Re: [follow-up] Boeing fires employee whose laptop wasstolen (fwd)

[blitz <blitz () strikenet kicks-ass net>]

Its about as much assurance, as we get from a laptop being recovered, 
encrypted or not. Mirror the disk, hand the laptop back, fears 
subside, while you have all the time in the world to work on the 
data. In a year or so, random names in the data start having identity 
theft problems. The recovery of lost or stolen data should never be 
the end of the case. Period!



> That is one aspect of the typical corporate response to data theft 
> that irked me when I was writing about this topic for the latest 
> issue of Baseline. No company can ever really know that data wasn't 
> accessed or that thieves weren't after data, etc. -- a point on 
> which I quoted a forensics expert from Kroll.
>
> It *is* such a smokescreen.
>
> -- Kim Nash
>
> Link to the article: 
> <http://www.baselinemag.com/article2/0,1540,2069952,00.asp>http://www.baselinemag.com/article2/0,1540,2069952,00.asp
>
>
>
>
> -----Original Message-----
> From:   dataloss-bounces () attrition org on behalf of B.K. DeLong
> Sent:   Fri 12/15/2006 8:17 AM
> To:     Roy M. Silvernail
> Cc:     dataloss () attrition org
> Subject:        Re: [Dataloss] [follow-up] Boeing fires employee 
> whose laptop wasstolen (fwd)
>
> If you look through a lot of the dataloss articles, you'll see many
> media spokespersons claiming similarly that password protection is
> enough. Might be an interesting stat to track in the database.
>
> On 12/15/06, Roy M. Silvernail <roy () rant-central com> wrote:
> > Gotta love this.  security curmudgeon forwarded:
> >
> > > Even though the employee data was not encrypted, the laptop was turned
> > > off. That means the person who stole the computer would not be able to
> > > access the employee data without a password to open the computer once it
> > > was turned on.
> >
> > Wrong.  As I pointed out on my blog
> > 
> (<http://www.rant-central.com/article.php?story=20060914170634681>http://www.rant-central.com/article.php?story=20060914170634681),
> > that's purely a CYA statement with no basis in fact.
> >
> > How long will these outfits be able to get away with this smokescreen?
> > --
> > Roy M. Silvernail is roy () rant-central com, and you're not
> > "It's just this little chromium switch, here." - TFT
> > CRM114->procmail->/dev/null->bliss
> > <http://www.rant-central.com>http://www.rant-central.com
> > _______________________________________________
> > Dataloss Mailing List (dataloss () attrition org)
> > <http://attrition.org/dataloss>http://attrition.org/dataloss
> > Tracking more than 143 million compromised records in 507 
> incidents over 6 years.
> >
> >
> >
>
>
> --
> B.K. DeLong (K3GRN)
> bkdelong () pobox com
> +1.617.797.8471
>
> <http://www.wkdelong.org>http://www.wkdelong.org                    Son.
> <http://www.ianetsec.com>http://www.ianetsec.com                    Work.
> <http://www.bostonredcross.org>http://www.bostonredcross.org 
> Volunteer.
> <http://www.carolingia.eastkingdom.org>http://www.carolingia.eastkingdom.org 
> Service.
> <http://bkdelong.livejournal.com>http://bkdelong.livejournal.com 
> Play.
>
>
> PGP Fingerprint:
> 38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE
>
> FOAF:
> <http://foaf.brain-stream.org>http://foaf.brain-stream.org
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> <http://attrition.org/dataloss>http://attrition.org/dataloss
> Tracking more than 143 million compromised records in 507 incidents 
> over 6 years.
>
>
>
>
>
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
> Tracking more than 143 million compromised records in 507 incidents 
> over 6 years.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 507 incidents over 6 years.