funsec mailing list archives
RE: Oops
From: "David Harley" <david.a.harley () gmail com>
Date: Wed, 21 Nov 2007 12:46:59 -0000
OK, so some junior-ish clerks broke protocol and didn't use receipt- required courier tracking (and maybe didn't use a suitably secure courier service?),
It was suggested on a news programme that they actually popped it into internal mail, so it's likely to be sitting somewhere at the bottom of a postie's sack or a pile in a sorting office, if it isn't in a departmental black hole.
it seems that at least the data is encrypted which means (if this bit was done properly _AND_ the proper procedure was well-designed)
Too many ifs for comfort. :-/
that there is actually no _data_ loss. "Noise loss" maybe, but no meaningful data loss.
You could say the same if the disks are simply "lost in the post."
The authorities though don't seem to be stressing this so maybe the "password protection" bit of this is known to be not very effective?
I'd guess that the "public face of government" doesn't know about the quality of the encryption. There are applicable guidelines and standards prescribed by central government, but they won't necessarily even be accessible at junior (or even senior) level in a specific department. The UK government (in the sense of the permanent establishment rather than the prevailing party-in-power) has an entrenched culture of secrecy which often works against it. Not an invitation to a political debate: just a personal observation... -- David Harley AVIEN Interim Administrator: http://www.avien.org http://www.smallblue-greenworld.co.uk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Oops Drsolly (Nov 20)
- RE: Oops David Harley (Nov 23)