in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Used In Lost Data Disk Containing Information on 11,500 UK Teachers

The UK media is reporting that another CD with sensitive information has been lost in the mail.  Technically, it sounds like it was a courier service, but you get the idea.  The good news is that the contents of the missing CD were encrypted.  That means the data is being protected by something similar to AlertBoot data encryption software.

 

And yet, there are people raising a fuss about the incident, including the party that lost the CD.  The General Teaching Council (GTC) sent the encrypted disk to a data contractor in Rotherham.  Now, it wasn’t the GTC that really lost the CD.  It’s the delivery service, the courier, that wasn’t able to deliver and isn’t able to figure out where the package ended up.

 

But, it’s not the courier service that is sending letters of apology to the 11,000-plus teachers.  Nope, it’s the GTC.  And, they’ve managed to spread fear:  “Because we recognise that no encryption system can ever be entirely infallible, we have taken urgent steps to put additional security measures in place for affected records.”  Unless the council had decided to use weak encryption, there really was no need for that statement.  I mean, they’re taking the “teaching” portion of their name way too far.  Weak encryption can be broken, yes.

 

For example, when you protect your Microsoft Word files with the built-in protection, locking a Word document from unauthorized eyes, you’re really encrypting it.  Microsoft has used 40-bit encryption in the past to protect such documents.  Now, while better than nothing, such weak encryption can be broken relatively easily.  There are commercial services out there that promise to break open Word files in less than 48 hours via brute force methods.  The cost tends to be a little over $50.

 

But, they’re offering the service because they know it’s a Word document.  If you were to approach said services and ask to brute force some random file that was encrypted with actual encryption software that used strong encryption, like 128 bit keys, they might balk at the suggestion…unless you decide to pay regardless of whether they are successful in breaking open the file or not.  That’s because longer keys are far harder to break.  The chances of winning the lottery twice in a row are much higher than breaking 128 bit encryption keys (much, much higher, actually).

 

This type of encryption, incidentally, is what banks and other financial institutions use to protect on-line transactions.  Now, if the GTC had used this type of encryption, which is far more secure and commonplace (they really would have to go out of their way to using something weaker, I’d say), what do they have to worry about?

 

Apparently, the people agree.  I’ve scanned over ten websites carrying the article, and only one them has people writing a crap-storm in the comments section.  Why?  Because the article didn’t mention that encryption was used to protect the data.  All the other sites are silent on the issue, and we’re talking about sites where in the past people wrote comments in droves when articles about lost CDs and USB memory sticks were reported.  I don’t know if this if this is proof that people are wise to how encryption renders data breaches useless, but it’s definitely a strong indication of such thinking.

 

Related Articles:

http://news.bbc.co.uk/2/hi/uk_news/england/west_midlands/7636822.stm

http://www.dailymail.co.uk/news/article-1062357/Disc-containing-details-11-500-teachers-lost-post.html

http://www.computerweekly.com/Articles/2008/09/26/232464/general-teaching-council-loses-details-of-11400-teachers.htm

 
<Previous Next>

Less Than Half Of Companies Notify Affected Customers Of Data Breaches. Is It Because They Use Disk Encryption?

Royal Air Force Staff Information Stolen In Theft From High Security Area. Hard Drive Encryption Not Used

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.