July 16, 2011 at 3:11 pm
Comments posted to this topic are about the item How Many Times Will This Happen?
July 16, 2011 at 4:56 pm
Do you seriously think government should pass another law... and that will fix people's stupidity? We already have laws against practically everything... peaople still steal... they still rape... they still drive drunk and they still do stupid things.
I think we need to stop looking to government for answers to all of our problems.... many of which are cause by government in the first place.
The probability of survival is inversely proportional to the angle of arrival.
July 17, 2011 at 11:35 am
Laws aren't necessarily about stopping behavior, but they can exist to provide recourse when someone does make a mistake.
We've proven nicely that many companies don't want to take responsibility for their mistakes in this area, and it's spread to the point where every company in an industry, such as banking, doesn't bother.
Government isn't always the answer, and we definitely have too much regulation in places, but requiring minimum bars at the outside of a framework makes sense to me.
July 17, 2011 at 12:47 pm
Steve Jones - SSC Editor (7/17/2011)
Laws aren't necessarily about stopping behavior, but they can exist to provide recourse when someone does make a mistake.
Traditionally, that is what laws use to be for, to protect citizens and provide them recourse when their individual rights were violated. Most laws today are have little or nothing to do with that concept.
Steve Jones - SSC Editor (7/17/2011)
We've proven nicely that many companies don't want to take responsibility for their mistakes in this area, and it's spread to the point where every company in an industry, such as banking, doesn't bother.
The banking industry is a very poor example. That particular industry is so deeply in bed with government (and government in bed with it) that they were able to get completely bailed out... and Bernanke is perfectly willing to print money forever until its time for him to retire on a multi-giga-buck retirement package that taxpayers (if there are any of them left) will pay for.
Can you name me one Banking Official that has gone to jail, or much less brought to trial? Or, how about the public officials (Barney Frank, Chris Dodd...etc. etc.) who were ranking members of the House and Senate Banking commissions respectively, who had total oversight of the banking industry and Fannie Mae & Freddie Mack for years? How about Geightner.... the guy who couoldn't even figure out how to fill out his own taxes correctly for 3 years, what answers does he have? (I know, we should raise the debt ceiling so we can borrow more money that he can spend).
Steve Jones - SSC Editor (7/17/2011)
Government isn't always the answer, and we definitely have too much regulation in places, but requiring minimum bars at the outside of a framework makes sense to me.
Government is seldom the answer. Our Constitution was founded on the the power of the individual, not government. The size and power of government today is bigger than it ever has been and things are pretty much as bad as they have ever been, with no end in sight. More than half of the jobs "created" in the past two years are government jobs. Is that a good thing? Do those people produce a product or do they just consume capital that American could use to better their own lives... or start a business... or expand a business.
The probability of survival is inversely proportional to the angle of arrival.
July 17, 2011 at 1:04 pm
Encryption of data is purely the organizations purview, if a company feels the data residing on laptops and tapes need to be encrypted then they should implement it without having to wait for a law.
I know for a fact that companies dealing in Defense contracts have to have encrypted data as a rule for the rest its simply a matter of choice.
However IT could drive another approach; with high speed internet and cloud tech we could no longer need to store data in local drives. However the question then would be who will keep an eye on the people who store our data, probably then we would need regulation to protect not just from the third party provided but against a number of 3 letter organizations.
July 18, 2011 at 5:34 am
Two years worth of work and they didn't have it backed up?
July 18, 2011 at 7:18 am
Jayanth_Kurup (7/17/2011)
However IT could drive another approach; with high speed internet and cloud tech we could no longer need to store data in local drives. However the question then would be who will keep an eye on the people who store our data, probably then we would need regulation to protect not just from the third party provided but against a number of 3 letter organizations.
Except there are certain types of data that none of the major clouds can take. Patient data for example. And call me suspicious but if a cloud can't take patient data due to HIPPA, which is mostly privacy, what auditing/privacy restrictions are they missing that could end up being a security hole? There are HIPPA compliant clouds out there but none of the majors are to my knowledge.
July 18, 2011 at 8:46 am
lewandot (7/18/2011)
Two years worth of work and they didn't have it backed up?
That was my first thought too.
On the subject of "there ought to be a law", actually, there would have to some sort of enforceable international treaty, because laptops don't just get lost in one country, and they don't just get "should be secure" data put on them in one country. As far as enforceability of international treaties on related subjects, ask Microsoft how that's going with regard to stopping software piracy in ... oh ... China or someplace like that.
