PWNED!!!
- Lothar
- DBB Ghost Admin
- Posts: 12133
- Joined: Thu Nov 05, 1998 12:01 pm
- Location: I'm so glad to be home
- Contact:
Something similar happened recently at Boeing... a top exec's laptop was stolen. The laptop had financial data for something like 100,000 employees. The company had to spend a hell of a lot of money ensuring those 100,000 people had an extra layer of fraud protection in place.
Getting caught with that laptop would be really, really bad for you.
Getting caught with that laptop would be really, really bad for you.
Did you guys hear about the nurse here in Portland that got her laptop stolen out of her car? Had the personal data of 365,000 patients on it! o_0 ...one of which was my wife. There are a lot of questions concerning this whole thing and so far very few answers have surfaced. One of these patients have filed a class ation suit...without having incurred any \"damage\". Stupid Americans.
- Kilarin
- DBB Fleet Admiral
- Posts: 2403
- Joined: Wed Aug 07, 2002 2:01 am
- Location: South of Ft. Worth Texas
This entire issue does not NEED to be an issue.
I highly recommend TrueCrypt. It's a FREE, open source application that allows you to create encrypted drives. Windows sees and treats the encrypted drives as if they were just another hard drive on your system. You can browse them with windows explorer, drag and drop files onto them, save data into them from any application. BUT, unless you know the correct password to type at boot-up, the entire drive is just so much garbage.
If you lose your laptop, you've lost your investment, and, if you don't have a backup, you've lost your data. But if you kept all of your personal information within a TrueCrypt encrypted drive, you haven't actually exposed your data to any outside source. No one but you will be able to get at that information.
I highly recommend TrueCrypt. It's a FREE, open source application that allows you to create encrypted drives. Windows sees and treats the encrypted drives as if they were just another hard drive on your system. You can browse them with windows explorer, drag and drop files onto them, save data into them from any application. BUT, unless you know the correct password to type at boot-up, the entire drive is just so much garbage.
If you lose your laptop, you've lost your investment, and, if you don't have a backup, you've lost your data. But if you kept all of your personal information within a TrueCrypt encrypted drive, you haven't actually exposed your data to any outside source. No one but you will be able to get at that information.
Re:
The best way to ensure that data isn't lost is never to have on it on the laptop to begin with. Encryption isn't a solution here, as it won't stop the determined.Kilarin wrote:But if you kept all of your personal information within a TrueCrypt encrypted drive, you haven't actually exposed your data to any outside source. No one but you will be able to get at that information.
- Lothar
- DBB Ghost Admin
- Posts: 12133
- Joined: Thu Nov 05, 1998 12:01 pm
- Location: I'm so glad to be home
- Contact:
Re:
I don't see anyone blaming the teacher.Ferno wrote:But the fact remains, the student did something wrong and you guys are blaming the teacher.
I do see some people suggesting ways the rest of us can protect our data. We don't know if the teacher was using such methods. He never says "the drive was encrypted" or "the drive wasn't encrypted"; he only says "you'd better be able to prove to me there aren't any copies out there".
Re:
TrueCrypt uses the bestest symmetric crypto algorithms. You'd not just have to be determined, but also well-funded or at least have your own botnet to crack them.fliptw wrote:The best way to ensure that data isn't lost is never to have on it on the laptop to begin with. Encryption isn't a solution here, as it won't stop the determined.
- Kilarin
- DBB Fleet Admiral
- Posts: 2403
- Joined: Wed Aug 07, 2002 2:01 am
- Location: South of Ft. Worth Texas
Even that would be a very iffy thing, assuming the password was chosen well. AES has no known cracks, and brute forcing a large key is a "longer than the lifetime of the universe" problem.Genghis wrote:TrueCrypt uses the bestest symmetric crypto algorithms. You'd not just have to be determined, but also well-funded or at least have your own botnet to crack them.
No, I'm not saying it's perfect, just that anyone who wanted what was on a truecrypt drive would have a MUCH easier time beating the snot out of you to get the password instead of trying to crack it.
And even THAT wouldn't work if you used the hidden volume system. TrueCrypt is a very solid implimentation of modern cryptography, IMHO.
Re:
Lothar wrote:I do see some people suggesting ways the rest of us can protect our data. We don't know if the teacher was using such methods. He never says "the drive was encrypted" or "the drive wasn't encrypted"; he only says "you'd better be able to prove to me there aren't any copies out there".
while protecting one's data is true, it has the underlying tone that this event would not have happened if he took these steps to protect his data.
- Lothar
- DBB Ghost Admin
- Posts: 12133
- Joined: Thu Nov 05, 1998 12:01 pm
- Location: I'm so glad to be home
- Contact:
Re:
Where do you get that idea?Ferno wrote:Lothar wrote:I do see some people suggesting ways the rest of us can protect our data. We don't know if the teacher was using such methods. He never says "the drive was encrypted" or "the drive wasn't encrypted"; he only says "you'd better be able to prove to me there aren't any copies out there".
while protecting one's data is true, it has the underlying tone that this event would not have happened if he took these steps to protect his data.
I haven't heard anyone say "this guy didn't protect his data" or even hint at it, except perhaps Kilarin's suggestion that data compromise need not be an issue.
I don't see anything in the video that indicates it really was. Only that stealing such data (even if it's encrypted) is a really really really serious thing. It might be encrypted so well that nobody will ever be able to actually read it... but that's not the issue.
- Kilarin
- DBB Fleet Admiral
- Posts: 2403
- Joined: Wed Aug 07, 2002 2:01 am
- Location: South of Ft. Worth Texas
I didn't mean to imply that this in any way excused theft. It doesn't. But it is, in my opinion, irresponsible to carry around a laptop with sensitive data that has not been encrypted. Especially if it is other peoples sensitive data. (referring specifically to the Boeing and Portland examples)Lothar wrote:I haven't heard anyone say "this guy didn't protect his data" or even hint at it, except perhaps Kilarin's suggestion that data compromise need not be an issue.