|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dataloss] (article) "We recovered the laptop!" ... so what?
From: Herve Roggero (hroggero
pynlogic.com)
Date: Tue Feb 13 2007 - 06:34:43 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yes, I don't disagree. But isn't this legally different? Would this change
my disclosure requirement?
Let me give an example: If I do business in California, and my unencrypted
laptop gets stolen with 100,000 SSNs in it, stored in clear text. I need to
disclose this loss and reach out to 100,000 people to comply with SB 1386.
Now, if I upgrade my laptops to MS Vista, can I get away with it?
I'm only asking as I am seeing an interesting response from CXO individuals
looking at MS Vista as a solution to their laptop/legal issues. If there is
no official technical workaround to this encryption and it takes thousands
or millions of years to crack, then it may fall under the "reasonable" steps
to protect information and become a powerful tool for businesses looking to
comply.
Thank you
Herve Roggero
Managing Partner, Pyn Logic LLC
Cell: 561 236 2025
Visit www.pynlogic.com
_____
From: blitz [mailto:blitzstrikenet.kicks-ass.net]
Sent: Monday, February 12, 2007 8:14 PM
To: Herve Roggero
Cc: datalossattrition.org
Subject: RE: [Dataloss] (article) "We recovered the laptop!" ... so what?
Ok, so youve got a copy of an encrypted disk to crack at your leisure. The
data is still compromised and in someone elses hands, and they have no idea
if its secure or not.
That still counts as a loss in my book.
At 08:54 2/12/2007, you wrote:
Hi everyone
This thead is very interesting. All techniques so far deal with reading data
at a low level. Will Windows Vista prevent techniques such as Symantec
Ghost? I understand that Vista performs bit-level encryption with its
BitLocker technology.
Thanks.
Herve Roggero
Managing Partner
Pyn Logic LLC
Visit www.pynlogic.com <http://www.pynlogic.com/>
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 148 million compromised records in 573 incidents over 7 years.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]