Forwarded from: Eric Hacker <myself@private> One has to wonder how much more valuable that laptop is on the black market now that it is known to contain names and SSNs. We have ID counts and valuable configuration information being distributed in the news. Even is this was stolen by an addict, his fence probably keeps up with the news. On Wed, 22 Dec 2004 01:35:08 -0600 (CST), InfoSec News wrote: > http://news.com.com/Blood+bank+fears+laptop+heist+ID+theft/2100-1029_3-5500114.html [...] > Delta's director of human resources, John O'Neill, said two layers > of security could still protect the personal information despite the > computer's theft. The first is Microsoft's standard Windows password > required to launch the operating system, and the second is the > series of steps required to launch what O'Neill described as an > "esoteric, unique" database, created by a software provider he > declined to name. Now this spells out exactly what one needs to know in order to extract the information. Certainly makes putting a value on the laptop that much easier for someone who thinks they can get at the information inside. Now, I am not saying that this is a bad law. I think it has a lot of benefits for the consumer. What I am saying is that there are consequences to this law, especially the disclosure of details to the press by stressed out executives, that do not help protect the confidentiality of the stolen information. Obviously, one needs to have a personal information disclosure incident response plan in place before a disclosure occurs to prevent this issue. Obviously, an organization that well organized would probably be doing a better job of protecting the data in the first place.... Peace, Eric Hacker _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Thu Dec 23 2004 - 01:54:25 PST