Firewall Wizards mailing list archives

Re: Equifax Canada

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 20 Jun 2005 16:45:01 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 20 Jun 2005, Adrian Grigorof wrote:

Apparently this was caused by "improper use of a customer's access codes and
security password". Can Equifax force its customers (basically all the
credit institutions and many others) to use a method of authentication
stronger than a user id/password combination? To quote a recent post from
Marcus J. Ranum:

How many of you could tell your customers *that*?!   People scream
and whine over the idea of putting firewalls in (still) - now, attempting
to enforce a local policy against a business partner - that's patently
ridiculous. Right? Well, technically it's NOT ridiculous, but everyone
has basically blown it off.


It is surely cheaper to call 600 customers once a year (ok, make that twice
a year) than enforcing an expensive authentication infrastructure. Is it not
a basic principle in IT security that the cost of securing same data should
be less than what that data is worth?

But are the worth of the data here merely relational to the cost ofcontacting those clients whose information was compromised? Maybe to thecompany, but, I'm willing to bet the clients consider this data much morevauable then that, I would, and their costs, the clients is not yetended, esepcially if their victims of identity theft...

It is true, they loose some credibility

Which is another sense of the value and loss incurred in this case, anadditional loss.


Thanks,

Ron DuFresne

- --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCtyrQst+vzJSwZikRAn+bAJ0UrxJTDPgpxsoDKSrw3dsO8c7TBgCgsiQv
w9Lp8G2y6xCBJNwAv6aqmJU=
=lT0C
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Equifax Canada Paul D. Robertson (Jun 19)
- Re: Equifax Canada Adrian Grigorof (Jun 20)
  - Re: Equifax Canada Paul D. Robertson (Jun 20)
  - Re: Equifax Canada R. DuFresne (Jun 20)
    - Re: Equifax Canada Paul D. Robertson (Jun 20)
    - Re: Equifax Canada Mark Teicher (Jun 22)
    - RE: Equifax Canada Brian Loe (Jun 22)
- Re: Equifax Canada Mircea MITU (Jun 22)
- <Possible follow-ups>
- RE: Equifax Canada Monkman, Brian (Jun 20)
  - RE: Equifax Canada Paul D. Robertson (Jun 20)
- Re: Equifax Canada Keith A. Glass (Jun 20)
- RE: Equifax Canada Ames, Neil (Jun 29)
- RE: Equifax Canada J. Oquendo (Jun 29)