funsec mailing list archives
Re: Oops
From: Drsolly <drsollyp () drsolly com>
Date: Wed, 21 Nov 2007 19:38:28 +0000 (GMT)
I read in the newspaper that it wasn't encrytped. I don't really understand what "password protected" means if it isn't encrypted. And apparently, according to the Opposition, this was all sanctioned at a pretty senior level. Which sounds plausible to me - surely even a junior clerk would know that you don't send 25 million people-details to another department, without the right authorities? On Thu, 22 Nov 2007, Nick FitzGerald wrote:
Drsolly wrote:The Inland revenue have lost CDs containing the names, addresses, National Insurance Number and bank details, for about half the population of the country. http://news.bbc.co.uk/1/hi/uk_politics/7104840.stmBut note -- "password-protected" CDs. OK, so some junior-ish clerks broke protocol and didn't use receipt- required courier tracking (and maybe didn't use a suitably secure courier service?), BUT the big issue is how strong is the "password protected" bit of this? Unlike so many other recent data loss incidents, it seems that at least the data is encrypted which means (if this bit was done properly _AND_ the proper procedure was well-designed) that there is actually no _data_ loss. "Noise loss" maybe, but no meaningful data loss. The authorities though don't seem to be stressing this so maybe the "password protection" bit of this is known to be not very effective? Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Oops Drsolly (Nov 20)
- RE: Oops David Harley (Nov 23)
- <Possible follow-ups>
- RE: Oops Paul Ferguson (Nov 21)