[Dataloss] An amazing use of DLDOS
lyger
lyger at attrition.org
Thu Sep 7 19:37:23 EDT 2006
On Thu, 7 Sep 2006, Adam Shostack wrote:
": " I've been thinking for a bit that it would be great if reporters had a
": " document that helped guide them to ask interesting, probing questions
": " about these failures. We might provide similar guideance to the
": " agencies who accept these reports on what questions they should offer
": " up on their sites.
": "
": " Adam
Unfortunately, most interviews seem top go like this:
Reporter: What exactly was the nature of this breach?
PR-Dude: A [laptop] was stolen on mm/dd/yyyy from [pizza hut]
Reporter: Was there personally identifiable information on the [laptop]?
PR-Dude: We have yet to ascertain what type of data was on the [laptop].
Reporter: Do you know how many people may have been affected?
PR-Dude: We're still in the process of compiling numbers. We have 3.75
billion clients, but apparently only 12 may have been affected.
Those 12 will possibly be given free credit reporting for a
year and be entered into the Federal Witness Protection
Program.
Reporter: Errr.... ok...
PR-Dude: In addition, all data on the [laptop] was password protected.
People shouldn't worry. Really. We mean that. But we're
still going to notify them. Just in case. You know.
Reporter: ...
PR-Dude: Encryption? I didn't understand the question.
Reporter: I didn't ask one...
PR-Dude: Oh. My bad. Move to strike...
(Sorry, Adam... just had to get that out...) :)
More information about the Dataloss
mailing list