Re: (article) "We recovered the laptop!" ... so what?

[security curmudgeon <jericho () attrition org>]

For the sake of argument, I'll disagree here.

: Ok, so youve got a copy of an encrypted disk to crack at your leisure. 
: The data is still compromised and in someone elses hands, and they have 
: no idea if its secure or not. That still counts as a loss in my book.

My work laptop has PGP desktop installed. A multi-gig partition is set up 
using PGP for protection, and upon every bootup it requires I enter my 
passphrase (more than thirty characters, using mixed case and special 
characters). If the machine is powered off or rebooted, you must enter 
this password to get access to my e-mail, client information or anything 
else work related. As far as I can tell, unless you grab my laptop while 
it is powered on, the data on it is relatively secure. There may be some 
residual information in the browser history/cache, but it will be specific 
to my company, not my company's clients.

That said, can you describe a scenario other than what I described above 
as a viable way to get to the client data on my laptop? Other than 
snatching it while the power is on and copying the data off, which would 
be a huge warning flag to me to report said data as compromised, how an 
attacker could realistically get to the data?

Jericho
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 148 million compromised records in 573 incidents over 7 years.