[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Emailing SSN info
- To: <full-disclosure@xxxxxxxxxxxxxxxx>, "Tony Gettig" <GettigAM@xxxxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] Emailing SSN info
- From: "Ham, MichaelX" <michaelx.ham@xxxxxxxxx>
- Date: Thu, 18 Mar 2004 15:09:00 -0800
Agreed. It's a bad idea. Why not scp it or another direct connect
transfer. Like put it on a secured website locked down for the receiver
to get to via IP and password.
-mwh
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Curt Purdy
Sent: Thursday, March 18, 2004 2:04 PM
To: full-disclosure@xxxxxxxxxxxxxxxx; Tony Gettig
Subject: Re: [Full-Disclosure] Emailing SSN info
Tony Gettig wrote:
>Higher management wants to
>email a zipped data export (presumbably password protected) to a vendor
>that includes the Social Security Number for employees.
Yes, it's a bad idea. Even if it is password, it can be cracked, just a
matter of time. If managment insists on this course, at least encrypt
it with PGP or S/MIME.
--
Curt Purdy CISSP MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- Former White House cybersecurity adviser Richard Clarke
--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html