Re: [Full-Disclosure] Emailing SSN info
From: Curt Purdy (purdy_at_tecman.com)
Date: 03/18/04
- Previous message: Curt Purdy : "RE: [Full-Disclosure] Re: Microsoft Security, baby steps ?[Scanned] [Scanned] [Scanned]"
- Maybe in reply to: Tony Gettig: "[Full-Disclosure] Emailing SSN info"
- Next in thread: Exibar: "Re: [Full-Disclosure] Emailing SSN info"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com>, "Tony Gettig" <GettigAM@kalamazoo.k12.mi.us> Date: Thu, 18 Mar 2004 16:03:57 -0600
Tony Gettig wrote:
>Higher management wants to
>email a zipped data export (presumbably password protected) to a vendor
>that includes the Social Security Number for employees.
Yes, it's a bad idea. Even if it is password, it can be cracked, just a matter of time. If managment insists on this course, at least encrypt it with PGP or S/MIME.
-- Curt Purdy CISSP MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- Former White House cybersecurity adviser Richard Clarke -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Curt Purdy : "RE: [Full-Disclosure] Re: Microsoft Security, baby steps ?[Scanned] [Scanned] [Scanned]"
- Maybe in reply to: Tony Gettig: "[Full-Disclosure] Emailing SSN info"
- Next in thread: Exibar: "Re: [Full-Disclosure] Emailing SSN info"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
