Security Basics mailing list archives
Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."
From: Jason Muskat <Jason () TechDude Ca>
Date: Tue, 16 May 2006 22:13:56 -0400
Hello, Security has to be correct 100% of the time. One omission can lead to an exposure. Count yourself lucky that your vulnerabilities haven't been exposed (that you know of -- Think Ohio State's exposure <http://www.ohio.edu/datatheft/alumni/index.cfm>). Many organizations cover up (do not report to governmental authorizes) every exposure that occurs. This is the norm. Consider the following; 10 persons information were known to be stolen. Everything from address, SSN, account numbers, credit cards, driver lic., health ins. forms, employment data, etc.. It goes unreported. Years later you receive letters for failing to pay your mortgage, credit cards, taxes, car lease, speeding tickets, you didn't show up for sentencing, and have a warrant for your arrest. Things like the above happen. I read how a case of mistaken identity had some fellow jailed for a few months before it was resolved. Imagine how it could have went if the perpetrator had stolen his ID. Once your information is exposed you soon realize that there is nothing you can do to protect yourself, it's too late. For evermore you, not the organization, has to check your credit reports, accounts, put flags up in your accounts over and over again until you die and all at your, not the organization's, expense. Most organizations don't even offer help to the people they adversely effected. At the very least an organization should set up a department to help the customers that have harmed. Regards, -- Jason Muskat | GCUX - de VE3TSJ ____________________________ TechDude e. Jason () TechDude Ca m. 416 .414 .9934 http://TechDude.Ca/
From: Saqib Ali <docbook.xml () gmail com> Date: Fri, 12 May 2006 21:22:03 -0700 To: Bob Radvanovsky <rsradvan () unixworks net> Cc: Jason Muskat <Jason () techdude ca>, "Sadler, Connie" <Connie_Sadler () brown edu>, <email () securityabsurdity com>, <security-basics () securityfocus com> Subject: Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security.""Security" is a matter of perception. If the companies don't see it as an issue, it (quite simply) is *not* an issue.That is fine for the company in question. But NOT fine for the customers / other companies interfacing with the company that does not see INsecurity is an issue. I wouldn't wanna have my credit card info stolen from an online merchant, neither would you. One option is that I do not deal with compannies that do take security seriously. But how do I know which companies do NOT take security seriously? Maybe they should put a disclaimer on their website???? -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 -----------
Current thread:
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Bob Radvanovsky (May 12)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 17)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Stephen John Smoogen (May 20)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 23)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Angela and Donald (May 24)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 24)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- <Possible follow-ups>
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Bob Radvanovsky (May 23)