RE: Must read for everyone

From: Dan Clements <dan(at)cardcops.com>
Date: Mon Jun 30 2003 - 18:14:17 EDT

Lincoln,

We've seen over 200 Merchant hacks in the last few years...with maybe 10% of them fessing up, as they are required to by their Merchant aggreements with Visa and MC. Even MC knows only about 15% of all hacks are reported as per John Verduci of MC
http://www.epaynews.com/index.cgi?survey=&keywords=hack&optional=&subject=&l ocation=&ref=keyword&f=view&id=1050058891622215212&block=

We'd love to hear what the security pros think about all of this.

Regards,
Dan
CardCops.com

-----Original Message-----

From: Lincoln Milner [mailto:lmilner@hes.hmc.psu.edu] Sent: Monday, June 30, 2003 8:06 AM
To: security-basics@securityfocus.com
Subject: RE: Must read for everyone

I have mixed feelings about the legislation in California, designed to give the public more information about what threats or hacks companies are facing. That's good news from a security standpoint, but I for one can attest to the fact that a number of online retailers (large and small) are doing this already, without (until now) the fear of legislation or prosecution.

The messages I've gotten have been from the retailer, letting me know what happened (they were cracked, and my information may have been compromised), and quickly followed from a message or phone call from my bank, requiring me to cancel and re-issue a card. Which means the retailer not only contacted me about the problem, but also my financial institution. So the market is doing a good deed, it may just need to be done on a more global scale.

I agree with Schmidt's quote on having the market drive the need for this sort of behavior. Legislation of this type, in my opinion, only leads to more watching by governments, interest groups, and people looking for a way to hit the jackpot in a lawsuit.

Since the WWW and the larger Internet ventures are touted to be open and accessible forms of media (sans censorship and regulation), we should not look to legislation to force us in certain directions, but to look to one another to help drive trends that we, as both consumers and creators of the technology, are best capable of setting.

---

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

---

---

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.      

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.           

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

---

Received on Wed Jul 2 11:44:48 2003