BreachExchange mailing list archives
Re: Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit
From: Rodney <rwise29210 () gmail com>
Date: Thu, 20 Mar 2008 16:51:43 -0400
Lets not forget the Hacker Safe Seal from CA. Again it is automated and the breach that occurred is real, but how many websites had the test ran and said "OMG" and then acted on the report? Wal-Mart is in business for a reason, low prices. If you need a solution that will make you better off from taking it that you were before, shouldn't you do this? I agree it should be a starting point not an "end all do all" finish, but automated system scans can, if used properly, stop SOME of the attempts to hack into networks. Visa is not protecting the networks. Lawyers don't protect networks. CSOs can protect networks ONLY if the infrastructure of the corporation will let them... yea right, like that happens every day. Who is really capable of guarding the fort of our identities? Government with the "Real (hackable) RFID? I don't know. In who should we trust? I am just a student studying Computer Network Security but the whole system seems "wacked out" to me. When the computer stops functioning properly, isn't it time to reboot? Can this system be rebooted? Rodney Wise South East Ostrich Supply http://www.seostrich.com On Wed, 2008-03-19 at 17:58 -0700, Mike Simon wrote:
I think you're right in also considering that the product was used correctly and just not up to the task, which raises an interesting but possibly off-topic question in my mind. If Rapid7 falsely attributes the incident to mis-use of their product in a public forum (the press release), essentially increasing the potential liability of Hannaford, it seems like Hannaford might have a cause of action against Rapid7. The cause of action is unrelated to the performance of their product, which I'm sure is well protected by the license agreement, but instead related to (potentially) false and (potentially) damaging statements about Hannaford's security practices. It seems to me that the statement in the revised press release has no real upside for Rapid7 true _or_ false. As someone stated earlier in this thread, they should have withdrawn the press release from their web site and taken their lumps. I'm certainly not a lawyer, and have NO knowledge of the incident, truthfulness of the subsequent Rapid7 disclaimers or really anything at all. This is intended as a discussion of hypothetical outcomes. Mike On Wed, Mar 19, 2008 at 5:40 PM, Jamie C. Pole <jpole () jcpa com> wrote:Let's also consider the possibility the Hannaford WAS using the tool correctly, and that it just didn't work as advertised. As far as the law firm being on the ball, trust me, they are. I know this firm well, and they will absolutely include Rapid7 in their discovery process. If I was senior management at Rapid7, I would NOT be sleeping well right now. The kiss of death in this case is going to be the fact that there have been around 1800 reported cases of fraud stemming from the incident. This was not an accident. Jamie -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Mike Simon Sent: Wednesday, March 19, 2008 6:47 PM To: lyger; dataloss-bounces () attrition org; dataloss () attrition org Subject: Re: [Dataloss] Consumers of Hannaford Brothers Co. Supermarkets FileClass Action Suit This could not be a better example of why companies hesitate to disclose details. If this lawfirm is on the ball. They will get access to the exchange with Rapid7 which, according to the press release changes, indicates potential additional negligence in that the had a tool that may have prevented this problem and failed to use it properly. Not a helpful disclosure for Hannaford with respect to the class action. Mike_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Attachment:
smime.p7s
Description:
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit lyger (Mar 19)
- Re: Consumers of Hannaford Brothers Co. Supermarkets FileClass Action Suit Mike Simon (Mar 19)
- Re: Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit Jamie C. Pole (Mar 19)
- Re: Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit Mike Simon (Mar 19)
- Message not available
- Re: Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit Mike Simon (Mar 20)
- Re: Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit Edward White (Mar 20)
- Re: Consumers of Hannaford Brothers Co. SupermarketsFile Class Action Suit DAIL, WILLARD A (Mar 20)
- Re: Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit Jamie C. Pole (Mar 19)
- Re: Consumers of Hannaford Brothers Co. Supermarkets FileClass Action Suit Mike Simon (Mar 19)
- Re: Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit Rodney (Mar 20)
- Re: Consumers of Hannaford Brothers Co. SupermarketsFile Class Action Suit Sasha Romanosky (Mar 19)