again... (Score:4, Insightful)

    by Loibisch (964797) on Wednesday August 06, 2008 @08:17AM (#24494443)

    Yeah, we...uhm...found the laptop again...really did...yeah...because claiming so leaves us protected from any coming lawsuits that might or might not be caused by any identity theft cases that could be related to (but, of course, actually are nothing at all caused by) this incident...which certainly did never happen...

    And of course noone tampered with the machine...after all if WE couldn't find it, who else could have?

    Friends again?

    • I was thinking the same. Seems a little suspicious, no? This thing gets lost, they catch hell, then it mysteriously appears?

      Hell, there's tons of possibilities:

      1) Cover-up. They know if they didn't produce this laptop they could lose the contract.

      2) Inside job. Employee "borrows" the laptop to steal the data (didn't that happen to TJ Maxx recently?), then surreptitiously returns it when no one notices and lets someone find it.

      3) It really was lost. Which makes one wonder, how many laptops are float

      • by sumdumass (711423)

        It is more likely that it was an employee theft situation where someone wanted a laptop and had little to no idea what was on it. After it was taken, they probably saw all the fuss and was in fear of getting caught so they returned it. It they were after the data, they would have probably just taken the drive out and ditched the laptop. Whoever done this was worried about getting caught and wasn't willing to take the blame for all the extra hubub that the nature of the beast was creating.

        For all we know, it

  • by Dan East (318230) on Wednesday August 06, 2008 @08:18AM (#24494445) Homepage Journal

    That is why I prefer opaque laptops.

  • by whisper_jeff (680366) on Wednesday August 06, 2008 @08:20AM (#24494473)
    Lost for nine days? Found in the same office in which it was reported lost? How hard did they look for it? Talk about failing to build confidence...
    • Re: (Score:2, Funny)

      by nomadic (141991)
      Honestly I can't criticize, that sounds like something I would do.
    • by cduffy (652)

      There's no reason to believe the laptop was there at all within the nine-day period, rather than off having its drives imaged so the data could be sold.

  • FTA: "Beer said the airport office is always locked, so if the laptop was removed, someone would have needed a key to return it." .... That ought to at least narrow the list of dumbasses who may have taken it home (hopefully) and put it back.

    • by juanfe (466699)

      Because they don't have access card readers with smart chip cards to make sure that only vetted and authorized people can get through?

      No surprise that TSA trusts these morons with national security... they trust themselves, don't they?

  • Correct response (Score:5, Insightful)

    by 91degrees (207121) on Wednesday August 06, 2008 @08:21AM (#24494489) Journal
    The laptop had either been stolen, and sold with the information wiped, stolen and the information sold, lost, destroyed, or left in an office.

    Whichever it was, the only information they had was that it was unaccounted for. It was actually a good response to automatically assume the worst case scenario and deal with the situation as if that had happened. If the worst case scenario was the case then at least it was dealt with as best it could be. If not then the only harm done is to them and not their customers.

    So while losing it was very inept, their response afterwards was actually fairly responsible of them.
  • Clear is bullshit (Score:5, Interesting)

    by Jah-Wren Ryel (80510) on Wednesday August 06, 2008 @08:23AM (#24494519)

    This whole 'Clear' thing is bullshit. Its a bad solution to a problem that should not exist in the first place.

    If you buy the story that all the airport security that results in thousands standing around waiting to get to their gates is both necessary and effective then you must question any program that claims to pre-screen anyone because that just opens a window of opportunity between the pre-screen and the actual boarding of the flight in which the pre-screened person can be compromised in any number of ways.

    It all comes back to the problem that there is no such thing as "the evil bit" - and any system which tries to make up for that by using some other combination of 'bits' as a proxy for the non-existent 'evil bit' is just a house of cards built on a non-existent foundation.

    Even if you take Bruce Schneier's view that Clear is a good thing - not for the pre-screen, but because of the open-market approach to airport security which lets people pay more in exchange for a guaranteed short processing time - its still bullshit. That's because the rich and the powerful - the idiots who make the laws that created the TSA and their time/money wasting policies will be able to avoid having to suffer the consequences of their own actions. They can just pay a few hundred dollars more and never suffer the crap that they dumped on all the plebes.

    Congress already exempts itself from too many of the laws its passes (no social security, they have their own program, no anti-discrimination in hiring laws on the hill, etc) they should not be able to get another free pass on suffering the effects of creating the TSA.

    • Re:Clear is bullshit (Score:4, Interesting)

      by Lumpy (12016) on Wednesday August 06, 2008 @08:37AM (#24494679) Homepage

      Welcome to the Windows Computing culture.

      Data is secure in the SQL server in the system. Dumbass manager #2 uses his login and dumps it to excel or to access because he's handy with those.

      I am sure the IT department has warned against this behavior but managers like to ignore what IT says when they have an "idea"

      Kind of like how someone discovered the entire companies salary breakdown on a laser printer in the sales area.... A dipshit manager in Accounting printed a secure document on a unsecure printer (because hers was being serviced) and LEFT IT THERE for 4 hours.

