BreachExchange mailing list archives
(rant) What The Hell Was He Thinking?
From: lyger <lyger () attrition org>
Date: Fri, 20 Jul 2007 23:45:55 +0000 (UTC)
http://attrition.org/security/rant/z/privacy.html Fri Jul 20 17:40:29 EST 2007 Lyger and Jericho For those who haven't heard, a recent data loss incident involving the Louisiana Board of Regents was recently disclosed to the media. In short, about 80,000 Social Security numbers were inadvertently exposed over the internet, and the media seemed to be very quick in picking up on the story. An independent researcher by the name of Aaron Titus made this discovery, contacted a media source and made the disclosure. Fairly interesting. Here's the problem: Aaron Titus made a mistake. He asked for advice regarding responsible disclosure of a known vulnerability (i.e. an exposure of personal information in a public location), and then proceeded to ignore almost every bit of rational advice given to him. [..] Note that we redacted Aaron's email address in the email above. It is worth mentioning that we also redacted his work telephone number from the same email. We would really hate to invade his personal privacy since he values it so much, but with that said, why would a "privacy advocate" ask for advice regarding responsible disclosure, email us at attrition.org, receive our advice, and then do this: https://www.ssnbreach.org/ [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 213 million compromised records in 726 incidents over 7 years.
Current thread:
- (rant) What The Hell Was He Thinking? lyger (Jul 20)