lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mailinglists at vanscherpenseel.nl (Vincent van Scherpenseel)
Subject: Re: choice-point screw-up and secure hashes

On Saturday 19 March 2005 13:02, Kurt Seifried wrote:
> > Don't forget that it's bad for the company's image to have confidential
> > customer data stolen. As soon as the press catches on it's bad for
> > business.
> > So, companies *do* have a drive to secure your private data.
>
> Uhhh no. See consumers such as yourself don't actually purchase services
> from choicepoint/etc (unless you're a Nigerian guy who is into ID theft =).
> Businesses do. And businesses don't care if choicepoint is secure or not,
> they care if choicepoint has the data. It's like Equifax, you don't buy
> information from them, companies you deal with do. These firms have no
> incentive to protect your information, because they'll never lose your
> business.

Consumer A pays for a service from Company B which uses a payment method from 
Company C. Company C holds data from Consumer A for Company B. Now, C gets 
compromised and data from A is stolen. Don't you think the consumer will 
knock on Company B's door? The consumer doesn't deal with Choicepoint, the 
consumer deals the company, as you said. Now, Company B has been found 
responsable for the mess by the consumer. Don't you think B will now knock on 
C's door?

A real-life example: I work as a System Administrator at Ilse Media, the 
biggest Internet publisher in The Netherlands. We, and lots of other big 
companies, use the Falk AG network for ad planning (the banners and such). 
Recently, somewhere in November, the Falk AG network was hacked and a the 
Bofra/IFrame worm was planted in the advertisement positions. An article 
about this can be found on the Register [1], which was also a victim of the 
attack.
Directly after the accident, Ilse Media (the company I work for) started 
supplying Anti Virus packages for free to the attacked visitors of the sites 
in the Ilse Media network. This cost my company a big amount of money, but we 
had to save our image.
We could had said to the visitors "I'm sorry, but this is not our fault." but 
then the consumer would've been unsatisfied. Our way was the best way to deal 
with this issue, imho.

 - Vincent van Scherpenseel

[1] http://www.theregister.co.uk/2004/11/21/register_adserver_attack/

-- 
http://vincent.vanscherpenseel.nl/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