[Dshield] Is Mytob that bad?!?
security at admin.fulgan.com
Thu Jun 9 12:41:51 GMT 2005
I mostly concure with David, here: a PKI system, preverably one that
make use of some key escrow, is probably the best way to do it.
As for perenity of data, there is one schema that works well: instead
of securing your data for 100 years, pick a scheme that secures it for
5-10 years. That a length of time you can make prediction about the
evolution in cryptography without being sure to fall extremely out of
mark. Once that period of time has expired, re-encrypt the data with
what is the new security level for 5-10 years.
Now, the clever part is that you don't decrypt and re-encrypt your data
store: you crypt the ciphertext. And to avoid having to hold all the
keys, once you reach the second iteration, you simply add the "old"
private key to the new archive. Since you need the key of the
intermediary encryption scheme to unlock the initial archive, you can
still guarantee that no one can access the original data.
Of course, this only works for data you wil seldom ever need to access
as deciphering it could be quite long.
Thursday, June 9, 2005, 7:41:14 AM, you wrote:
DV> Hi Eric!
DV> Rest assured my system is clean. In my professional life I'm the guy
DV> people call about these things. :) What with the irony of the
DV> situation and the timing of the emails, I just had to mail the list and
DV> send a shout out to those who made a difference.
DV> There is more to my story of the cleanup, I simplified things a little
DV> for the list. Mostly the usual stuff, checking for connections to
DV> suspicious servers with TCPView (great tip, Foundstone's Vision works
DV> too), full system scan with different antivirus engines and signature
DV> updates (symantec online scans, trendmicro online scans, etc for full
DV> paranoia relief), checks for new registry keys launching programs on
DV> startup (sysinternals' autoruns, or the "silent runners" script are my
DV> suggestions), all's good here.
DV> Good advice for the greener members of the list though, and anyone out
DV> there who's lurking and taking notes. We both know no matter how many
DV> times this sort of thing is said, it cannot be said enough. More and
DV> more people everyday are discovering that surfing the net etc. means you
DV> need to think about security. Then some of them even start turning to
DV> resources like this list for answers and education. And most of them
DV> never check the archives. :)
Stephane mailto:security at admin.fulgan.com
More information about the list