Re: Biggest Incident This Week: Missing Hard Drives at Los Alamos

[slam () SLAM-CORP COM (Slam)]

Funny you should mention that.  First thing that came to my mind was "why
isn't there any encryption" even for certain directories or files.  Since
this is the US government, and we know that a hammer costs $157.00, it was
probably not in this century budget.

Unfortunately this also shows how weak security is.  If businesses and
governments would take an ounce of prevention (and hire a bunch of us for
analysis and implementation ;) - ) it would surely be better than losing
nuclear "secrets"

Hey I sure feel safe now! (safety is a figment of your imagination)

Adam

I don't know anything - and plead the 5th.
www.slam-corp.com

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Dante Mercurio
Sent: Tuesday, June 13, 2000 2:01 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Biggest Incident This Week: Missing Hard Drives at Los Alamos

Ok, everyone knows about the missing hard drives at Los Alamos. My question
to the security community is this:

If the data on the drives was so sensitive, why weren't the drives
encrypted?

Even something as simple as PGP disk would render the data on that drive
useless for many, many years. I encrypt my mobile user's laptops, and I can
safely say that their data is nowhere near the sensitivity of nuclear
secrets. Most likely, it's the latest Joe's cartoon they recieved in email.

I am basing my assumption that the drives were not encrypted on the fact
that there has been no comment to the contrary in the news. If there had
been, it would not be a very good news story: "Two Hard Drives Valued at
$200 Stolen From Government Facility" It would seem to me that if the drives
were encrypted, the government would say so to prevent the negative
publicity that is now occuring.

Is this just a case of the government never learning or is there something I
don't know?

--Dante