lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200403181603.AA540082418@tecman.com>
From: purdy at tecman.com (Curt Purdy )
Subject: Emailing SSN info

Tony Gettig wrote:
>Higher management wants to
>email a zipped data export (presumbably password protected) to a vendor
>that includes the Social Security Number for employees.

Yes, it's a bad idea.  Even if it is password, it can be cracked, just a matter of time.  If managment insists on this course, at least encrypt it with PGP or S/MIME.



--
Curt Purdy CISSP MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- Former White House cybersecurity adviser Richard Clarke 
--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