Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Emailing SSN info
From: "Ham, MichaelX" <michaelx.ham () intel com>
Date: Thu, 18 Mar 2004 15:09:00 -0800



Agreed.  It's a bad idea.  Why not scp it or another direct connect
transfer. Like put it on a secured website locked down for the receiver
to get to via IP and password.  

-mwh



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Curt Purdy 
Sent: Thursday, March 18, 2004 2:04 PM
To: full-disclosure () lists netsys com; Tony Gettig
Subject: Re: [Full-disclosure] Emailing SSN info

Tony Gettig wrote:
Higher management wants to
email a zipped data export (presumbably password protected) to a vendor
that includes the Social Security Number for employees.

Yes, it's a bad idea.  Even if it is password, it can be cracked, just a
matter of time.  If managment insists on this course, at least encrypt
it with PGP or S/MIME.



--
Curt Purdy CISSP MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- Former White House cybersecurity adviser Richard Clarke 
--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]