Why crack a systems to get information when you can just buy the system?

[InfoSec News <isn () c4i org>]

Forwarded from: Mark Bernard <mbernard () nbnet nb ca>

Good afternoon Associates,

Have you seen this story? Why crack a systems to get information when
you can just buy the system?

This should never happen, but its happening right here in Canada more
frequently than ever before........ Once a Corporate computer has
exceeded a three year period of use it represents capital that has
been written off which the company has received credit for from the
government of Canada. So why are these banks selling worthless assets
to make a profit at such risk? Just take a look at some of the
inherent risks including potential effects that they take on below.

The economic impact can start to be measured by the loss in confidence
in the BOM, namely share prices. Share holders will lose savings. This
could mean that retirees who depend on that money to just get buy have
less now. The possibility of ID Theft raises its head again and a
violation of the privacy rights which will mean a possible class
action suite. The privacy commissionaire will investigate so tax
payers will pay for auditors to investigate further impacting the
productivity of the BOM staff. Possible job loss by one or two
individuals may mean new people will get hired, they will need to be
trained or we might see this problem occur once more in the near
future.

Really these incidents need to be discussed openly so that people are
clear about this risks and associated threats.

Regards,
Mark.

-----------------------------
http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1063577414565&call_pageid=968332188492&col=968793972154

Error' sends bank files to eBay
Student buys BMO computers, finds client info
Hard drives were on auction site for six hours

TYLER HAMILTON
TECHNOLOGY REPORTER

Two Bank of Montreal computers containing hundreds, potentially
thousands, of sensitive customer files narrowly escaped being sold on
eBay.com late last week, calling into question the process by which
financial institutions dispose of old computer equipment.

Information in one of the computers included the names, addresses and
phone numbers of several hundred bank clients, along with their bank
account information, including account type and number, balances and,
in some cases, balances on GICs, RRSPs, lines of credit, credit cards
and insurance.

Many of the files were dated as recently as late 2002, while some went
back to 2000. The computers appeared to originate from the bank's head
office on St. Jacques St. in Montreal, but customers, many of them
also bank employees, had addresses ranging from Victoria, B.C., to St.
John's, Nfld.


------------------------------

Regards,
Mark.

Mark E. S. Bernard, CISM,
Apollo Computer Consultants Inc.

email: Mark.Bernard.CISM () apollo-cc com
Web site: www.apollo-cc.com
Phone: (506) 375-6368



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.