Content

Got something to say?

Fond farewell
I would like to thank you for taking the time and effort to write about Bill Hancock ["Bill Hancock, convivial information security pioneer – and amateur stand-up comic – dead at 49," scworld.com, Jan. 4]. Although I didn't know him well, I admired his contributions in information security and had the opportunity to see him at conferences.

Peter Thermos,
CTO,
Palindrome Technologies

Give or take
I just read your article regarding the United States reaching the 100 million mark in exposed records ["A dubious milestone," scworld.com, Dec. 14]. You say: "That means roughly one in three Americans has been exposed to the risk of identity theft since the Alpharetta, Ga.-based data broker revealed thieves gained illegal access to 163,000 customer records in Feb. 2005."

This is false. Consider the fact that the 40 million records stolen were transaction records from cardsystems and from BOA. That does NOT equate to one per person. That means that if I had 35 transactions on one of my credit cards then all 35 of those transactions were exposed leading to a tally of 35. So the total exposure is a LOT less than the one in three that you claim.

Lastly, consider the fact that most Americans have more than one credit/debit card and that would bring the number to even lesser proportions.

Tapan Trivedi
via email

MySpace, or not
I find it interesting that the MySpace story ["MySpace releases temporary QuickTime flaw fix," scworld.com, Dec. 7] is being spun as a flaw in QuickTime.

Maybe it is, but MySpace has already admitted that the flaw was with their site, and it's simply Javascript support in QuickTime that was being exploited. Which is it? Spinning it as a flaw in QuickTime is easy.

Ted Wood
via email

Reporter Dan Kaplan responds: Both MySpace.com and Apple are at fault. Even F-Secure dubbed the worm "Quickspace." The worm appears to have fed on a cross-site scripting weakness in MySpace. At the same time, MySpace also relies on the security of its partners to ensure they are providing the most secure third-party software. Ultimately, though, this should serve as a wake-up call to MySpace that the days of innocent worms (i.e. Samy) are over – financially motivated attacks are here to stay.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds