Full Disclosure: Re: EE BrightBox router hacked - bares all if you ask nicely

[Dan Ballance <tzewang.dorje () gmail com>]

What I don't understand about everyone's scepticism here is it seems like
nobody thinks security can be improved and that we shouldn't be shocked
when large corporations roll out hopelessly insecure kit. How do you think
we can best protect the consumer then?


On 16 January 2014 17:44, <Valdis.Kletnieks () vt edu> wrote:

> On Thu, 16 Jan 2014 11:30:18 +0000, Dan Ballance said:
>
> > So your point is that there should be legislation to require companies to
> > adhere to certain security standards? I'd support that - particularly in
> an
> > ISP market which is clearly defined by national boundaries and law.
> OK.. What standard do you want to hoist as a legal mandate?
>
> Bonus points for finding a standard that provides enough *actual* security
> that it is worth doing, but yet won't bankrupt the industry.  Consider that
> of all the credit-card breaches we've seen so far this century, something
> outrageous like 97% of the victim companies had current audits that listed
> them as being 100% PCI compliant at the time of the incident.
>
> So how do you do it so it actually adds security, rather than just being
> a huge government-mandate money transfer to the auditing/certification
> groups involved?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/