TSA to Contractors - Encrypt Your Laptops 132
eweekhickins writes "After two laptops were lost containing the personal data of 3,900+ truckers who handle HAZMATs, the Transportation Security Administration has ordered its contractors to encrypt any and all data. 'After the second theft or loss, the TSA conducted an IT forensic investigation that ascertained that the (previously) deleted information could be retrieved if a thief had the proper training. "So even though [there's only a] small chance of [the data being misused], we did notify all affected individuals and advised them of what steps to take to protect themselves, and we mandated that contractors need to encrypt any and all data in addition to any deletion procedures that might be in place," Davis said.'"
Not Enough (Score:5, Interesting)
Either the data needs to be "shredded" [fileshredder.org] or stored in it's natural form on a fully encrypted volume.
this should read (Score:2, Interesting)
Re:It's always sad (Score:4, Interesting)
It's more likely it was pitched, but either for cost or time, management probably shot it down. Never mind there've been high profile laptops missing all over, like the VA one. Being naive, I would wager that the IT department would like to lock down the systems as tight as possible (I know I would) but are being thwarted by management becaue it'd make things too hard, too different, or cost too much.
It's always after the sole data server blows up that they decide "oh, guess that backup option would've been worthwhile." (Had this happen too. Financial data, customer data, and no paper trail. But the tape drive cost 'too much'.)
Re:And it seems... (Score:2, Interesting)
I'm not as concerned about the laptops being lost as I am about contractors keeping the data on their laptops as long as they like.
Tim
Re:And it seems... (Score:3, Interesting)
Next the VM... Yes, you could roll back the clock, but how would one prevent that simple of an "attack"? Record via signed encrypted file when the last time/date access was. Ok.. so now we can just 'freeze' the VM so restart starts with those very files at that exact time.
The question is "How can we verify accurate and precise time in a VM?" The answer here is that the VM needs to have a secret that is shared with a trusted server, however one must also have trusted access to the CPU to verify that no tampering takes place during the critical connection. To combat replay attacks, the VM client could send a very fine granularity time (say HH:mm:ss:SSS) and request a response using this time. Any significant deviancy from this timebase would seal off the VM.
Re:Overheard conversation (Score:3, Interesting)