[Dshield] Can We say OOPS

Mark Squire msquire at lagraphico.com
Wed Dec 10 19:21:59 GMT 2003


This is just full of stuff that ticks me off:

"It was only our bottom tier of information or one up from the botom."

What does THAT mean?  SSN's are bottom tier?

"Latorella said that perhaps several hundred queries were made of the
database and that 95 percent of those were apparently from security
researchers who detected the breach"

How did he trace it back to those security researchers?  Sounds like
they are blowin' smoke.

"While the company was working on an application to make the database
information available on wireless devices, a developer opened up access
for a limited range of Internet addresses to test the mobile service,
Latorella said. The change resulted in the database being opened up to
public access."

Say it aint so.  Wireless devices with access to their database with
sensitive data?  Granting Internet access to that same data?  Utterly
disappointing to me.  I wonder how much of this happens on a regular
basis, and no one catches it?  Am I the only one angered by this?

C:\Mark

> -----Original Message-----
> From: Rick Sroka [mailto:Rick.Sroka at ubcd.com]
> Sent: Wednesday, December 10, 2003 7:47 AM
> To: list at dshield.org
> Subject: [Dshield] Can We say OOPS
> 
> 
> http://www.msnbc.com/news/1003342.asp?vts=121020030734
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list