From: security curmudgeon (jericho@attrition.org)
To: david_precopio@rapid7.com
Date: 03/18/2008 02:50 PM
Subject: Rapid7 comment on recent Hannaford breach?

Hello David,

Attrition.org is planning on releasing an informal article with
observations related to the Hannaford data loss incident, their PCI status

and their relationship with Rapid7. This article is not public yet as we'd

like to give Rapid7 a chance to respond, clarify any details or give
insight into the matter. We plan on releasing this article later this
evening due to the timeliness of the incident and various analysis being
done.

                 http://attrition.org/security/rant/z/rapid7.html


X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=108.6 required=4.6 tests=HTML_40_50,HTML_MESSAGE,
   IP_NOT_FRIENDLY,MIME_BASE64_NO_NAME,NO_REAL_NAME autolearn=disabled
   version=3.1.8  
From: David_Precopio@rapid7.com
To: security curmudgeon (jericho@attrition.org)
Date: Tue, 18 Mar 2008 15:15:19 -0400
Subject: Re: Rapid7 comment on recent Hannaford breach?

We appreciate the work you put into this.  However, you are misguided and
misinformed.  Hannaford is a great customer of Rapid7.

According to Hannaford, the breach was outside the scope of NeXpose
scanning.  In fact, two weeks ago, they renewed their agreement with us.

Removing references was requested and do to the respect we have for our
customer we responded.

Please feel free to call us with any questions or comments.

Sincerely,

David Precopio
VP Marketing & Business Development
Rapid7 LLC
Direct: 857-288-7354
Cell: 774-266-3400
www.rapid7.com


main page ATTRITION feedback