Firewall Wizards mailing list archives
Re: Equifax Canada
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 20 Jun 2005 16:45:01 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 20 Jun 2005, Adrian Grigorof wrote:
Apparently this was caused by "improper use of a customer's access codes and security password". Can Equifax force its customers (basically all the credit institutions and many others) to use a method of authentication stronger than a user id/password combination? To quote a recent post from Marcus J. Ranum:How many of you could tell your customers *that*?! People scream and whine over the idea of putting firewalls in (still) - now, attempting to enforce a local policy against a business partner - that's patently ridiculous. Right? Well, technically it's NOT ridiculous, but everyone has basically blown it off.It is surely cheaper to call 600 customers once a year (ok, make that twice a year) than enforcing an expensive authentication infrastructure. Is it not a basic principle in IT security that the cost of securing same data should be less than what that data is worth?
But are the worth of the data here merely relational to the cost of contacting those clients whose information was compromised? Maybe to the company, but, I'm willing to bet the clients consider this data much more vauable then that, I would, and their costs, the clients is not yet ended, esepcially if their victims of identity theft...
It is true, they loose some credibility
Which is another sense of the value and loss incurred in this case, an additional loss.
Thanks, Ron DuFresne- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 ...We waste time looking for the perfect lover instead of creating the perfect love. -Tom Robbins <Still Life With Woodpecker> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCtyrQst+vzJSwZikRAn+bAJ0UrxJTDPgpxsoDKSrw3dsO8c7TBgCgsiQv w9Lp8G2y6xCBJNwAv6aqmJU= =lT0C -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Equifax Canada Paul D. Robertson (Jun 19)
- Re: Equifax Canada Adrian Grigorof (Jun 20)
- Re: Equifax Canada Paul D. Robertson (Jun 20)
- Re: Equifax Canada R. DuFresne (Jun 20)
- Re: Equifax Canada Paul D. Robertson (Jun 20)
- Re: Equifax Canada Mark Teicher (Jun 22)
- RE: Equifax Canada Brian Loe (Jun 22)
- Re: Equifax Canada Adrian Grigorof (Jun 20)
- <Possible follow-ups>
- RE: Equifax Canada Monkman, Brian (Jun 20)
- RE: Equifax Canada Paul D. Robertson (Jun 20)
- Re: Equifax Canada Keith A. Glass (Jun 20)
- RE: Equifax Canada Ames, Neil (Jun 29)
- RE: Equifax Canada J. Oquendo (Jun 29)