I read in the newspaper that it wasn't encrytped. I don't really understand what "password protected" means if it isn't encrypted.
And apparently, according to the Opposition, this was all sanctioned at a pretty senior level. Which sounds plausible to me - surely even a junior clerk would know that you don't send 25 million people-details to another department, without the right authorities? On Thu, 22 Nov 2007, Nick FitzGerald wrote: > Drsolly wrote: > > > The Inland revenue have lost CDs containing the names, addresses, National > > Insurance Number and bank details, for about half the population of the > > country. > > > > http://news.bbc.co.uk/1/hi/uk_politics/7104840.stm > > But note -- "password-protected" CDs. > > OK, so some junior-ish clerks broke protocol and didn't use receipt- > required courier tracking (and maybe didn't use a suitably secure > courier service?), BUT the big issue is how strong is the "password > protected" bit of this? > > Unlike so many other recent data loss incidents, it seems that at least > the data is encrypted which means (if this bit was done properly _AND_ > the proper procedure was well-designed) that there is actually no > _data_ loss. "Noise loss" maybe, but no meaningful data loss. > > The authorities though don't seem to be stressing this so maybe the > "password protection" bit of this is known to be not very effective? > > > Regards, > > Nick FitzGerald > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
