BreachExchange mailing list archives
Re: a recurring theme...
From: hobbit () avian org (*Hobbit*)
Date: Fri, 17 Feb 2006 15:17:57 +0000 (GMT)
Well, by "the industry" I really mean any corporation that accumulates data on people, especially of the financial sort, and is therefore likely to cause privacy leaks in a breach. But more subtly, I mean the outfits that are doing that and then making such data available via largely insecure means -- "it's easy! Manage your account online! Just sign up here, and use the last 4 digits of your social as a default password!" ... it's not *quite* that bad these days, but on the other hand getting a bank or other organization with which one holds an account of some kind to completely *decouple* one's particulars from any sort of online access is increasingly difficult. And they act surprised when someone calls in and says "no, I don't want ANY internet access to my account please". Or be in total shock when someone wants to follow good security guidelines and change an otherwise relatively static secret. Many procedural assumptions are being made, in the financial sector and otherwise, that are fundamentally flawed, and they're all copycatting each other in this madness so that makes it all seem like "accepted practice". This is where things have gone so horribly wrong, and now we see the results. But it's gotten too big, and nobody knows or cares how to fix it anymore. They've learned how to pronounce "identity theft", but that seems to be about as far as it goes. Hopefully this list can help drive home a different conclusion. I think I've seen an aggregate figure of over a million customers at risk go by in just the short time I've been here. Perhaps efforts to bring lists like this to a wider audience would help... _H* _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- a recurring theme... *Hobbit* (Feb 15)
- Re: a recurring theme... security curmudgeon (Feb 15)
- Re: a recurring theme... Adam Shostack (Feb 16)
- Message not available
- Re: Fwd: a recurring theme... sawaba (Feb 16)
- Re: a recurring theme... security curmudgeon (Feb 15)
- Re: a recurring theme... security curmudgeon (Feb 16)
- <Possible follow-ups>
- Re: a recurring theme... *Hobbit* (Feb 17)
- Re: a recurring theme... Mike Fratto (Feb 17)