UPDATED: Yet another embarassing data leakage

03/06/2009 Written by Boris Mutina (minor)

Sensitive data leakage is nothing new, it's sometimes pretty embarassing, when you realize the lack of what we call security awareness. Slovakia is not an exception at all when discussing the security incidents, just to mention interesting incident related to Slovak National Security Authority, or the disclosure of the whole cellphone number database of one operator, naturally also with the secret numbers of the politicians and other important persons.

One of the last really stupid incidents happened again online: secret service employee was fired after he posted his photo on popular dating website. The photo was found by his co-workers...

 

This time anonymous man brought to the offices of Slovak newspaper SME just one USB pendrive. As he told, he found it on the main square in small town on the west of the Slovakia where it was lost by a crew of a black BMW (usually used by the politicians or some higher officers...). Content of the drive should be highly confidential: it contains extensive documents and personal data about policemens from Slovak Military Police. Just to mention that some Slovak military cops are on the mission in Afghanistan...

Several scenarios could arise when this drive wouldn't be delivered to the newspaper, but to some criminals or even the terrorists. Better not to mention. But anyway: isn't there really any security awareness in Slovak institutions??? Do they need the worst scenarios caused by data leakage to be true? This could be yet another wake-up call and we hope it will be. Another incident like this could lead to crucial consequences.

As the investigation started, Defense Department refused to answer any questions about this incident. But we would like also to ask few questions: why such sensitive data was located on the pendrive? why without any kind of encryption? why yet another embarassing incident?

UPDATE: Embarassing incidents continue: website of the Slovak Prime Minister, that was launched yesterday was immediatelly a victim of Cross Site scripting attacks. Attacker inserted malicious script which caused injecting funny content looking as regular website ("Slap your prime minister" flash game or Youtube video) and spreading the link around using online media. At this time website administrators resolved the problem... But was it really necessary to publish vulnerable website?