Educause Security Discussion mailing list archives

Re: File Hosting/Sharing Services [dropbox, mobile me, etc.]

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 14 Jan 2011 13:24:06 -0500

On Fri, 14 Jan 2011 10:13:34 CST, John Hoffoss said:

That's true, but then why bother trying to encrypt this data in the first
place? Each of the scenarios you accurately laid out are still valid and
can still lead to data compromise. The real reason, I think, as several
others have skirted around, is that we want to appear like we've done our
best if (when?) we get breached to avoid legal liability. Hence "encrypt
and email (or post) that file, then email the password separately."
Doesn't actually get us all that much, but it looks good on paper.


Good. At least some people here thought about the *real* threat model. :)

Attachment: _bin
Description:

Current thread:

Re: File Hosting/Sharing Services [dropbox, mobile me, etc.], (continued)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Adam Nave (Jan 13)
  - Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Alexander Kurt Keller (Jan 13)
  - Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Ben Marsden (Jan 14)
    - Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Justin Azoff (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Jeremy Vight (Jan 13)
  - Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Pratt, Benjamin E. (Jan 14)
    - Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Valdis Kletnieks (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Jones, Dan (Jan 13)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Russ Leathe (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] John Hoffoss (Jan 14)
  - Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Valdis Kletnieks (Jan 14)