News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • 16-year U.S. data leakage: KrebsOnSecurity

    Home Forums AskWoody blog 16-year U.S. data leakage: KrebsOnSecurity

    Tagged: 

    This topic contains 12 replies, has 9 voices, and was last updated by  OscarCP 3 months, 3 weeks ago.

    • Author
      Posts
    • #1738007 Reply

      Kirsty
      Da Boss

      Security supremo Brian Krebs has published details of a long-standing data leak he stemmed this week: The Web site for Fortune 500 real estate title i
      [See the full post at: 16-year U.S. data leakage: KrebsOnSecurity]

      5 users thanked author for this post.
    • #1739315 Reply

      Tom in Az
      AskWoody Plus

      I was in the Title Insurance industry for 35 years. About the time I retired, the big push was to go “paperless.” I didn’t foresee this type of thing as massive data breaches were not yet weekly occurrences at the time. I suppose this was inevitable. Increased security of personal info was supposed to be a facet of the Dodd-Frank Act; we see how that turned out.

      An equally troubling practice in the industry, that the public may not know about, is the massive offshoring of residential title examinations to places such as India or Indonesia. I was not involved with this personally, so I don’t even know what sort of personal info is sent overseas, but it gives me the willies to think about.

      1 user thanked author for this post.
    • #1739329 Reply

      Fines alone don’t seem to work…how about  Public Humiliation?

      In Japan in the 80’s, bad managers/section heads were not fired; they were sent to “Bad Manager School”, where they had to:

      1. Stand up in front of the other Bad Managers and confess why they were such idiots, and compose songs about their incompetence, and sing them in front of class
      2. Work off their “Ribbons of Shame” by attending classes addressing good management skills
      3. Wearing some item proclaiming their progress through the “school”.

      When they went back to work, they were actually MORE respected, as they had admitted they fouled up, and had re-trained.

      I know, totally different cultures…but maybe a combination of the above, some time in the good old fashioned stocks in the public square, AND a monetary fine? How about a ride in a donkey cart wearing a dunce cap down Wall Street, restitution and some time in the can?

      A  Court-Ordered “Bad CEO/CIO School”?

      I see this thing, and I just don’t know what to suggest.  I’m out of ideas.  As my grandmother used to say,

      “Umph, umph, umph!” (An 19th century American expression of ultimate disgust. [Now you know how old I am!])

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      2 users thanked author for this post.
    • #1739344 Reply

      Sessh
      AskWoody Lounger

      ..and people want more AI yet big business can’t even keep their data safe and don’t care at all about ours. Yep, we’re obviously ready for AI. It’s not at all obvious that technology has already advanced beyond what we can control and keep secure. It definitely has.

      1 user thanked author for this post.
    • #1739372 Reply

      An equally troubling practice in the industry, that the public may not know about, is the massive offshoring of residential title examinations to places such as India or Indonesia.

      Oh, brother….did you know the govt. is already doing this with Security Clearances??

      “I’am velly soree, but I cannot find you ever went to XXXX University.”

      And there hangs the degree on the wall….<SOB!>

      “Cheap! Cheaper! It must be done cheaper!”

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      1 user thanked author for this post.
      • #1742147 Reply

        Steve S.
        AskWoody Plus

        “Cheap! Cheaper! It must be done cheaper!”

        “Yes! So we can make our stock price rise and our bonuses go up, up, up! Fines you say? Harrumph! They’re paltry compared to our profits. Just part of the cost of doing business, I say!”

        Seriously, I think until there are strong regulations and severe consequences for failed or non-existent security, breaches will likely go on for decades. No security is perfect but, please, at least “lock the door”….

        Win7 Pro x64 (Group B), Win10 Pro x64 1809, Linux Mint + a cat with 'tortitude'.

    • #1739473 Reply

      Tom in Az
      AskWoody Plus

      An equally troubling practice in the industry, that the public may not know about, is the massive offshoring of residential title examinations to places such as India or Indonesia.

