• 16-year U.S. data leakage: KrebsOnSecurity

    Home » Forums » Newsletter and Homepage topics » 16-year U.S. data leakage: KrebsOnSecurity

    • This topic has 12 replies, 9 voices, and was last updated 4 years ago.
    Author
    Topic
    #1738007

    Security supremo Brian Krebs has published details of a long-standing data leak he stemmed this week: The Web site for Fortune 500 real estate title i
    [See the full post at: 16-year U.S. data leakage: KrebsOnSecurity]

    5 users thanked author for this post.
    Viewing 8 reply threads
    Author
    Replies
    • #1739315

      I was in the Title Insurance industry for 35 years. About the time I retired, the big push was to go “paperless.” I didn’t foresee this type of thing as massive data breaches were not yet weekly occurrences at the time. I suppose this was inevitable. Increased security of personal info was supposed to be a facet of the Dodd-Frank Act; we see how that turned out.

      An equally troubling practice in the industry, that the public may not know about, is the massive offshoring of residential title examinations to places such as India or Indonesia. I was not involved with this personally, so I don’t even know what sort of personal info is sent overseas, but it gives me the willies to think about.

      1 user thanked author for this post.
    • #1739329

      Fines alone don’t seem to work…how about  Public Humiliation?

      In Japan in the 80’s, bad managers/section heads were not fired; they were sent to “Bad Manager School”, where they had to:

      1. Stand up in front of the other Bad Managers and confess why they were such idiots, and compose songs about their incompetence, and sing them in front of class
      2. Work off their “Ribbons of Shame” by attending classes addressing good management skills
      3. Wearing some item proclaiming their progress through the “school”.

      When they went back to work, they were actually MORE respected, as they had admitted they fouled up, and had re-trained.

      I know, totally different cultures…but maybe a combination of the above, some time in the good old fashioned stocks in the public square, AND a monetary fine? How about a ride in a donkey cart wearing a dunce cap down Wall Street, restitution and some time in the can?

      A  Court-Ordered “Bad CEO/CIO School”?

      I see this thing, and I just don’t know what to suggest.  I’m out of ideas.  As my grandmother used to say,

      “Umph, umph, umph!” (An 19th century American expression of ultimate disgust. [Now you know how old I am!])

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      --
      "...all the people, all the time..."Peter Ustinov ad-lib in "Logan's Run"

      2 users thanked author for this post.
    • #1739344

      ..and people want more AI yet big business can’t even keep their data safe and don’t care at all about ours. Yep, we’re obviously ready for AI. It’s not at all obvious that technology has already advanced beyond what we can control and keep secure. It definitely has.

      1 user thanked author for this post.
    • #1739372

      An equally troubling practice in the industry, that the public may not know about, is the massive offshoring of residential title examinations to places such as India or Indonesia.

      Oh, brother….did you know the govt. is already doing this with Security Clearances??

      “I’am velly soree, but I cannot find you ever went to XXXX University.”

      And there hangs the degree on the wall….<SOB!>

      “Cheap! Cheaper! It must be done cheaper!”

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      --
      "...all the people, all the time..."Peter Ustinov ad-lib in "Logan's Run"

      1 user thanked author for this post.
      • #1742147

        “Cheap! Cheaper! It must be done cheaper!”

        “Yes! So we can make our stock price rise and our bonuses go up, up, up! Fines you say? Harrumph! They’re paltry compared to our profits. Just part of the cost of doing business, I say!”

        Seriously, I think until there are strong regulations and severe consequences for failed or non-existent security, breaches will likely go on for decades. No security is perfect but, please, at least “lock the door”….

        Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

    • #1739473

      An equally troubling practice in the industry, that the public may not know about, is the massive offshoring of residential title examinations to places such as India or Indonesia.

      Oh, brother….did you know the govt. is already doing this with Security Clearances??

      “I’am velly soree, but I cannot find you ever went to XXXX University.”

      And there hangs the degree on the wall….<SOB!>

      “Cheap! Cheaper! It must be done cheaper!”

      There’s the answer-it must be done cheaper!

      Title examining used to be a decent middle class job.

      Not surprised by the idea of “security” clearances. Some days I think about moving to Montana and living off-grid.

      (Apologies, I’ve not yet figured out how to trim down quoted posts)

      • This reply was modified 4 years ago by Tom in Az.
    • #1740792

      Add up the costs and wasted man-hours for everyone involved each time a major breach occurs and these penalties will feel paltry in comparison.

      And like other serious endeavors, a company doesn’t get a pass for the first mistake.  This is critical data and should not be treated in so caviler a way.  Like building a nuclear reactor, it has to work from second one or disaster will ensue.

      I work in IT and all too many times I’ve not been allowed to enact proper safeguards because they are thought to be too expensive.  I think once an entity feels entitled to hold on to your personal data, they need to understand the magnitude of that responsibility and feel genuine pain when they fail to adequately protect it.

      Enact a law like that, add something like NO personal data collected by a company operating in the USA is allowed to reside outside of the USA or any other country that has similar legal safeguards (so jurisdictional issues don’t come into play), and I bet you see a return to off-line storage and air gapped solutions.

      “It COSTS money because it SAVES money!”

      (credit to “Moonstruck”)

      1 user thanked author for this post.
    • #1742654

      Laws are, indeed, needed to prevent these, by now, almost weekly online (or at least with an Internet connection to the larger world) data base- and archive-breaching scandals. The problem is that laws are made by elected politicians with the assistance of experts. When the means for doing that have been decimated over the years for austerity reasons, etc., it does become progressively harder for politicians to get good, informed advice. And many are themselves not well-informed when it comes to the Internet and associated technologies.

      Case in point: the recent problem with the UK government HSTS decision that, when implemented, suddenly made many national and local websites inaccessible. It has been blamed by experts on the cluelessness of MPs in matters technological and on their desire of being seen as “doing something.”

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      1 user thanked author for this post.
    • #1743322

      It has been blamed by experts on the cluelessness of MPs in matters technological

      Unsubstantiated – references please.

      cheers, Paul

    • #1743446

      Well, Paul T, what you know? I looked again for those articles to satisfy your request by giving here a link to one of them, and can’t find them now. At the time I read that, I said “So what else is new?” to myself and moved on to something else.

      As some form  of compensation, I  bring you this link to a US publication you might recognize, on a similar general problem of technological cluelessness  in the US Congress. With some speculation as to likely causes.

      So, this one is about congress people instead of UK MPs:

      https://www.wired.com/2016/04/office-technology-assessment-congress-clueless-tech-killed-tutor/

      But now I have found one on UK, politicians! So here it is, although, same as the US one, is from 2016. But have politicians became profoundly understanding of technology over the last two years, you think?

      https://www.techworld.com/security/too-many-uk-politicians-are-clueless-about-tech-3625100/

      (By the way, it seems that showing a big picture rather than just the one-line brown URL link is a new feature here.)

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • This reply was modified 4 years ago by OscarCP.
      1 user thanked author for this post.
    Viewing 8 reply threads
    Reply To: 16-year U.S. data leakage: KrebsOnSecurity

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: