| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200503191317.52043.mailinglists@vanscherpenseel.nl> From: mailinglists at vanscherpenseel.nl (Vincent van Scherpenseel) Subject: Re: choice-point screw-up and secure hashes On Saturday 19 March 2005 13:02, Kurt Seifried wrote: > > Don't forget that it's bad for the company's image to have confidential > > customer data stolen. As soon as the press catches on it's bad for > > business. > > So, companies *do* have a drive to secure your private data. > > Uhhh no. See consumers such as yourself don't actually purchase services > from choicepoint/etc (unless you're a Nigerian guy who is into ID theft =). > Businesses do. And businesses don't care if choicepoint is secure or not, > they care if choicepoint has the data. It's like Equifax, you don't buy > information from them, companies you deal with do. These firms have no > incentive to protect your information, because they'll never lose your > business. Consumer A pays for a service from Company B which uses a payment method from Company C. Company C holds data from Consumer A for Company B. Now, C gets compromised and data from A is stolen. Don't you think the consumer will knock on Company B's door? The consumer doesn't deal with Choicepoint, the consumer deals the company, as you said. Now, Company B has been found responsable for the mess by the consumer. Don't you think B will now knock on C's door? A real-life example: I work as a System Administrator at Ilse Media, the biggest Internet publisher in The Netherlands. We, and lots of other big companies, use the Falk AG network for ad planning (the banners and such). Recently, somewhere in November, the Falk AG network was hacked and a the Bofra/IFrame worm was planted in the advertisement positions. An article about this can be found on the Register [1], which was also a victim of the attack. Directly after the accident, Ilse Media (the company I work for) started supplying Anti Virus packages for free to the attacked visitors of the sites in the Ilse Media network. This cost my company a big amount of money, but we had to save our image. We could had said to the visitors "I'm sorry, but this is not our fault." but then the consumer would've been unsatisfied. Our way was the best way to deal with this issue, imho. - Vincent van Scherpenseel [1] http://www.theregister.co.uk/2004/11/21/register_adserver_attack/ -- http://vincent.vanscherpenseel.nl/
Powered by blists - more mailing lists