On the panic bandwagon?…..
March 26, 2008

The recent St. George Bank story shows how something can grow and become a bit blown out of proportion relative to the originally reported story. Some of the responses to the story on the News site demonstrates a lack of understanding some people have that drives fear in the community about doing business on the Net. Is this one a storm in a teacup? (I know I am critical at times about things we see, but on the flipside, sometimes perspective is tainted by underlying fears that have no direct correlation to the topic at hand).

Comments (3)
Posted in: Disclosure Laws, Risk Management, Vulnerability Management, Web Application Security, cyber crime


  1. JM says:
    March 26, 2008 at 11:44 am

    The guy that found this very very minor bug works for News.com.au. Does that sit well with everyone?

    He found it, reported it and thankfully had the decency (*cough*) to wait until it was fixed before publishing his ridiculous, sensationlised, tabloid-style attack piece.

    So now it seems we’re competing with journalist pentesters too. Hmm…

  2. FP says:
    March 26, 2008 at 1:32 pm

    It’s a hard call to make. When you mention Bank, Confidential Information and leak in the same sentence, the media will go nuts.

    The media will sensationalize everything.. its what they do. Organizations need to take this into consideration when doing their risk management – especially if you have retail customers that may not be educated to make their own conclusions about IT security.

  3. Drazen Drazic says:
    March 27, 2008 at 9:48 pm

    @JM, maybe they’re threatened by us blogging stuff on infosec before they get hold of it. We’re going into their field with 2.0 so maybe they think to compete they need to come into ours. They’ll win on sensationalism of a story hands down due to mainstream “consumer” readership through their forum. The St George issue rates far far far down the scale on shit we have been doing and seen this week that will never make the press. Relative to that, St George is a saint so to speak. :-)

    I know the journos I know will hopefully take no offence to my comments. If they do, they know me well enough to know I would never think I am a journo. Blogging is far easier with ready made excuses for any errors. As I mentioned before, I don’t write any of this stuff. It’s all outsourced to my team of writers in Upper Botabolar.

    @FP, if only they knew the stuff we see every day as mentioned above.

    DD