DCSportbikes.net  
» Help Support .NET!
DCSportbikes Premier Membership for 25$ per year. Discounts! Click here for full information.

Now available in the .NET Shop:



Get your DCSBN Gear!
» Shoutbox
Sorry, only registered users have the ability to use our real-time shoutbox to chat with other members.

Register now, it's free!
» Online Users: 568
2 members and 566 guests
2blueyam, Slider
Most users ever online was 4,519, September 2, 2015 at 03:26 AM.
Go Back   DCSportbikes.net > Non-Sportbike Forums > Non-Sportbike Chat

Reply
LinkBack Thread Tools
Email & Data Encryption Question For The Techies
Unread
  (#1)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,592
Join Date: August 25, 2008
Location: Washington, D.C.
Email & Data Encryption Question For The Techies - May 9, 2012, 04:31 PM

I received an email today from Google. Apparently someone was able to figure out my password and attempted to reset it. It was not an easy password like "Happy123"

What worried me more was that they rooted through some documents I had on Google Docs. The stuff wasn't overly sensitive - but it was accessed.

I know some of you are in the security field and I have one specific and one more general question.

First, what is a good email and harddrive encryption program?
I have been slowly migrating to a paperless office and today's incident brought me to the realization that given the information that I sometimes have to handle, merely password protecting folders on my computer and externals does not make me feel as comfortable as it once did.

I remember reading a few years ago that the FBI had seized the financial records of a banker who was suspected of crimes but the records were encrypted with an off the shelf program that even the FBI could not crack.

Second, and this more a general legal question for those of you in I/T who have run across this scenario. When the call comes down from your legal department to provide encrypted data as part of the discovery process for a lawsuit that has been filed against you (or your co.) - are you mandated to provide the encryption key or de-encrypt the data, or do you hand over the records as is and let plaintiff wallow and try to figure out how to decrypt the information?



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#2)
GP Racer
 
Kayaus's Avatar
 
Posts: 1,319
Join Date: June 11, 2009
Location: ALABAMA
May 9, 2012, 04:32 PM

Check your PM


Yamaha FZ8
Husqvarna TE310R ---
  Send a message via AIM to  
Reply With Quote
Unread
  (#3)
Derpetologist
 
Posts: 6,270
Join Date: September 7, 2010
May 9, 2012, 04:36 PM

If it's on Google you've already waived your privacy


*Not intended to be a factual statement.
  Send a message via AIM to  
Reply With Quote
Unread
  (#4)
AMSOIL/NGK Dealer
 
DC-MOTO's Avatar
 
Posts: 4,960
Join Date: October 1, 2003
Location: Virginia
May 9, 2012, 04:39 PM

Quote:
Originally Posted by Heist View Post
I received an email today from Google. Apparently someone was able to figure out my password and attempted to reset it. It was not an easy password like "Happy123"

What worried me more was that they rooted through some documents I had on Google Docs. The stuff wasn't overly sensitive - but it was accessed.

I know some of you are in the security field and I have one specific and one more general question.

First, what is a good email and harddrive encryption program?
I have been slowly migrating to a paperless office and today's incident brought me to the realization that given the information that I sometimes have to handle, merely password protecting folders on my computer and externals does not make me feel as comfortable as it once did.

I remember reading a few years ago that the FBI had seized the financial records of a banker who was suspected of crimes but the records were encrypted with an off the shelf program that even the FBI could not crack.

Second, and this more a general legal question for those of you in I/T who have run across this scenario. When the call comes down from your legal department to provide encrypted data as part of the discovery process for a lawsuit that has been filed against you (or your co.) - are you mandated to provide the encryption key or de-encrypt the data, or do you hand over the records as is and let plaintiff wallow and try to figure out how to decrypt the information?

FIRST - A good encryption program for your harddrives, dvd's, etc that is free is trucrypt

Second - During the e-discovery process you have to provide the encryption key to the company/firm that is obtaining the data from you. We deal with this all the time at our Patent/Trademark law firm where we are constantly doing E-Discovery on various businesses and they have to fork over all data encrypted or not according to the court orders (We also check all backup tapes and cloud storage as well)
  Facebook Page Send a message via AIM to Send a message via Yahoo to DC-MOTO Send a message via AIM to DC-MOTO  
Reply With Quote
Unread
  (#5)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
May 9, 2012, 04:52 PM

Another good option is a hardware encrypted thumb drive like ironkey


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...
  Send a message via AIM to  
Reply With Quote
Unread
  (#6)
GP Champ
 
Posts: 3,459
Join Date: December 29, 2002
Location: NYC UES
May 9, 2012, 04:55 PM

trucrypt.

This program also has a special way of protecting you against having to provide the password. Essentially, you have the option of having two passwords. The first password will expose some documents, and - if there is one - the second password will expose other documents. If your friendly TSA agent asks you to give him both passwords, you can say you only have one and it will be very hard for them to figure out if there are two passwords unless you're storing huge files in the second double secret partition.

My initial thought is that you had the Google docs somewhere out there publicly available and your email handle got stored in some header somewhere. So that makes it easy as a potential target.

But as long as you have a decently strong password that is not a simple dictionary word, it is going to be damn near impossible to crack unless someone dedicates tons of time to brute force it. Make it long, and make your password use unlikely characters since brute force attacks start with easiest characters and shortest passwords.
  Send a message via AIM to  
Reply With Quote
Unread
  (#7)
GP Champ
 
Posts: 3,459
Join Date: December 29, 2002
Location: NYC UES
May 9, 2012, 04:57 PM

And BTW, the Supreme Court recently ruled that some of your rights can be ignored at the border entry points and within X miles from border. In essence, when you land in JFK coming from abroad, they can search anything and everything.
  Send a message via AIM to  
Reply With Quote
Unread
  (#8)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,592
Join Date: August 25, 2008
Location: Washington, D.C.
May 9, 2012, 05:46 PM

Quote:
Originally Posted by Kayaus View Post
Check your PM
Replied.

Quote:
Originally Posted by Rail View Post
If it's on Google you've already waived your privacy
True. But at least if I send or store an encrypted doc with Google, there's nothing they can do with it.... easily.

(Sidenote: Google long ago dropped the corporate tagline/mantra: Don't Be Evil. Who remembers those days).

Quote:
Originally Posted by DC-MOTO View Post
FIRST - A good encryption program for your harddrives, dvd's, etc that is free is trucrypt

Second - During the e-discovery process you have to provide the encryption key to the company/firm that is obtaining the data from you. We deal with this all the time at our Patent/Trademark law firm where we are constantly doing E-Discovery on various businesses and they have to fork over all data encrypted or not according to the court orders (We also check all backup tapes and cloud storage as well)
Gracias.

Quote:
Originally Posted by Fitz View Post
Another good option is a hardware encrypted thumb drive like ironkey
Thanks for the info. Never heard of this; I'll look into the product.

Quote:
Originally Posted by Witold View Post
And BTW, the Supreme Court recently ruled that some of your rights can be ignored at the border entry points and within X miles from border. In essence, when you land in JFK coming from abroad, they can search anything and everything.
I always knew once you landed at an airport after flying international you were sort of in a nether region with diminished US rights until after you were cleared, but I did not know the region was extended.
Thanks Supreme Court!
Deep cavity searches for everyone - yipee!

I wonder if the dunces know that most of the big time criminals and traffickers are simply chartering private flights to private/commuter airports with much less security.



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Powered by vBadvanced CMPS v3.2.3


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
vBulletin Skin developed by: vBStyles.com
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2002-2010 by DCSportbikes.net. DCSportbikes.net is owned by End of Time Studios, LLC.