Never Say Never
Over at Security Incite, Mike Rothman discusses the recovery of the VA laptop:
In other good news, they found the missing VA laptop, evidently with all the data intact. That really is great news, but I guess we’ll never get to test Adam Shostack’s contention (link here) that identity thieves could get to all 26 million records. Both Pete Lindstrom and I came out pretty strongly to say there was no way even a band of thieves could legitimately process that many records. But thankfully, we’ll never know.
I hope that he’s right about that, but note that a number of tapes with upwards of a million SSNs are still floating around. If you don’t like my estimates, don’t worry, more opportunities to measure will be available shortly.
Incidentally, we believe that the laptop wasn’t booted because Windows logs all sorts of stuff at boot. Taking hard drives out of laptops and copying data is a bunch of work. Apple has this really cool feature, where you can boot a machine in “firewire target mode” If it had been a Mac, and booted as an expensive disk housing, would we know?