[Sigia-l] Practical question for Monster users

[Ziya Oz]

Jonathan Baker-Bates:

> Companies that get b0rked like this must fail or security won't be taken
> seriously. 

Security is *already* not being taken seriously.

Here is what the Monster CEO said:

"Protecting the job seekers who use our Web site is a top priority at
Monster," Iannuzzi said in a statement. "We believe these actions are the
responsible steps to protect our valued job seekers and customers."

Can you take action against threats you don't quite comprehend? Apparently
so:

But company officials noted that the theft of confidential information was
not an isolated incident and said the scope of illegal activity was
impossible to pinpoint.

<http://www.eweek.com/article2/0,1759,2177674,00.asp?kc=EWRSS03119TX1K000059
4>


Do Monster users care? Apparently not:

About 200 to 300 job seekers have canceled their accounts as a result of the
security issue, the CEO said, but those have been offset by an upswing in
new accounts. A "handful" of employers have canceled their accounts,
Iannuzzi said.


Does the Wall Street care? Apparently not:

Monster shares closed on Wednesday up $1.24, or 3.8 percent, to $34.15 on
Nasdaq.


Is this limited to services like Monster.com? Apparently not:

But he said that the data that Monster.com lost isn't as valuable to
criminals as some information that people willingly put onto social
networking sites such as MySpace.com.

People post photos of themselves and their families, talk about their jobs,
hobbies, religious beliefs and provide other information valuable to
criminals out to make a buck.

That's enough information to help a criminal concoct a convincing story to
persuade somebody to let their guard down.

"It would be child's play to social engineer at least 40 percent of the
people on MySpace," Abrams said.

<http://www.reuters.com/article/internetNews/idUSWEN072620070830>

There you have it!

--
Ziya

"Every problem comes from a solution."