in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software Non-Use Causes WikiLeaks Leak. Supposedly

Media organizations around the world are reporting the "fact" that diplomatic leaks under WikiLeaks's control have been leaked.  The twist?  WikiLeaks hadn't leaked them, meaning that they had a data breach.  Makes me wonder why the leaked file was not protected with data encryption; it's not as if WikiLeaks doesn't know the value of a good encryption program.  On the other hand, would it have mattered under the circumstances?

Password-Protection No Use.  Encryption No Use, Either

German newspaper Der Freitag broke the news and was confirmed by Der Spiegel.  The former was able to access a password-protected 1.73 GB file full of diplomatic cables.

As readers of this blog know, password-protection is not exactly "protection," at least when it comes to protecting data on a hard disk.  When it comes to files, password-protection provides, in my opinion, a little more protection; however, it cannot take the place of encryption software.

And yet, in this particular case, it would have been a moot point: according to Der Freitag, the "file's password was easy to find" [pcmag.com].  Other sources, like the washingtonpost.com notes that:

WikiLeaks supporters uploaded them all [a number of files] to the Internet without knowing the hidden file [the one being pointed out in this blog post] was among the stash. Then, a third-party published the password to the files, the report said, without realizing that the password would grant full access to the unredacted files.

According to wired.com, the file in question is a csv file that's titled "cables.csv" and contains unredacted, raw information -- meaning names of informants and intelligence agents are displayed.  Also, they must know something the other news organizations don't know because, as far as I can see, wired.com is the only one claiming the file was an encrypted one (well, aside from Der Spiegel.  I don't read German and I don't trust Google Translate):

Information about the exposed file and password was also confirmed by the German newsweekly Der Spiegel. According to that publication, the cables were contained in an encrypted file that WikiLeaks founder Julian Assange had stored on a subdirectory of the organization’s server last year, which wasn’t searchable from the internet by anyone who didn’t already know its location.

WikiLeaks has denied that there are any major problems:

WikiLeaks 'insurance' files have not been decrypted. All press are currently misreporting. There is an issue, but not that issue.[twitter]

There has been no 'leak at WikiLeaks'. The issue relates to a mainstream media partner and a malicious individual.[twitter]

Totally false that any WikiLeaks sources have been exposed or will be exposed. NYT drooling, senile, and evil.[twitter]

Well, the NYT is known as The Gray Lady....

Rule #1 of Encryption is...

Encryption is like Fight Club.

The first rule of Fight Club is that you do not talk about Fight Club.
The first rule of encryption is you do not talk to others about your password.

The second rule of Fight Club is that you DO NOT talk about Fight Club.
The second rule of encryption is you DO NOT talk to others about your password.

Much less publish it on the web.  Why the heck would you publish a password?


Related Articles and Sites:
http://www.pcmag.com/article2/0,2817,2392009,00.asp
http://www.wired.com/threatlevel/2011/08/wikileaks-leak/
https://www.nytimes.com/external/readwriteweb/2011/08/29/29readwriteweb-wikileaks-loses-control-over-diplo-cables-e-84478.html?ref=technology

 
<Previous Next>

Best Laptop Encryption Software: Some Criteria

Data Encryption Banned In Pakistan

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.