Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > NY (USA) has enacted a security breach disclosure law...

Reply
Thread Tools

NY (USA) has enacted a security breach disclosure law...

 
 
Imhotep
Guest
Posts: n/a
 
      08-13-2005
I hope the other states (and countries) follow...

http://www.theregister.co.uk/2005/08...es_disclosure/
 
Reply With Quote
 
 
 
 
optikl
Guest
Posts: n/a
 
      08-13-2005
Imhotep wrote:
> I hope the other states (and countries) follow...
>
> http://www.theregister.co.uk/2005/08...es_disclosure/


Yes, clearly that's one law whose time has come. It's a shame though
that it takes a law to inspire an entity to fess up that confidential
customer data has been stolen. You'd think that would be just the right
thing to do.
 
Reply With Quote
 
 
 
 
Imhotep
Guest
Posts: n/a
 
      08-13-2005
optikl wrote:

> Imhotep wrote:
>> I hope the other states (and countries) follow...
>>
>> http://www.theregister.co.uk/2005/08...es_disclosure/

>
> Yes, clearly that's one law whose time has come. It's a shame though
> that it takes a law to inspire an entity to fess up that confidential
> customer data has been stolen. You'd think that would be just the right
> thing to do.


Corporate America has taken a really ugly path. You are right though. It is
a shame that a law had to be put in place for something that should be
obvious...

Im
 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      08-14-2005

"optikl" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Imhotep wrote:
> > I hope the other states (and countries) follow...
> >
> > http://www.theregister.co.uk/2005/08...es_disclosure/

>
> Yes, clearly that's one law whose time has come. It's a shame though
> that it takes a law to inspire an entity to fess up that confidential
> customer data has been stolen. You'd think that would be just the right
> thing to do.


OK, so you go to open a bank account.. do you choose the company that got
hacked last week, or someone else?

Guess that explains the reluctance to come clean ;o)

Wonder how the law will ever get enforced..? Disgruntled employee is my
guess.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


 
Reply With Quote
 
Unruh
Guest
Posts: n/a
 
      08-14-2005
"Hairy One Kenobi" <abuse@[127.0.0.1]> writes:


>"optikl" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> Imhotep wrote:
>> > I hope the other states (and countries) follow...
>> >
>> > http://www.theregister.co.uk/2005/08...es_disclosure/

>>
>> Yes, clearly that's one law whose time has come. It's a shame though
>> that it takes a law to inspire an entity to fess up that confidential
>> customer data has been stolen. You'd think that would be just the right
>> thing to do.


>OK, so you go to open a bank account.. do you choose the company that got
>hacked last week, or someone else?


Of course it may not be in their interest to do so. So law suits and laws
change the equation of what their interests are.


>Guess that explains the reluctance to come clean ;o)


>Wonder how the law will ever get enforced..? Disgruntled employee is my
>guess.


These things tend to leak out. And then not only do they have bad PR but
criminal legal action as well, which could find the CEO actually spending
time in jail.



 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      08-14-2005
"Unruh" <(E-Mail Removed)> wrote in message
news:ddo0er$7im$(E-Mail Removed)...
> "Hairy One Kenobi" <abuse@[127.0.0.1]> writes:
>
>
> >"optikl" <(E-Mail Removed)> wrote in message
> >news:(E-Mail Removed)...
> >> Imhotep wrote:
> >> > I hope the other states (and countries) follow...
> >> >
> >> >

http://www.theregister.co.uk/2005/08...es_disclosure/
> >>
> >> Yes, clearly that's one law whose time has come. It's a shame though
> >> that it takes a law to inspire an entity to fess up that confidential
> >> customer data has been stolen. You'd think that would be just the right
> >> thing to do.

>
> >OK, so you go to open a bank account.. do you choose the company that got
> >hacked last week, or someone else?

>
> Of course it may not be in their interest to do so. So law suits and laws
> change the equation of what their interests are.
>
> >Guess that explains the reluctance to come clean ;o)

>
> >Wonder how the law will ever get enforced..? Disgruntled employee is my
> >guess.

