<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=Windows-1252">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6487.1">
<TITLE>RE: [Dataloss] [follow-up] Boeing fires employee whose laptop wasstolen (fwd)</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=2>Mainstream press -- local newspapers and TV stations -- don't know the tech issues. But one would think that a good reporter would just ask, "How do you know?" It seems they don't, though.<BR>
<BR>
-- Kim Nash<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: dataloss-bounces@attrition.org on behalf of Adam Shostack<BR>
Sent: Fri 12/15/2006 1:28 PM<BR>
To: B.K. DeLong<BR>
Cc: dataloss@attrition.org<BR>
Subject: Re: [Dataloss] [follow-up] Boeing fires employee whose laptop wasstolen (fwd)<BR>
<BR>
<BR>
So how can we counter it? What's the counter-meme? <BR>
<BR>
"Why would you know?"<BR>
"Are your passwords better than Myspace?"<BR>
"What happens if I take out the disk and install it in another<BR>
machine?"<BR>
<BR>
(Those all stink--we need something snappy, snarky and memorable that<BR>
reporters will spring on people who deploy the smokescreen.)<BR>
<BR>
Adam<BR>
<BR>
<BR>
On Fri, Dec 15, 2006 at 08:17:44AM -0500, B.K. DeLong wrote:<BR>
| If you look through a lot of the dataloss articles, you'll see many<BR>
| media spokespersons claiming similarly that password protection is<BR>
| enough. Might be an interesting stat to track in the database.<BR>
|<BR>
| On 12/15/06, Roy M. Silvernail <roy@rant-central.com> wrote:<BR>
| > Gotta love this. security curmudgeon forwarded:<BR>
| ><BR>
| > > Even though the employee data was not encrypted, the laptop was turned<BR>
| > > off. That means the person who stole the computer would not be able to<BR>
| > > access the employee data without a password to open the computer once it<BR>
| > > was turned on.<BR>
| ><BR>
| > Wrong. As I pointed out on my blog<BR>
| > (<A HREF="http://www.rant-central.com/article.php?story=20060914170634681">http://www.rant-central.com/article.php?story=20060914170634681</A>),<BR>
| > that's purely a CYA statement with no basis in fact.<BR>
| ><BR>
| > How long will these outfits be able to get away with this smokescreen?<BR>
| > --<BR>
| > Roy M. Silvernail is roy@rant-central.com, and you're not<BR>
| > "It's just this little chromium switch, here." - TFT<BR>
| > CRM114->procmail->/dev/null->bliss<BR>
| > <A HREF="http://www.rant-central.com">http://www.rant-central.com</A><BR>
| > _______________________________________________<BR>
| > Dataloss Mailing List (dataloss@attrition.org)<BR>
| > <A HREF="http://attrition.org/dataloss">http://attrition.org/dataloss</A><BR>
| > Tracking more than 143 million compromised records in 507 incidents over 6 years.<BR>
| ><BR>
| ><BR>
| ><BR>
|<BR>
|<BR>
| --<BR>
| B.K. DeLong (K3GRN)<BR>
| bkdelong@pobox.com<BR>
| +1.617.797.8471<BR>
|<BR>
| <A HREF="http://www.wkdelong.org">http://www.wkdelong.org</A> Son.<BR>
| <A HREF="http://www.ianetsec.com">http://www.ianetsec.com</A> Work.<BR>
| <A HREF="http://www.bostonredcross.org">http://www.bostonredcross.org</A> Volunteer.<BR>
| <A HREF="http://www.carolingia.eastkingdom.org">http://www.carolingia.eastkingdom.org</A> Service.<BR>
| <A HREF="http://bkdelong.livejournal.com">http://bkdelong.livejournal.com</A> Play.<BR>
|<BR>
|<BR>
| PGP Fingerprint:<BR>
| 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE<BR>
|<BR>
| FOAF:<BR>
| <A HREF="http://foaf.brain-stream.org">http://foaf.brain-stream.org</A><BR>
| _______________________________________________<BR>
| Dataloss Mailing List (dataloss@attrition.org)<BR>
| <A HREF="http://attrition.org/dataloss">http://attrition.org/dataloss</A><BR>
| Tracking more than 143 million compromised records in 507 incidents over 6 years.<BR>
|<BR>
_______________________________________________<BR>
Dataloss Mailing List (dataloss@attrition.org)<BR>
<A HREF="http://attrition.org/dataloss">http://attrition.org/dataloss</A><BR>
Tracking more than 143 million compromised records in 507 incidents over 6 years.<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>