If you are having trouble viewing this email, click here to view this online



   ISSUE 38

19 September 2014

Article of the Month   Around the World

Securing your Thumb Drive

Thumb drives also known as USB drives are popular for storing and transporting files from one computer to another. Since these devices are small, inexpensive and extremely portable an attacker can use your USB device to attack your company network.

Many people take precautions to secure their Facebook and other social media accounts but they forget to take security precautions for their removable devices. However, protecting these handy devices for data security is something, about which most of us aren�t familiar with Isn�t it?. We tend to put all our personal data and valuable company details into a thumb drive and if goes into wrong hands, can result into loss and misuse of your own personal data. There have been many such incidents that have been reported to us which could have been avoided by a simple security precaution.


The very first thing you should do is to buy a removable media from a recognized company. If you buy thumb drives from the pavement which is much cheaper than the regular price you may get malware�s also. The next thing you should do is write protecting your pen drive; using the write protector switch of your USB drive, if it has one, you can make it read only. However, if the write protector switch is missing, you can use a write protector software to make your USB non writable. This technique can save your drive from being infected by viruses, when plugged into a computer system. .Create An Encrypted Partition inside your USB device. Encryption of USB drives is an efficient way to prevent third parties from accessing your sensitive data, even if they have physical access to your drive. The other main thing that you need to do is to password Protection: Although, there are different techniques to password protect a USB drives, the most common way is to simply set a password for your drive. This means every time you access your drive, it asks for the password first. You can also use online software�s for such purpose.

Always remember to keep personal and business USB drives separate. Do not use personal USB drives on computers owned by your organization, and does not plug USB drives containing corporate information into your personal computer.
Never plug an unknown USB drive into your computer unless you are absolutely sure of what you are doing and if you ever found a USB drive give it to the appropriate authorities and don�t try to plug it to your personnel computer.

Remember to disable Autorun in your computer. The Autorun feature causes removable media such as CDs, DVDs, and USB drives to open automatically when they are inserted into a drive. By disabling Autorun, you can prevent malicious code on an infected USB drive from opening automatically. Microsoft has provided a wizard to disable Autorun which can be easily found in their website.






Charith Shalitha De Alwis

Charith is an undergraduate of of the University of Colombo School of Computing who is currently following Bachelor of Computer Science(CS) Currently he is working as Intern - Information Security Engineer at Sri Lanka CERT|CC.



A project to move NASA websites and applications to the cloud has successfully migrated over 1 million pieces of content, completing its first phase, managers announced..

How to get a job in computer security

  .I am asked probably twice a week to help somebody get a job in the security profession.

Unfortunately, I can�t help that many people individually, but perhaps this article will allow me to help many people all at once..

Social Engineering: The Basics


You've got all the bells and whistles when it comes to network firewalls and your building's security has a state-of-the-art access system. You've invested in the technology. But a social engineering attack could bypass all those defenses..



The Army�s communications research center wants to evaluate the use of commercial, broadband cellular technology for battlefield communications, a move that could herald the beginning of the end for a similar system the Defense Department has struggled to develop and deploy since 1997...

Going Hybrid


Many agencies could be saving money by making better use of the cloud, but what about all of the data and functions that simply can't go virtual?




I experienced the mobile payment future last year on a 10-day trip to Hong Kong � but it was with the Octopus Card used to access the city's subway and rail system,

Month in Brief

Facebook Incidents Reported to Sri Lanka CERT|CC in August 2014



Statistics - Sri Lanka CERT|CC


  Notice Board
  Training and Awareness Programmes - September 2014
Date Event Venue
- 04-06 Database Design and Programming with My SQL . National Institute of Education, Maharagama
- 09-12 Workshop for editing content developed for student with special needs ICT Branch, Ministry of Education
- 11-13

Workshop for provincial and Zonal Directors and ICT Coordinators on re-engineering Provincial and Zonal ICT centers

National Aquatic and Inland fisheries Training Institute, Kalawewa

Brought to you by: