[ISN] Swindle: 'Somebody Has Got to Pay'

InfoSec News isn at c4i.org
Fri May 20 01:11:25 EDT 2005

Forwarded from: *Hobbit* <hobbit at avian.org>

"Encrypted data breach" ??  What a load of crap.  If intruders have
gotten in far enough to grab the data, it is very likely they've gotten
in far enough to grab the keys, too.  Don't most compromises happen
at the user's desktop, where the first thing to go in is a keystroke
snatcher?  After which any "encrypted data" is just as valuable, it
just takes one more small step.

Leave the lazy corporate shucks a loophole like that, and they'll all
immediately respond to a breach by saying "the data was encrypted,
everything's okay, don't worry".  Yeah, right.  XORed against
0xFF, even if they paid *that* much attention, doesn't cut it.


More information about the ISN mailing list