Banks will start paying attention to this when some major bank loses a few billion over a security breach. Even then, assume that taxpayers will actually cover the cost, so they might not bother.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
July 18, 2011 at 8:52 am
Jayanth_Kurup (7/17/2011)
Encryption of data is purely the organizations purview, if a company feels the data residing on laptops and tapes need to be encrypted then they should implement it without having to wait for a law.
What if the end users feel their data should be encrypted wherever it is, but the many companies and subcontractors don't want to pay for the cost, the time, or the efficiency hit, don't want to raise prices to compensate... and don't want any of those show up on their quarterly financials?
July 18, 2011 at 8:55 am
Steve Jones - SSC Editor (7/17/2011)
Laws aren't necessarily about stopping behavior, but they can exist to provide recourse when ....
No, this just creates a whole new breed of ambulance chasers. And the response to every problem becomes more lawsuits. We have a nation overburdened with legal blame pointing.
Not everything needs to be encrypted, not everything needs Fort Knox standards of protection. In fact failure to back up is more of a threat to casual computer users. My company laptop is equipped with Pointsec (not my favorite). On my home computer I have both encrypted and unencrypted directories.
...
-- FORTRAN manual for Xerox Computers --
July 18, 2011 at 10:53 am
How much of identity theft is the fact that companies will give a loan to anyone who calls them on the phone? You can call a bank and ask for a car loan with someone else's information. They never see you, never check out who you are. Just punch some numbers in the computer and they get a credit score. The responsibility should be pushed from the individual to the companies that are allowing thieves to use fraudulent means to get money.
July 18, 2011 at 11:38 am
Hey with the technology we have today nobody should be getting away with stealing a laptop. My work actually have a lojack type system and had one stolden. They just watch everything that was happing including the idiot logging into all their account stuff on a stolden laptop and "BANG" Busted.
July 18, 2011 at 11:53 am
Another vote against addressing this with more legislation and regulation.
Regulations are rarely flexible enough to allow for reasonable distinctions, and always have unintended consequences.
There are plenty of established best-practices out there to guide legal recourse. We don't need the heavy, stupid, hand of government involved in making private technological decisions.
July 18, 2011 at 12:27 pm
bopeavy (7/18/2011)
Hey with the technology we have today nobody should be getting away with stealing a laptop. My work actually have a lojack type system and had one stolden. They just watch everything that was happing including the idiot logging into all their account stuff on a stolden laptop and "BANG" Busted.
Nobody who's an idiot, perhaps. Steal laptop, remove drive, image drive to your own storage medium for offline analysis and selling/publishing proprietary data. Optional: Sell pieces afterwards. Optional: low level format and reinsert drive for a reinstall without software based "lojack". Optional: Use laptop without connecting to a network ever again. Optional: install "Evil Maid" software, return laptop, wait to capture the full disk encryption password, retrieve full disk encryption password directly or remotely, then decrypt the previously made drive image (Optional Optional: remove "Evil Maid" software before laptop gets back to the parent company, so they don't have much, if anything, to notice).
Data protection from even a single competent adversary is a very difficult task, progressing in analogy from "lock your doors when you're away" to "... and when you're present" to "... and ground floor windows" to "... and basement/upper floor windows" to "... and have an alarm on the doors and windows" to "... and protect against power tools used against your walls" to "... and protect against an SUV rammed through the walls" to, eventually "... and against purely destructive military attacks [DDoS, as an analogy]".
July 18, 2011 at 12:30 pm
Nadrek (7/18/2011)
Nobody who's an idiot, perhaps. Steal laptop, remove drive, image drive to your own storage medium for offline analysis and selling/publishing proprietary data. Optional: Sell pieces afterwards. Optional: low level format and reinsert drive for a reinstall without software based "lojack". Optional: Use laptop without connecting to a network ever again. Optional: install "Evil Maid" software, return laptop, wait to capture the full disk encryption password, retrieve full disk encryption password directly or remotely, then decrypt the previously made drive image (Optional Optional: remove "Evil Maid" software before laptop gets back to the parent company, so they don't have much, if anything, to notice).
Not software based lojack it is a firmware based. So install all you want...You would never want a software based lojack system just because of what you are talking about.
Viewing 15 posts - 1 through 15 (of 22 total)
You must be logged in to reply to this topic. Login to reply