Shady headlines

[Dave Aitel <dave () immunityinc com>]

http://krebsonsecurity.com/2014/04/u-s-states-investigating-breach-at-experian/


So I read the Krebs report today with interest because the CISO of
Experian (Stephen Scharf) is an old friend of mine, and probably one of
the better CISO's in the business, imho. So there are a few things I
think are funny in the Krebs report. For example,"Court records just
released last week show that Ngo tricked an Experian subsidiary into
giving him /direct access to personal and financial data on more than
200 million Americans. "/ Right now, using Google, I have direct access
to billions of records on both Americans and non-Americans But that
doesn't mean I downloaded it and used it. How much data did this guy
even get? Something more on the order of 3 million various things.
Likewise, it seems like it was not Experian's data at all, but the
result of some legal agreements that happened before Experian ever got
involved. Also I love the part in the court documentation where the
defendant has been hearing voices and is basically crazy.

I guess the point is, "Some random company Experian bought had an
agreement with another company that had an customer who was shady and
then arrested" is not as catchy a title, even if it is more accurate
than "U.S. States Investigating Breach at Experian" which is what Krebs
decided to run with this time.


Official Experian response to the whole mess (worth a quick read) is here://
//

http://www.experian.com/blogs/news/2014/03/30/court-ventures/
<http://www.experian.com/blogs/news/2014/03/30/court-ventures/>


-dave

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave