Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] search for encrypted information exchange




On Fri, 28 Aug 2009, Curt Sampson wrote:

On 2009-08-27 20:05 +0900 (Thu), Bruno Raoult wrote:

Geeks are focusing on laptops/encryption/etc..., while most people
data is in wallets, phones, am I wrong? This is my case.

Yes, I think you are wrong. There's a big difference between the
opportunity to do identity theft on one person who's aware that someone
else has his ID and other cards, adn the opportuntity to do it on
thousands or tens of thosuands (in the typical publicised laptop theft
scenarios) who have no idea that they're under attack.

I assumed that by "most people" Bruno was referring to folks like me who don't work for credit card companies and/or aren't stupid enough to carry their databases around with them -- folks whose laptop thefts will *never* be publicised because there's simply no story there.

I keep a few internal presentations on my laptop that would cause only minor inconvenience if they got out and *nothing* that would qualify as "secret". I do all my work behind a VPN and access files at home via SSH into my linux box (the passwords to which have to be entered every time and, as far as I know, aren't stored in non-volatile storage anywhere on the machine).

It's certainly possible that my passwords may well have been stored in DRAM at some point but if I lost my laptop and was concerned about the
possible theft or my passwords, I could change them in seconds.

So... what exactly is the threat in my case, besides the loss of some relatively expensive hardware? I think Bruno's point was that if you simply don't keep sensitive information on your laptop, there's little point in bending over backwards to keep what *is* there safe.

That argument obviously doesn't apply to the twit who decides to take his
company's entire credit-card database home with him after work. Isn't it possible that "security by common-sense" is just as good as encryption in many cases?

---
Joseph L (Joe) Larabell            Never fight with a dragon
http://larabell.org/                    for thou art crunchy
http://thelemicleague.org/        and goest well with cheese.


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links