Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Emailing SSN info
From: "Curt Purdy " <purdy () tecman com>
Date: Thu, 18 Mar 2004 16:03:57 -0600

Tony Gettig wrote:
Higher management wants to
email a zipped data export (presumbably password protected) to a vendor
that includes the Social Security Number for employees.

Yes, it's a bad idea.  Even if it is password, it can be cracked, just a matter of time.  If managment insists on this 
course, at least encrypt it with PGP or S/MIME.

Information Security Engineer
DP Solutions

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- Former White House cybersecurity adviser Richard Clarke 

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]