Information Security News: Re: Swindle: 'Somebody Has Got to Pay'

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Information Security News mailing list archives

Re: Swindle: 'Somebody Has Got to Pay'

From: InfoSec News <isn () c4i org>
Date: Fri, 20 May 2005 00:11:25 -0500 (CDT)

Forwarded from: *Hobbit* <hobbit () avian org>

"Encrypted data breach" ??  What a load of crap.  If intruders have
gotten in far enough to grab the data, it is very likely they've gotten
in far enough to grab the keys, too.  Don't most compromises happen
at the user's desktop, where the first thing to go in is a keystroke
snatcher?  After which any "encrypted data" is just as valuable, it
just takes one more small step.

Leave the lazy corporate shucks a loophole like that, and they'll all
immediately respond to a breach by saying "the data was encrypted,
everything's okay, don't worry".  Yeah, right.  XORed against
0xFF, even if they paid *that* much attention, doesn't cut it.

_H*



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org

By Date By Thread

Current thread:

Swindle: 'Somebody Has Got to Pay' InfoSec News (May 18)
- <Possible follow-ups>
- Re: Swindle: 'Somebody Has Got to Pay' InfoSec News (May 20)