Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: EE BrightBox router hacked - bares all if you ask nicely

From: Dan Ballance <tzewang.dorje () gmail com>
Date: Thu, 16 Jan 2014 17:47:11 +0000
What I don't understand about everyone's scepticism here is it seems like
nobody thinks security can be improved and that we shouldn't be shocked
when large corporations roll out hopelessly insecure kit. How do you think
we can best protect the consumer then?


On 16 January 2014 17:44, <Valdis.Kletnieks () vt edu> wrote:


On Thu, 16 Jan 2014 11:30:18 +0000, Dan Ballance said:


So your point is that there should be legislation to require companies to
adhere to certain security standards? I'd support that - particularly in

an

ISP market which is clearly defined by national boundaries and law.


OK.. What standard do you want to hoist as a legal mandate?

Bonus points for finding a standard that provides enough *actual* security
that it is worth doing, but yet won't bankrupt the industry.  Consider that
of all the credit-card breaches we've seen so far this century, something
outrageous like 97% of the victim companies had current audits that listed
them as being 100% PCI compliant at the time of the incident.

So how do you do it so it actually adds security, rather than just being
a huge government-mandate money transfer to the auditing/certification
groups involved?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: