Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Swindle: 'Somebody Has Got to Pay'

From: InfoSec News <isn () c4i org>
Date: Fri, 20 May 2005 00:11:25 -0500 (CDT)
Forwarded from: *Hobbit* <hobbit () avian org>

"Encrypted data breach" ??  What a load of crap.  If intruders have
gotten in far enough to grab the data, it is very likely they've gotten
in far enough to grab the keys, too.  Don't most compromises happen
at the user's desktop, where the first thing to go in is a keystroke
snatcher?  After which any "encrypted data" is just as valuable, it
just takes one more small step.

Leave the lazy corporate shucks a loophole like that, and they'll all
immediately respond to a breach by saying "the data was encrypted,
everything's okay, don't worry".  Yeah, right.  XORed against
0xFF, even if they paid *that* much attention, doesn't cut it.

_H*



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: