lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mailinglists at vanscherpenseel.nl (Vincent van Scherpenseel)
Subject: Re: choice-point screw-up and secure hashes

On Saturday 19 March 2005 09:36, Kurt Seifried wrote:

> The sad part is there is NO (Zero, Nada, Zilch) incentive for companies to
> treat this data securely. Information for a hundred thousand people is
> stolen. So what? The company is not criminally liable in any way (I haven't
> heard of any laws yet). Civilly they're barely liable either. It'll be more
> of the same until we have laws with penalties for allowing theft of
> customer data. To bad insurance won't work, when a physical item is stolen
> it costs money to get a new one, and insurance companies won't pay out
> unless you took due care/diligence, OTOH if you steal all the electronic
> data (and even erase it) a company just restores from a backup and goes on
> with life.

Don't forget that it's bad for the company's image to have confidential 
customer data stolen. As soon as the press catches on it's bad for business. 
So, companies *do* have a drive to secure your private data.

 - Vincent van Scherpenseel

-- 
http://vincent.vanscherpenseel.nl/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