According to OSF... nothing. (was re: try asking us first)

2009-11-16 by Lyger

On occasion, we look for news related to things other than data loss events. Press releases veiled as "news" are a frequent treasure chest of (not so) great information, so we often use detailed and complicated techniques to make sure we have as much information as we can gather about... Open Security Foundation and DataLossDB. In other words, YES, WE GOOGLE OURSELVES. Oh, don't be shocked. You "ego surf" yourselves too. Admit it.

The Sixth Annual Gibbs Golden Turkey Awards - "According to the Open Security Foundation's excellent DatalossDB Web site" - we appreciate that, and Mark did write "according to... web site." Best one we've seen so far.

Config Errors Leaving Huge Security Holes: Study - "According to the Open Security Foundation, so far this year 37 organizations have lost almost 132 million sensitive records through external hacks as a result of sloppy or poorly secured network IP configurations." - well, kinda. Our *statistics*, when gathered and analyzed, might *infer* something related to that conclusion, but we (meaning OSF) were never asked to make a statement about any number of records compromised through any particular attack vector.

IP Networks Are Vulnerable Due to Lapses in Security, Compliance and Proper Configuration, Says Telcordia - Calvin, meet Larry. Larry, meet Calvin. Your stories both use OSF and DataLossDB as a resource, but we don't remember receiving a call or even an email asking us for comments, clarification, or any other additional insight for background. You, sirs, have an uncanny gift for being able to use each others words IN THE EXACT SAME WAY. That is a true journalistic gift. Kudos.

Journos, please, contact us about what OSF supposedly said before putting said comments into your writings. We're usually available, and typically somewhat pleasant to deal with. We also keep tabs on current events, as well as whatever you write that makes it onto Google News. Just sayin'. :)

COMMENTS

by toolbox [Apprentice Investigator] on 2009-11-24 (about 2 years ago)

I saw this one:

http://siblog.mcafee.com/?p=1385

by Anonymous on 2009-11-26 (about 2 years ago)

Get over your yourselves guys. If I take figures from a website I don't need to have a detailed discussion with the owners/collators/editors/people-who-made-up-the-numbers before publishing an interpretation of that data. I can even use the common idiom "According to blah.com..." as shorthand for "According to the data published on a specific page under the domain blah.com, who I haven't actually talked to but this is what they've written..."

by Lyger [Data Loss Maven] on 2009-11-26 (about 2 years ago)

You're right, Anonymous. As a journalist, why would you want to actually do any detailed research or get a verification that your interpretation is correct? As for "this is what they've written", that is also factually incorrect. We didn't "write" anything about the statistics cited in the examples given in the post. No commentary, no blog posts... nothing. You don't *need* to have a "detailed discussion" with anyone... but you *should* at least choose your wording more carefully.

http://blog.journalistics.com/2009/journalism_101_16_things_you_learn_in_j_school/

Back

Incidents:

Data Types:

Sectors:

Sources:

Breach Types:

Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
Disposal Mobile | Email | Fax | Fraud Se
Hack | Lost Computer | Lost Document | Lost Drive
Lost Laptop | Lost Media | Lost Mobile | Lost Tape
Missing Document | Missing Laptop | Missing Media | Snail Mail
Stolen Computer | Stolen Document | Stolen Drive | Stolen Laptop
Stolen Media | Stolen Mobile | Stolen Tape | Unknown
Virus | Web |