funsec mailing list archives
Re: Stratfor is Online
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 16 Jan 2012 15:10:51 -0500
On Mon, Jan 16, 2012 at 2:36 PM, <Valdis.Kletnieks () vt edu> wrote:
On Mon, 16 Jan 2012 13:21:42 EST, Jeffrey Walton said:Stratfor is not the US government. They can't recoup lost revenue; or print money to cover costs related to their negligence in order to make it up to the share holders.Which part of "They got raped for $50M, so they charge the cardholders $50M more and the shareholders come out even" do you not understand?
Forgive my ignorance here..... So the Stratfor members (ie, card holders) will be footing the bill for the investigation, site improvements, data security improvements, and the costs associated with contracting the data management to a third party. It seems more intuitive to me that the Stratfor shareholders would absorb the costs. And I'm not clear how bringing yet another party in contact with the CRM data makes things more seure. That is, the confidential information, including credit cards numbers, will be available to a firm outside of the organization. It seems to me the attack surface just doubled. Perhaps the firm could put it 'in the cloud' and triple the attack surface (and blame Amazon for their next data breach). But what do I know.... Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Stratfor is Online Jeffrey Walton (Jan 16)
- Re: Stratfor is Online Valdis . Kletnieks (Jan 16)
- Re: Stratfor is Online Jeffrey Walton (Jan 16)
- Re: Stratfor is Online Valdis . Kletnieks (Jan 16)
- Re: Stratfor is Online Jeffrey Walton (Jan 16)
- Re: Stratfor is Online Chris Boyd (Jan 16)
- Re: Stratfor is Online Rich Kulawiec (Jan 16)
- Re: Stratfor is Online Jeffrey Walton (Jan 16)
- Re: Stratfor is Online Valdis . Kletnieks (Jan 16)