On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
It's quite unclear to me what threat model such a behavior would add
useful protection against.
If you had some sort of high-security database and deleted some data
from it, it's important for the threat modeller to know whether the
data is gone-as-in-overwritten or gone-as-in-marked-free. This is the
same reason they want to know whether a deleted file is actually just
unlinked on the disk.
This doesn't mean one thing is better than another; just that, if
you're trying to understand what data could possibly be exfiltrated,
you need to know the state of all of it.
For realistic cases, I expect that deleted data is usually more
important than updated data. But a threat modeller needs to
understand all these variables anyway.
Alright, I was following you up to this. Seems to me deleted data would represent stale/old data and would be less valuable.
Not necessarily. Think PHI or HIPAA information which was "erased" because you lost a customer. Or just something as "simple" as a name, address, and credit card number for someone. It's still important and useful to thieves if it is "erase". I can see a smaller company using PG for accounting and billing information. But it really should be encrypted. I often wonder how many "small" businesses actually do that. I a truly ignorant on that point.
That's not even getting into government information that might be of interest to others such as the FSB or even Wikileaks (regardless of one's opinion them). Of course, I don't really know if any government or other "high security" industry is actually using PG for secure information.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
Schrodinger's backup: The condition of any backup is unknown until a restore is attempted.
Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.
He's about as useful as a wax frying pan.
10 to the 12th power microphones = 1 Megaphone
Maranatha! <><
John McKown
10 to the 12th power microphones = 1 Megaphone
Maranatha! <><
John McKown