Re: (Yet Another) Lost Ernst & Young Laptop Exposes IBM Staff

[Valdis.Kletnieks () vt edu]

On Thu, 16 Mar 2006 11:47:23 EST, Blanchard_Michael () emc com said:
>  I don't' get it.... Why aren't people heading over to these places with
> torches and pitchforks?  How many friggin times does a "laptop" have to be

Because we live in a world of Enrons, and we've grown *used* to the idea that
corporations and their upper management will screw us over in search of profit.

> stolen with SS#'s and other confidential information have to get stolen before
> people realize that this type of data should never, ever, EVER be placed on a
> laptop for ANY reason....  

As Bruce Schneier repeatedly points out, security is about *tradeoffs*.

Certainly, putting confidential info on a laptop without proper hardening of
the box, crypto, and all that stuff, is just looking for trouble.  However,
a blanket 'NEVER' is probably a mistake as well.  For instance, downloading
the data to a laptop for further statistical analysis at home is quite possibly
*more* secure than leaving it on the central server and then accessing it via
a VPN from a (possibly compromised) home computer.

It's like the "never write passwords down" mantra - which is more secure,
my using a weak password I can remember on a server, or me using a strong
password I have written down in my wallet?

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.