lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: toddtowles at brookshires.com (Todd Towles)
Subject: Re: choice-point screw-up and secure hashes

BTW, The FBI uses Choicepoint for a few specialized queries. Most
terrorism related. 

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Ron DuFresne
> Sent: Saturday, March 19, 2005 1:16 PM
> To: Vincent van Scherpenseel
> Cc: Full-Disclosure
> Subject: Re: [Full-disclosure] Re: choice-point screw-up and 
> secure hashes
> 
> On Sat, 19 Mar 2005, Vincent van Scherpenseel wrote:
> 
> > On Saturday 19 March 2005 13:02, Kurt Seifried wrote:
> > > > Don't forget that it's bad for the company's image to have 
> > > > confidential customer data stolen. As soon as the press 
> catches on 
> > > > it's bad for business.
> > > > So, companies *do* have a drive to secure your private data.
> > >
> > > Uhhh no. See consumers such as yourself don't actually purchase 
> > > services from choicepoint/etc (unless you're a Nigerian 
> guy who is into ID theft =).
> > > Businesses do. And businesses don't care if choicepoint 
> is secure or 
> > > not, they care if choicepoint has the data. It's like 
> Equifax, you 
> > > don't buy information from them, companies you deal with 
> do. These 
> > > firms have no incentive to protect your information, 
> because they'll 
> > > never lose your business.
> >
> > Consumer A pays for a service from Company B which uses a payment 
> > method from Company C. Company C holds data from Consumer A for 
> > Company B. Now, C gets compromised and data from A is stolen. Don't 
> > you think the consumer will knock on Company B's door? The consumer 
> > doesn't deal with Choicepoint, the consumer deals the 
> company, as you 
> > said. Now, Company B has been found responsable for the mess by the 
> > consumer. Don't you think B will now knock on C's door?
> 
> 
> Do you know which companies trade and buy personal data from 
> your bank, insurance company, the utilities <phone, electric, 
> gas>, your city and county, your ISP, <endless list>...?
> 
> How many people new of let alone knew/know which comapnies 
> choice-point obatined their data from?  Quite often putting 
> pressure on company C is not a straight forward matter for 
> the public at large.
> 
> Thanks,
> 
> Ron DuFresne
> --
> "Sometimes you get the blues because your baby leaves you. 
> Sometimes you get'em 'cause she comes back." --B.B. King
>         ***testing, only testing, and damn good at it too!***
> 
> OK, so you're a Ph.D.  Just don't touch anything.
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