| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jul 2007 12:59:51 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: Bob Bruen <bruen@...drain.net>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Wachovia Bank website sends confidential
information
Bob Bruen wrote:
> While it is true that lots of folk pick on vendors for a few minutes of
> fame, the Wachovia case is slightly different.
>
> They do have an attitude problem and are technically challenged. The basis
> for this is a law enforcement conference about six months ago. During a
> pressentation a Wachovia representative told a speaker to stop blaming the
> banks for problems. This was the third presentation this individual has
> listened to in which each speaker had blamed the banks for not doing
> enough and the frustration level was a bit high.
>
> This only comes up because of the current Wachovia web site issue. It
> shows that there is an internal problem, worse than most, endind with the
> current situation. And no I will not indentify any of the players.
>
> --bob
>
Mechanisms of politrix... I was doing contract work from home for a
HUGE-O-MONGOUS tech company I won't name (NDA) and was assigned to
do fw administration, configuration for a bank that outsource it to
this HUGE-O-MONGOUS monster. When we needed to implement a change
these were the steps:
"Uh oh.. We're seeing attacks from network X" ...
1) Call manager
2) Manager calls his manager in another state
3) That manager calls sales rep
4) Sales rep called the bank's contact
5) Bank's contact called his security team
6) Hey security team, you need to speak with your contractors
7) Security team to bank's contact ok make a conference call
8) Bank's contact to the sales rep - ok make a conference call
9) bank sales rep to HUGE-O-MONGOUS' sales rep - ok make a conference call
10) manager to manager - hey we're going to do a conference call
11) No wait... My contractor is tied up... Can we re-schedule?
In essence, when we needed to do things, it wasn't as cut and
dry as I thought it would be. In fact it was downright frustrating.
Here you are Rainwall open, NSM open about to fire off changes
but have to wait for at minimum 4 business days hoping no one
up the food chain was unavailable to make a mission critical
change.
Long story short, while at HUGE-O-MONGOUS I was surprised I
was even given the opportunity to be there - but hey contractors
liabilities, etc., legal foobarfoo wording exculpated HUGE-O-MONGOUS
company from the whole shmoo (compsec historians know the HIStory),
anyhow, I got frustrated working for them. I felt as if it was
such a dead end. Mind you I was making about $80.00 per hour
to roll out of bed and do work pretty much whenever I wanted.
Sometimes, things aren't as clear cut as one may think they are.
To me the initial "Oh noes! Wachovia is evil" post was nothing
more than someone itching for their Andy Warhol 15 minutes. With
that said... Off to lunch...
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g'
"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists