Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

Dear Sir: Your Credit Card Number Has Been Owned 179

Posted by timothy from the do-tell-good-man dept.
An anonymous reader submits: "California has become the first state in the nation to require companies victimized by malicious computer attacks to disclose what might have been compromised to their customers. Dubbed the Security Breach Information Act, companies whose systems are cracked and have credit card, bank account, and/or other significant customer data stolen are required to report the intrusion either by email, snail mail, a notice on their website, or by notification to the news media. Law takes effect Tuesday, July 1 (tomorrow)."
This discussion has been archived. No new comments can be posted.

Dear Sir: Your Credit Card Number Has Been Owned More

Dear Sir: Your Credit Card Number Has Been Owned

Comments Filter:

  • I Remember when... (Score:5, Informative)

    by under_score ( 65824 ) <mishkin@be[ ]ig.com ['rte' in gap]> on Monday June 30, 2003 @11:47PM (#6336643) Homepage

    Slashdot was compromised back a few years ago. The maintainers were very quick [slashdot.org] to notify everyone and recommend changing passwords immediately. If only other businesses were as forthcoming!

    And there weren't any credit card numbers involved!

    • Re:I Remember when... (Score:1, Interesting)

      by Anonymous Coward
      it's absolutely ridiculous that the year never shows up on any slashdot story .. so u cant tell what year a story was posted

      fix that damn bug
    • Exactly, I mean think of all those slashdot users, who had stored their credit card numbers on slashdot.

    • Slashdot was compromised back a few years ago. The maintainers were very quick to notify everyone and recommend changing passwords immediately. If only other businesses were as forthcoming!

      And there weren't any credit card numbers involved!

      First of all, it's definitely commendable for Slashdot to notify it's userbase. However, the fact that there's no financial data involved makes it less of a bad thing. If you have an account where basically all someone can do is troll with the account, BFD. It's

  • "Update:" (Score:5, Funny)

    by shawnywany ( 664241 ) on Monday June 30, 2003 @11:48PM (#6336649)
    "All your base is now belong to them."

  • At least they're doing something sorta productive (Score:3, Insightful)

    by I'm just joshin ( 633449 ) on Monday June 30, 2003 @11:48PM (#6336656)
    Not a bad idea but, with them having a 38 billion dollar deficit one would think they'd be focused on that.

    So glad not to be there now.

  • MS Bank v1.1 (Score:5, Funny)

    by Anonymous Coward on Monday June 30, 2003 @11:48PM (#6336658)
    for i in `select * from users`; do
    /usr/sbin/sendmail $i.email < sorry.txt
    done

    • Re:MS Bank v1.1 (Score:5, Funny)

      by Anonymous Coward on Monday June 30, 2003 @11:50PM (#6336677)
      apparently MS Bank runs on unix. in a bash shell...

      right... sher...
      • Don't forget this bash shell has its own embedded SQL parser/client.
        • Don't forget this bash shell has its own embedded SQL parser/client.

          Actually, the source code to bash is three times as large as the source code to SQLite.
      • Cygwin, like everyone else does in the first ten minutes with a Windows box.

      • BUSINESS PLAN (Score:5, Funny)

        by goon america ( 536413 ) on Tuesday July 01, 2003 @01:02AM (#6337020) Homepage Journal
        This is just an attempt to sell Microsoft a lot of stamps.
      • not just any bash shell, but a bash shell well-integrated with some sort of database server...

        • not just any bash shell, but a bash shell well-integrated with some sort of database server...

          IANADBA, however, here are some Observations:

          First off, it is possible to get bash to do queries like this, though not directly afaik. Bash does run on win32. Secondly, decent RDBMS clients will allow one to enter code not unlike what is pictured above. I don't know that you can do such things to MSSQL, at least with included software (one could write it I suppose) but then I did say decent RDBMS, and you m

    • for i in `select * from users`; do /usr/sbin/sendmail $i.email
      Here's the Official MSDN sample code (complete with gotos)

      Dim Suckers as Recordset

      Set Suckers = MyComputer.MyDatabases.ThisDatabase.MyRecordset.[ M y Users]
      Rem Whay_Kind_of_Jerk_Puts_Spaces_in_Table_names?

