Questions Surround Former Sheriff's Laptop

Three months before 11,000 files were deleted from former Sheriff Bill Balkwill's laptop, the sheriff and two top administrators signed a document saying the computer had been sent off for recycling, according to court documents made public Friday.

In November, Balkwill, Maj. Tim Carney and Information Technology director Jeffrey Feathers each signed paperwork that indicated the laptop -- a key piece of evidence in a lawsuit over a lucrative jail contract -- was "obsolete," worth only $10 and had to be scrapped.

But the laptop was never sent to the recycling yard and Carney went to Balkwill's home to retrieve it on Feb. 4 -- the same day that someone used a common Internet program to erase 11,000 files.

The revelation that Balkwill's work laptop was supposed to be recycled came amid a criminal investigation at the Sheriff's Office, where detectives are trying to find out who deleted the files.

Read more here.

The Security Implications of a Computer Clock

Is the clock on every computer system in your organization set to the correct time? If your answer is no, you're not alone. According to a 2007 study by Florian Buchholz and Brett Tjaden, both professors at James Madison University in Virginia, more than a quarter of the Web servers on the Internet have their clocks off by more than 10 seconds. Making sure that computers are set with the correct time is one of those seemingly petty technical things that can unfortunately have big, negative consequences if not done properly. That's because assumptions about time and its flow permeate modern computer systems—including software, hardware and networking. This is true of desktop systems, servers, mobile devices and even embedded systems like HVAC, alarm systems and electronic doorknobs.

Buchholz and Tjaden studied Web servers because they are particularly amenable to analysis: Every time you request a page from a modern Web server, the server sends back an HTTP header called "date" which indicates the time-of-day for the server's clock. But unless your organization has made an effort to keep time in a precise and accurate way, the chances are very good that you're doing a bad job.

Read more here.