Shostack + Friends Blog Archive

Small Bits of Chaos

• “Los Angeles Consumers File Class Action Lawsuit Against Used-Car Dealer Drive Time For Allegedly Leaking Their Private Financial Information to Unauthorized Third Parties.”
• “Down To Business: Time To Get Tough On Security Slackers” Rob Preston in Information Week, “Perhaps if the VA secretary faced personal fines or jail time for that foot dragging, those security measures would have been put into practice long ago.”
• Speaking of those clowns at the VA, they’re trying to convince 12% of adult Americans that they’re safe because “Stolen VA Data in Unusual Format.” (At CSO Online.) Oooh, unusual formats. What is it, SAS or SPSS?
• Tom Maddox’s analysis (“Identity Theft, in Arizona & Elsewhere“ - link to http://blog.opinity.com/2006/05/identity_theft_.html no longer works) of the numbers in “Technology and Easy Credit Give Identity Thieves an Edge” is worth reading. Don’t miss the money snark:
  

  “Well, hell, folks, no wonder you’re leading the country in identity (or credentials) theft.”

• “Crashing the Wiretapper’s Ball” by Thomas Greene is about how Greene showed up at a wiretappers conference, and was confronted by someone who said his engineers were just following orders just doing their jobs: “Now leave these guys alone; they make a product, that’s all. It’s nothing to them what happens afterward.” Maybe they should read the ACM code of ethics. Now leave these guys alone; they make a product, that's all. It's nothing to them what happens afterward.
• Bruce Schneier argues again that we should “Make Vendors Liable for Bugs.” I’d like to know which bugs, without enriching the lawyers. We’ve had the general suggestion for a while, let’s get some specifics out there. (I’ve talked about this before in “Following Up ‘Liability For Bugs’.”)

Originally published by adam on 3 Jun 2006
Last modified on 26 Apr 2018
Categories:   breach analysis   Legal   NSA Wiretaps