      Top:
      if ROT13(Suckers.Secret_Account) = "HAX0R3D" then Suckers.[Needs Mail] = True.
      If Suckers.EOF() then goto TheEnd:
      Suckers.NextRecord
      Goto Top

      TheEnd:

      ###
      Then Go to word and do a mail merge. Ask the paperclip for help.

  • Damn straight. (Score:3, Redundant)

    by autopr0n ( 534291 ) on Monday June 30, 2003 @11:49PM (#6336665) Homepage Journal
    People should be responsible for poor security they implement.

    • Re:Damn straight. (Score:5, Insightful)

      by BiggerIsBetter ( 682164 ) on Tuesday July 01, 2003 @12:45AM (#6336947)

      Yup.

      How about if your local bank didn't lock it's safe at night, and used shitty supermarket padlocks on the doors? Then didn't tell you that people broke in occasionally when no-one was looking, but quietly increased your fees to cover the losses? Sound reasonable? No, of course it doesn't, but it's not far off the level of security some clowns put online. Personally, I'd like to see the sysadmins name posted in the notices too. :-D

      Imagine if these were physical break-ins rather than electronic ones. The money's all the same, the only difference is that until now, it didn't make the evening news. It's about time it stopped being swept under the carpet.

      • But this is an example of yet another way too specific law. Why is it that this law was passed concerning electronic breakins (and this is only an assumption), yet there is no law regarding physical breakins.

        As a customer, there is no difference between the two, but in the eyes of the law there is?
        • Why is it that this law was passed concerning electronic breakins (and this is only an assumption), yet there is no law regarding physical breakins.

          Because physical break in's are harder to hide, keep out of the public knowledge, off the news, etc.

          Generally with a physical break in, you call the police. Soon, all the local news stations with a police scanner know something is up at Bank of Microsoft.

    • People should be responsible for poor security they implement.

      People should be responsible if they are negligent, I agree. OTOH, expecting perfect security, as some on this thread seem to be doing, is wishful thinking. The world doesn't work like that. Bank robberies happen, and sometimes they get away with it. Cracks happen, and sometimes they get away with that, too. You should take reasonable steps to secure your facilities and have a sensible contingency plan for when that security fails.

  • About time ... (Score:2, Insightful)

    by aligma ( 682744 )
    This looks like a good start for something that should have happened a long time ago. If people know their information (such as credit card numbers) has been compromised, they can solve the problem. Under Australian law, I think that companies have to tell you if you ask, but I'm not sure they actively publish that kind of information... If they don't, they should! Does anyone know if ISO has a certified standard for web services security? If not ... this might be a good time to make one...

  • Security Breach (Score:5, Funny)

    by Anonymous Coward on Monday June 30, 2003 @11:49PM (#6336667)
    "Umm, I would send out notices, but it appears that the crackers overwrote the mailing addresses of our entire userbase with 123 Sesame Street."

    • Re:Security Breach (Score:1, Informative)

      by Anonymous Coward
      "Umm, I would send out notices, but it appears that the crackers overwrote the mailing addresses of our entire userbase with 123 Sesame Street."

      "required to report the intrusion either by email, snail mail, a notice on their website, or by notification to the news media."

      Nice try but I dont think the Judge would be amused
      • Interestingly enough, whats the exact wording of the law? Can you just bury it somewhere on the website which is the equivalent of a disused lavatory in an unlit basement with no stairs and a sign on the door saying "Beware of the Leopard"?

        I think this law would be a lot stronger if it mandated contact by all of those forms to the extent made possible by available customer data.

        This is kind of a sore spot for me at the moment because of a different, but similar misadventure of my own. Recently, my

        • Can you just bury it somewhere on the website which is the equivalent of a disused lavatory in an unlit basement with no stairs and a sign on the door saying "Beware of the Leopard"?

          While on holiday in the Lake District a while back, some friends and I were going up to the top of Scafell Pike, the highest point in England. One of the paths was particularly treacherous, very steep and with lots of stones that slipped under foot. (Not good for those of us uncomfortable with heights!) After a few hundred m

  • Posting on website wouldn't be enough (Score:5, Interesting)

    by CastrTroy ( 595695 ) on Monday June 30, 2003 @11:50PM (#6336668)
    I don't think that posting the information on the website would be effective enough. Sites such as amazon.com may have my credit card number stolen. If I don't visit the site within the time frame that they are displaying it then I may never find out about it. They need to do something that requires less action from the users such as snail/e-mail. I don't think site postings should be allowed.

