I'd say hey, they need better physical security at that location and really need to consider that aspect as well as their data security. More importantly, however, what difference does it make how I feel? If I've been trusted with information I have a responsibility to provide that information with a level of security corresponding to its sensitivity.

Let's get this right, people. Your data security is different than your physical security. Scary breaking and entering analogies just make you look like the sheep that you are, clinging to older world concepts. The first four letters of analogy spell. . . .

Yeah okay information shouldn't all be free, even if it wants to. Intellectual property law has a long way to go. And we all have our rights to privacy. We also have rights, as consumers, to know when a company has inadequate security.

I bet you dollars to donuts that NYTimes wouldn't have had a banner saying "Mediocre Security - Subscribe Now!!" or "Want to be quoted in NYTimes? TRUST YOUR SOCIAL SECURITY NUMBER TO OUR PUBLICLY ROUTED INTRANET -- ACT NOW!" on their webpage.

As I'm apparently so fond of saying . . . there's but one way to make publicly traded companies change their business practices - kick them where it hurts. You do that through the media.

Thanks, Security Focus.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/340/11218#11218