Agreed. It's a bad idea. Why not scp it or another direct connect transfer. Like put it on a secured website locked down for the receiver to get to via IP and password.
-mwh -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Curt Purdy Sent: Thursday, March 18, 2004 2:04 PM To: [EMAIL PROTECTED]; Tony Gettig Subject: Re: [Full-Disclosure] Emailing SSN info Tony Gettig wrote: >Higher management wants to >email a zipped data export (presumbably password protected) to a vendor >that includes the Social Security Number for employees. Yes, it's a bad idea. Even if it is password, it can be cracked, just a matter of time. If managment insists on this course, at least encrypt it with PGP or S/MIME. -- Curt Purdy CISSP MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- Former White House cybersecurity adviser Richard Clarke -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
