[120728] in cryptography@c2.net mail archive
Re: how to read information from RFID equipped credit cards
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Apr 16 11:05:34 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com
In-Reply-To: <20080401050114.GE22451@np305c2n2.ms.com>
Date: Fri, 04 Apr 2008 00:08:14 +1300
Victor Duchovni <Victor.Duchovni@morganstanley.com> writes:
>Lock USB down completely, or block most devices and allow approved ones?
>There is a non-empty set folks doing the latter, which opens the possibility
>of this type of device being permitted, while others are restricted.
Lock it down completely. What really panicked the mgt. wasn't so much the
thought of their data appearing on other organisations' networks but cases
where other organisations' data had appeared on *their* network (due to, in
some cases, overzealous employees, in another case an outside contractor, and
in another someone who wanted to sell them "commercially useful information").
>Data leakage should not be a concern if the device is built/marketted
>correctly.
You want to explain that to management terrified of criminal prosecution? I
got the feeling from talking to the IT security guy in the case of the
suspected commercial espionage that the management really wanted to pour
quick-setting concrete into the USB ports just to be absolutely sure.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