>
> These things tend to leak out. And then not only do they have bad PR but
> criminal legal action as well, which could find the CEO actually spending
> time in jail.


Cite? Feel free to exclude or include disgruntled employees... ;o)

H1K

PS. As goes leaks, a large Scottish bank that I have worked with employs
125k+ people, and managed to move their entire operations from London to
erm.. somewhere in Scotland over a weekend. Terabytes of data, and the first
time that I've seen a multi-gigabit national WAN in operation.

How many people noticed? Two. And one of those got his legs slapped for it
(he was an employee at the time); the other was a customer with traceroute
and far, far too much time on his hands )

Note that I am excluding hoteliers and taxi drivers.. they *must* have known
that something was up.


 
Reply With Quote
 
optikl
Guest
Posts: n/a
 
      08-14-2005
Hairy One Kenobi wrote:
> "optikl" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>>Imhotep wrote:
>>
>>>I hope the other states (and countries) follow...
>>>
>>>http://www.theregister.co.uk/2005/08...es_disclosure/

>>
>>Yes, clearly that's one law whose time has come. It's a shame though
>>that it takes a law to inspire an entity to fess up that confidential
>>customer data has been stolen. You'd think that would be just the right
>>thing to do.

>
>
> OK, so you go to open a bank account.. do you choose the company that got
> hacked last week, or someone else?
>
> Guess that explains the reluctance to come clean ;o)
>

Yeah, well I guess that's why some define ethical behavior as doing the
right thing even when no one else is watching. If you entrust something
to me and something happens to it, you are entitled to know the truth.
 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      08-14-2005
"optikl" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hairy One Kenobi wrote:
> > "optikl" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >
> >>Imhotep wrote:
> >>
> >>>I hope the other states (and countries) follow...
> >>>

>
>>>http://www.theregister.co.uk/2005/08...es_disclosure/
> >>
> >>Yes, clearly that's one law whose time has come. It's a shame though
> >>that it takes a law to inspire an entity to fess up that confidential
> >>customer data has been stolen. You'd think that would be just the right
> >>thing to do.

> >
> >
> > OK, so you go to open a bank account.. do you choose the company that

got
> > hacked last week, or someone else?
> >
> > Guess that explains the reluctance to come clean ;o)
> >

> Yeah, well I guess that's why some define ethical behavior as doing the
> right thing even when no one else is watching. If you entrust something
> to me and something happens to it, you are entitled to know the truth.


Granted. I operate under the same policy (one of the reasons why I tend to
have a fairly tight relationship with my customers)

But I still bet you wouldn't put your own money in the hacked bank.

H1K


 
Reply With Quote
 
Winged
Guest
Posts: n/a
 
      08-16-2005
optikl wrote:
> Imhotep wrote:
>
>> I hope the other states (and countries) follow...
>>
>> http://www.theregister.co.uk/2005/08...es_disclosure/

>
>
> Yes, clearly that's one law whose time has come. It's a shame though
> that it takes a law to inspire an entity to fess up that confidential
> customer data has been stolen. You'd think that would be just the right
> thing to do.

One of my issues is folks exposing information due to an insecure web
configuration, exposing data, and no clue they are doing it. If done
properly on the right site, you can't tell by the system logs the data
was even exposed, it looks like a normal session. Laws are such you
can't even tell them their data is showing as you will be accused of
hacking their site.

Are they required to tell when they can't tell a breech has actually
taken place? As I read it no, so many companies may still play ignorant.

Winged
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Breach =?Utf-8?B?QUtBIFNwYXdu?= Wireless Networking 6 08-14-2005 05:14 AM
XP SP2 Firewall security breach John Andersonj89anderson@hotmail.com Computer Security 1 11-14-2004 04:57 PM
XP SP2 Firewall security breach John Jones Computer Security 14 11-13-2004 06:29 AM
security breach? Brenda Cisco 2 04-23-2004 03:55 AM
CGIHTTPServer security Breach Andy Worms Python 0 07-22-2003 05:43 PM



Advertisments