<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.16.1">
</HEAD>
<BODY>
Lets not forget the Hacker Safe Seal from CA. Again it is automated and the breach that occurred is real, but how many websites had the test ran and said "OMG" and then acted on the report?<BR>
<BR>
Wal-Mart is in business for a reason, low prices. If you need a solution that will make you better off from taking it that you were before, shouldn't you do this? I agree it should be a starting point not an "end all do all" finish, but automated system scans can, if used properly, stop SOME of the attempts to hack into networks.<BR>
<BR>
Visa is not protecting the networks. Lawyers don't protect networks. CSOs can protect networks ONLY if the infrastructure of the corporation will let them... yea right, like that happens every day.<BR>
<BR>
Who is really capable of guarding the fort of our identities? Government with the "Real (hackable) RFID?<BR>
<BR>
I don't know. In who should we trust? I am just a student studying Computer Network Security but the whole system seems "wacked out" to me. <BR>
<BR>
When the computer stops functioning properly, isn't it time to reboot? Can this system be rebooted?<BR>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
Rodney Wise<BR>
<BR>
South East Ostrich Supply<BR>
http://www.seostrich.com
</TD>
</TR>
</TABLE>
<BR>
On Wed, 2008-03-19 at 17:58 -0700, Mike Simon wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">I think you're right in also considering that the product was used</FONT>
<FONT COLOR="#000000">correctly and just not up to the task, which raises an interesting but</FONT>
<FONT COLOR="#000000">possibly off-topic question in my mind. If Rapid7 falsely attributes</FONT>
<FONT COLOR="#000000">the incident to mis-use of their product in a public forum (the press</FONT>
<FONT COLOR="#000000">release), essentially increasing the potential liability of Hannaford,</FONT>
<FONT COLOR="#000000">it seems like Hannaford might have a cause of action against Rapid7.</FONT>
<FONT COLOR="#000000">The cause of action is unrelated to the performance of their product,</FONT>
<FONT COLOR="#000000">which I'm sure is well protected by the license agreement, but instead</FONT>
<FONT COLOR="#000000">related to (potentially) false and (potentially) damaging statements</FONT>
<FONT COLOR="#000000">about Hannaford's security practices.</FONT>
<FONT COLOR="#000000">It seems to me that the statement in the revised press release has no</FONT>
<FONT COLOR="#000000">real upside for Rapid7 true _or_ false. As someone stated earlier in</FONT>
<FONT COLOR="#000000">this thread, they should have withdrawn the press release from their</FONT>
<FONT COLOR="#000000">web site and taken their lumps.</FONT>
<FONT COLOR="#000000">I'm certainly not a lawyer, and have NO knowledge of the incident,</FONT>
<FONT COLOR="#000000">truthfulness of the subsequent Rapid7 disclaimers or really anything</FONT>
<FONT COLOR="#000000">at all. This is intended as a discussion of hypothetical outcomes.</FONT>
<FONT COLOR="#000000">Mike</FONT>
<FONT COLOR="#000000">On Wed, Mar 19, 2008 at 5:40 PM, Jamie C. Pole <<A HREF="mailto:jpole@jcpa.com">jpole@jcpa.com</A>> wrote:</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Let's also consider the possibility the Hannaford WAS using the tool</FONT>
<FONT COLOR="#000000">> correctly, and that it just didn't work as advertised.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> As far as the law firm being on the ball, trust me, they are. I know this</FONT>
<FONT COLOR="#000000">> firm well, and they will absolutely include Rapid7 in their discovery</FONT>
<FONT COLOR="#000000">> process. If I was senior management at Rapid7, I would NOT be sleeping well</FONT>
<FONT COLOR="#000000">> right now.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> The kiss of death in this case is going to be the fact that there have been</FONT>
<FONT COLOR="#000000">> around 1800 reported cases of fraud stemming from the incident. This was</FONT>
<FONT COLOR="#000000">> not an accident.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Jamie</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> -----Original Message-----</FONT>
<FONT COLOR="#000000">> From: <A HREF="mailto:dataloss-bounces@attrition.org">dataloss-bounces@attrition.org</A> [<A HREF="mailto:dataloss-bounces@attrition.org">mailto:dataloss-bounces@attrition.org</A>]</FONT>
<FONT COLOR="#000000">> On Behalf Of Mike Simon</FONT>
<FONT COLOR="#000000">> Sent: Wednesday, March 19, 2008 6:47 PM</FONT>
<FONT COLOR="#000000">> To: lyger; <A HREF="mailto:dataloss-bounces@attrition.org">dataloss-bounces@attrition.org</A>; <A HREF="mailto:dataloss@attrition.org">dataloss@attrition.org</A></FONT>
<FONT COLOR="#000000">> Subject: Re: [Dataloss] Consumers of Hannaford Brothers Co. Supermarkets</FONT>
<FONT COLOR="#000000">> FileClass Action Suit</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> This could not be a better example of why companies hesitate to disclose</FONT>
<FONT COLOR="#000000">> details. If this lawfirm is on the ball. They will get access to the</FONT>
<FONT COLOR="#000000">> exchange with Rapid7 which, according to the press release changes,</FONT>
<FONT COLOR="#000000">> indicates potential additional negligence in that the had a tool that may</FONT>
<FONT COLOR="#000000">> have prevented this problem and failed to use it properly. Not a helpful</FONT>
<FONT COLOR="#000000">> disclosure for Hannaford with respect to the class action.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Mike</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">_______________________________________________</FONT>
<FONT COLOR="#000000">Dataloss Mailing List (<A HREF="mailto:dataloss@attrition.org">dataloss@attrition.org</A>)</FONT>
<FONT COLOR="#000000"><A HREF="http://attrition.org/dataloss">http://attrition.org/dataloss</A></FONT>
<FONT COLOR="#000000">Tenable Network Security offers data leakage and compliance monitoring</FONT>
<FONT COLOR="#000000">solutions for large and small networks. Scan your network and monitor your</FONT>
<FONT COLOR="#000000">traffic to find the data needing protection before it leaks out!</FONT>
<FONT COLOR="#000000"><A HREF="http://www.tenablesecurity.com/products/compliance.shtml">http://www.tenablesecurity.com/products/compliance.shtml</A></FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>