Educause Security Discussion mailing list archives
Re: File Hosting/Sharing Services [dropbox, mobile me, etc.]
From: Alexander Kurt Keller <alkeller () SFSU EDU>
Date: Fri, 14 Jan 2011 00:10:33 +0000
I have no direct input on "file hosting/sharing services for medical data", but bear in mind that many zip applications that support encryption do not encrypt the file names (zip header). the result is that a user can enumerate the file and directory names within the archive without a password. It is not hard to imagine a situation where the name of the encrypted file (perhaps containing a patient surname or #), within a particular context, would be in and of itself sensitive information. If this is unacceptable, TrueCrypt may be a better bet. Best, Alex Alex Keller Systems Administrator Academic Technology, San Francisco State University Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Nave Sent: Thursday, January 13, 2011 3:29 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] File Hosting/Sharing Services [dropbox, mobile me, etc.] I'm not very familiar with the requirements surrounding medical data, but the first thing that comes to mind is to just use a free file sharing service but encrypt the files before they are uploaded. 7zip offers AES encryption for zip and 7z files and I know there are a number of other simple programs that do the same. You could also use a truecrypt volume. --Adam On Thu, Jan 13, 2011 at 4:59 PM, Chris Kidd <chris.kidd () utah edu> wrote: Is anyone aware of a free or low-cost file sharing service in which the host cannot access the files? I have a solo medical practitioner who needs to share files between her and a peer and they have very basic IT infrastructure. What other options would you recommend in this case? Thanks in advance. Chris Chris Kidd Information Security and Privacy Office University of Utah 650 Komas Drive, Suite 102 Salt Lake City, UT 84108 Office: 801.587.9241 Cell: 801.747.9028 chris.kidd () utah edu http://www.secureit.utah.edu -- Adam Nave, CISSP Linux/Unix Systems Administrator Macalester College
Current thread:
- File Hosting/Sharing Services [dropbox, mobile me, etc.] Chris Kidd (Jan 13)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Adam Nave (Jan 13)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Alexander Kurt Keller (Jan 13)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Ben Marsden (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Justin Azoff (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Jeremy Vight (Jan 13)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Pratt, Benjamin E. (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Valdis Kletnieks (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Pratt, Benjamin E. (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Jones, Dan (Jan 13)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Russ Leathe (Jan 14)
- <Possible follow-ups>
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] John Hoffoss (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Valdis Kletnieks (Jan 14)
- Re: File Hosting/Sharing Services [dropbox, mobile me, etc.] Adam Nave (Jan 13)