Page 2

By Lisa Vaas  |  Posted 2005-12-23 Print this article Print

But other customers were willing to cut Guidance some slack, given the nature of a network breach. Mitch Dembin, an assistant U.S. attorney and cybercrime coordinator for the Southern District of California, as well as a one-time customer of Guidance, said that he could understand the snail-mail notification approach, given that a company in Guidances position might not even be sure that its systems would be secure enough to send e-mail without further compromise of sensitive data. "Recognizing your system has been compromised, are you comfortable using e-mail to contact customers?" he said. "With mail, youre avoiding the possibility of electronic compromise. Although its recognized as significantly more expensive for companies to use the mail, to do so, I think, is to ensure the customer gets the notice, which you cant ensure through e-mail. Particularly since your system has suffered at least one known compromise."
The lessons the breach teaches are already well-known, Dembin said, given that in this day and age, everybody knows the value of encrypting the database. That doesnt make encryption a straight-forward choice, however. "There are some difficulties, including cost, in encrypting database information, particularly when its a live database," he said. "Its not so simple as saying, Encrypt it. If you need the data quickly, if the data is active, theres going to be a performance hit. Its just not so easy. If it was so easy to do, yes, by now everyone would have a solution in place and be doing it."
Retention of credit card data is another problem entirely, Dembin said—one thats arisen after credit card systems had already come online. For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub. "When we first started taking credit card information online, I dont think these concerns existed," he said. "These concerns have become far more significant now, and card companies have combined to require that vendors only keep certain information a certain amount of time. But again, thats an adjustment [you have to make] to the software. It seems to me the kind of thing that if it was easy, everybody would do it. It might require tweaks, updates or changes that companies are planning for but they hope to get to before [disaster strikes]." In the meantime, users like Garza arent planning to stop using Guidance software, which he called "probably the most widely used computer forensic software in the Windows environment." Hell just be more careful next time he goes back for training or software, he said. "Ill pay with check, not by credit card," he said. Check out eWEEK.coms for the latest database news, reviews and analysis.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel