if the "adversary" has such control over the endpoint, is this not futile?
The right solution is to block internet entirely from systems with sensitive data.
-
-
Use separate computers for email/web and for assets that need protection.
-
+1 - good defense in depth. Outbound encryption/obfusc must also be controlled ... somehow.
-
It's controlled by not having an outbound. If there's an outbound you already lost.
End of conversation
New conversation -
-
-
If the user has access to the data, so does the attacker. Always.
-
If they have to move it by plugging hw, it's in realm of physical security/surveillance.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.