BreachExchange mailing list archives
Re: (article) "We recovered the laptop!" ... so what?
From: "Herve Roggero" <hroggero () pynlogic com>
Date: Tue, 13 Feb 2007 07:34:43 -0500
Yes, I don't disagree. But isn't this legally different? Would this change my disclosure requirement? Let me give an example: If I do business in California, and my unencrypted laptop gets stolen with 100,000 SSNs in it, stored in clear text. I need to disclose this loss and reach out to 100,000 people to comply with SB 1386. Now, if I upgrade my laptops to MS Vista, can I get away with it? I'm only asking as I am seeing an interesting response from CXO individuals looking at MS Vista as a solution to their laptop/legal issues. If there is no official technical workaround to this encryption and it takes thousands or millions of years to crack, then it may fall under the "reasonable" steps to protect information and become a powerful tool for businesses looking to comply. Thank you Herve Roggero Managing Partner, Pyn Logic LLC Cell: 561 236 2025 Visit www.pynlogic.com _____ From: blitz [mailto:blitz () strikenet kicks-ass net] Sent: Monday, February 12, 2007 8:14 PM To: Herve Roggero Cc: dataloss () attrition org Subject: RE: [Dataloss] (article) "We recovered the laptop!" ... so what? Ok, so youve got a copy of an encrypted disk to crack at your leisure. The data is still compromised and in someone elses hands, and they have no idea if its secure or not. That still counts as a loss in my book. At 08:54 2/12/2007, you wrote: Hi everyone This thead is very interesting. All techniques so far deal with reading data at a low level. Will Windows Vista prevent techniques such as Symantec Ghost? I understand that Vista performs bit-level encryption with its BitLocker technology. Thanks. Herve Roggero Managing Partner Pyn Logic LLC Visit www.pynlogic.com <http://www.pynlogic.com/>
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 148 million compromised records in 573 incidents over 7 years.
Current thread:
- Re: (article) "We recovered the laptop!" ... so what? Max Hozven (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 12)
- <Possible follow-ups>
- Re: (article) "We recovered the laptop!" ... so what? Herve Roggero (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? Al Mac (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? blitz (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Herve Roggero (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 13)
- Message not available
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 17)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 19)
- Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? security curmudgeon (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 14)