Full Disclosure mailing list archives
RE: Emailing SSN info
From: "Ham, MichaelX" <michaelx.ham () intel com>
Date: Thu, 18 Mar 2004 15:09:00 -0800
Agreed. It's a bad idea. Why not scp it or another direct connect transfer. Like put it on a secured website locked down for the receiver to get to via IP and password. -mwh -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Curt Purdy Sent: Thursday, March 18, 2004 2:04 PM To: full-disclosure () lists netsys com; Tony Gettig Subject: Re: [Full-disclosure] Emailing SSN info Tony Gettig wrote:
Higher management wants to email a zipped data export (presumbably password protected) to a vendor that includes the Social Security Number for employees.
Yes, it's a bad idea. Even if it is password, it can be cracked, just a matter of time. If managment insists on this course, at least encrypt it with PGP or S/MIME. -- Curt Purdy CISSP MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- Former White House cybersecurity adviser Richard Clarke -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Emailing SSN info Tony Gettig (Mar 18)
- Re: Emailing SSN info Exibar (Mar 18)
- <Possible follow-ups>
- Re: Emailing SSN info Curt Purdy (Mar 18)
- RE: Emailing SSN info Ham, MichaelX (Mar 18)
- RE: Emailing SSN info Hunter, Laura E. (Mar 18)
- Re: Emailing SSN info bart2k (Mar 18)
- RE: Emailing SSN info Federated Information Security (Mar 19)