g0t XSSed?

Following previous posts on XSSing The Planet and XSS Vulnerabilities in E-banking Sites, here's a full disclosure project that's basically categorizing user-submitted XSS vulnerabilities by pagerank/government/public entity, with mirrored XSSed pages.

Even a .secured TLD name is nothing more than a false feeling of security with phishers still loading content from E-banking providers' sites, and actively exploiting XSS vulnerabilities to make their scams use the bank's site. Therefore from a business development perspective you ought to realize that overperforming in a developing market segment, is sometimes more profitable than being a pioneer with an idea the market's not willing to anticipate for the time being -- perhaps for the best.

Data Breach Sample Letters of Notification

Dear customer, to ensure your satisfaction with our quality services we're notifying you that our inability to protect your sensitive data has resulted in its leakage on the World Wide Web thus, stay tuned for possible identity theft and spending the next couple of years explaining how it wasn’t you who bought that luxurious yacht your bank wants you to pay for. By the time our stolen laptops get connected to the Internet -- which we doubt anyway -- they will phone back helping us locate them which doesn’t mean we didn’t breach the confidentiality of your personal information, and are just trying to be socially responsible in the time of notification.

Sincerely,
Your favorite and customer-friendly breached retailer

Perhaps the most comprehensive archive of scanned data breach letters of notification on U.S based companies, I've come across to so far. Well worth going through in case you wonder on what tone does a breached company use to maintain its weakened brand image, and to prevent a PR disaster.

Related posts:
To report, or not to report?
Personal Data Security Breaches - 2000/2005
A Chart of Personal Data Security Breaches 2005-2006
Getting paid for getting hacked