From lyger at attrition.org Tue Jun 3 02:42:06 2008 From: lyger at attrition.org (lyger) Date: Tue, 3 Jun 2008 02:42:06 +0000 (UTC) Subject: [attrition] dataloss: Into the Second Millenium Message-ID: http://attrition.org/news/content/08-06-02.001.html As of this writing, Attrition.org's Data Loss Database - Open Source (DLDOS) officially has 1,000 entries. The Connecticut Department of Labor (un?)graciously lost documents containing the names, addresses, and Social Security numbers of about 2,100 people, which places them into the database with a unique identifier (UID) of DL-1000. DLDOS includes data breaches from every year since 2000 with a sharp spike in numbers beginning in 2005, so we're not really surprised that we reached this "milestone" number shortly before the third anniversary of the data loss project. Still, it's something of a bittersweet event to commemorate; we would rather not have to put dozens of breaches every month on a web page, in a database, and sent to a mailing list of about 1,400 subscribers. If it wasn't a problem, we wouldn't... but it is, so we do. [...] From lyger at attrition.org Wed Jun 11 07:29:31 2008 From: lyger at attrition.org (lyger) Date: Wed, 11 Jun 2008 07:29:31 +0000 (UTC) Subject: [attrition] rant: Useless Compensation for Data Loss Incidents Message-ID: http://attrition.org/security/rant/dl-compensation.html Wed Jun 11 03:38:35 EDT 2008 Apacid, Jericho If you have been the victim of a data loss incident, odds are you have received a letter from the careless organization that lost your information. These letters always offer apologies and sincere hope that your identity or personal information isn't abused. The recent BNY Mellon incident (which now stands at 4.5 million potential customers affected) resulted in customers receiving such a letter: [.] Notice that in return for having your personal information lost, they are offering free credit monitoring for 12 whole months! This seemingly generous offer has apparently become the standard business practice for acceptable compensation when your personal information is treated with carelessness. BNY opted to go with ConsumerInfo.com's "Triple Alert" credit monitoring product (despite no mention of that 'product' on the consumerinfo.com web page), which watches for changes to your credit reports from the three national credit reporting agencies in the United States (Experian, Equifax, TransUnion). If you are unlucky and get caught up in multiple data loss incidents, you may receive this "gracious compensation" many times over. First, why is this type of reactive credit monitoring acceptable compensation? This seems to be another case of one business following another and... voila, we have an industry 'standard' that does little to serve the customer but does everything to serve businesses that want to look caring and "customer-centric" in the media. [...] From lyger at attrition.org Fri Jun 20 05:01:35 2008 From: lyger at attrition.org (lyger) Date: Fri, 20 Jun 2008 05:01:35 +0000 (UTC) Subject: [attrition] review: Movies: In the Name of the King, Balls of Fury, Reno 911!: Miami Message-ID: http://attrition.org/movies/bits17.html In the Name of the King 2007 Jericho Yes, Uwe Boll flicks are pure comedy because no one can take them seriously. This movie is another reminder of the long history of poorly done medieval style flicks. Balls of Fury 2007 The epic tale of a bad-ass ping pong player cast from grace as a child, overcoming glow-in-the-dark side shows, training under a blind ping-pong master, going undercover for a federal agency, all to overthrow the evil ping-pong overlord Feng. What's not to like! Reno 911!: Miami 2007 Our favorite police from Reno are back and off to Miami for a law enforcement conference. As expected, they are stopped at the door and cast aside like the morons they are. What better way to set the group up to be the only active police in all of Miami! [...] From lyger at attrition.org Sat Jun 28 05:27:03 2008 From: lyger at attrition.org (lyger) Date: Sat, 28 Jun 2008 05:27:03 +0000 (UTC) Subject: [attrition] postal: somebody has a case of the mondays Message-ID: http://attrition.org/postal/p0017.html a wee scottish tale ask a stupid question a swallow carrying a coconut there's a sentence in there somewhere well, he asked stuck with it cause the bible tells me so yet more tech support we remember this guy ... but not this guy [...] From lyger at attrition.org Sun Jun 29 05:38:45 2008 From: lyger at attrition.org (lyger) Date: Sun, 29 Jun 2008 05:38:45 +0000 (UTC) Subject: [attrition] Contest: Design Attrition.org's Next T-Shirt - We Have a Winner! Message-ID: http://attrition.org/news/content/08-06-28.001.html Back in March, we announced a contest in which friends of attrition.org could help design the look of our new t-shirts and possibly win one (or two) for themselves. We received a few entries, but nowhere close to the volume and originality we were hoping for. Still, there were a few good submissions, so we decided to pick one of them for the back of the shirt and go with the greyscale version of the "attrition logo" on the front left breast pocket: [images] We would like to thank Moshe for the bloody bar code graphic used on the back of the new shirt! Moshe will receive one large shirt from each of the two pressings and a big sloppy lick up the side of the face from d2d, who insisted on being part of the festivities. Wear them loud, wear them proud, Moshe, and thanks! [...] From jericho at attrition.org Mon Jun 30 21:15:41 2008 From: jericho at attrition.org (security curmudgeon) Date: Mon, 30 Jun 2008 21:15:41 +0000 (UTC) Subject: [attrition] Attrition.org nails another nitwit Message-ID: ---------- Forwarded message ---------- Subject: [Infowarrior] - Attrition.org nails another nitwit The mischievous fellows at attrition.org have long loved to goof on people who send them e-mail asking for illegal hacking services instead of, say, the data-breach statistics that have become a specialty of the security site. A congressional aide who wanted help boosting his college GPA was an all-time classic, but they get these kinds of requests all the time and collect them on a page called Going Postal. Here's a recent example involving attrition.org's "lyger" in a back- and-forth e-mail exchange with someone from Dubai who has apparently not seen Monty Python and the Holy Grail. < - > http://www.networkworld.com/community/node/29450