    • Re:Posting on website wouldn't be enough (Score:5, Insightful)

      by jeffkjo1 ( 663413 ) on Tuesday July 01, 2003 @12:01AM (#6336733) Homepage
      I honestly don't even like the idea of them sending an email with this information. I can see some unscrupulous thief sending an email with forged headers stating: "Hi from amazon, our credit card database system was stolen by some meddlin' hackers, please click this link and reenter your information to reactivate your Amazon account. We apologize for the inconvienience."
      • Hackers have used this attack many times before. The most recent one that I remember was PayPal. They claimed the password database had been corrupted or something, and asked people to click the link and reenter their passwords. Got a whole lot of accounts that way.

        Someone else did it with a note that said they were putting a timer on service so that you had to log in every so often to keep your account active. People went and logged in by the thousands to the phony site they set up.
    • chances are very good that someone in the press will notice the notice on a site like amazon's, or an amazon customer that does catch it will phone the press. hence, word will still get out that something happened.
      • With something like amazon this is likely to happen. However, Amazon was only used as an example, what if a smaller retailer had the same problem. I think many people who the breach of security was important to would not find out about it.
        • yeah, that's certainly an issue. IIRC, other articles I've read about this say that a company must email or snail mail, but if it costs more than D dollars or there are more than X customers to notify, then they can post a note or call the media. Of course, this suddenly makes emailing the 100 customers of a tiny shop cost a cool million.
    • The law should say that a notice on the website should be combined with a blurb in the media (CNN, MSN, AOL), so those like yourself (or myself, for that matter) would stand a greater chance of being alerted sooner.

      Or they should post to Slashdot :)

      • If I was going to quote the parent, I would say:

        The law should say that a notice on the website should be combined with a blurb in the media (CNN, MSN, AOL),[...]

        If it's not on the Game Show Network, Food Network, or The Learning Channel, I'll never see it.

        If you've got my credit information, and some L33T script kiddies have just 0w^3d you, you should be required to send me something.

    • I don't think that posting the information on the website would be effective enough.

      Agreed entirely. Passive notifications for important information are just pathetic.

      It's like web sites or ISPs where you sign up, and they have a set of Ts&Cs and a privacy policy, and then a caveat that they may change these at any time by putting the changes on their web site, and the changes take effect immediately. If you don't visit the web site during the minutes after the policy changes, while every spammer

  • tonight.... (Score:3, Funny)

    by cdf12345 ( 412812 ) * on Monday June 30, 2003 @11:50PM (#6336676) Homepage Journal
    guess we know what state hax0rs will target tonight, trying to be the first to make a company "go public"

    way better that IPO'S!

  • ...posted in the basement with no lights. (Score:5, Interesting)

    by janda ( 572221 ) <janda@kali-tai.net> on Monday June 30, 2003 @11:52PM (#6336680) Homepage

    To quote the parent:

    ...a notice on their website...

    Yea, all you need to do is find the white-on-white "click here" hyperlink.

    Like I'm supposed to go out every day and check every credit card site, all my bank account sites, every mutual fund site, every stock brocker site, etc, etc, etc?

    Why? Why does the company that has been hacked have to engage in a deliberate act (e-mail, snail mail, phone calls, whatever) except for this? Why not force companies to own up to their mistakes?

    • Like I'm supposed to go out every day and check every credit card site, all my bank account sites, every mutual fund site, every stock brocker site, etc, etc, etc?

      Worse yet, even if you were to somehow check every website on a regular basis, and somehow find the notice (which the law does not give guidelines for, AFAIK), this only covers part of the issue. The other and far more difficult problem: what about when this information gets stolen and the company doesn't notice?

      This seems like a step in the ri

      • To quote the parent:

        The other and far more difficult problem: what about when this information gets stolen and the company doesn't notice?

        There's something in the laws already about how you cannot be held responsible if somebody commits crimes using your materials as long as you make a good faith effort to report it.

        For example, if you find your car gone, you report it stolen, and the next day it's used in a bank robbery, you are usually held innocent unless they have your face on the videotape or

  • I'm suprised... (Score:3, Interesting)

    by Tokerat ( 150341 ) on Monday June 30, 2003 @11:52PM (#6336682) Journal

    ...that this WASN'T required by law before!
  • Does anyone actually expect american express or a similar large company to post publicly on thier website that they were 0wnz3rd?

