*>>As with Sony, one has to wonder where their priorities are with data protection ..*
It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies <[email protected]>wrote: > What floors me is how sophisticated they are saying the attack is! > Honestly, this article makes me so angry! > > http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 > > This is basic s**t! It's not APT. It's not sophisticated. It's > complete lack of good governance and due diligence. It's a high profile > web app with PII data that should be having significant PT work done at > a MINIMUM of quarterly. > > As with Sony, one has to wonder where their priorities are with data > protection .. > > > > a > > -----Original Message----- > From: Matthew B Ames [mailto:[email protected]] > Sent: 15 June 2011 07:24 > To: NT System Admin Issues > Subject: RE: [OT] Citibank worse at security than Sony > > As a software engineer I would feel rather guilty to develop a system > that was that poor. I used to have a Citi credit card..... I had better > check it is no long active. > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: 15 June 2011 04:36 > To: NT System Admin Issues > Subject: [OT] Citibank worse at security than Sony > > So... 200,000 or so Citigroup customers have had their person info > stolen. Someone logged in to one account properly, then changed the > account number in the URL to someone else, and the site happily served > up that account instead. I hesitate to even call the first party an > "attacker". Is it really an attack if the bank just leaves a pile of > money sitting on the sidewalk and someone takes it? > > http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br > oke-door-using-banks-website.html > > Some banker fat cats need to go to jail for this. This is > incompetence of the highest order. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
