Re: Stratfor is Online

[Jeffrey Walton <noloader () gmail com>]

On Mon, Jan 16, 2012 at 2:36 PM,  <Valdis.Kletnieks () vt edu> wrote:
> On Mon, 16 Jan 2012 13:21:42 EST, Jeffrey Walton said:
>
> > Stratfor is not the US government. They can't recoup lost revenue; or
> > print money to cover costs related to their negligence in order to
> > make it up to the share holders.
>
> Which part of "They got raped for $50M, so they charge the cardholders
> $50M more and the shareholders come out even" do you not understand?
Forgive my ignorance here.....

So the Stratfor members (ie, card holders) will be footing the bill
for the investigation, site improvements, data security improvements,
and the costs associated with contracting the data management to a
third party. It seems more intuitive to me that the Stratfor
shareholders would absorb the costs.

And I'm not clear how bringing yet another party in contact with the
CRM data makes things more seure. That is, the confidential
information, including credit cards numbers, will be available to a
firm outside of the organization. It seems to me the attack surface
just doubled. Perhaps the firm could put it 'in the cloud' and triple
the attack surface (and blame Amazon for their next data breach).

But what do I know....

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.