BreachExchange mailing list archives
Re: (update) UT: U. patient records recovered
From: "TS Glassey" <tglassey () earthlink net>
Date: Thu, 3 Jul 2008 09:36:34 -0800
You mean the User ID of the File/Tape Owner didn't exist on your system - yeah this happens on many systems still. But hey - my point was that if you were trying to stop someone who knew what they were doing, the claims made by the Newspaper in response to their article are simply wrong IMHO. Todd ----- Original Message ----- From: "Al Mac Wheel" <macwheel99 () wowway com> To: "TS Glassey" <tglassey () earthlink net>; "Michael Hill, CITRMS" <mhill () idtexperts com>; <dataloss () attrition org> Sent: Thursday, July 03, 2008 7:33 AM Subject: Re: [Dataloss] (update) UT: U. patient records recovered
I agree, but it is also OS dependent what can be done, since different OS have different features for media support. Plus the market can demand something better. Look at the growth in encrypted backup support. I once got a tape which my OS refused to load. "This tape was created by PACIFIC, who is not a user on your system." Since I had security officer access, I created user PACIFIC on our system, and was able to load the tape. With IBM media, it is an issue of who owns the data, and who has what access privileges. User PACIFIC has access privileges. No other IBM OS will accept that data unless that computer system has a user by that name. The # of usages XX,XXX I believe is related to looking at the magnetics of the media & doing an estimate from the wear, which is why I say I do not believe the accuracy is good enough for this purpose. If it was, the backup log would record # usages, the restore log would record #, we would get an error message if difference is unexpected. There is a heck of a lot more on the volume than the serial #. Right now with IBM OS there's a date component ... "You are restoring from backup made 6/22 ... your most recent backup was 7/2" in other words it recognizes that we are not restoring from the latest backup media.Folks - a tape is a 100% passive reading system. The processes which would have watermarked this for each use actually have to write on the tape's header or in other locations. And gee whiz, depending on what type of tape this was, that simply may not be possible. If it is a random access tape then this might work, but say its a streaming media cartridge. All that the hosting system gets is the cartridge's serial number so it really cannot tell how many times a tape was used. The system Michael talks about below is part of an integrated volume management system which most OS's don't have. If this tape or tape cartridge (which is much more likely) was just copied from say a Unix system with DUMP or just DD there would be no record created on the media what so ever. Todd Glassey CISM CIFI ----- Original Message ----- From: "Al Mac Wheel" <macwheel99 () wowway com> To: "Michael Hill, CITRMS" <mhill () idtexperts com>; <dataloss () attrition org> Sent: Thursday, July 03, 2008 6:01 AM Subject: Re: [Dataloss] (update) UT: U. patient records recovered, Michael Hill, CITRMS wrote: <snip>Before this afternoon's news conference, attorney Scot Boyd, who is representing 11 plaintiffs and potentially "hundreds" more in that lawsuit, couldn't say whether the recovery of the tapes wouldnullify > thelawsuit. But in court filings, he wrote that it wouldn't, noting the thieves could copy the information and return the original tapes.Can you detect whether a tape has been copied? Can any techies out there answer that?On IBM OS, you can get statistics on backup media # of usages & estimated life. For example: this media is rated for 1 million usages, and so far it has had XX,XXX usages. I do not know how accurate it is, I have not used it for this purpose. The act of accessing the media to get the latest count, that is also a usage. How I have used it for backup media ... I have a mountain of backup media used in rotation. From time to time some wear out. I can use this to warn me that some media is approaching the end of its useful life span. Usages includes reading in a copy to any other media, or upload to some computer system. Depending on how the data on the media is organized, you can also get at the # usages of various files, libraries, records etc. With backup media, they should all be consistent with ... save / verify / restore, except where you know you used that media to restore a small volume of problem areas. A problem with the latter could be that it is a feature of the IBM OS that any time stuff is accessed using that OS, certain aspects of the description of the objects are incremented by the usage count, but suppose the media is accessed by some other OS, that does not have that same security feature standard, or suppose the crooks have the geek skills to mess with the OS wherever they are operating, to circumvent or turn off some of the stuff the OS normally does. <snip> Al Macintyre i/geek Programmer etc. on IBM Midrange platforms _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml-------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG. Version: 8.0.134 / Virus Database: 270.4.3/1529 - Release Date: 7/1/2008 7:23 PM
-------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG. Version: 8.0.134 / Virus Database: 270.4.3/1529 - Release Date: 7/1/2008 7:23 PM _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- UT: U. patient records recovered lyger (Jul 02)
- (update) UT: U. patient records recovered Jake Schroeder (Jul 02)
- Re: (update) UT: U. patient records recovered Michael Hill, CITRMS (Jul 02)
- Re: (update) UT: U. patient records recovered TS Glassey (Jul 03)
- Re: (update) UT: U. patient records recovered Al Mac Wheel (Jul 03)
- Re: (update) UT: U. patient records recovered TS Glassey (Jul 03)
- Re: (update) UT: U. patient records recovered Al Mac Wheel (Jul 03)
- Re: (update) UT: U. patient records recovered TS Glassey (Jul 03)
- Re: (update) UT: U. patient records recovered Michael Hill, CITRMS (Jul 02)
- (update) UT: U. patient records recovered Jake Schroeder (Jul 02)