Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So here's a fun note - as it turns out, the Panera Bread Director of Information Security mentioned in that email exchange worked at Equifax from 2009 to 2013. There's a comment mentioning it on that page, but you can find it just by looking at his LinkedIn: https://www.linkedin.com/in/mike-gustavison-b020426/

Time is a flat circle. Everything that has happened before will happen again. Every time it happens, we will hear "Security is our top priority" or "We take security very seriously."

EDIT: This just got more interesting. Turns out that despite taking the site down for an hour earlier today, they didn't fix it: https://twitter.com/briankrebs/status/980944555423002630

Also, based on the vulnerability still working at this endpoint [1], Krebs revised his estimated number to 37 million records: https://twitter.com/briankrebs/status/980949205974953984

________________________________

1. https://delivery.panerabread.com/foundation-api/users/678141...



Well, it costs nothing to put out a press release saying something “is out top priority” and “being taken seriously” and not do anything.


Correct me if I'm wrong - its also NOT illegal to do so, even if you are lying it is immoral but not illegal.

So I was once told by cop when i told them defendant is lying not showing up that he has good reasons. Unless you are under oath by very few LE organizations, its not illegal to lie.

Of course I'm not saying its a good thing; just pointing out they can say whatever they want to - there is no liability.


Don’t forget, “We’re sorry,” “We’ll do better,” and my personal favorite, “Trust us!”

I’d prefer crippling fines.


Absolutely agreed. It feels like corps are developing thier own infosec version of the four dogs defense.

4 DOG DEFENSE My Dog Does Not Bite. My Dog Bites, But It Didn't Bite You. My Dog Bit You. But It Didn't Hurt You. My Dog Bit You And Hurt You, But It Wasn't My Fault

http://acronymrequired.com/2011/10/the-four-dog-defense.html


This sounds like a dog version of the narcissist prayer.


This was a very interesting read.


"I’d prefer crippling fines"

Probably won't happen until some Senator gets personally burned. Equifax hasn't suffered much, for example, and they released almost all of their info for every adult in the US that ever used a credit card or had a mortgage.

I'm almost wishing some activist hacker would buy the data for the House and Senate reps and go to town...just to get their attention. Purchase pornhub accounts , shady drug site stuff, escorts, etc, and start sharing it publicly.


My guess is that senators that have been burned have been done so secretly and are being blackmailed.

The Equifax dump was apparently huge.


> My guess is that senators that have been burned have been done so secretly and are being blackmailed.

The whole bunch has been blackmailed for decades. Just not "ordinary" blackmailing, but threatening by big funders to cut said funding unless, for example, the politician keeps supporting NRA/BigAg/BigFinance-favorable policies...


Hmm, I like this point, but is that blackmail or more just "the system?"


We just need Pence's Grindr details.


Heh. Fabricated or real, that would get a fair amount of news time and attention. Maybe Romney too.


I know HIBP's Troy HUnt has very carefully detailed his ethical and moral tradeoffs in what he does, and I appreciate that as a benchmark.

But I so want to lose my mind, start getting these breach db's and start emailing Congresscritters with "This email was hacked, you're screwed, we're screwed, and here's legit links to help fix our lives back up... (eff.org) (hibp) etc"

And now I'm on the watch list for when someone crazier than me actually does this. Sigh.


Some Senators might already have such arrangements ;)


E-CORP


I feel like there could be an xkcd-style greasemonkey script that adds a winkey face to the end of any of those phrases to make them a little more accurate.

"We take security very seriously ;)"


Mark?


That’s because business in America allow everyone to fail upwards after you hit a certain echelon.

There’s no accountability and it’s about protecting everyone in that class at the expense of all other employees and consumers.

Yay, America!!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: