SoylentNews is people
SoylentNews
The third largest breach ever just happened in Finland. Passwords were stored in plaintext. At T-Mobile Austria, they explain that of course they store the password in plaintext, but they have so good security so it's nothing to worry about. At what point does this become criminally negligent?
This discussion has been archived.
No new comments can be posted.
At What Point Does Storing Passwords in Plaintext Become Criminally Negligent
|
Log In/Create an Account
| Top
| 138 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Can anyone remember when the times were not hard, and money not scarce?
(Score: 4, Insightful) by Thexalon on Sunday April 08 2018, @07:58PM (8 children)
As I mentioned 2 days ago [soylentnews.org], the proof of how little harm security breaches really do to major companies is that Equifax's stock just closed right about where it was a year ago, despite losing basically every adult American's entire identity information in between.
New slogan: "We Don't Care. We Don't Have To. We're The Big Data Company."
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by Gaaark on Sunday April 08 2018, @10:53PM (6 children)
Exactly why they need to be made to care: hit them in the balance sheet and in their own personal wallets.
Make it so rough, it's more worth their while to do things correctly AND morally right than it is to fuck people and get away with it.
TOO many executives are getting mere slaps on the wrists. It needs to HURT!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by The Mighty Buzzard on Sunday April 08 2018, @11:01PM (5 children)
That's where their employment contracts come in. Tie their personal earnings to the company's profits starting from zero on both. This isn't a problem with the CEOs or the law, it's a problem with the boards of directors who do the hiring not being worth a shit at their jobs.
My rights don't end where your fear begins.
(Score: 5, Insightful) by Thexalon on Sunday April 08 2018, @11:49PM (4 children)
That won't do the job. Using Equifax as the example again, here are their quarterly earnings per share over the last couple of years:
2016 Q1: $0.85
Q2: $1.08
Q3: $1.09
Q4: $1.01
2017 Q1: $1.26
Q2: $1.36
Q3: $0.79 (breach made public)
Q4: $1.42 (3 months later)
See that great pain in their profits? Me neither.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by isostatic on Monday April 09 2018, @01:00AM
Equifax has about $3b a year revenue, $120m fines per data breach (so that's how many trillion for losing an entire country?) should impact those profit figures somewhat.
(Score: 2) by The Mighty Buzzard on Monday April 09 2018, @01:59AM (2 children)
I'm talking managing the company well or not from a profit perspective. Ordering illegal acts is itself illegal and needs no further legislation. Ordering astoundingly foolish acts is not and should never be.
My rights don't end where your fear begins.
(Score: 2) by Thexalon on Monday April 09 2018, @02:36PM (1 child)
And what Equifax did is not criminal, just astoundingly foolish and possibly a tort.
And the point of the argument is that Equifax did a lot of damage to a lot of people, knowingly even by hiding the breach for months, and yet is totally fine as a business, thus demonstrating that civil penalties and company profits are insufficient to motivate companies to behave differently.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by The Mighty Buzzard on Monday April 09 2018, @04:13PM
Then your obligation is to change the laws if you want to claim to be a civilized being. Illegal and immoral actions on your part cannot be justified by legal but immoral actions on their part if that's a mantle you wish to wear.
My rights don't end where your fear begins.
(Score: 2) by archfeld on Monday April 09 2018, @02:15AM
Isn't Equifax the body behind the company that charges to fix the problem that Equifax created ? Seems like a self supporting industry that makes money off every angle. They collect the info, hire the hackers to heist the info and profit from the sale, then profit again when the credit monitoring service is engaged. Pure marketing genius...
https://www.youtube.com/watch?v=STeVTzWelns [youtube.com]
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge