| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Aug 2006 11:50:58 -0500 From: Bob Radvanovsky <rsradvan@...xworks.net> To: J. Oquendo <sil@...iltrated.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: New Laptop Polices I was always under the impression that BIOS security features could always be circumvented. See further comments below... -r ----- Original Message ----- From: J. Oquendo [mailto:sil@...iltrated.net] To: Bob Radvanovsky [mailto:rsradvan@...xworks.net] Cc: "Cullen, Michael" [mailto:michael.cullen@...sic.com], full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] New Laptop Polices > Bob Radvanovsky wrote: > > You mean the fact that you are *erquired* now to *check* your laptop along > with your baggage? Take into account that most laptops aren't easy to > remove the hard disk drives, and that most laptops of corporate and/or > government executives contain either sensitive or classified information, I > don't seriously think that the UK government, nor its corporations, have > taken into consideration all of the consequences involved. Take for example > the ongoing issues of laptops mysteriously disappearing (esp. the Veteran's > Administration...I lost count, how many has it been, 5 times?) that contains > spreadsheets and/or databases that contains *private* information. > > > > You're confusing two things here. What one corporation and their > policies concerning securing information have to do with his initial > question is obsolete. I'm under the impression of his message he didn't > mean the safety of his data. But in case he did then he needs a lot of > reading to do going back in time to days of the rainbow series books. You may be right, but I was confused as to what his objectives were here, of which, one of the more important aspects should be "data security", so this raises a *whole* can 'o worms. > > The UK needs to consider the implications about *how* they will cover the > loss of financial, sensitive or classified information... > > > > > I don't believe (again) this was his initial question, whether or not > the officials in the airline industry give a rats rear of whether or not > corporate/private data is secure. True, a moot point. > > Just my 2 cents worth, which by today's standards doesn't even get you a > piece of gum any more...sad, isn't it? > > > > -r > > > > P.S. I think that corporations now need to state that corporate > executives should NOT have corporate data on their hard disk drives; further > locking down corporate assets. I think that they should make it easier for > the removal of hard disk drives to be removed so they aren't stolen. > > > > > And you hope to accomplish this how? I can agree that data needs to be > minimized but there are plenty of options available to completely lock > down any laptop from the BIOS on up so I fail to see what you were truly > hoping to state. Actually, wasn't there a mention about a self-destructing DVD just recently? This would be worthwhile to investigate into, or the other idea about imaging the laptop in case it's stolen or damaged during transport. > > ==================================================== > J. Oquendo > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 > GPG Key ID 0x1383A743 > Fingerprint: > 7B02 28CF 24D3 ACA7 9907 789A 8772 7736 1383 A743 > 26:0608031813:J. Oquendo::fNaE6zH/HDTggYKS:005zLMj > > sil . infiltrated @ net > http://www.infiltrated.net > > > The happiness of society is the end of government. > John Adams > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists