BreachExchange mailing list archives
Re: An amazing use of DLDOS
From: Chris Walsh <cwalsh () cwalsh org>
Date: Wed, 6 Sep 2006 13:50:52 -0500
On Wed, Sep 06, 2006 at 10:24:03AM -0700, George Toft wrote:
What would also make the database really useful for research is if we could categorize the primary (and secondary) causes of the loss. For example: pri_cause - laptop theft sec_cause - policy violation
Forget about sec_cause :^) For pri_cause, you often find that it was a compromised web site. So, that could mean an application flaw (SQL injection), a misconfigured web server, poor or no authentication, a braindead firewall, etc. The same logic applies to other compromises. You get the general "cause", but not what really happened. It is frustrating, but sort of interesting. Sometimes, what happened is perfectly clear: An auditor left a laptop containing customer data, including SSN, name, and salary in a locked car in Hoboken NJ. The car was broken into, and the laptop stolen. The laptop was password-protected, but the data were not encrypted. For a large proportion of cases, all you know is what was compromised, but not *how* (or even, when). I forgot to mention in my earlier post that for the cases I have "on file", I also specify whether reporting was mandated by state law, whether such reporting occurred, and what form the notice took (mail, email, phone, etc). The sector (banking, etc) is easily obtained by looking at the NAICS code, which is the industrial classification often used by academic researchers in the social sciences. cw http://www.census.gov/epcd/www/naics.html _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 337 incidents over 6 years.
Current thread:
- An amazing use of DLDOS lyger (Sep 05)
- Re: An amazing use of DLDOS Chris Walsh (Sep 06)
- Re: An amazing use of DLDOS George Toft (Sep 06)
- Re: An amazing use of DLDOS Chris Walsh (Sep 06)
- Re: An amazing use of DLDOS Adam Shostack (Sep 07)
- Re: An amazing use of DLDOS lyger (Sep 07)
- Re: An amazing use of DLDOS George Toft (Sep 06)
- Re: An amazing use of DLDOS Al Mac (Sep 07)
- Re: An amazing use of DLDOS lyger (Sep 07)
- Re: An amazing use of DLDOS Chris Walsh (Sep 07)
- Re: An amazing use of DLDOS blitz (Sep 07)
- Re: An amazing use of DLDOS Chris Walsh (Sep 06)