RE: Re: choice-point screw-up and secure hashes

["Todd Towles" <toddtowles () brookshires com>]

BTW, The FBI uses Choicepoint for a few specialized queries. Most
terrorism related. 

> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk 
> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
> Of Ron DuFresne
> Sent: Saturday, March 19, 2005 1:16 PM
> To: Vincent van Scherpenseel
> Cc: Full-Disclosure
> Subject: Re: [Full-disclosure] Re: choice-point screw-up and 
> secure hashes
>
> On Sat, 19 Mar 2005, Vincent van Scherpenseel wrote:
>
> > On Saturday 19 March 2005 13:02, Kurt Seifried wrote:
> > > > Don't forget that it's bad for the company's image to have 
> > > > confidential customer data stolen. As soon as the press 
> catches on 
> > > > it's bad for business.
> > > > So, companies *do* have a drive to secure your private data.
> > >
> > > Uhhh no. See consumers such as yourself don't actually purchase 
> > > services from choicepoint/etc (unless you're a Nigerian 
> guy who is into ID theft =).
> > > Businesses do. And businesses don't care if choicepoint 
> is secure or 
> > > not, they care if choicepoint has the data. It's like 
> Equifax, you 
> > > don't buy information from them, companies you deal with 
> do. These 
> > > firms have no incentive to protect your information, 
> because they'll 
> > > never lose your business.
> >
> > Consumer A pays for a service from Company B which uses a payment 
> > method from Company C. Company C holds data from Consumer A for 
> > Company B. Now, C gets compromised and data from A is stolen. Don't 
> > you think the consumer will knock on Company B's door? The consumer 
> > doesn't deal with Choicepoint, the consumer deals the 
> company, as you 
> > said. Now, Company B has been found responsable for the mess by the 
> > consumer. Don't you think B will now knock on C's door?
>
>
> Do you know which companies trade and buy personal data from 
> your bank, insurance company, the utilities <phone, electric, 
> gas>, your city and county, your ISP, <endless list>...?
>
> How many people new of let alone knew/know which comapnies 
> choice-point obatined their data from?  Quite often putting 
> pressure on company C is not a straight forward matter for 
> the public at large.
>
> Thanks,
>
> Ron DuFresne
> --
> "Sometimes you get the blues because your baby leaves you. 
> Sometimes you get'em 'cause she comes back." --B.B. King
>         ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D.  Just don't touch anything.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/