> Plus, no one expects to be caught, or exposed, so it's not a problem until > it's a problem.
Indeed > Until they suffer some real penalties (huge SEC fine, real government > oversight, significant loss of customers, jail time for someone in senior > management), there will be little change. If recent history is any indicator, they will get a big bailout for their malfeasance, any indiscretions will be ignored by regulators, they will pat themselves on the back with huge bonuses for weathering the storm, and the consumer will be left holding the bag. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, June 15, 2011 4:31 AM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony >>As with Sony, one has to wonder where their priorities are with data >>protection .. It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. ASB (Professional Bio<http://about.me/Andrew.S.Baker/bio>) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies <adav...@cls-services.com<mailto:adav...@cls-services.com>> wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -----Original Message----- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com<mailto:matthew.a...@qinetiq.com>] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card..... I had better check it is no long active. -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com<mailto:mailvor...@gmail.com>] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an "attacker". Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.html<http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br%0d%0aoke-door-using-banks-website.html> Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
