lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 07 Jul 2014 01:48:30 -0700
From: Todd Weiler <tweiler@...ramail.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Iron Mountain doesn't take physical security seriously

Just this week at $CLIENT, we were considering making use of Iron
Mountain. I hadn't really thought about it, as others were to do the
leg-work.

But thank goodness, for this email thread. I can't think of a better
validation of the benefits of full disclosure than this.  

Todd


On Sat, Jul 5, 2014, at 06:57 PM, Sanguinarious wrote:
> What is it with this company and warehouse fires / arson? Like
> seriously? Anyone else find that incredibly odd considering? It
> doesn't give me confidence whatever they provide for storage
> considering it might go up in flames in a year or two.
> 
> On Thu, Jul 3, 2014 at 8:40 AM, Hinky Dink <dink@...inkydink.com> wrote:
> >
> > You might want to check out this:
> >
> > http://en.wikipedia.org/wiki/Iron_Mountain_Incorporated#Data_losses
> >
> > $DAYJOB dropped Iron Mountain long ago.
> >
> > On 6/30/2014 3:41 PM, freddielarge@...k.li wrote:
> >> Went down into my office's lobby today and saw a few dozen boxes of
> >> confidential papers belonging to another company sitting there unguarded
> >> and not secured. The Iron Mountain guys were out front, but weren't
> >> keeping an eye on the boxes at all. I was able to open the boxes and
> >> snap a few pictures of the file labels for evidence. There were old
> >> employee records, I-9s, all sorts of very confidential stuff just
> >> sitting there in the lobby. Came back an hour or so later from lunch and
> >> some of the boxes were still there with nobody watching them.
> >>
> >> http://i.imgur.com/YvZKBb6.jpg
> >>
> >> http://i.imgur.com/9bTDrRE.jpg
> >>
> >> Very disturbing to see this kind of mistake in a well-known security
> >> company.
> >>
> >> _______________________________________________
> >> Sent through the Full Disclosure mailing list
> >> http://nmap.org/mailman/listinfo/fulldisclosure
> >> Web Archives & RSS: http://seclists.org/fulldisclosure/
> >>
> >
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> 
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