________________________________________________________________________________
the hacked material was uploaded to a public server during the second half of September
Is it still up?
In a rare instance where I'm going to come out and criticize Krebs: he should have disclosed that he has a business relationship with Hold Security.
I have no financial relationship to Hold Security. When Alex started his company, he asked if he could list me as an advisor. I said yes. I've never received any sort of remuneration for that role. If anything, he is more of an advisor to me, in terms of possible story tips.
You're prominently on his web page. You should just disclose it! It's not like it's a bad thing.
If for no other reason than that most people who see that web page are (reasonably) going to assume the position is in fact compensated, because most advisor positions are.
Not sure you can say most advisor positions are. That’s a vague generalization. Krebs said he wasn’t paid. So that’s his story, who cares? That’s not what the crux of this story is about and at best is a sideshow.
It's a total sideshow, and it's not that big of a deal. I'm not trying to take Krebs down a peg; I'm a fan. If he's an advisor to a company, he should disclose that relationship --- like any other relationship! --- in his stories. That he's not paid doesn't change much; personal relationships are also disclosable. I mentioned the payment thing only because the optics probably weren't the optics Krebs wanted, not because I dispute what he's saying.
Boom. You just disclosed it.
As a term of art, "disclose" means "in the story". His relationship with Hold isn't a secret; it's on Hold's web page.
Maybe but the very first sentence in my mind made it clear that him specifically had something to do with the reveal. Why else would KrebsOnSecurity inform Gunnebo and not Hold Security themselves?
Is this a case of 'security through secrecy' shouldn't be relied upon? We all know that shouldn't be a thing, but I guess every little bit helps.
Security _only_ by obscurity is the problem.
It depends, it very much is not a bad thing ---
“the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.”
Explain like I'm five what such information is even doing on a “computer” connected directly to the Internet.
Now I know from where they get all these blueprint in movies.