<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=Windows-1252">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6487.1">
<TITLE>RE: [Dataloss] [follow-up] Boeing fires employee whose laptop wasstolen (fwd)</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=2>That is one aspect of the typical corporate response to data theft that irked me when I was writing about this topic for the latest issue of Baseline. No company can ever really know that data wasn't accessed or that thieves weren't after data, etc. -- a point on which I quoted a forensics expert from Kroll.<BR>
<BR>
It *is* such a smokescreen.<BR>
<BR>
-- Kim Nash<BR>
<BR>
Link to the article: <A HREF="http://www.baselinemag.com/article2/0,1540,2069952,00.asp">http://www.baselinemag.com/article2/0,1540,2069952,00.asp</A><BR>
<BR>
<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: dataloss-bounces@attrition.org on behalf of B.K. DeLong<BR>
Sent: Fri 12/15/2006 8:17 AM<BR>
To: Roy M. Silvernail<BR>
Cc: dataloss@attrition.org<BR>
Subject: Re: [Dataloss] [follow-up] Boeing fires employee whose laptop wasstolen (fwd)<BR>
<BR>
If you look through a lot of the dataloss articles, you'll see many<BR>
media spokespersons claiming similarly that password protection is<BR>
enough. Might be an interesting stat to track in the database.<BR>
<BR>
On 12/15/06, Roy M. Silvernail <roy@rant-central.com> wrote:<BR>
> Gotta love this. security curmudgeon forwarded:<BR>
><BR>
> > Even though the employee data was not encrypted, the laptop was turned<BR>
> > off. That means the person who stole the computer would not be able to<BR>
> > access the employee data without a password to open the computer once it<BR>
> > was turned on.<BR>
><BR>
> Wrong. As I pointed out on my blog<BR>
> (<A HREF="http://www.rant-central.com/article.php?story=20060914170634681">http://www.rant-central.com/article.php?story=20060914170634681</A>),<BR>
> that's purely a CYA statement with no basis in fact.<BR>
><BR>
> How long will these outfits be able to get away with this smokescreen?<BR>
> --<BR>
> Roy M. Silvernail is roy@rant-central.com, and you're not<BR>
> "It's just this little chromium switch, here." - TFT<BR>
> CRM114->procmail->/dev/null->bliss<BR>
> <A HREF="http://www.rant-central.com">http://www.rant-central.com</A><BR>
> _______________________________________________<BR>
> Dataloss Mailing List (dataloss@attrition.org)<BR>
> <A HREF="http://attrition.org/dataloss">http://attrition.org/dataloss</A><BR>
> Tracking more than 143 million compromised records in 507 incidents over 6 years.<BR>
><BR>
><BR>
><BR>
<BR>
<BR>
--<BR>
B.K. DeLong (K3GRN)<BR>
bkdelong@pobox.com<BR>
+1.617.797.8471<BR>
<BR>
<A HREF="http://www.wkdelong.org">http://www.wkdelong.org</A> Son.<BR>
<A HREF="http://www.ianetsec.com">http://www.ianetsec.com</A> Work.<BR>
<A HREF="http://www.bostonredcross.org">http://www.bostonredcross.org</A> Volunteer.<BR>
<A HREF="http://www.carolingia.eastkingdom.org">http://www.carolingia.eastkingdom.org</A> Service.<BR>
<A HREF="http://bkdelong.livejournal.com">http://bkdelong.livejournal.com</A> Play.<BR>
<BR>
<BR>
PGP Fingerprint:<BR>
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE<BR>
<BR>
FOAF:<BR>
<A HREF="http://foaf.brain-stream.org">http://foaf.brain-stream.org</A><BR>
_______________________________________________<BR>
Dataloss Mailing List (dataloss@attrition.org)<BR>
<A HREF="http://attrition.org/dataloss">http://attrition.org/dataloss</A><BR>
Tracking more than 143 million compromised records in 507 incidents over 6 years.<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>