Re: Oops

[Drsolly <drsollyp () drsolly com>]

I read in the newspaper that it wasn't encrytped. I don't really 
understand what "password protected" means if it isn't encrypted.

And apparently, according to the Opposition, this was all sanctioned at a 
pretty senior level. Which sounds plausible to me - surely even a junior 
clerk would know that you don't send 25 million people-details to another 
department, without the right authorities?

On Thu, 22 Nov 2007, Nick FitzGerald wrote:

> Drsolly wrote:
>
> > The Inland revenue have lost CDs containing the names, addresses, National 
> > Insurance Number and bank details, for about half the population of the 
> > country.
> >
> > http://news.bbc.co.uk/1/hi/uk_politics/7104840.stm
>
> But note -- "password-protected" CDs.
>
> OK, so some junior-ish clerks broke protocol and didn't use receipt-
> required courier tracking (and maybe didn't use a suitably secure 
> courier service?), BUT the big issue is how strong is the "password 
> protected" bit of this?
>
> Unlike so many other recent data loss incidents, it seems that at least 
> the data is encrypted which means (if this bit was done properly _AND_ 
> the proper procedure was well-designed) that there is actually no 
> _data_ loss.  "Noise loss" maybe, but no meaningful data loss.
>
> The authorities though don't seem to be stressing this so maybe the 
> "password protection" bit of this is known to be not very effective?
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.