funsec mailing list archives
Re: Oops
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 22 Nov 2007 00:29:59 +1300
Drsolly wrote:
The Inland revenue have lost CDs containing the names, addresses, National Insurance Number and bank details, for about half the population of the country. http://news.bbc.co.uk/1/hi/uk_politics/7104840.stm
But note -- "password-protected" CDs. OK, so some junior-ish clerks broke protocol and didn't use receipt- required courier tracking (and maybe didn't use a suitably secure courier service?), BUT the big issue is how strong is the "password protected" bit of this? Unlike so many other recent data loss incidents, it seems that at least the data is encrypted which means (if this bit was done properly _AND_ the proper procedure was well-designed) that there is actually no _data_ loss. "Noise loss" maybe, but no meaningful data loss. The authorities though don't seem to be stressing this so maybe the "password protection" bit of this is known to be not very effective? Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Oops Drsolly (Nov 20)
- RE: Oops David Harley (Nov 23)