Re: PIN Scandal "Worst Hack Ever;" Citibank Only The Start

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

From:                   "Thomas C. Greene" <thomas.greene () theregister co uk>
Date sent:              Sat, 11 Mar 2006 11:41:48 -0500

> The scandalous part is the fact that the identity of the outfit that caused this
> problem (OfficeMax suspected) is being withheld from the public. 

But this is far from being news.  In security, we are constantly faced with the 
holdover from "security by obscurity" in combination with the "don't admit 
problems" mentality from the corporates.

Trying to getting a read on this situation is frustrating, yes.  There seem to be a 
huge number of stories around debit cards, PINs, and ATMs right at the moment.  
Given the coincidental timing, one might suspect that they are all aspects of a) a 
major breach, or b) some new technology, but we won't know for sure for some 
time while everyone is trying to keep quiet about it.

> Whoever it was
> is being protected from the loss of customer confidence that they so richly
> deserve. 

It is rather ironic that Citibank is involved in the major story: Citibank was the 
outift that a) got hit, b) did pretty much everything right and kept the damage 
under control, c) decided to announce it, and use the fact that they had dealt with 
it properly as a selling point, and d) got hammered in the market.  I suppose you 
can't blame them for being less than forthcoming this time around.


======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca      slade () victoria tc ca      rslade () sun soci niu edu
         The truth shall make ye fret              - Terry Pratchett
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.