-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just had a backup of a PCI DSS DB uploaded via anon FTP for a server I'm working on. Can't get much more clueless than that considering that they had:
- - a valid login to an alternative secure sftp server. - - both my and their own GPG credentials to allow it to be encrypted. - - over 10 years experience as a 'system administrator' responsible for the companies PKI. The only mitigating factor was that the upload directory doesn't allow downloads, but it still went over the wire in the clear. Mike Preston [email protected] wrote: > Just had a gov agency send me an email that contained private and personal > info (not mine) > > Called em on it and they went oops > Sent via BlackBerry from T-Mobile > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkuWPEoACgkQvhwPecbXDdzQ6gCePVJzFmC6X6mMfCP3MH2Ur/Ad iUQAni09cSxF7uUXygbufZSKgfRwf7hm =G5eE -----END PGP SIGNATURE----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
