...meanwhile Sony apparently has all their customer and credit card information just sitting there in a file or something.
info in a files are not the problem... but it seem that nothing was encrypted :
"...My understanding from what they said is that stuff was compromised and was not encrypted..."
A shame when you have a bunch of harddrive and brand who are OPAL compatible, offering a strong 256 bit AES ( Advanced Encryption Standart )...
With OPAL drive, same if the content leak to the outside, a brute force attack with actual computer will take more time that the age of the univers itself for break the key and read the info...
Again, it is greed who have lead a business like Sony to these problem since OPAL drive are somehow a little more expensive that usual one... hope that they will pay a lot for the damage done to their customer...
*****
"Hospital lost patient data" (...unencrypted), "ministry of defense laptop stolen" (...unencrypted), "hard disk with confidential defense information on Ebay" (...unencrypted), reports like these have haunted us for the last couple of years with an ever increasing frequency and publicity.
Mobile data processing has become commonplace whereas adequate protection of the respective data hasn't yet.
You may not realise it, but it doesn't really require rocket science to protect these data appropriately. Full Disk Encryption (FDE), for instance, guarantees that any data on a PC's hard disk is encrypted, without the user having to care about which files need to be protected and which not.
With TrueCrypt, the open source community provides a free product targeted for private use, and with SafeGuard Device Encryption, Sophos offers a software solution for the corporate market, addressing the additional needs of business users, such as central management and password recovery in case of a forgotten password.
Some time ago, hard disk vendors stepped into the market with self-encrypting hard disks to fill the same gap.
These drives offer encryption performed in the hard disks themselves rather than in some software layer above. And indeed, the advantages of such a hardware-based solution are compelling: Encryption right at the source of data, no performance penalty, data encryption independent of the operating system on top, and no sensitive keys exposed in RAM, just to name a few.
Back in 2007, Seagate pioneered this technology with its Momentus drive series, and Hitachi followed soon. All their solutions, however, were proprietary, and required remarkable efforts in software development when it came to a powerful management on top of the very data encryption, as required by enterprise users.
Eventually, Seagate and the like recognized this deficit, and teamed up with the Trusted Computing Group (TCG) to develop a vendor-independent standard for self-encrypting hard disks. In January 2009, they finalized the Opal standard and announced it to the public.
But where do we stand today, nine months after release of the specification?
Actually, Opal-compliant hard disks are still few and far between. Fujitsu seems to be able to sell a few models, and also Hitachi.
With Seagate, however, you don't really know. Initially one of the driving forces behind Opal, they seem to have abandoned the standard again, and pursue another proprietary approach, as currently shipped with Dell noteboks. Toshiba announces its Opal hard disks to be available in the 1st quarter of 2010.
Apparently, also the notebook vendors are quite reluctant in adopting Opal hard disks, as the integration requires some adaptations in their BIOS. I haven't been able to find any vendor that aggressively promotes notebooks with Opal-compliant hard disks.
*****