      • Re: (Score:3, Interesting)

        by MrMr (219533)
        You are aware that keeping salaries a secret is not in the interest of the employees?
        Perhaps your 'dipshit manager' is the only honest person in accounting...
        • by JWSmythe (446288) * <<moc.ehtymswj> <ta> <ehtymswj>> on Wednesday August 06, 2008 @09:34AM (#24495413) Homepage Journal

          I'm glad someone said it.

              No company that I've ever worked for that keeps salaries "secret" are being honest. There are tremendous variances in pay rates, which are based on arbitrary things, not on the position, ability, performance, or workload of the individual.

              If you can have a 5 year employee making $35k/yr, and a starting employee making $75k/yr, and another making over $100k/yr, all doing the same job, with the same workload, then there's something seriously wrong with the pay scheme. If you believe a position is worth $75k/yr, then that's what the base salary is for the position, and there should be adjustments for time with the company (10%/yr), performance bonuses, incentives, etc.

              I could rant for days, but I agree, the "dipshit" manager "accidentally" let a company secret out, which needed to be told.

      • This happened at my work too. Well. Replace document with "book" and printer with "state records repository" and we're good.

    • Re: (Score:3, Insightful)

      by QuantumRiff (120817)

      About airport security... Crashing a few planes is one thing, but what happens when someone in an explosive vest walks into an airport, and sits in the middle of a backed up line waiting to go through the security checkpoint. They don't even need a plane ticket, its public up until you get past security. Multiply that by a handfull of airports on the same day, and airports and airlines will go bankrupt in no time flat.

      I've always thought that the first rule of this kind of security, is you don't present a

    • Re: (Score:3, Insightful)

      by Westech (710854)
      It strikes me as funny that the people who signed up and paid extra in order to get through security faster will now most likely be subjected to extra screening because they're on a "possibly stolen identity" list. They'd have been better off if they'd never signed up for Clear and just continued going through the regular security line.
  • That having the company's personal information crown jewels on a laptop, unprotected would be an automatic, stop, don't pass go firing offense at any self-respecting corporation today.
    • That having the company's personal information crown jewels on a laptop, unprotected would be an automatic, stop, don't pass go firing offense at any self-respecting corporation today.

      Yes, at least for a low-level employee, or may be for an employee nobody liked.

      However if it's an executive who was responsible for the laptop, or if it's an executive who borrowed the laptop, then most corporations wouldn't fire such a person. Firing someone in the abstract is really easy. Firing a friend/colleague in real li

  • by SendBot (29932) on Wednesday August 06, 2008 @08:29AM (#24494581) Homepage Journal

    "[data was not encrypted] However, it was protected by two levels of passwords."

    Baby, I'm sorry I cheated on you. But I was thinking of you while we did it.

  • ...electronic versions of the Rose Law Firm billing records [pbs.org].
    • OK, I laughed, but you should be embarrassed.

      Making a Clinton-era joke is like wearing bell bottoms, a tie-dyed T-shirt AND an afro. No one can tell whether you're trying to be funny, or agree on what's really funny.

  • by portwojc (201398) on Wednesday August 06, 2008 @08:38AM (#24494697) Homepage

    When they finally found the laptop did they stop cleaning the office or did they finish up?

  • by PMuse (320639) on Wednesday August 06, 2008 @08:50AM (#24494809)

    So, what we have here is starting to sound like: employee 'borrows' office computer for home use, manager raises alarm, news media panics, employee waits until dust settles a little to slip 'borrowed' property back into office.

    Either that, or the identity thieves who who masterminded the scheme to steal that data were really slow.

    • Re: (Score:3, Insightful)

      by Downside (662268)
      3rd possiblity: blustery pompous asshat puts laptop in desk drawer before going home. Next morning he comes in and can't see laptop on the desk where "I left it right there" and starts shouting about theft?
  • Too convenient (Score:3, Interesting)

    by JoeMerchant (803320) on Wednesday August 06, 2008 @09:00AM (#24494935) Homepage

    After the big media blitz, I imagine the laptop was found "somewhere," and it was a lot easier to explain if "somewhere" became the same locked office it was supposed to be in. I seem to recall some removable hard drives in the Los Alamos fiasco that also eventually "were discovered" in secure areas like behind a copy machine or something.

    /cynical

    realistic (what's the difference, anyway?)

    Laptops and removable hard drives are inherently portable - if you really care about preserving the confidentiality of anything, it should be treated in an "eyes only" manner while on the portable media - when you're done, either encrypt or wipe. If the portable device leaves your sight for 15 minutes, you can assume that it has been copied. If it's not encrypted, it doesn't matter how many passwords are required, it can be copied in a very short time with a screwdriver and a mini-notebook, or any other contraption with a compatible drive controller.

    /realistic

    • by Knuckles (8964)

      /cynical

      realistic (what's the difference, anyway?)

