<html>
<body>
<font size=3>Its about as much assurance, as we get from a laptop being
recovered, encrypted or not. Mirror the disk, hand the laptop back, fears
subside, while you have all the time in the world to work on the data. In
a year or so, random names in the data start having identity theft
problems. The recovery of lost or stolen data should never be the end of
the case. Period!<br><br>
<br><br>
</font><blockquote type=cite class=cite cite=""><font size=2>That is one
aspect of the typical corporate response to data theft that irked me when
I was writing about this topic for the latest issue of Baseline. No
company can ever really know that data wasn't accessed or that thieves
weren't after data, etc. -- a point on which I quoted a forensics expert
from Kroll.<br><br>
It *is* such a smokescreen.<br><br>
-- Kim Nash<br><br>
Link to the article:
<a href="http://www.baselinemag.com/article2/0,1540,2069952,00.asp">
http://www.baselinemag.com/article2/0,1540,2069952,00.asp</a><br><br>
<br><br>
<br>
-----Original Message-----<br>
From: dataloss-bounces@attrition.org on behalf of B.K.
DeLong<br>
Sent: Fri 12/15/2006 8:17 AM<br>
To: Roy M. Silvernail<br>
Cc: dataloss@attrition.org<br>
Subject: Re: [Dataloss]
[follow-up] Boeing fires employee whose laptop wasstolen (fwd)<br><br>
If you look through a lot of the dataloss articles, you'll see many<br>
media spokespersons claiming similarly that password protection is<br>
enough. Might be an interesting stat to track in the database.<br><br>
On 12/15/06, Roy M. Silvernail <roy@rant-central.com> wrote:<br>
> Gotta love this. security curmudgeon forwarded:<br>
><br>
> > Even though the employee data was not encrypted, the laptop was
turned<br>
> > off. That means the person who stole the computer would not be
able to<br>
> > access the employee data without a password to open the
computer once it<br>
> > was turned on.<br>
><br>
> Wrong. As I pointed out on my blog<br>
>
(<a href="http://www.rant-central.com/article.php?story=20060914170634681">
http://www.rant-central.com/article.php?story=20060914170634681</a>),<br>
> that's purely a CYA statement with no basis in fact.<br>
><br>
> How long will these outfits be able to get away with this
smokescreen?<br>
> --<br>
> Roy M. Silvernail is roy@rant-central.com, and you're not<br>
> "It's just this little chromium switch, here." - TFT<br>
> CRM114->procmail->/dev/null->bliss<br>
>
<a href="http://www.rant-central.com">http://www.rant-central.com</a><br>
> _______________________________________________<br>
> Dataloss Mailing List (dataloss@attrition.org)<br>
>
<a href="http://attrition.org/dataloss">http://attrition.org/dataloss</a>
<br>
> Tracking more than 143 million compromised records in 507 incidents
over 6 years.<br>
><br>
><br>
><br><br>
<br>
--<br>
B.K. DeLong (K3GRN)<br>
bkdelong@pobox.com<br>
+1.617.797.8471<br><br>
<a href="http://www.wkdelong.org">http://www.wkdelong.org</a>
Son.<br>
<a href="http://www.ianetsec.com">http://www.ianetsec.com</a>
Work.<br>
<a href="http://www.bostonredcross.org">http://www.bostonredcross.org</a>
Volunteer.<br>
<a href="http://www.carolingia.eastkingdom.org">
http://www.carolingia.eastkingdom.org</a> Service.<br>
<a href="http://bkdelong.livejournal.com">
http://bkdelong.livejournal.com</a>
Play.<br><br>
<br>
PGP Fingerprint:<br>
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE<br><br>
FOAF:<br>
<a href="http://foaf.brain-stream.org">http://foaf.brain-stream.org</a>
<br>
_______________________________________________<br>
Dataloss Mailing List (dataloss@attrition.org)<br>
<a href="http://attrition.org/dataloss">http://attrition.org/dataloss</a>
<br>
Tracking more than 143 million compromised records in 507 incidents over
6 years.<br><br>
<br><br>
<br><br>
</font><font size=3>_______________________________________________<br>
Dataloss Mailing List (dataloss@attrition.org)<br>
<a href="http://attrition.org/dataloss" eudora="autourl">
http://attrition.org/dataloss</a><br>
Tracking more than 143 million compromised records in 507 incidents over
6 years.</font></blockquote></body>
</html>