Dailydave mailing list archives
Re: Shady headlines
From: security curmudgeon <jericho () attrition org>
Date: Fri, 4 Apr 2014 19:27:16 -0500 (CDT)
On Fri, 4 Apr 2014, Dave Aitel wrote: : http://krebsonsecurity.com/2014/04/u-s-states-investigating-breach-at-experian/ : : So I read the Krebs report today with interest because the CISO of : Experian (Stephen Scharf) is an old friend of mine, and probably one of : the better CISO's in the business, imho. So there are a few things I Perhaps, but if he is involved in Experian's role of making legal threats against a non-profit organization who cited Krebs as a source, while refusing to go after Krebs or any other major news outlet that parroted his headlines, he isn't a good CISO imho. : think are funny in the Krebs report. For example,"Court records just After the legal threat, I had a dialogue with Krebs and summarized their complaint (cliff notes: Experian was not breached). DatalossDB updated the entry to more accurately reflect what happened, listed US Info Search as the primary with Court Ventures and Experian as secondary 'affected'. Krebs opted to keep his headlines for the original article and the follow-up that said as many as 200 million records were involved. Even after this, Experian has apparently not threatened anyone else over their coverage. But they felt it was necessary to threaten us, without asking us to update it politely first. Their bullshit threat also lied and said that *we* were responsible for everyone thinking it was Experian and 200 million, when we clearly cited our source, and every other news article clearly cited their source (Krebs). : I guess the point is, "Some random company Experian bought had an : agreement with another company that had an customer who was shady and : then arrested" is not as catchy a title, even if it is more accurate : than "U.S. States Investigating Breach at Experian" which is what Krebs : decided to run with this time. It isn't quite as clear cut as that either. From my understanding, after Court Ventures was purchased by Experian and 'due diligence' as done, the abuse continued. Not the same as 'experian lost blah records' and still not a catchy title I know, but the story is more muddled than that. - jericho _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Shady headlines Dave Aitel (Apr 04)
- Re: Shady headlines - Disagree Charisse Castagnoli (Apr 04)
- Re: Shady headlines security curmudgeon (Apr 04)
- <Possible follow-ups>
- Re: Shady headlines brian krebs (Apr 07)