      George Bernard Shaw to the rescue: "The power of accurate observation is commonly called cynicism by those who don't have it."

  • by PMuse (320639) on Wednesday August 06, 2008 @09:01AM (#24494955)

    Dear Slashdot,

    I've borrowed a laptop from my office to download a little . . . well, nevermind. But, the thing is that my manager went apeshit and the laptop turns out to have a lot of valuable data sitting on it. What should I do?

    The FBI is searching the homes of all the employees, so I can't keep it. If I give it to a friend, some one will eventually tell and I'll get busted.

    If I dump it or destroy it, they'll assume espionage and the investigation will go on for months and I'm sure to slip up eventually.

    If I return it to quiet things down, I might provide them with forensic evidence they can link to me, not to mention maybe getting caught doing it.

    Please help. If I lose my security clearance, I'll never get another job.

    • by n3tcat (664243)
      1) Post your question as Anonymous Coward
      2) If step 1 fails, flee to Canada
      3) ???
      4) Profit!
  • My guess... (Score:5, Funny)

    by g0bshiTe (596213) on Wednesday August 06, 2008 @09:23AM (#24495237)

    Reader jafo adds, "Pardon me if I have little confidence that an organization that loses a sensitive laptop for 9 days is able to tell if it was compromised."

    It was never actually missing. They just couldn't find it in their own office.

    • Reader jafo adds, "Pardon me if I have little confidence that an organization that loses a sensitive laptop for 9 days is able to tell if it was compromised."

      It was never actually missing. They just couldn't find it in their own office.

      I guess that's possible, I've done that with personal things.

      IE, I thought I put my wallet on one end of the table and later can't find it (and thus go into panic mode, fearing that maybe I left it at work). And when in panic mode, you usually miss the obvious. Later I find it on the other end of the table partially covered by a newspaper.

      Maybe when they didn't see it on the desk they went into panic mode and didn't do a thorough search of the whole office.

      On the other hand it's equally feasible that some

  • Gone for 9 days? I think a variation of the Rainbow-Table solution can be applied here. Aside from the reason that the laptop was not in the office in the first place. I think that the scenario to consider is that the entire hard drive was copied, more than once, and that now the new owner of the copies has all the time in the world to brute force the passwords. And in a few weeks when all this is blown over, there will be a new list on the open market to purchase. The Bad Guys are on the job 7/24, thes

  • No, no, no. Just a little radiation leak. Give us a minute to lock it down.

    Uh, negative, negative, don't come in here ... uh ... oh look! We found it! It was here all along! We're fine here ... now. How are you?
  • How could you tell, if you borrowed the notebook, took out the drive, used an adapter to mount the drive another computer, and dd'd it.

  • by ducomputergeek (595742) on Wednesday August 06, 2008 @10:19AM (#24496163)

    WHY THE HELL IS THIS STUFF ON LAPTOPS TO START WITH!

    I'm sorry, but there are some information that belongs on servers managed by people that at least understand (hopefully) security and encryption. And then the only access to it from secured thin client terminals inside the office.

  • by wardk (3037)

    they no longer have to tell you they are searching, and can do it quietly/legally while you are away.

    maybe the feds came in took it, got a good clean copy, and returned it?

  • ...you can't make THIS shit up either.

    Bet he didn't lose his $tarbucks card.

  • by BlackSnake112 (912158) on Wednesday August 06, 2008 @11:55AM (#24497887)

    I remember getting a security audit. These people came in to 'hack' (just get root access) to the systems. Once they had that they stopped. They really just ran password guessing programs on the machines. I had a DB server that was not part of the domain only used DB accounts no domain accounts were used. So the domain accounts and passwords didn't work. At the end of the week they never got into that machine. The rest of the windows, sun, VAX, I forget about the mainframe were cracked. My boss was wondering why that one windows box was not cracked, and so did the company. I never told the company I just said they failed to get into my DB machine. They left and my boss and a few VPs wanted to know how I did it.

    The password was: ThisIsThePasswordForMachineDelta

    They never went past 15 characters in their password program. I was surprised that it wasn't guessed since it was all letters but it worked. And a new 30+ password systems was set in place. I did get a few threatening emails after the new password policy was put in place though. This was also 1997 too, so it most likely would not work today.

  • by teal_ (53392) on Wednesday August 06, 2008 @02:20PM (#24500405)

    As I was waiting my turn in line at the SFO security gates and about to put my things on the conveyor belt, all of a sudden a "Clear" employee brings a customer of theirs to cut right in front of me with a curt "excuse me". What is that? Just because they pay money they get to cut in front of me? Isn't the airport a public facility?

    Can I open up shop in a grocery store and sell tickets whereby I cut in front of everybody else to get my clients through?

    I wanted to raise a fuss but being that it was the airport I kept my mouth shut otherwise they'd probably arrest and detain me for terrorism or something. But seriously, what is the deal?

    Makes me very angry.

Successful and fortunate crime is called virtue. - Seneca

Working...