[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Emailing SSN info

To: <full-disclosure@xxxxxxxxxxxxxxxx>, "Tony Gettig" <GettigAM@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Emailing SSN info
From: "Curt Purdy " <purdy@xxxxxxxxxx>
Date: Thu, 18 Mar 2004 16:03:57 -0600

Tony Gettig wrote:
>Higher management wants to
>email a zipped data export (presumbably password protected) to a vendor
>that includes the Social Security Number for employees.

Yes, it's a bad idea.  Even if it is password, it can be cracked, just a matter 
of time.  If managment insists on this course, at least encrypt it with PGP or 
S/MIME.

--
Curt Purdy CISSP MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- Former White House cybersecurity adviser Richard Clarke 
--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Re: Microsoft Security, baby steps ?
Next by Date: RE: [Full-Disclosure] Emailing SSN info
Previous by thread: Re: [Full-Disclosure] Emailing SSN info
Next by thread: RE: [Full-Disclosure] Emailing SSN info
Index(es):
- Date
- Thread