[Dshield] Is Mytob that bad?!?

Stephane Grobety security at admin.fulgan.com
Thu Jun 9 12:41:51 GMT 2005


I mostly concure with David, here: a PKI system, preverably one that
make use of some key escrow, is probably the best way to do it.

As for perenity of data, there is one schema that works well: instead
of securing your data for 100 years, pick a scheme that secures it for
5-10 years. That a length of time you can make prediction about the
evolution in cryptography without being sure to fall extremely out of
mark. Once that period of time has expired, re-encrypt the data with
what is the new security level for 5-10 years.

Now, the clever part is that you don't decrypt and re-encrypt your data
store: you crypt the ciphertext. And to avoid having to hold all the
keys, once you reach the second iteration, you simply add the "old"
private key to the new archive. Since you need the key of the
intermediary encryption scheme to unlock the initial archive, you can
still guarantee that no one can access the original data.

Of course, this only works for data you wil seldom ever need to access
as deciphering it could be quite long.

Good luck,

Thursday, June 9, 2005, 7:41:14 AM, you wrote:

DV> Hi Eric!

DV> Rest assured my system is clean.  In my professional life I'm the guy 
DV> people call about these things.  :)   What with the irony of the 
DV> situation and the timing of the emails, I just had to mail the list and 
DV> send a shout out to those who made a difference.

DV> There is more to my story of the cleanup, I simplified things a little 
DV> for the list.  Mostly the usual stuff, checking for connections to 
DV> suspicious servers with TCPView (great tip, Foundstone's Vision works 
DV> too), full system scan with different antivirus engines and signature 
DV> updates (symantec online scans, trendmicro online scans, etc for full 
DV> paranoia relief), checks for new registry keys launching programs on 
DV> startup (sysinternals' autoruns, or the "silent runners" script are my 
DV> suggestions), all's good here.

DV> Good advice for the greener members of the list though, and anyone out 
DV> there who's lurking and taking notes.  We both know no matter how many 
DV> times this sort of thing is said, it cannot be said enough.  More and 
DV> more people everyday are discovering that surfing the net etc. means you 
DV> need to think about security.  Then some of them even start turning to 
DV> resources like this list for answers and education.  And most of them 
DV> never check the archives.  :)

Best regards,
 Stephane                            mailto:security at admin.fulgan.com

More information about the list mailing list