How Would You Prefer To Send Sensitive Data?

sprkltgr writes "Our HR department is implementing new software. The HR Director has tasked me with sending our data out of our network to the consultant that's loading it in to the new package. Obviously this data includes items such as SSN, name, birth date, etc. Upon being told that I would not email this data to her, the consultant asked what my security requirements were for sending the data. What would be on your wishlist for the best way to send sensitive data to someone outside your firewall?"

Password protected PDF!

[Boogaroo]

Redacted using FBI security techniques will guarantee absolutely nobody will be able to see it.
Make sure you send the password with the file.

Re:Password protected PDF!

[genderbunny]

Nice, but it will never be as secure as sending a Word document with the font changed to Windings.

Re:Password protected PDF!

[enoz]

Send it in OOXML, Word won't even open it!

By Hand

[rueger]

Deliver it by hand.... if you're lucky they'll give you one of those cool attache cases that handcuffs to your wrist.

Re:By Hand

[Dirtside]

No, if you're lucky, they'll include a key. If you're not, they'll include a hacksaw.

OTP

[Iamthecheese]

Well, the first thing you need is physical security. I would reccommend Blackwater for their premium quality goons. You'll need at least two platoons and a morter squad. Then you'll want to hand-deliver a one time pad to their secure vault, with a completely off-network computer to do the decryption. You can solder off all the connections except a secure thumb drive for the OS and the DVD containing the OTP. You'll have to keep your own copy of the OTP in your own vault. And I highly recommend Windows ME on a Dell for the encryption routine.

Spy Style

[bsDaemon]

Encrypt the drive and put it in a locked case, handcuffed to your wrist. Have a second person carry the key to the handcuffs and to the case and take a separate train. Just for good measures, send out decoys for both yourself and the man with they. Rendezvous at the consultant's headquarters.

Don't forget to wear mirrored sunglasses.

Re:PGP

[beav007]

PGP or GPG I've been hearing good things about ROT-13. Which one of these uses ROT-13?

Re:PGP

[Hojima]

What would be on your wishlist for the best way to send sensitive data to someone outside your firewall?" 1)Titanium alloy capsule with message 2)rail gun 3)???? 4)Message delivered (and/or profit)

Re:PGP

[Anne_Nonymous]

Alternately, you could quantum encrypt the data, send the key by smoke signal, and nuke the entire site from orbit. It's the only way to be sure.

Re:Red flag.

[SanityInAnarchy]

Just so long as you at least verify fingerprints via the phone. Fingerprints aren't any more secret than the public key, but at least on the phone, a MITM insertion attack is much more difficult -- they would sound different.

bzip, split and send three ways, scp, email, pendr

[refactored]

1. write wee scriptie that splits a file 3 ways byte 1 to file 1 byte 2 to file 2 byte 3 to file 3 byte 4 to file 1 ....
2. write wee scriptie that merges them again.
3. email scriptie to consultant.
4. tar bzip2 the files.
5. cut out 4 bytes from the middle of the tar ball.
6. hex dump the 4 bytes and read them to him over the telephone.
7. split the cut down tarball three ways.
8. scp one to him, give him an https url for another, put the third on a usb pen and snail mail it.

   1. When he totally freaks out and starts screaming. Rename the file to GrowYourPenisNow.doc, spoof the From: header to be from hotmail.com, add a subject line V1agra and send.

      Nobody will ever bother to read it.

Re:PGP -- step three revealed!

I think I can help here: step 3 is: 'apply copious amounts of lubricant'.