From: Michael Painter (tvhawaii@shaka.com)
Date: Tue Jun 27 2006 - 16:11:48 EDT
----- Original Message -----
From: "Tim" Subject: Re: Streamed Data
>I must say that I am a little confused on what he means by 'streamed
> together'. It is stated that encryption was not used nor was it
> password protected (trivial anyway) so it sounds to me like security
> through obsecurity or an attempt to throw some random words out to
> confuse people in thinking that 'streaming' is a security measure. I
> know that there are many instances where there is a lot of data moving
> in a direction and is being streamed to that system (example:
> streaming feeds from a multimedia source or streaming transactions
> to/from a database). Even in those instances I don't see how that
> would protect the information. If it is not encrypted then I don't see
> how the information can remain confidential.
The MSNBC article references two disclosures, Equifax and ING. The statement about not being 'password protected or encrypted'
refers to the latter and 'streamed together' refers to the former. Perhaps 'streamed together' means Steganos?
--Michael
>
> On 6/26/06, Eric Pinkerton <EPinkerton@soulaustralia.com.au> wrote:
>> "It would be very difficult to link this information and determine they
>> were actual Social Security numbers in the first place," he said.
>>
>> Yeah unless the perpatrator uses said laptop to read the news!
>>
>> "The laptop was not password-protected and the data was not encrypted,
>> officials have said."
>>
>> So my guess is that this is positive spin to save the company
>> embarassment.
>>
>> For "almost impossible" read "possible"
>>
>> -----Original Message-----
>> From: Dan Bogda [mailto:dan.bogda@kintera.com]
>> Sent: Saturday, 24 June 2006 9:09 AM
>> To: killy; Pen-Tests
>> Subject: RE: Streamed Data
>>
>> "Employee names and partial and full Social Security numbers were on the
>> computer's hard drive, though Rubinger said it would be almost
>> impossible for the thief to decipher the information because it was
>> streamed together."
>>
>> It could be a network sniffer capture or data stream capture they are
>> referring to. Replication traffic and incremental logs throw the data
>> together in sequential order so multiple elements are streamed together,
>> it's pretty damn hard to decipher. That's my guess.
>>
>> -----Original Message-----
>> From: killy [mailto:killfactory@gmail.com]
>> Sent: Friday, June 23, 2006 6:59 AM
>> To: Pen-Tests
>> Subject: Streamed Data
>>
>> Hi everyone,
>>
>>
>> http://www.msnbc.msn.com/id/13437723/from/ET/
>>
>> refers to a laptop being stolen and that the data was unreadable because
>> it was streamed together.
>>
>> What are the refering to when they say streamed together?
>> Any links would be helpful.
>>
>> Then, how do we test such a feature? any tools?
>>
>>
>> Thanks - killy
>>
>> ------------------------------------------------------------------------
>> ------
>> This List Sponsored by: Cenzic
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:11 EDT