[SecurityRatty] tag: barn

Craigslist Scam

Tue, 25 Mar 2008 16:33:06 +0000

This is a weird story: someone posts a hoax Craigslist ad saying that the owner of a home had to leave suddenly, and this his belongings were free for the taking. People believed the ad and starting coming by and taking his stuff.

But Robert Salisbury had no plans to leave. The independent contractor was at Emigrant Lake when he got a call from a woman who had stopped by his house to claim his horse.
On his way home he stopped a truck loaded down with his work ladders, lawn mower and weed eater.

"I informed them I was the owner, but they refused to give the stuff back," Salisbury said. "They showed me the Craigslist printout and told me they had the right to do what they did."

The driver sped away after rebuking Salisbury. On his way home he spotted other cars filled with his belongings.

Once home he was greeted by close to 30 people rummaging through his barn and front porch.

The trespassers, armed with printouts of the ad, tried to brush him off. "They honestly thought that because it appeared on the Internet it was true," Salisbury said. "It boggles the mind."

This doesn't surprise me at all. People just don't think of authenticating this sort of thing. And what if they did call a phone number listed on a hoax ad? How do they know the phone number is real? On the other hand, a phone number on the hoax ad would give the police something to find the hoaxer with.

At least this guy is getting some of his stuff back.

Links for 2008-02-20 [del.icio.us]

Wed, 20 Feb 2008 21:00:00 +0000

A Barn Door Has No ROI

Sat, 16 Feb 2008 01:49:17 +0000

When you think about it, farmers know where their assets are better than a lot of us in business. Usually, they’re in the barn. A security geek’s interpretation of the term “closing the barn door after the horses have bolted”, would probably be something like “it’s too late to take preventative action after the incident [...]

Best practices - notification of a breach

Thu, 07 Feb 2008 13:29:00 +0000

CSO magazine has a facinating article on notifying stakeholders of a breach. They compare and contrast two styles of letters to customers - interesting stuff. How does one provide details without overwhelming the reader who may not understand everything? Does one mention steps beign taken, other breaches in the industry?

I wonder how many folks within the company (as well as lawyers, PR folks) might be involved in this task? I assume this increases the visibility of data breaches across the company - mainly because of the number of senior folks involved. Bit late though, now that the horse has left the barn...