    If so are they going to post a list of everyone who's information was possibly lifted?
    • Does anyone actually expect american express or a similar large company to post publicly on thier website that they were 0wnz3rd?

      I don't think that will be a problem. I'm sure the crackers will take care of that part for them.

  • (Translated to English, for readability purposes only.)

    1337 h4xxor> The company I broke into published it in the morning newspaper!!!1!1!
    5kr1p7 k1dd13> That's nothing!1!! I made the evening news!11!!!1!1

  • Correction: 0wnx0r3d (Score:5, Funny)

    by dupper ( 470576 ) on Monday June 30, 2003 @11:54PM (#6336697) Journal
    Aha, spelling Nazis, now the shoe is on the other foot!
  • Always making spelling mistakes! It's 0\/\/N3D!

  • Move... (Score:3, Interesting)

    by Mullen ( 14656 ) on Monday June 30, 2003 @11:59PM (#6336719)
    Instead of fixing their security, companies will just find it cheaper to just move their servers out of California.

    • Re:Move... (Score:5, Informative)

      by jeffy124 ( 453342 ) on Tuesday July 01, 2003 @12:17AM (#6336817) Homepage Journal
      interesting idea, except that a CA senator introduced a similar bill for national basis last week. (RTFA) Second paragraph happens to also mention that it dont matter where a company is physically located, they just have to have customers in CA.
    • How will that matter ?
      In the true tredition of slashdot, i haven't read the article. But isn't a business albeit a web business legally binding to the laws of the state where it is registered ?
      The physical location of the servers should be immeterial, or is it too rational to expect ?
    • No, most likely they'll just stop holding credit card numbers. After the transaction has completed THEY DON'T NEED THE NUMBER anymore!!!

      Bleh.

  • internet is not only place where CC #s are stolen (Score:5, Informative)

    by civilengineer ( 669209 ) on Tuesday July 01, 2003 @12:00AM (#6336730) Homepage Journal
    When I first started using Credit cards 3 years ago, I never used it on the internet for 6 months, fearing the consequenses of a theft. But, one fine day, my statement showed charges from some cruise/vacation website and some discounts program I never heard of before for $200!! I got mad and called the credit card company and it took them 2 months to fix it. Then, I decided, what the heck, let's use'em on internet since the numbers will be stolen anyway. :(
    • what probably happened is that your bank got r00ted, which is where someone got your CC#. Or, your ISP's billing system, some brick+mortar where you used your CC kept a database internet accessible, etc.

      The _only_ sure-fire way to prevent getting your CC# stolen is to not have a CC to start with. But that still doesnt protect you from identity theft as someone can open a card in your name if they have your SSN from somewhere.
      • The _only_ sure-fire way to prevent getting your CC# stolen is to not have a CC to start with. But that still doesnt protect you from identity theft as someone can open a card in your name if they have your SSN from somewhere.

        Ha! Finally, having bad/no credit is advantageous! They'll never be able to get a card in my name! Bwahaha!

    • You started using credit cards only three years ago? Why, in my day we had to use credit cards made out of stone, uphill, both ways, in the snow...

      Seriously, you also have to consider "where" and "why" credit card numbes and such get stolen. For example, I've used credit cards over the net for (eeek! I'm old!) about 10 years, and the only problem I've had was some magazines that got charged to the card I use to pay my sister's account. That got fixed easily enough.

      In the 30ish years I've used things

    • I would say the majority of stolen CC #s are probably not on the net. Atleast personal ancedotal evidence seems to point in that direction. I've known atleast five cases, one of which being my parents who are generally anal in protecting their credit cards / bank accounts, in which the number was stolen and used. One interesting thing to note about these cases were that they all were either proven or most likely stolen at restaurants.

      The next time you're at a restaurant, receive the bill, and you're about

  • What's worse? (Score:5, Funny)

    by MoeMoe ( 659154 ) on Tuesday July 01, 2003 @12:01AM (#6336731)
    companies whose systems are cracked...are required to report the intrusion either by email, snail mail, a notice on their website, or by notification to the news media.

    Now I'm not sure what I should be more afraid to find in my email, this or spam....
    • Now I'm not sure what I should be more afraid to find in my email, this or spam....

