[Dshield] Can We say OOPS

john beck jbeck80 at hotmail.com
Wed Dec 10 23:49:59 GMT 2003


My favorite,

>"While the company was working on an application to make the database
>information available on wireless devices, a developer opened up access
>for a limited range of Internet addresses to test the mobile service,
>Latorella said. The change resulted in the database being opened up to
>public access."

Are you kidding me? Outside consultants working with uncleansed live data 
for testing, can we count the violations to regulations?  SOX, HIPAA, 
Privacy Act, and that is before the exposure to the world, also who lets 
contractors make decisions and actions to expose the data?  What about 
Change Management, seperation of duties, checks and balances, security or 
network admin?  Customers should be looking elsewhere if they do business 
with company with McSecurity
McSecurity (mek security') n. low-security philosophy; job that requires 
little skill and provides little security

and with record like this, you let them "play with" putting it wireless.. 
Nice!
Amatures, let them play with fictional data, it would go well with their 
fictional skills.

John

_________________________________________________________________
Take advantage of our best MSN Dial-up offer of the year — six months 
@$9.95/month. Sign up now! http://join.msn.com/?page=dept/dialup




More information about the list mailing list