      Oh, brother….did you know the govt. is already doing this with Security Clearances??

      “I’am velly soree, but I cannot find you ever went to XXXX University.”

      And there hangs the degree on the wall….<SOB!>

      “Cheap! Cheaper! It must be done cheaper!”

      There’s the answer-it must be done cheaper!

      Title examining used to be a decent middle class job.

      Not surprised by the idea of “security” clearances. Some days I think about moving to Montana and living off-grid.

      (Apologies, I’ve not yet figured out how to trim down quoted posts)

      • This reply was modified 3 months, 3 weeks ago by  Tom in Az.
      • #1739490 Reply

        Kirsty
        Da Boss

        (Apologies, I’ve not yet figured out how to trim down quoted posts)

        Press Reply, then highlight the part you wish to quote, then press Quote. 🙂

        1 user thanked author for this post.
    • #1740792 Reply

      KevSpa
      AskWoody Plus

      Add up the costs and wasted man-hours for everyone involved each time a major breach occurs and these penalties will feel paltry in comparison.

      And like other serious endeavors, a company doesn’t get a pass for the first mistake.  This is critical data and should not be treated in so caviler a way.  Like building a nuclear reactor, it has to work from second one or disaster will ensue.

      I work in IT and all too many times I’ve not been allowed to enact proper safeguards because they are thought to be too expensive.  I think once an entity feels entitled to hold on to your personal data, they need to understand the magnitude of that responsibility and feel genuine pain when they fail to adequately protect it.

      Enact a law like that, add something like NO personal data collected by a company operating in the USA is allowed to reside outside of the USA or any other country that has similar legal safeguards (so jurisdictional issues don’t come into play), and I bet you see a return to off-line storage and air gapped solutions.

      “It COSTS money because it SAVES money!”

      (credit to “Moonstruck”)

      1 user thanked author for this post.
    • #1742654 Reply

      OscarCP
      AskWoody Plus

      Laws are, indeed, needed to prevent these, by now, almost weekly online (or at least with an Internet connection to the larger world) data base- and archive-breaching scandals. The problem is that laws are made by elected politicians with the assistance of experts. When the means for doing that have been decimated over the years for austerity reasons, etc., it does become progressively harder for politicians to get good, informed advice. And many are themselves not well-informed when it comes to the Internet and associated technologies.

      Case in point: the recent problem with the UK government HSTS decision that, when implemented, suddenly made many national and local websites inaccessible. It has been blamed by experts on the cluelessness of MPs in matters technological and on their desire of being seen as “doing something.”

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      1 user thanked author for this post.
      • #1743417 Reply

        Fred
        AskWoody Plus

        OscarCP, you are right.

        [PGP-ID available]

    • #1743322 Reply

      Paul T
      AskWoody MVP

      It has been blamed by experts on the cluelessness of MPs in matters technological

      Unsubstantiated – references please.

      cheers, Paul

    • #1743446 Reply

      OscarCP
      AskWoody Plus

      Well, Paul T, what you know? I looked again for those articles to satisfy your request by giving here a link to one of them, and can’t find them now. At the time I read that, I said “So what else is new?” to myself and moved on to something else.

      As some form  of compensation, I  bring you this link to a US publication you might recognize, on a similar general problem of technological cluelessness  in the US Congress. With some speculation as to likely causes.

      So, this one is about congress people instead of UK MPs:

      Of Course Congress Is Clueless About Tech—It Killed Its Tutor

      But now I have found one on UK, politicians! So here it is, although, same as the US one, is from 2016. But have politicians became profoundly understanding of technology over the last two years, you think?

      https://www.techworld.com/security/too-many-uk-politicians-are-clueless-about-tech-3625100/

      (By the way, it seems that showing a big picture rather than just the one-line brown URL link is a new feature here.)

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      • This reply was modified 3 months, 3 weeks ago by  OscarCP.
      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: 16-year U.S. data leakage: KrebsOnSecurity

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.