Bugtraq mailing list archives
Re: Question about exploit exposing SSN & user info
From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 06 Aug 2007 14:57:48 -0400
Comments inline:
-----Original Message----- From: hsukowa () yahoo com [mailto:hsukowa () yahoo com] Sent: Sunday, August 05, 2007 10:35 PM To: bugtraq () securityfocus com Subject: Question about exploit exposing SSN & user info
with this type of a situation? --- Where a company has silenced an exploit without notifying customers who may have been victims of it? Does anyone have any recommendations for a course of action I might take to somehow ensure users whose private information may have been compromised are notified in the event the company chooses to "sweep it under the rug"?
Let's be realistic for a minute here with this snippet. On all logical sense do you think there has been a time that say a bank or financial services company has been compromised and said nothing of the incident? You'd be insane to think they willingly provide this information. If you take a look at the majority of article regarding lost/stolen data, it mainly comes to light when someone points it out. RARELY does one see a company come out with a public service announcement stating "Look for years we gave away your information unknowingly. We've since then remedied the problem and offer you this toaster as a token of our appreciation." A few things to think of: 1) Do you value your job? If so then hire an attorney before you do or say anything. Chances are you will be canned. Whether or not its because of downsizing, you were the best of the best, history shows whistleblowers are almost always shafted. 2) Did you discover this information due to the nature of your work or did you let curiousity get the best of you. a) If it was work related see number 1). b) Out of curiousity? See 1). -- ==================================================== J. Oquendo "Excusatio non petita, accusatio manifesta" http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E sil . infiltrated @ net http://www.infiltrated.net
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Question about exploit exposing SSN & user info hsukowa (Aug 06)
- RE: Question about exploit exposing SSN & user info J. Patterson Wicks (Aug 06)
- Re: Question about exploit exposing SSN & user info J. Oquendo (Aug 06)
- <Possible follow-ups>
- RE: Question about exploit exposing SSN & user info Michal Bucko (Aug 06)
- RE: Question about exploit exposing SSN & user info J. Patterson Wicks (Aug 06)