Yesterday I wrote about how Lenovo, talking up its new Full-Drive Encryption (FDE) tools, bragged that the technology was used to secure Coca-Cola’s famously guarded secret recipe. Well, that security measure (if accurate) was recently trumped by a 125-year-old vulnerability and an unlikely Black Hat: Ira Glass and NPR’s This American Life, which stumbled upon a 1979 stock photo which, the program’s reporters believe, was actually a photo of the original handwritten recipe.
It’s not the first time the alleged recipe has been released (Wikipedia currently lists a host of candidates), but the release highlights a theme I heard again and again this morning from the wonkier side of RSA: Technology is an incredibly small part of any true security solution. Adi Shamir, the “S” in RSA, made a point of saying that even the bleeding edge in security, and particularly cryptography, can do very little to nothing to stop WikiLeaks-style attacks or even Stuxnet attacks.
The end result is this: Enterprises (and governments) must constantly evaluate the total security scenario and always consider their assets compromised, just like the the NSA does, while evaluating ways to minimize harm.