Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Saturday May 12 2018, @11:01PM   Printer-friendly
from the man-nc dept.

[...] The possibility of "financial and reputational" damage if staff lost or misused the devices prompted the decision, reported The Register.

Instead, IBM staff who need to move data around will be encouraged to do so via an internal network.

[...] Some IBM departments had been banned from using removable portable media for some time, said Ms Naidoo, but now the decree was being implemented worldwide. IBM staff are expected to stop using removable devices by the end of May.

[...] Security expert Kevin Beaumont said: "It is a brave move by IBM, as USB devices do present a real risk - often it is very easy to extract data from a company via these devices, and introduce malicious software."

[...] Sumir Karayi, chief executive of security company 1E, said IBM's ban was an "overreaction" by security staff who had not realised the many different ways data flowed in and out of an organisation.

[...] On 25 May, the GDPR rules are enacted, which impose heavy fines on organisations that do not do enough to protect sensitive information.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Insightful) by MostCynical on Saturday May 12 2018, @11:13PM (10 children)

    by MostCynical (2589) on Saturday May 12 2018, @11:13PM (#678970) Journal

    does this apply to the CEO's board presentations?
    How long before a CxO over-rides this, because the off-site presentation room had issues (didn't have a way of getting the VPN over wifi, or whatever) or things just "went wrong" five minutes before the presentation?

    Also, since when do the new european privacy rules apply to corporate information?

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
    • (Score: 0) by Anonymous Coward on Saturday May 12 2018, @11:42PM (1 child)

      by Anonymous Coward on Saturday May 12 2018, @11:42PM (#678976)

      I work at a bank. Same deal.

      • (Score: 2) by arslan on Monday May 14 2018, @06:09AM

        by arslan (3462) on Monday May 14 2018, @06:09AM (#679443)

        Ditto, nothing new except it is now a non-bank and big blue doing it.

        Our Data leakage policy is quite draconian and its enforcement is pretty dystopian. Folks get fired for copy-and-paste data from documents and sending it to their private email accounts, the tech to catch data leak is improving every day.

        They can't yet easily catch folks printing documents and stuffing it in their undies to take out yet or snapping docs with their private cell phones, but I'm guessing that tech isn't far away to close some of these gaps.

    • (Score: 1, Funny) by Anonymous Coward on Sunday May 13 2018, @12:25AM (4 children)

      by Anonymous Coward on Sunday May 13 2018, @12:25AM (#679000)

      You don't get to be a C-level executive without a thorough understanding of when it is appropriate to use a USB key. Ordinary employees do not have the necessary leadership skills to make these decisions.

      • (Score: 3, Funny) by realDonaldTrump on Sunday May 13 2018, @12:40AM (2 children)

        by realDonaldTrump (6614) on Sunday May 13 2018, @12:40AM (#679007) Homepage Journal

        I think there's cyber smart and there's business smart. Somebody can be a genius at business but not know computer. Or someone can be a genius at computer but not know much about business -- or really, much about anything.

        Let me tell you, we live in the age of computer. You see so many things, they were never cyber, now they're cyber. Even to get an airline ticket, so much of that is computer now. One guy, the computer didn't like his name, it made him give a fake name. And it became a HUGE hassle for him!

        • (Score: 2) by Whoever on Sunday May 13 2018, @12:58AM (1 child)

          by Whoever (4524) on Sunday May 13 2018, @12:58AM (#679008) Journal

          You didn't even mention how Barron is an expert with the cyber.

          D-. Try harder.

          • (Score: 2) by realDonaldTrump on Sunday May 13 2018, @02:32AM

            by realDonaldTrump (6614) on Sunday May 13 2018, @02:32AM (#679032) Homepage Journal

            He's 12 years old, he's an incredible little guy. He can do anything with a computer. He's taught me a thing or two.....OK, to be honest, one thing. And I think he could teach our cyber hackers a thing or two. Look out Iran!!!

      • (Score: 2) by edIII on Sunday May 13 2018, @03:33AM

        by edIII (791) on Sunday May 13 2018, @03:33AM (#679058)

        Spoken like a truly clueless PHB, then placing his drink in his PC's cupholder :)

        --
        Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 3, Funny) by looorg on Sunday May 13 2018, @01:06AM (2 children)

      by looorg (578) on Sunday May 13 2018, @01:06AM (#679011)

      Like the CEO of IBM would carry her own USB stick. I'm sure she has some senior executive assistant to do that for here, or if they ban USB-sticks now I guess he has to carry a stack of old blue floppy disks (time to load the PP onto the machine will take between 3-4 hours of floppy swapping).

      • (Score: 2, Interesting) by Anonymous Coward on Monday May 14 2018, @08:01AM (1 child)

        by Anonymous Coward on Monday May 14 2018, @08:01AM (#679472)
        FWIW I've used my phone to install legit software updates for financial orgs before.

