D'oh!  Always check your work, kids...

Crazy-ass story from Wired about one hacker being kidnapped and "tortured" by another after talking to media.

Hacker Reportedly Kidnaps and Tortures Informant, Posts Picture as a Warning to Others

A mention about ChicagoCon and a "Thanks" for the Tweener party over on the Securabit Podcast

Congrats Don!  Shame you just got over the DefCon hangover...now you've got to do it all over again after going out to celebrate tonight 

...lest ye end up with all your goodies posted on seclists.org as some of our esteemed colleagues recently have.

I was for a long time using a product that I believe was called CloneEZ or EZClone.  However, when I consulted the great, wise oracle, I kept getting links for pot plant cloning products. 

Me too.  Going back over the first two for a refresher of where Ed left off.

Not this guy. 

You're probably right about the carelessness, Don.  But at the same time, that doesn't excuse his employer from neglecting the oversight to prevent such a thing from occurring.

Although, even if they had...

Martin Mckeay interviewed Mike Murray and Lee Kushner over on the Network Security Podcast regarding their DefCon talk about this exact topic.

Highly recommended for anyone just getting started.

Happy listening

Then what the hell are they "auto-sensing?"

*edit - there's a "y" in "they" 

I don't think the issue is taking care of the employer owned asset of the machine itself, but of the customer-owned data.

It's not mentioned in this article whether or not the hospital had an encryption policy (one would assume that they'd at least have some form of security policy, though). 

Should the laptop have been encrypted?  Duh.

Should the employee have NOT stored EPHI on the unencrypted laptop?  Double Duh.

As Jamie Cowper of PGP is quoted in the article:
However, I do see it as a step in the right direction.  Seems to me that there is more than one party at fault here.  It sucks that this one person had to be the fall guy, but with any luck he'll hire a good lawyer who can take the case and make a greater precedent.  i.e. "Should my client have been dismissed from his possition when there was no enterprise policy to protect the data in the first place?" 

Jimbob's got it right...there is NO reason for this data to be on a manager's laptop (should he even NEED a laptop anyway), but it is the responsibility of upper management, the board, and us security geeks to see to it that this doesn't happen in the first place.

Best precedent EVAR!!!

As the site clearly states, you can purchase a 24-hour membership, or have your school librarian apply for the complimentary access.

I don't recall having seen anything about this one on here and couldn't find it in the archives.

Sandro Gauci from enablesecurity posted this demo of stealing cookies and hacking a gmail account.

Wonder if that's what happened to pdp?

Nate and Rob discuss the GIFAR talk on the Network Security Podcast