Beware of tera theft

Remember 360K floppies?

I performed a security audit on a company in the mid '90s. I cheated, but it’s all about asymmetry, so I figured cheating was fair. The bad guys cheat and I was looking to emulate them, not make my clients feel good about themselves.

Instead of going to the client meeting I was to attend, I walked around their facility. When I left the building the guards stopped to search my laptop case. Good security. Back in the parking lot I called into the meeting, declaring, “You failed." The guard questioned why I was returning after just a few minutes and I assured him he would find out soon enough.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Remember 360K floppies?

I performed a security audit on a company in the mid '90s. I cheated, but it’s all about asymmetry, so I figured cheating was fair. The bad guys cheat and I was looking to emulate them, not make my clients feel good about themselves.

Instead of going to the client meeting I was to attend, I walked around their facility. When I left the building the guards stopped to search my laptop case. Good security. Back in the parking lot I called into the meeting, declaring, “You failed." The guard questioned why I was returning after just a few minutes and I assured him he would find out soon enough.

Upon receiving icy glares from my clients, I silently dumped a slew of floppies on the conference table. Then I explained that for a high security company they should really do a much better job of letting sensitive government information leave the building. Especially because I was searched and the guard had told me that they were looking for stolen calculators. “Lots of those are going missing," he explained.

My client went almost numb over the 10MB of 5.25 inch floppies I had rescued from the desks of their secure installation. Their procedures changed — or so they told me.

What a difference a decade can make.

We now cling to our USB thumb drives — or as I have always called them — dip sticks (or something more colorful from time to time.) Four gigabytes of storage in a 1-ounce device that easily defies a cursory security scan or can be hidden in the most obscene places. What can an enterprise lose if 4GB of data gets out? Four million personnel records? Gobs of drawing and patents? You do the math.

But that’s nothing.

Blu-Ray disc technology is actively over the horizon with a storage capacity of 50GB of data. A piddling amount in the grand scheme of what you have to face in the near future of portable media storage.

The mother-of-all storage technologies — holographic — is ready for prime time; 1.6TB is a dip stick load of data and is a huge threat to corporate data & privacy. The technology is cool, though, as most security impacting technologies are.

Conventional magnetic storage technology arranges miniscule magnetic domains on the surface of a disk or tape or other physical media. There are limitations due to physical manufacturing, surface area, fringe effect and all sorts of other well-known engineering bits. The latest advance was vertical magnetic recording, which was a significant step forward.

CDs and DVDs use lasers but also etch into the surface of a physical device. Nice intermediate storage capacity. Holographic storage, though, stores data inside of the newly developed light sensitive media. Two laser beams intersect and record data at light wavelengths like DVDs at 1Gbps. They record the data throughout the inside of the media (vs. just the surface) and at different angles, both of which dramatically increases the storage capacity. The 130mm (5.25 inch) disks have an estimated capacity of 100 TB; that’s 100,000 GB for the prefix-challenged.