[Dataloss] [follow-up] Boeing fires employee whose laptop wasstolen (fwd)

blitz blitz at strikenet.kicks-ass.net
Fri Dec 15 16:12:26 EST 2006


Its about as much assurance, as we get from a laptop being recovered, 
encrypted or not. Mirror the disk, hand the laptop back, fears 
subside, while you have all the time in the world to work on the 
data. In a year or so, random names in the data start having identity 
theft problems. The recovery of lost or stolen data should never be 
the end of the case. Period!



>That is one aspect of the typical corporate response to data theft 
>that irked me when I was writing about this topic for the latest 
>issue of Baseline. No company can ever really know that data wasn't 
>accessed or that thieves weren't after data, etc. -- a point on 
>which I quoted a forensics expert from Kroll.
>
>It *is* such a smokescreen.
>
>-- Kim Nash
>
>Link to the article: 
><http://www.baselinemag.com/article2/0,1540,2069952,00.asp>http://www.baselinemag.com/article2/0,1540,2069952,00.asp
>
>
>
>
>-----Original Message-----
>From:   dataloss-bounces at attrition.org on behalf of B.K. DeLong
>Sent:   Fri 12/15/2006 8:17 AM
>To:     Roy M. Silvernail
>Cc:     dataloss at attrition.org
>Subject:        Re: [Dataloss] [follow-up] Boeing fires employee 
>whose laptop wasstolen (fwd)
>
>If you look through a lot of the dataloss articles, you'll see many
>media spokespersons claiming similarly that password protection is
>enough. Might be an interesting stat to track in the database.
>
>On 12/15/06, Roy M. Silvernail <roy at rant-central.com> wrote:
> > Gotta love this.  security curmudgeon forwarded:
> >
> > > Even though the employee data was not encrypted, the laptop was turned
> > > off. That means the person who stole the computer would not be able to
> > > access the employee data without a password to open the computer once it
> > > was turned on.
> >
> > Wrong.  As I pointed out on my blog
> > 
> (<http://www.rant-central.com/article.php?story=20060914170634681>http://www.rant-central.com/article.php?story=20060914170634681),
> > that's purely a CYA statement with no basis in fact.
> >
> > How long will these outfits be able to get away with this smokescreen?
> > --
> > Roy M. Silvernail is roy at rant-central.com, and you're not
> > "It's just this little chromium switch, here." - TFT
> > CRM114->procmail->/dev/null->bliss
> > <http://www.rant-central.com>http://www.rant-central.com
> > _______________________________________________
> > Dataloss Mailing List (dataloss at attrition.org)
> > <http://attrition.org/dataloss>http://attrition.org/dataloss
> > Tracking more than 143 million compromised records in 507 
> incidents over 6 years.
> >
> >
> >
>
>
>--
>B.K. DeLong (K3GRN)
>bkdelong at pobox.com
>+1.617.797.8471
>
><http://www.wkdelong.org>http://www.wkdelong.org                    Son.
><http://www.ianetsec.com>http://www.ianetsec.com                    Work.
><http://www.bostonredcross.org>http://www.bostonredcross.org 
>Volunteer.
><http://www.carolingia.eastkingdom.org>http://www.carolingia.eastkingdom.org 
>Service.
><http://bkdelong.livejournal.com>http://bkdelong.livejournal.com 
>Play.
>
>
>PGP Fingerprint:
>38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE
>
>FOAF:
><http://foaf.brain-stream.org>http://foaf.brain-stream.org
>_______________________________________________
>Dataloss Mailing List (dataloss at attrition.org)
><http://attrition.org/dataloss>http://attrition.org/dataloss
>Tracking more than 143 million compromised records in 507 incidents 
>over 6 years.
>
>
>
>
>
>_______________________________________________
>Dataloss Mailing List (dataloss at attrition.org)
>http://attrition.org/dataloss
>Tracking more than 143 million compromised records in 507 incidents 
>over 6 years.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20061215/bd478157/attachment.html 


More information about the Dataloss mailing list