Home page logo
/

funsec logo funsec mailing list archives

Re: Youth expelled from Montreal college after finding "sloppy coding" that compromised security of 250, 000 students personal data
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 21 Jan 2013 11:41:28 -0500

On Mon, Jan 21, 2013 at 10:26 AM, Rich Kulawiec <rsk () gsp org> wrote:
(h/t to Nadim Kobeissi)

        Youth expelled from Montreal college after finding "sloppy coding" that compromised security of 250,000 
students personal data
        
http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/

Same old story, complete with the customary vacuous denial-by-assertion:

        "We acted immediately to fix the problem, and were able to do
        so before anyone could use it to access private information."

Riiiiiiight, so you weren't good enough to avoid creating the vulnerability
in the first place, yet you are somehow omniscient enough to know that
nobody, that's right, NOBODY, exploited the hole before you fixed it.
Citizens and users need legislative relief. Waiting for an
organization "do the right thing" does not work. A long history has
demonstrated that by example.

Its too bad politicians are so easily bought and sold like trading
cards. If the politicians actually looked out for the interests of
their constituents, the citizens and users would likely already have
it in the US. The legislation would upset the risk equations, and
compel an organization to act.

Instead, the 'X' of the risk analysis equation is basically sending
out a 50 cent letter. How does that compare when 'Y' is millions and
billions of dollars? I'm not an economist, but I would venture to say
the 50 cent letter is always chosen when muli-million dollar reven
streams are involved.

Who is more danderous to the general populace? Bin Laden and friends,
or a US corporation and thier purchased representatives?

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]