in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Full Disk Encryption: Researchers Find Browser's Cache Is Full Of Sensitive Data

Researchers have found that the cache folder of your browser, regardless of which one you use, could very easily contain personal information.  An easy way to counter this problem is to clear your cache.  Or, to use the private mode (aka, porn mode) that is present in all major web browsers.  Using laptop encryption like AlertBoot cloud managed FDE for something like this would be overkill (but it would still protect a computer user, since the encryption prevents anyone from accessing the computer if lost or stolen), not to mention it doesn't help against online attacks.

Check Images, Credit Reports, Prescription Information Left Behind

According to latimes.com, researchers found that 21 out of 30 company websites "failed to use the correct technique to block sensitive transmissions from being stored on a computer or smartphone."  Companies included ADP, Verizon, Scottrade, Geico, Equifax, PayPal, and Allstate.

What's a browser cache?  It's a folder, expressly used by the web browser, to temporarily store data.  For example, if you're a fan of cnn.com and visit their website regularly, chances are that a copy of CNN's logo (the one at the top center of the page, with a world globe next to it) is stored in your browser's cache.  Why?  Because it's faster to read a copy of the image from your computer as opposed to downloading it from CNN's servers.  This gives your web experience a speed boost.  This is true even if you have fiber-to-the-home, although it's not as relevant as when you were surfing at 56 Kbps.

The thing about the cache, though, is that it's an unprotected folder.  Anyone can get into it.  Hence, it's also a good idea to ensure that sensitive information does not get stored in it.

Website developers and operators have the tools and means to ensure that sensitive data does not get temporarily stored.  The researchers who carried out the study,
called on website developers to immediately audit their code to make sure only basic data is being stored in a browser’s cache. He said browser developers should also move away from the current standard of caching everything. Instead, website developers should have to explicitly say what they want to save.
Long story short: it's not your fault.  It's the fault of developers.  On the other hand, developers may have relied (a little too much) on their experience to coast on security: in the past, certain browsers made it a point not to store https traffic, but this default was reversed on its head with subsequent updates.

A bad move, if you ask me.  It's https data for a reason.  On the other hand, my Facebook connection is also https, and, believe you me, there's very little in there that requires security.

Digging Up Deleted Files

I'm frequently reminded of what a treasure trove the browser cache happens to be because I make it a point to run data recovery tools on my laptop computer.  Basically, I'm trying to see what I can recover of my own personal data.  A self-audit, if you will, to see my risk exposure level.

Invariably, the browser cache tends to be the most fun when going through such an assessment.  Despite the fact that it's supposed to clear itself, I generally find stuff in there that I looked up six months ago, random images of women in bikinis (thank you scummy ads for penny stocks on certain news sites I visit), etc.

Clearing the cache is something I do once in a blue moon, though.  No way that I'm going to be doing this on a daily or even monthly basis.  It might seem like a bad move, but generally, I feel a bit secure knowing that my computer is protected with full disk encryption, so in the event that my computer is stolen, no one will be able to easily look up any data whatsoever.
Related Articles and Sites:
http://www.latimes.com/business/technology/la-fi-tn-clear-cache-websites-store-sensitive-data-20130619,0,2154007.story

 

 
<Previous Next>

Employees And Computer Security: Trust Them To Do The Right Thing...And The Wrong Thing

Mobile Data Security: Design School Graduate Releases "NSA-Proof" Font

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.