IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Krebs - The Marriott/Starwood breach and what to do going forward.
New A four year breach?
That's incredible.
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
New "If it ain't broke, don't fix it??"
Yeah.

:-/

I've gotten blase' about things like this, even if I were a customer. My CC number changes about every 6-9 months now, so someone having the number from 2014 means it's several generations old.

Still, it's senseless for them not to have known about this long ago. I would think that about the first thing done in an acquisition these days would be to scrub the IT system to make sure that it's clean...

Cheers,
Scott.
New Who and why someone makes a data request needs to be logged and analyzed at more idle times.
Also the data needs to be broken up by categories of use and made available only on a "need to know" basis, i.e. with proper authorization. Popping up screens with everything known about a client is just bad practice. Yes, it makes things inefficient.

Of course I have no idea how Marriott did things.
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
New Time to turn the burden around?
As these operators are seemingly unable to keep their noses clean and the only thing they care about is money, I think the time has come to set up a nationwide insurance pool. Any operator who insists on hanging on to information which can be used for ID or other theft gets to tithe in based on the number of accounts and the type of information they keep. And then those who do get taken to the cleaners because of one of these breaches* can call on it to repair the damage.

Any operator who gets caught out storing sensitive information without paying in gets to foot the bill themselves.

* Primary breaches only. Password recyclers are SOL if the loss is due to a derived breach.
New Re: Time to turn the burden around?

Any operator who gets caught out storing sensitive information without paying in gets to foot the bill themselves.




That's the status quo today. It hasn't prevented any company from storing our information safely for the past 25 years.




Satan (impatiently) to Newcomer: The trouble with you Chicago people is, that you think you are the best people down here; whereas you are merely the most numerous.
- - - Mark Twain, "Pudd'nhead Wilson's New Calendar" 1897
New That's because we're not actually billing them
Whenever there is a fine for fraud or negligence, the fine should be after they've forfeited the entire profit made from the activity. A billion-dollar fine sounds like a lot, until you consider the 14 billion they made because of the fraud.
--

Drew
New Not quite
With "pay for the damage", I mean restitution of the damage others have suffered. To date, that still falls entirely on the victims.
New Looks like it's the Chinese again...
In part to watch their citizens. But potentially all kinds of nefarious stuff.

NY Times: Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing
The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.

The hackers, they said, are suspected of working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency. The discovery comes as the Trump administration is planning actions targeting China’s trade, cyber and economic policies, perhaps within days.

Those moves include indictments against Chinese hackers working for the intelligence services and the military, according to four government officials who spoke on the condition of anonymity. The Trump administration also plans to declassify intelligence reports to reveal Chinese efforts dating to at least 2014 to build a database containing names of executives and American government officials with security clearances.
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
     Krebs - The Marriott/Starwood breach and what to do going forward. - (Another Scott) - (8)
         A four year breach? - (a6l6e6x) - (6)
             "If it ain't broke, don't fix it??" - (Another Scott) - (5)
                 Who and why someone makes a data request needs to be logged and analyzed at more idle times. - (a6l6e6x)
                 Time to turn the burden around? - (scoenye) - (3)
                     Re: Time to turn the burden around? - (lincoln) - (2)
                         That's because we're not actually billing them - (drook)
                         Not quite - (scoenye)
         Looks like it's the Chinese again... - (a6l6e6x)

To Imagine, To Ponder.. perhaps occasionally, To Think.
44 ms