2005/03/10
Lexis Nexis Breach
As Adam had pointed out the Lexis Nexis breach was due to " misappropriation by third parties of IDs and passwords from legitimate customers".
With Bruce Schneier blogging that ChoicePoint is saying "Please Regulate My Industry", will their be a requirement that certain industries dealing with 'person non-public' information use strong authentication for their customers?
Visa, Mastercard et al now require strong authentcation for merchants and processors over a certain size (dropping in June). I tthink Adam's point is valid: Strong authentication is not that expensive - and it's getting cheaper thanks to companies like us. Yet that industry hasn't taken advantage of existing technology to protect its information. Clearly they think that it is cheaper to take the risk than to invest in security.
Perhaps this is because they have insured over the risk. Perhaps instead of regulation the insurance industry should come up with a standard like the credit card industry has for companies that do business over the internet or that deal with confidential data - like Choicepoint, T-Mobile, Lexis Nexis, etc.
With Bruce Schneier blogging that ChoicePoint is saying "Please Regulate My Industry", will their be a requirement that certain industries dealing with 'person non-public' information use strong authentication for their customers?
Visa, Mastercard et al now require strong authentcation for merchants and processors over a certain size (dropping in June). I tthink Adam's point is valid: Strong authentication is not that expensive - and it's getting cheaper thanks to companies like us. Yet that industry hasn't taken advantage of existing technology to protect its information. Clearly they think that it is cheaper to take the risk than to invest in security.
Perhaps this is because they have insured over the risk. Perhaps instead of regulation the insurance industry should come up with a standard like the credit card industry has for companies that do business over the internet or that deal with confidential data - like Choicepoint, T-Mobile, Lexis Nexis, etc.
- Category(s)
- Authentication Attacks
- Security and Economics
- The URL to Trackback this entry is:
- http://www.wikidsystems.com/WiKIDBlog/15/tbping
Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
Simpy
