Re: [Full-Disclosure] Emailing SSN info

From: Curt Purdy (purdy_at_tecman.com)
Date: 03/18/04

  • Next message: morning_wood: "Re: [Full-Disclosure] HOTMAIL / PASSPORT: phishing expedition"
    To: <full-disclosure@lists.netsys.com>, "Tony Gettig" <GettigAM@kalamazoo.k12.mi.us>
    Date: Thu, 18 Mar 2004 16:03:57 -0600
    
    

    Tony Gettig wrote:
    >Higher management wants to
    >email a zipped data export (presumbably password protected) to a vendor
    >that includes the Social Security Number for employees.

    Yes, it's a bad idea. Even if it is password, it can be cracked, just a matter of time. If managment insists on this course, at least encrypt it with PGP or S/MIME.

    --
    Curt Purdy CISSP MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions
    ----------------------------------------
    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- Former White House cybersecurity adviser Richard Clarke 
    --
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: morning_wood: "Re: [Full-Disclosure] HOTMAIL / PASSPORT: phishing expedition"

    Relevant Pages

    • Bush junta loses again
      ... They insisted on doing away with many civil service protections ... After a lot of pulling and hauling, the Bushitters prevailed and employees ... -- Lost on social security ... deploying workers and in negotiating with unions if they are to enhance ...
      (alt.politics)
    • Re: Basic Windows Security Question
      ... > Suppose you have a small company of less than 100 employees. ... in that thumb drives are currently maxing in the 1GB range, ... organizations security policy. ...
      (Security-Basics)
    • Re: << SBS News this week 7/25/2004>>
      ... > Homeland security has become a key issue in the US. ... > the Virginia Cyber-Crime Strike Force. ... > Fifteen employees at Los Alamos National Laboratory ... > networks is urgently required but agreed to work ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: << SBS News this week 7/25/2004>>
      ... > Homeland security has become a key issue in the US. ... > the Virginia Cyber-Crime Strike Force. ... > Fifteen employees at Los Alamos National Laboratory ... > networks is urgently required but agreed to work ...
      (microsoft.public.windows.server.sbs)
    • Re: << SBS News this week 7/25/2004>>
      ... >> Homeland security has become a key issue in the US. ... >> the Virginia Cyber-Crime Strike Force. ... >> Fifteen employees at Los Alamos National Laboratory ... >> networks is urgently required but agreed to work ...
      (microsoft.public.windows.server.sbs)