        The normal usb driver stuff is blocked but MTP works fine. Plug phone to PC, copy updates to PC, transfer updates from PC to server. Install.

        I think they know in theory it's a loophole but in practice that's how they keep the "security auditors" happy while still managing to get stuff done before 2020 (including installing security updates that the "security auditors" insist on).
        • (Score: 2) by MostCynical on Tuesday May 15 2018, @03:42AM

          by MostCynical (2589) on Tuesday May 15 2018, @03:42AM (#679927) Journal

          I've worked for orgs with policies for instant-dismissal-for-connecting-smart-phone-to-work-computer.

          Buying a charger for work and finding a spare power point was easier (and cheaper!) than buying usb charge-only cables.

          --
          "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
  • (Score: 1, Interesting) by Anonymous Coward on Saturday May 12 2018, @11:51PM (9 children)

    by Anonymous Coward on Saturday May 12 2018, @11:51PM (#678978)

    Disable USB ports.

    • (Score: 0) by Anonymous Coward on Sunday May 13 2018, @12:00AM (2 children)

      by Anonymous Coward on Sunday May 13 2018, @12:00AM (#678984)

      Inconvenience 101

      They probably didn't need that much security until China started stealing their IP.

      • (Score: 3, Informative) by Nerdfest on Sunday May 13 2018, @02:54AM (1 child)

        by Nerdfest (80) on Sunday May 13 2018, @02:54AM (#679045)

        IBM gives China the "IP" to manufacture their products cheaply, just like everyone else. Spying is no longer needed.

        • (Score: 0) by Anonymous Coward on Sunday May 13 2018, @03:39AM

          by Anonymous Coward on Sunday May 13 2018, @03:39AM (#679061)

          Why wait until IBM is ready to manufacture? Steal the designs in advance and beat them to market.

    • (Score: -1, Troll) by Anonymous Coward on Sunday May 13 2018, @12:01AM

      by Anonymous Coward on Sunday May 13 2018, @12:01AM (#678986)

      But I need to stick my dick in, and USB is the only port on the device.

    • (Score: 2) by SomeGuy on Sunday May 13 2018, @02:15AM (3 children)

      by SomeGuy (5632) on Sunday May 13 2018, @02:15AM (#679029)

      Security 102:
      Dig up some PS/2 Mice and Keyboards :P

      • (Score: 0) by Anonymous Coward on Sunday May 13 2018, @03:34AM (2 children)

        by Anonymous Coward on Sunday May 13 2018, @03:34AM (#679059)

        What about internally mounted flash card readers for sneakernet needs?

        Or let me guess. The problem is still--still!--auto fucking run and a complete lack of a way to mount a storage device in Windows noexec.

        • (Score: 0) by Anonymous Coward on Sunday May 13 2018, @05:12AM

          by Anonymous Coward on Sunday May 13 2018, @05:12AM (#679083)

          It's a combination of that and fear of people who (usually with the best of intentions) want to take a document with some super-sensitive stuff home to work on it WITH THEIR MALWARE INFESTED HOME PC!

        • (Score: 0) by Anonymous Coward on Monday May 14 2018, @07:52AM

          by Anonymous Coward on Monday May 14 2018, @07:52AM (#679468)

          No, they are talking about leaks. As in taking moving important data from department A to department B via USB-stick, "oh, I'll just get a coffee on the way", then accidentally dropping the USB stick in the Starbucks parking lot.

    • (Score: 2) by frojack on Sunday May 13 2018, @03:36AM

      by frojack (1554) on Sunday May 13 2018, @03:36AM (#679060) Journal

      Exactly.

      We were hot gluing USB ports 12 years ago, both on the case exterior and on the mother board headers for several government agencies which were our customers.

      --
      No, you are mistaken. I've always had this sig.
  • (Score: 1, Interesting) by Anonymous Coward on Saturday May 12 2018, @11:59PM

    by Anonymous Coward on Saturday May 12 2018, @11:59PM (#678983)

    from the man-nc dept.

    Netcat, please. Try socat sometime, hmm? With builtin support for ssl and tun, you can make your own barebones VPN.

  • (Score: 3, Interesting) by Snotnose on Sunday May 13 2018, @12:33AM

    by Snotnose (1623) on Sunday May 13 2018, @12:33AM (#679004)

    For some 20 years now I've carried a USB thumb drive like others carry cigarette lighters or knives. I travel between buildings, and work from home when forced to. My thumb drive makes everything ez peezy. I've got a 64 gig drive in my pocket right now with several music albums and a dozen company confidential files. I can drive to a building I've never been to, plug my thumb in, listen to music I enjoy, and troubleshoot their problem while referring to the files on my thumb.

    Fun fact. I recently came across the first thumb drive I ever bought. It's the size of a cigarette lighter and holds a whopping 256 megs. It has 1 album on it, and 3 files describing a then new Globalstar spec, plus my resume

    When I was 20 I couldn't imagine not carrying a lighter. Then I quit smoking pot.

