Dummys guide to misplacing 25 million peoples' bank details

[DRuM]

2 CD's should do it. Oops..

http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm

[PhoeniX]

You'd imagine it would be encrypted to a pretty high level so it would be fairly impossible to recover the data (unless they used a weak password)

[DRuM]

You'd imagine it would be encrypted to a pretty high level so it would be fairly impossible to recover the data (unless they used a weak password)

I would have thought so too. But I dunno, aren't there computer whizzkids about that could crack something like that?

[seremtan]

He urged the government to "get a grip" and said it was the "final blow for the ambitions of this government to create a national ID database" as "they simply can not be trusted with people's personal information".

damn right

[plained]

you'd think theyd have a 24 hour disk by now

look what they could charge for it

[R00k]

What the hell kind of auditing organization asks you to send people's personal data to them on a disk in the mail?

[mrd]

What the hell kind of auditing organization asks you to send people's personal data to them on a disk in the mail?

Exactly the same thing I was wondering

Seems pretty high-tech to me.

[Foo]

You'd imagine it would be encrypted to a pretty high level so it would be fairly impossible to recover the data (unless they used a weak password)

I would have thought so too. But I dunno, aren't there computer whizzkids about that could crack something like that?

Not if it's done properly.

Chances are it wasn't.

[seremtan]

What the hell kind of auditing organization asks you to send people's personal data to them on a disk in the mail?

if you read the article it was meant to go via TNT special delivery not normal post. some junior dickmonkey fucked up

[werldhed]

I'm more interested in the guy who is saying you need to get out of the stone age and use something less ancient than CDs. Like what? HDDVDs? Flash drives? Email? How are any of those going to be more secure than a CD?

[PhoeniX]

I don't see why they can't transfer it over the Internet, a couple of disks wouldn't take long to transfer, and I'll be surprised if they don't have secure VPN tunnels between their offices.

[DRuM]

Not if it's done properly.

Chances are it wasn't.

They interviewed an ex hacker on TV tonight. When he was 13 he hacked into some of the UK's biggest companies. Now he's 18 and reformed. They gave him a passworded CD which he hacked in 4 seconds, suggesting he would have no problem in hacking the missing CD's whatever the encryption level.

[R00k]

if you read the article it was meant to go via TNT special delivery not normal post. some junior dickmonkey fucked up

PhoeniX got a little closer to what I was trying to say:

I don't see why they can't transfer it over the Internet, a couple of disks wouldn't take long to transfer, and I'll be surprised if they don't have secure VPN tunnels between their offices.

There really isn't any reason for companies to be sending personal data on a physical medium through any kind of mail these days. It's much more secure (and most likely efficient as well), to transfer it via an encrypted connection that requires credentials to access than it is to take all the data off a server, burn it to a disk, put it in a box and hand it to a mail carrier.

It doesn't make much sense, and it makes even less sense when it's an auditing organization that requests it this way. They're supposed to know better.

[R00k]

Not if it's done properly.

Chances are it wasn't.

They interviewed an ex hacker on TV tonight. When he was 13 he hacked into some of the UK's biggest companies. Now he's 18 and reformed. They gave him a passworded CD which he hacked in 4 seconds, suggesting he would have no problem in hacking the missing CD's whatever the encryption level.

If the CDs require, say, matching passcodes on both ends (something like PGP keys), or something similar, then it makes it very difficult. There are other ways to secure data that's stored on removable media as well -- heck, you could require biometrics if you really wanted to.

The problem, as Foo pointed out, is that most places don't have the type of developers on staff that it takes to really do this kind of thing. Unless they buy an expensive software package that does it for them, but again this is government we're talking about.

Much easier to use a secure connection that also encrypts the traffic.

[Foo]

Not if it's done properly.

Chances are it wasn't.

They interviewed an ex hacker on TV tonight. When he was 13 he hacked into some of the UK's biggest companies. Now he's 18 and reformed. They gave him a passworded CD which he hacked in 4 seconds, suggesting he would have no problem in hacking the missing CD's whatever the encryption level.

Yeah. Watching diluted lowest common denominator scaremonger tv junk will give you dumb impressions like that.

[Grandpa Stu]

i could crack the encryption while getting a BJ and gun pointed at my head.

[Grudge]

worst movie ever

[seremtan]

so, when's the torrent coming?

[Dark Metal]

i could crack the encryption while getting a BJ and gun pointed at my head.

Not possible. You could never get a blowjob. Give, no doubt, get, never happen.

[Ryoki]

They interviewed an ex hacker on TV tonight. When he was 13 he hacked into some of the UK's biggest companies. Now he's 18 and reformed. They gave him a passworded CD which he hacked in 4 seconds, suggesting he would have no problem in hacking the missing CD's whatever the encryption level.

*shake head*

[Survivor]

4 seconds? Can't even put it in the drive that fast. He must be quite a nerd.

[CitizenKane]

lol civil service.

[Turbanator]

lol, channel 4 got news on it now, the presenter is just ripping everyone involved. torys have taken a 9 point lead in the polls due to this scandal... labour bye bye?

edit: woa... channel 4 going hardcore pro-tory.... this election is gonna be interesting when it happens