Re: Actual Security Cases

From: Jeffrey C. Keyser (jkeyser@poss.com)
Date: 02/07/03

  • Next message: Lambott@aol.com: "Re: Port 111 TCP - SUNRPC"
    Date: Fri, 07 Feb 2003 17:03:36 -0500
    From: "Jeffrey C. Keyser" <jkeyser@poss.com>
    To: ullmic6@web.de
    
    

    There are stories in the media of identity theft, mass credit card fraud
    and various forms of industrial espionage on least a monthly basis.

    The bigger issue is that security MUST come from top down. I'm not sure
    of the of laws in your corner of the globe, but you may be able to
    convince him of his personal liability if information assets for which
    he's responsible are compromised. Even if he/she isn't legally liable
    for the compromised information, your organization may (spelled should)
    still hold this person responsible.

    In the US we have HIPAA, which governs the handling of personal
    information. Building on your AOL example...If a physician Emails a
    patient's medical information "in the clear" he/she could be facing
    serious legal repercussions.

    If you need to convince this idiot of the importance of protecting
    his/her information assets, it may be time to start looking for a new
    job. You don't want to get caught "holding the bag". At a minimum keep a
    paper trail to protect yourself WHEN the compromise occurs.

    Good luck.

    At 08:23 PM 1/29/2003 +0100, ullmic6@web.de wrote:
    Does anybody know a good internet source of actual security related real
    life cases? I know that it's a risk to forward corporate mail to
    internet e-mail account like AOL or gmx. But I need a case like "in
    january 2001 the aol accounts of xyz got cracked and a lot of
    confidential data was published by some hackers on the internet" to
    convince a manager who thinks the risk is just theoretical and nothing
    ever happened. I would like to have such stories for different threats
    (no remote access via modem, no weak passwords, no unenecrypted data on
    laptops,...). In my opinion the stories in the book "Tangled Web" are
    just a starting point (some of them are not easy enough for managers).

    -- 
    <- ullmic6 ->
    


    Relevant Pages

    • Proff of a rat
      ... Full reviews of the stories are available at: ... reporting the real news that corporate media refuses to cover. ... Future of Internet Debate Ignored by Media ... US Operatives Torture Detainees to Death in Afghanistan and Iraq ...
      (alt.gathering.rainbow)
    • Re: Question regarding newsgroups - re writing
      ... populate the Internet with special interest groups. ... I have led writing classes and have some general background knowledge of submitting etc., but not up-to-date on Internet publishing. ... I will bet you have a thousand stories in your head based on what you have seen, heard, experienced. ... Being hampered by facts would ...
      (soc.retirement)
    • Re: News organizations now practicing new brand of censorship
      ... But they don't allow comments on some stories. ... I think it's silly that the local paper keeps shuffling things off to the website, "we can't afford to keep printing all this stuff", yet then waste space by ... the internet was a place of ideas. ... With letters to the editor, they had limited space and so they would pick letters that had something of value to say. ...
      (rec.arts.tv)
    • Re: OT Baby Grace
      ... friend or what else. ... Also look at some info on the internet and the current risk involved. ... The have a lot stories. ... national news. ...
      (alt.support.diabetes)
    • Re: News organizations now practicing new brand of censorship
      ... But they don't allow comments on some stories. ... I think it's silly that the local paper keeps shuffling things off to the website, "we can't afford to keep printing all this stuff", yet then waste space by ... the internet was a place of ideas. ... With letters to the editor, they had limited space and so they would pick letters that had something of value to say. ...
      (rec.arts.tv)