Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Publishing Secret or Sensitive Information

Publishing Secret or Sensitive Information

  • Comments 1
  • Likes

With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not able to really judge.

Let me start, however, with a case I had a while ago. I was called by a customer, who lost data. The data was very, very sensitive and the customer is in a business where losing such data can really hurt. So, they called me and wanted forensic support. The interesting thing was, that the criminal copied the sensitive data on to a CD and sent it to a very famous boulevard newspaper to be published. The only goal was to hurt the company. What I liked was the reaction of the newspaper: They called the company and told them that they most probably had a problem, handed them the CD including the data and did an anonymous story about such challenges, taking this as an example without revealing who the company was.

So, basically we have two fundamentally different tactics and ethics: One is to publish everything, which gets in your hands for a moment of fame and probably money. The other one is trying to go for a win-win (as far as you can win if you lose data). Do you have the right to risk a company’s reputation or even a country’s safety “just” for this moment of fame?

I leave that to you. My opinion is set

Roger

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment