Video Screencast Help
Search Video Help Close Back
to help

Encryption Blog

Showing posts in English
Breach Cost Components - UK
Doug McLean | 05 Nov 2012 | 0 comments

Component Costs per Record of Data Breach 2008 in the UK

Breach Components UK

Every year PGP Corporation sponsors a series of research projects to determine trends and costs of data breach. These projects are carried out by the Ponemon Institute. Currently, this research is carried out in the U.S., UK and Germany. This week’s G-Blog illuminates the top components that the leading cost components of data breaches in the UK in 2008.  The full reports are available...

Read more
White House 60 Day Review of Cybersecurity
Doug McLean | 05 Nov 2012 | 0 comments

I had the privilege last week of attending a joint meeting of the Internet Security Alliance, U.S. Chamber of Commerce, Business Software Alliance, and TechAmerica. The guest of honor was Melissa Hathaway who was appointed Acting Senior Director of Cybersecurity by President Obama last month. Her brief is to conduct a 60 day review to, as the press release put it;

“… develop a strategic framework to ensure that U.S. Government cyber security initiatives are appropriately integrated, resourced and coordinated with Congress and the private sector.”

Most recently Ms. Hathaway served in the Bush administration under National Intelligence Director Mike McConnell.

Speaking in an open forum is a...

Read more
Determining Whole Disk Encryption Status
Bryan Gillson | 05 Nov 2012 | 0 comments

Q: I need to check the encryption status for all attached disk in an shell script.  I thought that pgpwde --enum would give me a current status, but it always appears to say "wde enabled" if the disk is encrypted or not.  Do I also need to use pgpwde --disk-status on each disk?  If so, does the phrase "not instrumented by bootguard" indicate that the disk is not encrypted?

A: In a word, yes, to all of your questions.

--enum only indicates disks that are available

--disk-status has more detail not instrumented is indeed not encrypted.

There are several general states that the disk can be in:

  • not instrumented
  • instrumented
  • encrypting
  • encrypted
  • decrypting

Instrumented is not a state that is evident from the GUI, but is from the command line. It is a state where the disk can have users and state information put onto the disk. You...

Read more
Best Practices While Traveling
John Dasher | 05 Nov 2012 | 2 comments

John Dasher - Director of Product Marketing

dasherhead4

One of the more common queries I hear when talking with both customers and the press involves how I manage my computer/data security while traveling. People seem increasingly nervous about this.

There are a variety of best practices that are specific to your operating system platform (which I’ll cover in a future post), there are a number of import safeguards you can take regardless of your specific computing environment. While I personally find this specific solution a bit of a pain in actual practice, I would be remiss if I didn’t point out that the safest approach you can take is to simply not travel with sensitive data. You can’t lose or have stolen what you haven’t brought with you. And...

Read more
Breach Cost per Record - U.S.
Doug McLean | 05 Nov 2012 | 0 comments

Cost per Record U.S.

Every year PGP Corporation sponsors a series of research projects to determine trends and costs of data breach. These projects are carried out by the Ponemon Institute. Currently, this research is carried out in the U.S., UK and Germany. This week’s G-Blog illuminates the cost per breached record for the last four years.  The full reports are available here.

Read more
Walking on PINs and Needles
Brian Tokuyoshi | 05 Nov 2012 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

I had a recent conversation with a friend who just opened a new checking account at a major national bank. My friend was complaining about the difficulty remembering her PIN (personal identification number) for her ATM card because of the policies for the number.

It’s usually passwords that people complain about when it comes to difficult policies.  Typical policies usually require that passwords cannot be shorter than 6 characters, and must have a mix of upper/lower case, numbers, or symbols. Often, such policies make the password computationally safe from a dictionary attack, but users find the resulting password so difficult to memorize that they need a written reminder in order to recall it at a later date.

So I found it interesting that this is a scenario where the PIN was difficult to use.  PIN numbers for ATMs are typically numeric only, so there isn’t the same complexity...

Read more
Allowing Others Access to Your Encrypted Email
Doug McLean | 05 Nov 2012 | 0 comments

Q: I'm installing PGP Desktop 9.9 in a fairly large office this week. The boss is hardly ever in the office and the secretary needs to read his email and send email on his behalf. How do you configure PGP Desktop in this situation?

The only option I see is importing the boss's private key into the secretary's PGP desktop but this doesn't feel right. Private keys should be private right? Are there other solutions or is this one the only way to go?

A: This is one way of doing it, but is not recommended because letting someone else have your private key lets them  impersonate you (lets them make your digital signatures).  But, if you want the secretary to be able to sign the email as if she were the boss, there isn't much other choice.  If your concern is more that she be able to decrypt and read his email, you might want to consider making her key an ADK (Additional Decryption Key) for his key - you...

Read more
Too Many Notes
Brian Tokuyoshi | 05 Nov 2012 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

As the Academy Awards wrap up, I’m reminded of the film Amadeus, which won the Oscar for Best Picture in 1985. The eponymous film is a dramatization about the life of Wolfgang Amadeus Mozart. In a famous scene, Emperor Joseph II, offering his opinion on Mozart’s new symphony, comments that,  “There are simply too many notes”, without providing any deeper insight into which particular sequence trouble him.

Enterprises today are facing a related situation, except the issue should be called “too many encryption keys” as well as its closely related issue called “too many encryption products”. Let’s take a common example. Growing concerns about data breach notification laws lead ACME company to deploy a disk encryption product. Over time new requirements emerge, and ACME realizes that they need to...

Read more
Leading Causes of Data Breach - UK
Doug McLean | 05 Nov 2012 | 0 comments

Top Seven Causes of Data Breach 2008

Sources of Breach - UK


Every year PGP Corporation sponsors a series of research projects to determine trends and costs of data breach. These projects are carried out by the Ponemon Institute. Currently, this research is carried out in the U.S., UK and Germany. This week’s G-Blog illuminates the top sources of data breaches in the UK in 2008.  The full reports are available...

Read more
Flores v. Figueroa Update
Doug McLean | 05 Nov 2012 | 0 comments

I wrote about this case in October and thought at the time it represented a case of prosecutorial indulgence. The issue at stake here is whether or not an undocumented immigrant that uses false identification can be charged with identity theft if the data on the false documentation actually belongs to someone else.

To be clear, the case does not address the issues associated with immigrating illegally or using false documents to obtain work or social benefits. Even the defendent's counsel concedes his client is guilty of those infractions. The sole issue in question here is if you create or purchase a fake Social Security card with an I.D. number on it that belongs to someone else, have you in addition committed identity theft.  It seems like a reach to me and  in October the Supreme Court agreed to hear the case. Based on this...

Read more