Comments on: Disclosing in a public forum is not whistle blowing http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/ The views of one man on security, privacy and anything else that catches his attention Fri, 21 Nov 2008 19:45:57 +0000 http://wordpress.org/?v=abc By: Brian Greer http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/#comment-2048 Brian Greer Sun, 01 Jun 2008 13:11:07 +0000 http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/#comment-2048 You are spot on. Oddly enough, the only proper action in the whole story was the firing of this poor soul. Perhaps they will still have access to all the same servers/information though, since TJX apparently has terrible security policy (if any). I would've thought the notoriety and shame from their massive breach would have at least given the appearance of improvement. Sadly, they still think of themselves as an unfortunate victim that did nothing wrong, and therefore has no reason to change their ways. You are spot on. Oddly enough, the only proper action in the whole story was the firing of this poor soul. Perhaps they will still have access to all the same servers/information though, since TJX apparently has terrible security policy (if any). I would’ve thought the notoriety and shame from their massive breach would have at least given the appearance of improvement. Sadly, they still think of themselves as an unfortunate victim that did nothing wrong, and therefore has no reason to change their ways.

]]> By: Network Security Blog » Look to the acquiring banks, not the PCI Security Council http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/#comment-2031 Network Security Blog » Look to the acquiring banks, not the PCI Security Council Sat, 31 May 2008 07:12:17 +0000 http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/#comment-2031 [...] is continuing the conversation about the firing at TJX and reporting Payment Card Industries ‘violations’ to someone. I want to pause the [...] [...] is continuing the conversation about the firing at TJX and reporting Payment Card Industries ‘violations’ to someone. I want to pause the [...]

]]> By: Network Security Blog » Who you gonna run to? http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/#comment-2017 Network Security Blog » Who you gonna run to? Fri, 30 May 2008 05:59:50 +0000 http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/#comment-2017 [...] Shimel faults me for saying sometimes you just have to walk away, in reference to TJX firing Cryptic_Mauler (the upper/lower case stuff is too much for me to type [...] [...] Shimel faults me for saying sometimes you just have to walk away, in reference to TJX firing Cryptic_Mauler (the upper/lower case stuff is too much for me to type [...]

]]> By: StillSecure, After All These Years http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/#comment-2015 StillSecure, After All These Years Fri, 30 May 2008 02:11:12 +0000 http://www.mckeay.net/2008/05/29/disclosing-in-a-public-forum-is-not-whistle-blowing/#comment-2015 <strong>When do you have an obligation to go public?...</strong> ... When do you have an obligation to go public?…

]]>