Full Disclosure mailing list archives
Re: EE BrightBox router hacked - bares all if you ask nicely
From: Dan Ballance <tzewang.dorje () gmail com>
Date: Thu, 16 Jan 2014 18:09:57 +0000
Totally agree with the driving drunk analogy. I mean, we say that car manufacturers and airplane companies have to run their systems to agreed standards. And this is done in such a way that safety on the roads and in skies improves. So why can it not be done for the IT industry? Nobody talks about the car industry collapsing because they're being asked to meet basic safety standards. Maybe it's convenient for some security professionals to see things carry on as they are? I don't know. On 16 Jan 2014 18:03, "Jeffrey Walton" <noloader () gmail com> wrote:
On Thu, Jan 16, 2014 at 12:44 PM, <Valdis.Kletnieks () vt edu> wrote:On Thu, 16 Jan 2014 11:30:18 +0000, Dan Ballance said:So your point is that there should be legislation to require companiestoadhere to certain security standards? I'd support that - particularlyin anISP market which is clearly defined by national boundaries and law.OK.. What standard do you want to hoist as a legal mandate?No standards are needed. Attach a nominal dollar amount to the data. That will unbalance the risk equations and the industry will act on its own. For example, if it takes 2 hours to reset to all your passwords (password reuse is rampant), then allow a consumer to recover $250 for their time. If PII is lost allow them damages of 7 years of credit reporting (about $150) plus actual damages from any loss. Hell, I had to overnight a credit card last summer while on business that was cancelled due to a breach. That cost me $75.00. Perhaps triple damages are in order, too.Bonus points for finding a standard that provides enough *actual*securitythat it is worth doing...+1... but yet won't bankrupt the industry.Computing is a privilege, not a right. Should Sony continue to be allowed to compute when they suffered at least 50 incidents, including dataloss (http://attrition.org/security/rants/sony_aka_sownage.html)? Hell, Sony suffered 7 different incidents in one month ( http://www.thetechherald.com/article.php/201121/7185/Seven-security-incidents-in-two-months-Sony-s-nightmare-grows ). How much time an aggravation have they caused to institutions and consumers? That's driving drunk on the information superhighway. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: EE BrightBox router hacked - bares all if you ask nicely, (continued)
- Re: EE BrightBox router hacked - bares all if you ask nicely gold flake (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Źmicier Januszkiewicz (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Dan Ballance (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Źmicier Januszkiewicz (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Dan Ballance (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Valdis . Kletnieks (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Dan Ballance (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Valdis . Kletnieks (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Dan Ballance (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Jeffrey Walton (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Dan Ballance (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Tracy Reed (Jan 16)
- Re: EE BrightBox router hacked - bares all if you ask nicely Daniël W . Crompton (Jan 16)