lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: dave at (Dave Horsfall)
Subject: InfoSec sleuths beware ...

On Thu, 19 Feb 2004, Calum wrote:

> > Am I the only one to have noticed that the unzipped contents neatly fit on
> > a CD?  Not arguing one way or the other, but it does suggest a possible
> > vector.  Accidental?  I doubt it.
> If that was the way that the files were leaked, surely it would have been the
> zip that was ~650 Mb?

Not if the perp had a limited window of opportunity...

Let's say he knew he was about to be shown the door, for example.  He
fires up a GUI, clicks on the juciest directories until he gets 650Mb,
writes the CD, then pockets it.  Later, he zips it at his leisure.  That
way, there's no incriminating watermarks or the like.

It's what *I* would do, after all.

-- Dave

Powered by blists - more mailing lists