      How abouth your email reader thinking this is spam?
    • and....what if the email notifying you of the "cracking" is actually spoofed? I can see it now. "Go to this link and enter your CC # to see if yours was stolen"

  • So what happens... (Score:5, Insightful)

    by dethl ( 626353 ) on Tuesday July 01, 2003 @12:02AM (#6336735)
    When the hacker breaks into the notification server?

    Even if they didn't steal any information (other than some emails on the server) they could scare the living crap out of alot of people....like a BIG practical joke.

    Then the company would have to send out another email via the notification system to their customers....this ought to be interesting...why trust the company that claimed it was hacked yet it wasn't?
    • Considering most companies sell your information to other companies because they just know how much we all love junk mail, I find it hard to believe they only have the information in one place.

  • Law takes effect Tuesday, July 1 (tomorrow)." (Score:4, Funny)

    by djupedal ( 584558 ) on Tuesday July 01, 2003 @12:06AM (#6336757)
    Increased costs take effect Wednesday, July 2 (the day after the day tomorrow).

  • Need another law (Score:1, Funny)

    by Anonymous Coward
    Informing customers prior to account signup/transaction about whether or not information prone to identity theft is to be entrusted to some third world nation.

    I definitly want to know who I'm doing business with.
  • There are several other state laws kicking in as well - here in Indiana there's a new anti-spam law (modeled after several others and unlikely ever to get dusted off) targeting forged email headers...

    Now if we can only get Daylight Savings Time here we might step into the 20th Century (nevermind the 21st!).
  • Sorry for that. While this is good for the Consumer, it is even better for hosting companies and businesses deciding to move elsewhere. The sad fact is that without really good analytical tools - most companies do not know what was cracked at all.

    Tripwire is one that comes to mind, and if used properly is an excellent forensic tool. Too bad some schmoes don't know that. I know an IT director who believes that wiping everything down and reinstalling from a backup image is the way to go. Of course - backups
    • Tripwire is ok, providing you don't mind getting a call every month from some dickhead (the local one in my case seems barely able to speak english too.. woohoo) trying to sell you more tripwire products and who is unaware of what "remove me from your list and never call me again" means..
    • Tripwire is one that comes to mind, and if used properly is an excellent forensic tool. Too bad some schmoes don't know that.

      Yeah, Tripwire is great, but it wouldn't help you know what's been stolen. It only detects modifications to files; it doesn't tell you if someone ran a 'sploit, sniffed a password or two, and lifted your cc# database. The access times would be useless too, as it's probably accessed way too much for that. You'd have to keep very detailed logs to figure out what had happened, and e
      • but it wouldn't hlp you know what's been stolen.

        True, if you don't know there was a break-in, you don't know what has been stolen. All the more argument for encyrpted traffic, encrypted passwords, and encrypted data. What you ideally should achieve is something where the effort is not worth it. Plan-text traffic is a method that should not work with sensitive account information.

        If your credit card database is "lifted" it should be meaningless. Sniffing passwords on encrypted traffic should be pointless
    • Would you trust a business that notified you that your account might have been cracked and you could have some of your valuable precious data being floated around the Internet?

      Short answer... yes.

      Why? Because it means they are paying attention and trying to make an effort at security.

      It is doubtful all attacks will be prevented, and its also doubtful all attacks will be monitored. However, all banks will experience attacks by crackers. If one slips by and its detected, I would want to know about it.

  • I'm curious... (Score:5, Funny)

    by mabu ( 178417 ) on Tuesday July 01, 2003 @12:17AM (#6336815)
    Do you think that a little "This site powered by Windows 2000" icon on the bottom of the page be considered appropriate notification?

  • The best bit is when sites who've been quietly amassing yer personal info have to turn around and say, "Uhhhh, because we were dumb, all this information we gathered without your consent is now in the hands of someone who will do worse stuff with it than us."
  • I have no CCs so its NMP!

  • Encryption? (Score:2, Insightful)

    by spike it ( 682080 )
    Whatever happened to encryption?

    • This project is on a deadline, and we will meet that deadline.

      Add in the hoards of "month-degree" programmers, and you have a recipe for disaster,

      Which is not to say that I'm all that good at security, because I know I'm not.

    • It certainly helps to keep your cc# db encrypted, possibly using syskey or the like to access it. But remember, the database is there for a good reason--there are lookups run against it all the time (heck, otherwise you could just airwall it). So you have to be able to decrypt it, and that generally means that if someone roots either the box it's sitting on, or one of the boxes that does lookups against it, all your base are belong to them.

