Quiet week in the GRC space this week, but there’s still a few nuggets worth noting. Social media and the risks it poses were identified by Symantec, Passware shows that its new product finds your OS passwords, SDL’s translation software gets further security certification and Nextware legal services offers iPad support.

Symantec, Social Media Risks

Everyone’s using social media, which is probably a good thing. But if everyone is using it, then everyone is at risk from a number of problems identified in Symanetc’s 2011 Social Media Protection Flash Poll.

The survey looked at how organizations protect themselves from negative consequences of using social networking sites such as Facebook, Twitter and other online forums.

The Symantec (news, site) research found that the typical enterprise experienced nine social media incidents, such as employees posting confidential information publicly, over the past year, with 94% suffering negative consequences including damage to their reputations, loss of customer trust, data loss and lost revenue.

However, the positives from it is that 82% of enterprises are at least discussing implementing archiving solutions to collect, preserve and discover sensitive business information transmitted through social media. However, less than one-fourth have actually implemented any of those technologies and policies.

The survey found the top three social media incidents the typical enterprise experienced over the last year were:

  • Employees sharing too much information in public forums (46%)
  • The loss or exposure of confidential information (41%)
  • Increased exposure to litigation (37%)

More than 90% of respondents who experienced a social media incident also suffered negative consequences as a result, including reduced stock price and litigation costs.

If you’re interested in more on this, check out the slideshare presentation here.

Passware Tracks OS Passwords

It may be a way of promoting its Passware Kit Forensic v11, which has just been released, but Passware says the kit can gain access to other people's OS passwords.

Passware provides password recovery, decryption and electronic evidence discovery software, and with the new software was also able to recover Mac OS user login passwords from computer memories in a matter of minutes.

Passware Kit Forensic provides password recovery for any protected file detected on a PC or over the network while scanning and revealing hidden and protected data files on a suspect’s computer.

Long touted as a stable and secure operating system, the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion, Passware President Dmitry Sumin said."

The Mac OS vulnerability relates to user login passwords that are stored in the system memory even if the computer is locked or put into a sleep mode.

Passware Kit Forensic v11 captures live Mac computer memory over FireWire and analyzes it, extracting these passwords. The process takes a few minutes, regardless of the password strength and use of a FileVault encryption.

The vulnerability is present in all modern versions of Mac OS, including Mac OS X 10.6 Snow Leopard and the latest Mac OS X 10.7 Lion, released last week.

The security risk can be overcome by turning off the computer instead of putting it to sleep, and disabling the “Automatic Login” setting. This way, passwords will not be present in memory and cannot be recovered. If you’re interested in more, check it out.

SDL Gets Security Certification

Meanwhile, SDL (news, site) has announced that its Information Security Management Systems (ISMS) have been successfully certified to ISO/IEC 27001:2005 standard.

The certification, which covers SDL’s physical and electronic security systems, plus product development processes, gives SDL clients some kind of peace of mind that its SDL Translation Management System is protected.

SDL says that TMS is now the only system in the language technologies market to be awarded ISO/IEC 27001:2005 certification. SDL plans to certify additional products from its Global Information Management portfolio over the coming 12 months.

Nextpoint Offers iPad Support

Finally this week, Nextpoint, a provider of cloud-based regulatory, compliance and litigation products, is now offering iPad support, including streaming deposition video and additional deposition interface advancements in its Trial Cloud product, designed for pre-trial data/evidence preparation.

The latest Nextpoint Trial Cloud enhancements include:

  • iPad support, including streaming deposition video.
  • Enhanced controls for creation and editing of designations speeds workflow
  • Continuous scroll functionality eliminates the need to load individual pages
  • Improved search results interface

Features from previous depositions interface were also retained in this release. Things such as associating documents with a deposition, or importing lists of predefined designations, work as they did before. Check it out