[Dataloss] Consumers of Hannaford Brothers Co. Supermarkets File Class Action Suit

Rodney rwise29210 at gmail.com
Thu Mar 20 20:51:43 UTC 2008 

Lets not forget the Hacker Safe Seal from CA. Again it is automated and
the breach that occurred is real, but how many websites had the test ran
and said "OMG" and then acted on the report?

Wal-Mart is in business for a reason, low prices. If you need a solution
that will make you better off from taking it that you were before,
shouldn't you do this? I agree it should be a starting point not an "end
all do all" finish, but automated system scans can, if used properly,
stop SOME of the attempts to hack into networks.

Visa is not protecting the networks. Lawyers don't protect networks.
CSOs can protect networks ONLY if the infrastructure of the corporation
will let them... yea right, like that happens every day.

Who is really capable of guarding the fort of our identities? Government
with the "Real (hackable) RFID?

I don't know. In who should we trust? I am just a student studying
Computer Network Security but the whole system seems "wacked out" to
me. 

When the computer stops functioning properly, isn't it time to reboot?
Can this system be rebooted?

Rodney Wise

South East Ostrich Supply
http://www.seostrich.com

On Wed, 2008-03-19 at 17:58 -0700, Mike Simon wrote:

> I think you're right in also considering that the product was used
> correctly and just not up to the task, which raises an interesting but
> possibly off-topic question in my mind. If Rapid7 falsely attributes
> the incident to mis-use of their product in a public forum (the press
> release), essentially increasing the potential liability of Hannaford,
> it seems like Hannaford might have a cause of action against Rapid7.
> The cause of action is unrelated to the performance of their product,
> which I'm sure is well protected by the license agreement, but instead
> related to (potentially) false and (potentially) damaging statements
> about Hannaford's security practices.
> 
> It seems to me that the statement in the revised press release has no
> real upside for Rapid7 true _or_ false. As someone stated earlier in
> this thread, they should have withdrawn the press release from their
> web site and taken their lumps.
> 
> I'm certainly not a lawyer, and have NO knowledge of the incident,
> truthfulness of the subsequent Rapid7 disclaimers or really anything
> at all. This is intended as a discussion of hypothetical outcomes.
> 
> Mike
> 
> On Wed, Mar 19, 2008 at 5:40 PM, Jamie C. Pole <jpole at jcpa.com> wrote:
> >
> >  Let's also consider the possibility the Hannaford WAS using the tool
> >  correctly, and that it just didn't work as advertised.
> >
> >  As far as the law firm being on the ball, trust me, they are.  I know this
> >  firm well, and they will absolutely include Rapid7 in their discovery
> >  process.  If I was senior management at Rapid7, I would NOT be sleeping well
> >  right now.
> >
> >  The kiss of death in this case is going to be the fact that there have been
> >  around 1800 reported cases of fraud stemming from the incident.  This was
> >  not an accident.
> >
> >  Jamie
> >
> >
> >  -----Original Message-----
> >  From: dataloss-bounces at attrition.org [mailto:dataloss-bounces at attrition.org]
> >  On Behalf Of Mike Simon
> >  Sent: Wednesday, March 19, 2008 6:47 PM
> >  To: lyger; dataloss-bounces at attrition.org; dataloss at attrition.org
> >  Subject: Re: [Dataloss] Consumers of Hannaford Brothers Co. Supermarkets
> >  FileClass Action Suit
> >
> >
> >
> > This could not be a better example of why companies hesitate to disclose
> >  details. If this lawfirm is on the ball. They will get access to the
> >  exchange with Rapid7 which, according to the press release changes,
> >  indicates potential additional negligence in that the had a tool that may
> >  have prevented this problem and failed to use it properly. Not a helpful
> >  disclosure for Hannaford with respect to the class action.
> >
> >  Mike
> >
> >
> >
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> 
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20080320/5746badc/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3165 bytes
Desc: not available
Url : http://attrition.org/pipermail/dataloss/attachments/20080320/5746badc/attachment-0001.bin

More information about the Dataloss mailing list