How Would You Prefer To Send Sensitive Data?

← Back to Stories (view on slashdot.org)

How Would You Prefer To Send Sensitive Data?

Posted by samzenpus on Wednesday May 21, 2008 @02:29PM from the by-armored-truck dept.

sprkltgr writes "Our HR department is implementing new software. The HR Director has tasked me with sending our data out of our network to the consultant that's loading it in to the new package. Obviously this data includes items such as SSN, name, birth date, etc. Upon being told that I would not email this data to her, the consultant asked what my security requirements were for sending the data. What would be on your wishlist for the best way to send sensitive data to someone outside your firewall?"

24 of 542 comments (clear)

Min score:

Reason:

Sort:

Password protected PDF! by Boogaroo · 2008-05-21 14:31 · Score: 5, Funny

Redacted using FBI security techniques will guarantee absolutely nobody will be able to see it.
Make sure you send the password with the file.
1. Re:Password protected PDF! by genderbunny · 2008-05-21 14:40 · Score: 5, Funny
  
  Nice, but it will never be as secure as sending a Word document with the font changed to Windings.
2. Re:Password protected PDF! by enoz · 2008-05-21 15:32 · Score: 4, Funny
  
  Send it in OOXML, Word won't even open it!
By Hand by rueger · 2008-05-21 14:32 · Score: 5, Funny

Deliver it by hand.... if you're lucky they'll give you one of those cool attache cases that handcuffs to your wrist.

--
Three Squirrels
1. Re:By Hand by Dirtside · 2008-05-21 14:39 · Score: 4, Funny
  
  No, if you're lucky, they'll include a key. If you're not, they'll include a hacksaw.
  
  --
  "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
2. Re:By Hand by morgan_greywolf · 2008-05-21 15:29 · Score: 2, Funny
  
  Two words: Johnny Mnemonic.
  
  --
  My blog
Gnupg via Debian Etch by Anonymous Coward · 2008-05-21 14:49 · Score: 1, Funny

Make sure to install a stock, unpatched version of Debian Etch to ensure proper, secure entropy on your encrypted data.

Dearly,

The National Security Agency
OTP by Iamthecheese · 2008-05-21 14:50 · Score: 4, Funny

Well, the first thing you need is physical security. I would reccommend Blackwater for their premium quality goons. You'll need at least two platoons and a morter squad. Then you'll want to hand-deliver a one time pad to their secure vault, with a completely off-network computer to do the decryption. You can solder off all the connections except a secure thumb drive for the OS and the DVD containing the OTP. You'll have to keep your own copy of the OTP in your own vault. And I highly recommend Windows ME on a Dell for the encryption routine.

--
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
Spy Style by bsDaemon · 2008-05-21 14:54 · Score: 5, Funny

Encrypt the drive and put it in a locked case, handcuffed to your wrist. Have a second person carry the key to the handcuffs and to the case and take a separate train. Just for good measures, send out decoys for both yourself and the man with they. Rendezvous at the consultant's headquarters.

Don't forget to wear mirrored sunglasses.
Re:Whatabout... by Cryacin · 2008-05-21 14:55 · Score: 2, Funny

It's exceedingly simple ... All she has to do is mount the file and type in the password you give her. Why did I just picture a HR manager straddling a filing cabinet reaching for the keyboard?

--
Science advances one funeral at a time- Max Planck
What NOT to do... by cjb658 · 2008-05-21 15:08 · Score: 2, Funny

Send a CSS encrypted iso of the data on a WEP encrypted wireless network that requires HDCP to display on her monitor with a signature generated by LM hashes from an unpatched, unfirewalled Windows 98 box.
Use Keanu Reeves. by Anonymous Coward · 2008-05-21 15:16 · Score: 1, Funny

He has the ability to hold data in his head. They even made a documentary about him called Johnny Mnemonic.
Re:PGP by beav007 · 2008-05-21 15:25 · Score: 5, Funny

PGP or GPG I've been hearing good things about ROT-13. Which one of these uses ROT-13?
Re:PGP by Hojima · 2008-05-21 15:29 · Score: 3, Funny

What would be on your wishlist for the best way to send sensitive data to someone outside your firewall?" 1)Titanium alloy capsule with message 2)rail gun 3)???? 4)Message delivered (and/or profit)

--
Help fight spam
Re:PGP by bennomatic · 2008-05-21 15:34 · Score: 2, Funny

I prefer ROT-26; less chance for data loss.

--
The CB App. What's your 20?
Re:guaranteed delivery by Anonymous Coward · 2008-05-21 15:52 · Score: 1, Funny

But then you'd have to wait for the next release cycle.
Re:PGP by Anne_Nonymous · 2008-05-21 16:03 · Score: 5, Funny

Alternately, you could quantum encrypt the data, send the key by smoke signal, and nuke the entire site from orbit. It's the only way to be sure.
Re:PGP by TheNucleon · 2008-05-21 16:21 · Score: 2, Funny

ROT-13 has been broken. You need to use Triple ROT-13 (3ROT13).

--
My comments are my own, and do not represent the views of my employer, my spouse, my children, or my cats.
Re:Red flag. by SanityInAnarchy · 2008-05-21 16:32 · Score: 4, Funny

Just so long as you at least verify fingerprints via the phone. Fingerprints aren't any more secret than the public key, but at least on the phone, a MITM insertion attack is much more difficult -- they would sound different.

--
Don't thank God, thank a doctor!
bzip, split and send three ways, scp, email, pendr by refactored · 2008-05-21 18:17 · Score: 3, Funny
1. write wee scriptie that splits a file 3 ways byte 1 to file 1 byte 2 to file 2 byte 3 to file 3 byte 4 to file 1 ....
2. write wee scriptie that merges them again.
3. email scriptie to consultant.
4. tar bzip2 the files.
5. cut out 4 bytes from the middle of the tar ball.
6. hex dump the 4 bytes and read them to him over the telephone.
7. split the cut down tarball three ways.
8. scp one to him, give him an https url for another, put the third on a usb pen and snail mail it.
  1. When he totally freaks out and starts screaming. Rename the file to GrowYourPenisNow.doc, spoof the From: header to be from hotmail.com, add a subject line V1agra and send.
    Nobody will ever bother to read it.
how to send it by Anonymous Coward · 2008-05-21 18:23 · Score: 1, Funny

How to send confidential data like this? Archive to a large disk (DVD). Use more than one if necessary. Place DVD jewel case into briefcase. Handcuff briefcase to CIO. Cover handcuff so as not to arouse suspicion. Send CIO to destination. No hacking, no data loss, security problem, etc.
Simple, Could Be Expensive by no1home · 2008-05-21 18:52 · Score: 2, Funny

Encrypt the file with PGP and put it into a TrueCrypt container on a USB stick that requires a thumb-print for access and which is wrapped in a condom and 'hand' delivered by the 'mule' via the usual hidden methods. The access codes are encrypted into an image file delivered by uploading it to a porn site, the location of which is emailed to the intended recipient with a note saying something like, "Hey, check out this babe I was with last night."

--
I hope this comment is well received... I could have moderated instead!

Persecutors will be violated!
Re:PGP by pincho23 · 2008-05-21 21:35 · Score: 2, Funny

You should rot-13 twice. Twice the security.

So when do I get my membership card for the 'don't read, just post' club?
Re:PGP -- step three revealed! by Anonymous Coward · 2008-05-21 23:42 · Score: 3, Funny

I think I can help here: step 3 is: 'apply copious amounts of lubricant'.