[ISN] Why crack a systems to get information when you can just buy the system?

From: InfoSec News (isnat_private)
Date: Tue Sep 16 2003 - 04:24:34 PDT

  • Next message: InfoSec News: "[ISN] Symantec official's quote rubs researchers the wrong way"

    Forwarded from: Mark Bernard <mbernardat_private>
    Good afternoon Associates,
    Have you seen this story? Why crack a systems to get information when
    you can just buy the system?
    This should never happen, but its happening right here in Canada more
    frequently than ever before........ Once a Corporate computer has
    exceeded a three year period of use it represents capital that has
    been written off which the company has received credit for from the
    government of Canada. So why are these banks selling worthless assets
    to make a profit at such risk? Just take a look at some of the
    inherent risks including potential effects that they take on below.
    The economic impact can start to be measured by the loss in confidence
    in the BOM, namely share prices. Share holders will lose savings. This
    could mean that retirees who depend on that money to just get buy have
    less now. The possibility of ID Theft raises its head again and a
    violation of the privacy rights which will mean a possible class
    action suite. The privacy commissionaire will investigate so tax
    payers will pay for auditors to investigate further impacting the
    productivity of the BOM staff. Possible job loss by one or two
    individuals may mean new people will get hired, they will need to be
    trained or we might see this problem occur once more in the near
    Really these incidents need to be discussed openly so that people are
    clear about this risks and associated threats.
    Error' sends bank files to eBay
    Student buys BMO computers, finds client info
    Hard drives were on auction site for six hours
    Two Bank of Montreal computers containing hundreds, potentially
    thousands, of sensitive customer files narrowly escaped being sold on
    eBay.com late last week, calling into question the process by which
    financial institutions dispose of old computer equipment.
    Information in one of the computers included the names, addresses and
    phone numbers of several hundred bank clients, along with their bank
    account information, including account type and number, balances and,
    in some cases, balances on GICs, RRSPs, lines of credit, credit cards
    and insurance.
    Many of the files were dated as recently as late 2002, while some went
    back to 2000. The computers appeared to originate from the bank's head
    office on St. Jacques St. in Montreal, but customers, many of them
    also bank employees, had addresses ranging from Victoria, B.C., to St.
    John's, Nfld.
    Mark E. S. Bernard, CISM,
    Apollo Computer Consultants Inc.
    email: Mark.Bernard.CISM@apollo-cc.com
    Web site: www.apollo-cc.com
    Phone: (506) 375-6368
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 16 2003 - 07:19:19 PDT