    When I was 60 I couldn't imagine how to move between buildings/home without logins to domains I'm not a part of, nor listen to music I enjoy, without a thumb drive.

    I now have a 32 gig thumb drive in my car stereo and a 64 gig drive in my pocket.

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
  • (Score: 1) by suburbanitemediocrity on Sunday May 13 2018, @12:40AM (3 children)

    by suburbanitemediocrity (6844) on Sunday May 13 2018, @12:40AM (#679006)

    I've worked. I thought this would be standard security in engineering firms that work on safety critical systems. On top of this, our desk workstations were not even connected to the internet. It's amazing anyone got any work done.

    • (Score: 2) by Snotnose on Sunday May 13 2018, @01:36AM

      by Snotnose (1623) on Sunday May 13 2018, @01:36AM (#679017)

      Recordable CD drives have always been disabled where I work. USB ports? Not so much. As in, never.

      --
      Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    • (Score: 2) by richtopia on Sunday May 13 2018, @04:08AM

      by richtopia (3160) on Sunday May 13 2018, @04:08AM (#679067) Homepage Journal

      I've seen different factories with different levels of acceptance for USB, from "No devices on premise, including phones" to no security at all.

      To prevent illegal access, in the factory the tools are on an internal intranet which the owners need to jump through hoops in order to access (something like two VPN connections to get to the secure network). Then all of the USB ports on any computer are locked out with a physical plug. It is not perfect, but the threat of getting escorted off-site if you violate the rules helps too.

      https://www.ebay.com/itm/USB-PC-Laptop-Secure-Port-A-Type-Blocker-10-Pack-007682/192065989467?hash=item2cb8066b5b:g:3-wAAOSwDkVaQmU9 [ebay.com]

    • (Score: 1, Funny) by Anonymous Coward on Monday May 14 2018, @07:55AM

      by Anonymous Coward on Monday May 14 2018, @07:55AM (#679469)

      On top of this, our desk workstations were not even connected to the internet. It's amazing anyone got any work done.

      Well, what else would you do?

  • (Score: 2) by sjames on Sunday May 13 2018, @02:15AM

    by sjames (2882) on Sunday May 13 2018, @02:15AM (#679030) Journal

    Next up, a deck of punched cards lost on the subway.

  • (Score: 3, Interesting) by crafoo on Sunday May 13 2018, @05:14AM

    by crafoo (6639) on Sunday May 13 2018, @05:14AM (#679084)

    Maybe something is going on to motivate all of this, because I've heard of multiple IT crackdowns at multiple fortune 500 companies in the last few months. Some of it very poorly thought out. It feels like a reaction to something going on that may have been recently discovered. At one in particular, new policy was to disallow any downloads (can't save files from non-intranet sources). Still allow internet access though. USB writing disabled, but not reading, and curiously not writing to SD cards or DVDs.

  • (Score: 3, Interesting) by LoRdTAW on Sunday May 13 2018, @01:55PM (3 children)

    by LoRdTAW (3755) on Sunday May 13 2018, @01:55PM (#679180) Journal

    One thing that I have come to realize is how badly we fucked up and missed the distributed computing train. It's 2018 and people are still moving data around using usb sticks even though most computers are networked. Even at work I catch people putting data on thumb drives when we have shared network drives for that purpose.

    • (Score: 2) by Pino P on Monday May 14 2018, @12:04AM (2 children)

      by Pino P (4721) on Monday May 14 2018, @12:04AM (#679368) Journal

      A 3-pack of "16 GB" (really 15 GB) USB flash drives is $20 at Walmart. How much does 45 GB of leased Internet storage plus upstream and downstream bandwidth cost, particularly when you have to upload and download through a cellular data connection because transit in your city does not provide Wi-Fi to paying riders? But if IBM wants to pay beaucoup bucks to the U.S. cellular racket for company hotspots, I guess that's Big Blue's call to make.

      • (Score: 2) by LoRdTAW on Monday May 14 2018, @12:24AM (1 child)

        by LoRdTAW (3755) on Monday May 14 2018, @12:24AM (#679373) Journal

        I'm talking about moving files from computer A to computer B in the same organization. And lets be honest, who's moving around 45GB of data in an org aside from IT? And yes, that excludes OBVIOUS use cases like video or other large data sets that you wouldn't trust to walmart usb drives. Data packets we get at work rarely come in from USB sticks, only once did we get files on an encrypted drive with a pass code. Everything is now securely hosted or encrypted archives downloaded from the net now.

        • (Score: 2) by Pino P on Monday May 14 2018, @06:03PM

          by Pino P (4721) on Monday May 14 2018, @06:03PM (#679677) Journal

          I'm talking about moving files from computer A to computer B in the same organization.

          If computer B is in the field, as opposed to in the office, the cellular last mile to computer B can become expensive.

(1)