Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyberattacks. A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based biz revealed intruders …
Quote, "This settlement sends the message that companies need to take stock of what information they maintain and take reasonable steps to protect that information," unquote.
Seriously? SERIOUSLY?
The only message this will send is "as you were and just suck up the pathetic fines".
And just what is the point of fining the company. They will just increase the prices they charge to cover the cost. Now if the boardroom members were personally fined.... Oh fuck the fines, just bung them in prison. Maybe it really is the only way to be sure.
Ishy
really doesn't work. it just drives bad behaviour (I'll add 1 to the number on the end)
the AGs should really read the NIST SP 800-63b
"Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).
However, verifiers SHALL force a change if there is evidence of compromise of the
authenticator."
I'm dealing with that right now. We have a large customer that, in their due diligence, is insisting that we put password rotation back in place. I've sent them that exact NIST reference you quoted along with a paper from SANS institute explaining the same thing.
Even the boneheads at PCI finally gave up this stupid idea.
a couple more resources to throw at the auditors:
https://www.ncsc.gov.uk/collection/passwords
https://www.ncsc.gov.uk/blog-post/your-password-expiry-policy-may-have-reached-its-expiry-date
https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/
More than once I've asked the Register about this.
There is no doubt what this article's stock headline image depicts.
https://upload.wikimedia.org/wikipedia/commons/thumb/c/ca/Titanic_Starboard_View_1912.gif/400px-Titanic_Starboard_View_1912.gif
Please don't use even - perhaps especially - cartoon images of the Titanic flippantly.
It's offensive.
More than 1500 people died in that disaster and it's most disrepectful to the memory of the victims and their families and friends.
And it marks you out as jerks.
Been on several Carnival cruses and had a blast every time. Fortunately, we had to postpone our last attempt several years ago or we might have been aboard the ship that lost a generator and had to be towed ignominiously back to port after a few days of hell for everyone (whew!). So, if they got my info it’s seriously out of date.
But, it points to a very depressing situation: It seems like every major company, no matter what the industry, is run by imbeciles. As I’ve lamented before, it’s a Beavis and Butthead world now and they run the show. It’s also another reason I don’t bother chasing cell phone or ISP providers or OS systems in an attempt to go with a more honest or environmentally oriented corporate structure. They all suck. Pick one, hold your nose and get on with life.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
