BreachExchange mailing list archives
Re: (article) "We recovered the laptop!" ... so what?
From: security curmudgeon <jericho () attrition org>
Date: Tue, 13 Feb 2007 08:50:08 -0500 (EST)
For the sake of argument, I'll disagree here. : Ok, so youve got a copy of an encrypted disk to crack at your leisure. : The data is still compromised and in someone elses hands, and they have : no idea if its secure or not. That still counts as a loss in my book. My work laptop has PGP desktop installed. A multi-gig partition is set up using PGP for protection, and upon every bootup it requires I enter my passphrase (more than thirty characters, using mixed case and special characters). If the machine is powered off or rebooted, you must enter this password to get access to my e-mail, client information or anything else work related. As far as I can tell, unless you grab my laptop while it is powered on, the data on it is relatively secure. There may be some residual information in the browser history/cache, but it will be specific to my company, not my company's clients. That said, can you describe a scenario other than what I described above as a viable way to get to the client data on my laptop? Other than snatching it while the power is on and copying the data off, which would be a huge warning flag to me to report said data as compromised, how an attacker could realistically get to the data? Jericho _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 148 million compromised records in 573 incidents over 7 years.
Current thread:
- Re: (article) "We recovered the laptop!" ... so what?, (continued)
- Re: (article) "We recovered the laptop!" ... so what? Al Mac (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? blitz (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Herve Roggero (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 13)
- Message not available
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 17)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 19)
- Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? security curmudgeon (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 14)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 14)