[Dailydave] Shady headlines
security curmudgeon
jericho at attrition.org
Fri Apr 4 20:27:16 EDT 2014
On Fri, 4 Apr 2014, Dave Aitel wrote:
: http://krebsonsecurity.com/2014/04/u-s-states-investigating-breach-at-experian/
:
: So I read the Krebs report today with interest because the CISO of
: Experian (Stephen Scharf) is an old friend of mine, and probably one of
: the better CISO's in the business, imho. So there are a few things I
Perhaps, but if he is involved in Experian's role of making legal threats
against a non-profit organization who cited Krebs as a source, while
refusing to go after Krebs or any other major news outlet that parroted
his headlines, he isn't a good CISO imho.
: think are funny in the Krebs report. For example,"Court records just
After the legal threat, I had a dialogue with Krebs and summarized their
complaint (cliff notes: Experian was not breached). DatalossDB updated the
entry to more accurately reflect what happened, listed US Info Search as
the primary with Court Ventures and Experian as secondary 'affected'.
Krebs opted to keep his headlines for the original article and the
follow-up that said as many as 200 million records were involved.
Even after this, Experian has apparently not threatened anyone else over
their coverage. But they felt it was necessary to threaten us, without
asking us to update it politely first. Their bullshit threat also lied and
said that *we* were responsible for everyone thinking it was Experian and
200 million, when we clearly cited our source, and every other news
article clearly cited their source (Krebs).
: I guess the point is, "Some random company Experian bought had an
: agreement with another company that had an customer who was shady and
: then arrested" is not as catchy a title, even if it is more accurate
: than "U.S. States Investigating Breach at Experian" which is what Krebs
: decided to run with this time.
It isn't quite as clear cut as that either. From my understanding, after
Court Ventures was purchased by Experian and 'due diligence' as done, the
abuse continued. Not the same as 'experian lost blah records' and still
not a catchy title I know, but the story is more muddled than that.
- jericho
More information about the Dailydave
mailing list