Crispin Cowan wrote: > Martin Forest wrote:
[snip] >> person from getting the data, but if you have “classified” information >> on the computer, someone may find it worth spending the money to get >> to the data. Since the growing wave of data theft is motivated by financial gain I suspect that laptops from large companies and government agencies will be targets so the data will have potential value. >> I still like both bios and HD passwords. If everyone set it, the >> market for stolen laptops would be small(er)… Since bios passwords can be defeated easily and it is relatively trivial to buy a matching HD to mount the platters in, unless the HD password somehow locks the sectors, it is not expensive to recover all the data. (This is how a drive is recovered when the head mechanism dies and they do not want to risk rubbing the oxide off.) > Why would that be? I strongly suspect that 99.99% of the market for > stolen laptops is the hardware and nothing else. A stolen laptop > probably doesn't even get a cursory glance before it is formatted with a > new Windows install. I would agree for the average theft; however, there is a long history of industrial espionage that we must keep in mind. I suspect a market will develop for stolen laptops for their content much like there has for credit card numbers, etc. > It costs organizations big $$$ when a laptop with sensitive data on it > is stolen, but that is because they don't know for sure that it has been > fdisk'd. > > More over, if everyone used BIOS and HD passwords that would .... hmmm, > not do much at all: > > * No effect on the market for stolen laptops, see above. > * Nearly no effect on the cost of recovery if sensitive data is on a > stolen laptop: it just sets a lower bound on the value of the data > you can disregard. If the value of the data is below the $2K it > costs to recover the drive, then ignore the incident, otherwise > proceed with your press release mea culpa Actually there is one market you are forgetting - blackmail. How much would megabucks corp pay to keep their name out of the papers over embarrassing disclosures? We are still in the very, very early days of seeing how the technology will be exploited for financial gain. Look at how bank robberies changed from the 1800s to today. When cars became common, crooks moved to them, etc. > I think the largest market impact of everyone enabling BIOS and HD > passwords would be a sharp spike in demand for help desk staff :) Oh, yessss! Allen _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
