RE: Must read for everyone

["Dan Clements" <dan () cardcops com>]

Lincoln,

We've seen over 200 Merchant hacks in the last few years...with maybe 10% of
them fessing up, as they are required to by their Merchant aggreements with
Visa and MC. Even MC knows only about 15% of all hacks are reported as per
John Verduci of MC
http://www.epaynews.com/index.cgi?survey=&keywords=hack&optional=&subject=&l
ocation=&ref=keyword&f=view&id=1050058891622215212&block=

We'd love to hear what the security pros think about all of this.

Regards,
Dan
CardCops.com



-----Original Message-----
From: Lincoln Milner [mailto:lmilner () hes hmc psu edu]
Sent: Monday, June 30, 2003 8:06 AM
To: security-basics () securityfocus com
Subject: RE: Must read for everyone


I have mixed feelings about the legislation in California, designed to give
the public more information about what threats or hacks companies are
facing.  That's good news from a security standpoint, but I for one can
attest to the fact that a number of online retailers (large and small) are
doing this already, without (until now) the fear of legislation or
prosecution.

The messages I've gotten have been from the retailer, letting me know what
happened (they were cracked, and my information may have been compromised),
and quickly followed from a message or phone call from my bank, requiring me
to cancel and re-issue a card.  Which means the retailer not only contacted
me about the problem, but also my financial institution.  So the market is
doing a good deed, it may just need to be done on a more global scale.

I agree with Schmidt's quote on having the market drive the need for this
sort of behavior.  Legislation of this type, in my opinion, only leads to
more watching by governments, interest groups, and people looking for a way
to hit the jackpot in a lawsuit.

Since the WWW and the larger Internet ventures are touted to be open and
accessible forms of media (sans censorship and regulation), we should not
look to legislation to force us in certain directions, but to look to one
another to help drive trends that we, as both consumers and creators of the
technology, are best capable of setting.


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------