Why does it bother you? First, there are thousands (tens of thousands?) of shops that routinely swap sensitive data 7x24 in all forms of media and transports. And that has been going on for decades. There have been losses, but never any known exploitation. After all, mf data is very difficult to read without an intimate knowledge of the record content, format, and layout.
Second, the data is originated in the clear and ends up in the clear. It would not be usable otherwise. To encrypt end to end would require a rewrite of most every application program, and that's not going to happen. Third, there are not any 'bolt on' mf quality* solutions out there. We've looked. There are PC based solutions by the bucketful, but we see security issues on that platform on a seemingly hourly basis. Worse, the kinds of exploits on a PC are detail captures before the encryption occurs, making the encryption irrelevant. Encryption is trivial. Unencryption is not. Key management is a serious challenge. Bottom line is that if it were really that easy to do, then we would have done it years ago. *'MF quality' = robust, does not rely on human intervention/interaction, does not rely on any other platform. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Kelman, Tom Sent: Monday, August 06, 2007 1:16 PM To: [email protected] Subject: Re: Theft of "secure" information (originally: Theft of mainframe DASD) ..snip It just bothers me that with the encryption facilities available today on both mainframe and distributed system that large entities like the VA and IBM (especially IBM - they should know better) are allowing data to go outside of their facilities in the hands of third party vendors unencrypted. Ok, enough of my soapbox speech. Tom Kelman Commerce Bank of Kansas City (816) 760-7632 NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