  • make them pay (Score:5, Interesting)

    by slugo3 ( 31204 ) on Tuesday July 01, 2003 @12:50AM (#6336972)
    why not make the company responsible for notifying my credit card company? Or better yet make them pay for fraudulent charges that I could prove were from their negligance?
    They screwed up they should incur the cost of cleaning up the mess. If companies were responsible to that degree than watch how high security budgets would skyrocket. If they shouldnt be responsible to that degree with my sensitive information than why bother passing legislation like this?
  • Is there an example of a company not doing this already?
  • Between the time the company notifies you and you receive your new card in the mail, that's damn near 14 days of sales tax he can't collect on purchases you might make
  • How about that. Someone breaks partway into a system at my bank. The bank may not know exactly what has been compromised, but they then publish a list of what it could be. Intruder now knows how close they are to the money!

  • Prevention is far better than cure. (Score:5, Insightful)

    by expro ( 597113 ) on Tuesday July 01, 2003 @02:34AM (#6337345)

    These rules are good. I think both notification and public notices of being hacked should be required. But merchants and customers should be smarter to start with.

    Many prominent ecommerce sites insist that if you buy with them, you have to open an account where your credit card info will be stored permanently (read the fine print on PayPal, for example, what happens when you try to erase it).

    In order to permit you to reuse the credit card number without reentering it later, it generally has to be stored in a place accessible to the web server applications, aka a very hackable location. They usually claim to protect this via n-bit encryption, but their application can easily decrypt it, generally meaning that a hacker who owns the web server can as well.

    If a brick-and-mortar merchant insisted on storing a xerox of the credit cards of all his customers in a filing cabinet on the sales room floor in case any time in the future they forgot their credit cards, I would still feel more secure than this sort of e-merchant makes me feel (because the volume of CC numbers is less and it can't be accessed remotely) than a database with millions of card numbers. There is a huge difference between temporarily using the credit card info in a transaction database and making it permanently available in an account database. Not only can transactions records be more-fully isolated from the web servers than account records, but in the transaction case, the most compromised is far less than the millions of credit card numbers compromised in an account database. You make yourself vulnerable forever if you do business with someone who wants to keep your credit card available in your account, and they probably will not even tell you if it is compromised.

    IMO, good merchants do not insist on storing your credit card number in the account, but rather permit you to manually reenter it every time. Just like all the Microsoft email conveniences that turn out to be security holes, this sort of ecommerce convenience is asking to have your credit card number abused, with no notification. The number is safer in your wallet or travelling across SSL than in a web-server database with millions of other credit cards.

    PayPal refuses to erase the account info even if you erase it. Perhaps this sort of law will eventually force irresponsible merchants to rethink the way they expose millions of cards to cracking. You can't hack what is not on the server.

    • Yes all the points you make are good but. It all about money. How much will it cost to implement layers of security that is needed to store the CC# safely? A small ecommerce site just dont have the capital to do it. Things would be much easier if we didnt have to deal with CC numbers directly. PayPal is a way to deal with this but common what ecommerce site will force somebody to get a paypal account anyway. PayPal is not the last work in Finantial Internet Transactions. Hey they are not even a bank.
  • " or by notification to the news media"

    What is the malicous attack is [paloaltoonline.com] the news media?
  • California is known for having more progressive laws.
  • This is NOT theft! There was no loss of property, and therefore no financial loss either!

    These credit card numbers weren't 'stolen', they were LIBERATED!

  • It might get just like accounting... (Score:4, Interesting)

    by leeet ( 543121 ) on Tuesday July 01, 2003 @09:47AM (#6338702) Homepage
    Where a certified accountant needs to check and make sure everything is up to a certain standard.

    That's good news, more IT jobs coming up?

  • Back when the attrition.org site was still counting defacements, you had an interesting stat: The number of defacements per OS version.

    It would be very interesting to keep tabs on the OS versions of cracked systems, if only to avoid recommending them to new ecommerce sites.

    Of course, this supposes that the cracked company will want to add shame to embarassment. Hmmm, that will probably require a little nudge. Maybe friendly BOFHs will "leak" the OS version info in memos titled "I told you so, you freaki

Slashdot Top Deals

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Close