Full Disclosure mailing list archives
Re: Re: choice-point screw-up and secure hashes
From: Vincent van Scherpenseel <mailinglists () vanscherpenseel nl>
Date: Sat, 19 Mar 2005 13:17:52 +0100
On Saturday 19 March 2005 13:02, Kurt Seifried wrote:
Don't forget that it's bad for the company's image to have confidential customer data stolen. As soon as the press catches on it's bad for business. So, companies *do* have a drive to secure your private data.Uhhh no. See consumers such as yourself don't actually purchase services from choicepoint/etc (unless you're a Nigerian guy who is into ID theft =). Businesses do. And businesses don't care if choicepoint is secure or not, they care if choicepoint has the data. It's like Equifax, you don't buy information from them, companies you deal with do. These firms have no incentive to protect your information, because they'll never lose your business.
Consumer A pays for a service from Company B which uses a payment method from Company C. Company C holds data from Consumer A for Company B. Now, C gets compromised and data from A is stolen. Don't you think the consumer will knock on Company B's door? The consumer doesn't deal with Choicepoint, the consumer deals the company, as you said. Now, Company B has been found responsable for the mess by the consumer. Don't you think B will now knock on C's door? A real-life example: I work as a System Administrator at Ilse Media, the biggest Internet publisher in The Netherlands. We, and lots of other big companies, use the Falk AG network for ad planning (the banners and such). Recently, somewhere in November, the Falk AG network was hacked and a the Bofra/IFrame worm was planted in the advertisement positions. An article about this can be found on the Register [1], which was also a victim of the attack. Directly after the accident, Ilse Media (the company I work for) started supplying Anti Virus packages for free to the attacked visitors of the sites in the Ilse Media network. This cost my company a big amount of money, but we had to save our image. We could had said to the visitors "I'm sorry, but this is not our fault." but then the consumer would've been unsatisfied. Our way was the best way to deal with this issue, imho. - Vincent van Scherpenseel [1] http://www.theregister.co.uk/2004/11/21/register_adserver_attack/ -- http://vincent.vanscherpenseel.nl/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: choice-point screw-up and secure hashes Jason Coombs (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Kurt Seifried (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Vincent van Scherpenseel (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Kurt Seifried (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Vincent van Scherpenseel (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Ron DuFresne (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Ron DuFresne (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Vincent van Scherpenseel (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Kurt Seifried (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Atom Smasher (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Valdis . Kletnieks (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Atom Smasher (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Valdis . Kletnieks (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Atom Smasher (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Valdis . Kletnieks (Mar 19)
- Re: Re: choice-point screw-up and secure hashes Jason (Mar 19)