Allen wrote: > Crispin Cowan wrote: > >> It costs organizations big $$$ when a laptop with sensitive data on it >> is stolen, but that is because they don't know for sure that it has been >> fdisk'd. >> >> More over, if everyone used BIOS and HD passwords that would .... hmmm, >> not do much at all: >> >> * No effect on the market for stolen laptops, see above. >> * Nearly no effect on the cost of recovery if sensitive data is on a >> stolen laptop: it just sets a lower bound on the value of the data >> you can disregard. If the value of the data is below the $2K it >> costs to recover the drive, then ignore the incident, otherwise >> proceed with your press release mea culpa >> > Actually there is one market you are forgetting - blackmail. How > much would megabucks corp pay to keep their name out of the > papers over embarrassing disclosures? > Ok ... I considered that to be part of the stolen data cost. So, given that BIOS and HD passwords are trivially breakable, one should only store secrets on them that are worth less than the $2000 (or less) it would take to break the password protection. How is this market different?
Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com AppArmor Chat: irc.oftc.net/#apparmor _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
