[Dataloss] (article) "We recovered the laptop!" ... so what?

Adam Shostack adam at homeport.org
Tue Feb 13 10:57:31 EST 2007 

Speaking for myself here.  As I understand things:

Certain versions of Vista (I think Ultimate and Enterprise) include
Bitlocker whole drive encryption.  It's not on by default because of issues
about key management.  So just upgrading to Vista, in and of itself,
doesn't change anything.

Bitlocker itself has a bunch of modes, ranging from keys stored in a 
TPM and unlocked with a PIN, to keys stored on the hard drive and
unlocked with a password.  How you actually protect the encryption
keys might be seen as important.  I don't know if anyone has done a
comparison against state laws.

Adam

On Tue, Feb 13, 2007 at 07:34:43AM -0500, Herve Roggero wrote:
| Let me give an example: If I do business in California, and my unencrypted
| laptop gets stolen with 100,000 SSNs in it, stored in clear text. I need to
| disclose this loss and reach out to 100,000 people to comply with SB 1386.
| 
| Now, if I upgrade my laptops to MS Vista, can I get away with it?
| 
|  
| 
| I?m only asking as I am seeing an interesting response from CXO individuals
| looking at MS Vista as a solution to their laptop/legal issues. If there is no
| official technical workaround to this encryption and it takes thousands or
| millions of years to crack, then it may fall under the ?reasonable? steps to
| protect information and become a powerful tool for businesses looking to
| comply.
| 
|  
| 
| Thank you
| 
| Herve Roggero
| 
| Managing Partner, Pyn Logic LLC
| 
| Cell: 561 236 2025
| 
| Visit www.pynlogic.com
| 
| -------------------------------------------------------------------------------
| 
| From: blitz [mailto:blitz at strikenet.kicks-ass.net]
| Sent: Monday, February 12, 2007 8:14 PM
| To: Herve Roggero
| Cc: dataloss at attrition.org
| Subject: RE: [Dataloss] (article) "We recovered the laptop!" ... so what?
| 
|  
| 
| Ok, so youve got a copy of an encrypted disk to crack at your leisure. The data
| is still compromised and in someone elses hands, and they have no idea if its
| secure or not.
| That still counts as a loss in my book.
| 
| At 08:54 2/12/2007, you wrote:
| 
| 
| Hi everyone
| 
| This thead is very interesting. All techniques so far deal with reading data at
| a low level. Will Windows Vista prevent techniques such as Symantec Ghost? I
| understand that Vista performs bit-level encryption with its BitLocker
| technology.
| 
| Thanks.
| 
| Herve Roggero
| Managing Partner
| Pyn Logic LLC
| Visit www.pynlogic.com
| 

| _______________________________________________
| Dataloss Mailing List (dataloss at attrition.org)
| http://attrition.org/dataloss
| Tracking more than 148 million compromised records in 573 incidents over 7 years.

More information about the Dataloss mailing list