[Cryptography] FTC sues for crappy crypto
Tom Mitchell
mitch at niftyegg.com
Fri Jan 8 21:39:12 EST 2016
On Fri, Jan 8, 2016 at 2:53 PM, Stephen Wood <smwood4 at gmail.com> wrote:
> Adrian McCullagh says:
>
> > Does the FTC really need to mandate what it believes to be strong crypto
> which I personally think would be an impossible task and much like a cat
> chasing it tale; or should the FTC merely describe the characteristics of
> “strong” crypto.
>
> I believe that's a job for the NIST. The lawsuit specifically mentions
> HIPAA[0]. At this point the FTC essentially does what the FDA does for
> food: "Your label said "strong crypto" but we couldn't find it in the
> ingredients."
>
It is a Windows 8.0/8.1 application.
In one universe the system could be more than compliant with a firewall,
full disk encryption
protection and passwords for users.
If the office has locks and no full disk encryption they would be good up
to the point that
hardware was stolen, lost or incorrectly decommissioned.
The connections to payment services may be covered by policy and procedures
of the insurance service.
With IPv6 I fear firewalls will not keep up. Default IPv6 seems to expose
all the systems to direct connections but time will tell. A cell phone
connected
to the dentists WiFi for music could gateway traffic because it sits on two
networks
and most firewalls allow the inside to reach outside with ease.
The only thing I see as a violation is truth in advertising.
<http://www.metzdowd.com/mailman/listinfo/cryptography>I do believe I will
ask my dentist more questions.
The only good news is dental work is not something that could hold
an individual up to community shame the way STD, abortion, mental
health and other social hot button issues might.
The connectivity to databases larger than my dentist at hospitals, social
security, medicare could prove to be a vector for very grand data breaches
that could bankrupt this little Utah company. This connectivity is the
most important large risk I smell.
News at 11:00.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160108/eaa7cbd1/attachment.html>
More information about the cryptography
mailing list