Letters: From the online mailbag

June 1, 2011
In response to a May news story, Personal data of “X-Factor” hopefuls exposed:

Notice that when these breaches occur no one from the affected company ever issues a statement of apology.
Khürt Williams, information security architect

In response to a May news story, Anonymous spokesman on Sony hack: “It wasn't us”:

Anyone can put the blame on someone else. Anonymous can put the blame on some random European and say that that European is framing Anonymous.
WhatLegion?

Sorry, can't take credit for the actions of an individual one day, deny credit another, then criticize other groups when their leadership says they didn't know/condone the actions of some individuals without being massive hypocrites.
Anne On

In response to an April news story, New York Yankees expose season ticket holders' data :

Just because no financial data or Social Security numbers were compromised doesn't mean the Yankee organization is in the clear. As we saw with the Epsilon hack, all a hacker really needs is an email address in order to gain more information on an individual. Email addresses are becoming the new Social Security numbers and are often used in social engineering attacks to gain access to the bank and credit card accounts. There may still be consequences from this mistake.
Rick Dakin, CEO, Coalfire Systems

In response to an Opinion article on the website, How do you begin an information security career?, by Israel Bryski, board member, N.Y. Metro ISSA chapter:

I also suggest to folks that they get to know someone at their employer (or university) who works in information security, and just ask if they can hang with him or her. For example, ask the firewall guys if it is OK to sit with them at lunch and watch what they do. Most people love to talk about their jobs, and are willing to help.
Michael Seese

Great article! Thanks for addressing this topic. I feel somewhat relieved that I am heading in the right direction.
Rodney Mendiola

In response to an Opinion on the website, Unwitting accomplices and complicit security teams, by Anup Ghosh, founder and chief scientist, Invincea:

This article is right on point. IT security needs to evolve. A quote attributed to Albert Einstein comes to mind: “Insanity: doing the same thing over and over again and expecting different results.”
Maria Cohen

In response to a news item on the SC Canada site, Chip-and-PIN definitely broken, say Italian researchers:

This wasn't “discovered” by the Italian researchers. It is a well-known flaw and was widely reported. It depends on the banks choosing to not fix it, some already have (e.g., Barclays in England).
Cayce Pollard


The opinions expressed in these letters are not necessarily those of
SC Magazine.
prestitial ad