| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <96E39AF1B99FDC47A38DDAB22C3E70CA2C99B6@orsmsx408.jf.intel.com> From: michaelx.ham at intel.com (Ham, MichaelX) Subject: Emailing SSN info Agreed. It's a bad idea. Why not scp it or another direct connect transfer. Like put it on a secured website locked down for the receiver to get to via IP and password. -mwh -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Curt Purdy Sent: Thursday, March 18, 2004 2:04 PM To: full-disclosure@...ts.netsys.com; Tony Gettig Subject: Re: [Full-Disclosure] Emailing SSN info Tony Gettig wrote: >Higher management wants to >email a zipped data export (presumbably password protected) to a vendor >that includes the Social Security Number for employees. Yes, it's a bad idea. Even if it is password, it can be cracked, just a matter of time. If managment insists on this course, at least encrypt it with PGP or S/MIME. -- Curt Purdy CISSP MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- Former White House cybersecurity adviser Richard Clarke -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists