funsec mailing list archives

Re: Oops

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 22 Nov 2007 00:29:59 +1300

Drsolly wrote:

The Inland revenue have lost CDs containing the names, addresses, National 
Insurance Number and bank details, for about half the population of the 
country.

http://news.bbc.co.uk/1/hi/uk_politics/7104840.stm


But note -- "password-protected" CDs.

OK, so some junior-ish clerks broke protocol and didn't use receipt-
required courier tracking (and maybe didn't use a suitably secure 
courier service?), BUT the big issue is how strong is the "password 
protected" bit of this?

Unlike so many other recent data loss incidents, it seems that at least 
the data is encrypted which means (if this bit was done properly _AND_ 
the proper procedure was well-designed) that there is actually no 
_data_ loss.  "Noise loss" maybe, but no meaningful data loss.

The authorities though don't seem to be stressing this so maybe the 
"password protection" bit of this is known to be not very effective?


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Oops Drsolly (Nov 20)
- Re: Oops Nick FitzGerald (Nov 21)
  - RE: Oops David Harley (Nov 21)
  - Re: Oops Drsolly (Nov 21)
    - RE: Oops Larry Seltzer (Nov 21)
    - RE: Oops David Harley (Nov 21)
    - RE: Oops Larry Seltzer (Nov 21)
    - RE: Oops David Harley (Nov 21)
    - RE: Oops Chris Blask (Nov 21)
    - RE: Oops Gadi Evron (Nov 21)
  - Re: Oops Alex Shipp (elist) (Nov 22)
    - RE: Oops David Harley (Nov 23)

(Thread continues...)