Comments on: Followup: Hannaford Used Rapid7 for Security http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/ tech, science, news and social issues for geeks Mon, 22 Mar 2010 02:14:51 +0000 http://wordpress.org/?v=abc hourly 1 By: Bobby http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-52105 Bobby Thu, 20 Mar 2008 21:44:19 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-52105 Rapid7 is a joke. They have been pitching this crap software to me for months. Their product demo was the most absurd call I have ever been apart of. I have been blowing off their sales calls recently, but now I hope they call and try to sell me on their program! Rapid7 is a joke. They have been pitching this crap software to me for months. Their product demo was the most absurd call I have ever been apart of. I have been blowing off their sales calls recently, but now I hope they call and try to sell me on their program!

]]> By: » Security vendor removes Hannaford as a client on their site after data breach is revealed! - Blogger News Network http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-52060 » Security vendor removes Hannaford as a client on their site after data breach is revealed! - Blogger News Network Thu, 20 Mar 2008 14:21:31 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-52060 [...] the blog post on geeksaresexy.net: Instead, Rapid7 scrubbed all mentions of Hannaford from their client list. [...] [...] the blog post on geeksaresexy.net: Instead, Rapid7 scrubbed all mentions of Hannaford from their client list. [...]

]]> By: PatB http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51941 PatB Wed, 19 Mar 2008 20:46:14 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51941 Berr, thanks for the handy link. the article is changing with updates. It seems that Rapid7 took it down, and then made sure it was okay with hannaford, but then someone at the company said it was no need to purge the info. Sounds like pandemonium at rapid7. From the updated article: "Regarding why the Hannaford materials reappeared hours ago, Matthews says: "When I got involved yesterday afternoon I said, 'Well, there's no reason to do this; no one has actually asked us to do this. We should just put it back up the way it was." Regarding how the breach actually happened? You are right, the investigation is not yet complete. I never blamed Rapid7 or its product for the failure of Hannaford's security. The failure is ultimately Hannaford's, as they assume the risk to ensure their network is secure. I do blame Rapid7 for shooting themselves in the foot by screwing around with their website in light of the breach. It makes them look very amateurish. Berr, thanks for the handy link. the article is changing with updates. It seems that Rapid7 took it down, and then made sure it was okay with hannaford, but then someone at the company said it was no need to purge the info. Sounds like pandemonium at rapid7.

From the updated article: “Regarding why the Hannaford materials reappeared hours ago, Matthews says: “When I got involved yesterday afternoon I said, ‘Well, there’s no reason to do this; no one has actually asked us to do this. We should just put it back up the way it was.”

Regarding how the breach actually happened? You are right, the investigation is not yet complete. I never blamed Rapid7 or its product for the failure of Hannaford’s security. The failure is ultimately Hannaford’s, as they assume the risk to ensure their network is secure.

I do blame Rapid7 for shooting themselves in the foot by screwing around with their website in light of the breach. It makes them look very amateurish.

]]> By: HSO http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51922 HSO Wed, 19 Mar 2008 19:29:45 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51922 I think it's more likely that Hannaford's asked to be removed from the web site, which would be consistent with standard business practice after an incident... Maybe. I don't know. I think it’s more likely that Hannaford’s asked to be removed from the web site, which would be consistent with standard business practice after an incident… Maybe. I don’t know.

]]> By: Berr http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51921 Berr Wed, 19 Mar 2008 19:01:51 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51921 Apparently (according to the vendor, anyways) Hannaford asked the vendor to correct the information on their website: http://www.networkworld.com/community/node/26143 So the breach happened in a retail system which was not scanned by the vendor...although if TJX taught us anything, I think we should not rush to judgement until the investigation is done (remember how the story with TJX kept changing every week for a couple months) Apparently (according to the vendor, anyways) Hannaford asked the vendor to correct the information on their website:

http://www.networkworld.com/community/node/26143

So the breach happened in a retail system which was not scanned by the vendor…although if TJX taught us anything, I think we should not rush to judgement until the investigation is done (remember how the story with TJX kept changing every week for a couple months)

]]> By: PatB http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51917 PatB Wed, 19 Mar 2008 18:12:05 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51917 I guess they are testing their backup and restore solution. ;-) I guess they are testing their backup and restore solution. ;-)

]]> By: Kiltak http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51916 Kiltak Wed, 19 Mar 2008 18:01:24 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51916 LOL, they added it back, along with their name in the list :) LOL, they added it back, along with their name in the list :)

]]> By: Robb http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51915 Robb Wed, 19 Mar 2008 17:37:23 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51915 I see a Hannaford logo on the right-hand side of their client list. Probably a haxor broke into their site and re-added it..... I see a Hannaford logo on the right-hand side of their client list. Probably a haxor broke into their site and re-added it…..

]]> By: BelchSpeak » Post Topic » Hannaford Data Breach Tied to Rapid7 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51902 BelchSpeak » Post Topic » Hannaford Data Breach Tied to Rapid7 Wed, 19 Mar 2008 16:49:08 +0000 http://www.geeksaresexy.net/2008/03/19/followup-hannaford-used-rapid7-for-security/#comment-51902 [...] I have provided an update to the Hannaford Hack story over at [GAS] here. [...] [...] I have provided an update to the Hannaford Hack story over at [GAS] here. [...]

]]>