[Dataloss] [follow-up] Boeing fires employee whose laptop wasstolen (fwd)

Nash, Kim Kim_Nash at ziffdavis.com
Fri Dec 15 13:37:33 EST 2006 

Mainstream press -- local newspapers and TV stations -- don't know the tech issues. But one would think that a good reporter would just ask, "How do you know?" It seems they don't, though. 

-- Kim Nash


-----Original Message-----
From:	dataloss-bounces at attrition.org on behalf of Adam Shostack
Sent:	Fri 12/15/2006 1:28 PM
To:	B.K. DeLong
Cc:	dataloss at attrition.org
Subject:	Re: [Dataloss] [follow-up] Boeing fires employee whose laptop wasstolen (fwd)


So how can we counter it?  What's the counter-meme?  

"Why would you know?"
"Are your passwords better than Myspace?"
"What happens if I take out the disk and install it in another
machine?"

(Those all stink--we need something snappy, snarky and memorable that
reporters will spring on people who deploy the smokescreen.)

Adam


On Fri, Dec 15, 2006 at 08:17:44AM -0500, B.K. DeLong wrote:
| If you look through a lot of the dataloss articles, you'll see many
| media spokespersons claiming similarly that password protection is
| enough. Might be an interesting stat to track in the database.
| 
| On 12/15/06, Roy M. Silvernail <roy at rant-central.com> wrote:
| > Gotta love this.  security curmudgeon forwarded:
| >
| > > Even though the employee data was not encrypted, the laptop was turned
| > > off. That means the person who stole the computer would not be able to
| > > access the employee data without a password to open the computer once it
| > > was turned on.
| >
| > Wrong.  As I pointed out on my blog
| > (http://www.rant-central.com/article.php?story=20060914170634681),
| > that's purely a CYA statement with no basis in fact.
| >
| > How long will these outfits be able to get away with this smokescreen?
| > --
| > Roy M. Silvernail is roy at rant-central.com, and you're not
| > "It's just this little chromium switch, here." - TFT
| > CRM114->procmail->/dev/null->bliss
| > http://www.rant-central.com
| > _______________________________________________
| > Dataloss Mailing List (dataloss at attrition.org)
| > http://attrition.org/dataloss
| > Tracking more than 143 million compromised records in 507 incidents over 6 years.
| >
| >
| >
| 
| 
| -- 
| B.K. DeLong (K3GRN)
| bkdelong at pobox.com
| +1.617.797.8471
| 
| http://www.wkdelong.org                    Son.
| http://www.ianetsec.com                    Work.
| http://www.bostonredcross.org             Volunteer.
| http://www.carolingia.eastkingdom.org   Service.
| http://bkdelong.livejournal.com             Play.
| 
| 
| PGP Fingerprint:
| 38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE
| 
| FOAF:
| http://foaf.brain-stream.org
| _______________________________________________
| Dataloss Mailing List (dataloss at attrition.org)
| http://attrition.org/dataloss
| Tracking more than 143 million compromised records in 507 incidents over 6 years.
| 
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 507 incidents over 6 years.






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20061215/f5a7839b/attachment.html

More information about the Dataloss mailing list