Comments on: Dave & Buster’s Data Breach Indictment: Apps Crash For The Bad Guys, Too http://storefrontbacktalk.com/securityfraud/dave-busters-data-breach-indictment-apps-crash-for-the-bad-guys-too/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Sun, 20 May 2012 01:49:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Reality http://storefrontbacktalk.com/securityfraud/dave-busters-data-breach-indictment-apps-crash-for-the-bad-guys-too/comment-page-1/#comment-30168 Reality Sun, 18 May 2008 01:39:13 +0000 http://www.storefrontbacktalk.com/securityfraud/dave-busters-data-breach-indictment-apps-crash-for-the-bad-guys-too/#comment-30168 Most people think that I'm strange, but as an InfoSec Professional, I have done away with my Credit Cards, and have gone back to a completely cash life. Purchasing goods online, or using a card in store clearly isn't safe, and the retailers, credit card companies, and the banks really don't care. I get to see the PCI scans, and the amount of money that the PCI efforts cost companies, yet, we still have issues with simple security. Organizations don't really want to apply the correct methods of securing their systems, because they don't have the talent, or the time to put the proper tracking, access controls, and testing into practice. Of course, if they did, they wouldn't be making that extra $00.03 per transaction, costing them millions in the long run. It's cheaper to pay the fines, let the current practices "protect" them, making everyone feel safe. It is a case where "Ignorance is Bliss!" is truly the status quo. "In God we Trust, all others pay cash." It's one way to prevent credit card theft, identity theft, and loss of our hard earned money. Try it, it's freedom. Most people think that I’m strange, but as an InfoSec Professional, I have done away with my Credit Cards, and have gone back to a completely cash life. Purchasing goods online, or using a card in store clearly isn’t safe, and the retailers, credit card companies, and the banks really don’t care.

I get to see the PCI scans, and the amount of money that the PCI efforts cost companies, yet, we still have issues with simple security.

Organizations don’t really want to apply the correct methods of securing their systems, because they don’t have the talent, or the time to put the proper tracking, access controls, and testing into practice. Of course, if they did, they wouldn’t be making that extra $00.03 per transaction, costing them millions in the long run.

It’s cheaper to pay the fines, let the current practices “protect” them, making everyone feel safe.

It is a case where “Ignorance is Bliss!” is truly the status quo.

“In God we Trust, all others pay cash.” It’s one way to prevent credit card theft, identity theft, and loss of our hard earned money.

Try it, it’s freedom.

]]> By: Evan Schuman http://storefrontbacktalk.com/securityfraud/dave-busters-data-breach-indictment-apps-crash-for-the-bad-guys-too/comment-page-1/#comment-30048 Evan Schuman Fri, 16 May 2008 14:56:58 +0000 http://www.storefrontbacktalk.com/securityfraud/dave-busters-data-breach-indictment-apps-crash-for-the-bad-guys-too/#comment-30048 Editor's Note: That's a nice sentiment, but I cynically doubt it would do any good. It's like increasing the penalties for illegal narcotic distribution. There is SO much money to be made with these schemes--and the chances of being caught are so slight--that these punishments won't do much good. The deterrence of any punishment only exists if the one you're trying to deter has any reasonable belief they'll get caught and convicted. These cyber thieves are generally confident, cocky and quite careful. Reality aside, they are likely to BELIEVE they'll never get caught. Therefore, no punishment will likely any impact. I hope I'm wrong, though. Editor’s Note: That’s a nice sentiment, but I cynically doubt it would do any good. It’s like increasing the penalties for illegal narcotic distribution. There is SO much money to be made with these schemes–and the chances of being caught are so slight–that these punishments won’t do much good.
The deterrence of any punishment only exists if the one you’re trying to deter has any reasonable belief they’ll get caught and convicted.
These cyber thieves are generally confident, cocky and quite careful. Reality aside, they are likely to BELIEVE they’ll never get caught. Therefore, no punishment will likely any impact.
I hope I’m wrong, though.

]]> By: Biff Matthews http://storefrontbacktalk.com/securityfraud/dave-busters-data-breach-indictment-apps-crash-for-the-bad-guys-too/comment-page-1/#comment-30047 Biff Matthews Fri, 16 May 2008 14:37:56 +0000 http://www.storefrontbacktalk.com/securityfraud/dave-busters-data-breach-indictment-apps-crash-for-the-bad-guys-too/#comment-30047 Finally! As Paul Harvey said, now for the rest of the story, which is yet to unfold, taking years, is what happens to these cyber criminals. Swift and meaningful punishment is necessary to send a message to those considering a life of cyber crime. Finally! As Paul Harvey said, now for the rest of the story, which is yet to unfold, taking years, is what happens to these cyber criminals. Swift and meaningful punishment is necessary to send a message to those considering a life of cyber crime.

]]>