Re: [privacy] 93,754,333 Examples of Data Nonchalance

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 9/25/06, security curmudgeon <jericho () attrition org> wrote:
> : > So because the data was out of their control for over a month, but they
> : > happened to get the laptop back.. the data is just magically 'safe' and
> : > wasn't compromised? How do they know?
> :
> : Forensics. They released a statement saying that the data had not been
> : accessed.
> :
> : of course whether or not They were telling the truth is another matter..
>
> I steal your laptop, remove the drive, mirror it on my own system, put
> your drive back in your laptop and let you 'convenietly' find it a month
> later.
>
> What forensics will determine if I accessed your data?

Physical forensics come in handy when IT forensics cant be used.
Laptops... laptops..

damn, i just remembered that most laptops have that handy one-screw
removal of hdd's.

nevermind, I was wrong. there is no way of verifying the integrity of the data

-JP

> : > : system isnt flawed to begin with (I doubt very much that FDR was
> : > : concerned about Information Security), just that they drummed up the
> : > : numbers a little.
> : >
> : > Also remember that PRC does not track non US dataloss incidents.
> :
> : do non-us residents have ssn's ;-)
>
> No, but they have credit information and other PII that matters. Remember
> that each of the incidents on PRC or other archives don't necessarily
> reflect the theft of a SS#.
>
> _______________________________________________
> privacy mailing list
> privacy () whitestar linuxbox org
> http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy