Encryption is for data at rest, not just in transit

Monday, 16 June 2003, 5:22 PM EST

Everybody knows that it is easier to hit a stationary target than a fast-moving target. Yet an enormous amount of resources are being used to encrypt data in motion, while the bigger risk is in data at rest.

One reason for the focus on data transfer rather than storage dates back to pre-1994 days. At this time, ethernet broadcast all communications between two computers to all of the nearby computers, thus allowing a hacker with a sniffer (a piece of software that captures network traffic) to see other users' data.

But in most companies today, data is almost always transferred on switched networks and thus is transferred from point to point - with no visibility of that data by other network-attached devices. The only way to circumvent this is for the hacker to load his sniffer program onto the actual server itself, but even in this scenario, there are simpler ways to access the data directly.

Given this fact, the enormous amount of resources put into encrypting data in flight, travelling over the network, seems disproportionate.

[ Read more ]


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th