Re: [fw-wiz] Equifax Canada

• Previous message: Ofir Arkin: "[fw-wiz] Whitepaper release: Risks of Passive Network Discovery Systems"
• In reply to: Adrian Grigorof: "Re: [fw-wiz] Equifax Canada"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] Equifax Canada"
• Reply: Paul D. Robertson: "Re: [fw-wiz] Equifax Canada"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Adrian Grigorof <adi@grigorof.com>
Date: Mon, 20 Jun 2005 16:45:01 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 20 Jun 2005, Adrian Grigorof wrote:

> Apparently this was caused by "improper use of a customer's access codes and
> security password". Can Equifax force its customers (basically all the
> credit institutions and many others) to use a method of authentication
> stronger than a user id/password combination? To quote a recent post from
> Marcus J. Ranum:
>
>> How many of you could tell your customers *that*?! People scream
>> and whine over the idea of putting firewalls in (still) - now, attempting
>> to enforce a local policy against a business partner - that's patently
>> ridiculous. Right? Well, technically it's NOT ridiculous, but everyone
>> has basically blown it off.
>
> It is surely cheaper to call 600 customers once a year (ok, make that twice
> a year) than enforcing an expensive authentication infrastructure. Is it not
> a basic principle in IT security that the cost of securing same data should
> be less than what that data is worth?

But are the worth of the data here merely relational to the cost of
contacting those clients whose information was compromised? Maybe to the
company, but, I'm willing to bet the clients consider this data much more
vauable then that, I would, and their costs, the clients is not yet
ended, esepcially if their victims of identity theft...

> It is true, they loose some credibility

Which is another sense of the value and loss incurred in this case, an
additional loss.

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCtyrQst+vzJSwZikRAn+bAJ0UrxJTDPgpxsoDKSrw3dsO8c7TBgCgsiQv
w9Lp8G2y6xCBJNwAv6aqmJU=
=lT0C
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Ofir Arkin: "[fw-wiz] Whitepaper release: Risks of Passive Network Discovery Systems"
• In reply to: Adrian Grigorof: "Re: [fw-wiz] Equifax Canada"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] Equifax Canada"
• Reply: Paul D. Robertson: "Re: [fw-wiz] Equifax Canada"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]