Has the Data Security Problem Become an Epidemic? 75
telstar asks: "Lately, it seems like an almost weekly occurrence: confidential customer data is exposed online, despite the assurance that security measures were in place to prevent such a problem. ChoicePoint Inc., LexisNexis, and DSW Inc. were all victims of online security breaches. Ameritrade and Bank of America both admitted lost physical data tapes containing confidential client account information. Recently, Carnegie Mellon notified 19,000 students, alumni, faculty and staff that their confidential information may have been compromised. An April 2005 GAO report found that though the IRS is making progress fixing security holes in systems that it operates, they aren't keeping pace with new vulnerabilities, risking exposure of sensitive financial data of the taxpaying population of the country. To top things off, these are only the cases that we're aware of, which begs the question of how many security breaches have gone unnoticed, or unannounced. What about companies like Google? As they expand their service offerings with GMail and Google Search History, where they are increasingly responsible for retaining client data, will they become a bigger target for attackers? This is the problem. What is the solution? Are there any tips for people to help protect their identity and confidential financial information? What firms go above and beyond the call of duty to ensure that their client data is secure?"
Write State Senators (Score:5, Insightful)
Illinois does not have a law, and it should.
From what I understand, the main reason we're hearing more about these data intrusions is the California law now mandates such disclosures.
Re:Write State Senators (Score:2)
Re:Write State Senators (Score:2)
I hate that stupid site. It screams "Liberal Crackpot" like few other sites, and makes the Left look pretty fucking stupid.
Did it ever occur to the authors that if they want to be taken seriously, perhaps they shouldn't use the 'Cheap MTV video' format. Maybe that shit works to get 13-year olds to buy more bling-bling, but it doesn't work for the rest of us.
Oh, and maybe remove some of the moronic logical fallacies of their argument. "It sounded like a missle". Gee, how convincing.
Re:Write State Senators (Score:1)
Re:Write State Senators (Score:2)
Honestly, they're suggesting a massive conspiracy amongst the hundreds of investigators and support staff. Pretty far fetched.
Re:Write State Senators (Score:2)
Re:Write State Senators (Score:2)
Thanks, dude, that totally made my day. :) +5, Funny.
Some of it is legal (Score:4, Insightful)
That said - the cracker population is getting significantly more sophisticated with more resources available to them (think a zombie network for solving distributed problems rather than simply launching a DDoS).
Online is a scary place to be isn't it ?
Re:Some of it is legal (Score:2)
1.) Flaw found by QA
2.) Flaw goes in internal database
3.) Fix attempt by developers
4.) Patch compiling by release eng
5.) Now you hear about it in public
Re:Some of it is legal (Score:3, Interesting)
As far as I've read, there is no US Federal law requiring company disclosures of security breaches.
Re:Some of it is legal (Score:1)
Look... (Score:2)
There's always going to be data compromise. One should be careful, and precautions should be kept in place but the long-term answer is that consumers will be pro
Comment removed (Score:4, Insightful)
Re:Look... (Score:2)
The problem is that one can't be careful. Before Choicepoint's data compromise went public, I don't think I'd ever heard of them before. I certainly didn't kno
Re:They can't compromise what they don't have (Score:2)
Posessing the data is a good part of the problem. Companies are allowed to callect and aggregate information about us, without our knowledge or permission, and then use that data in promoting their interests, which, as we've seen, can easily compromise our interests. When I say compromise, I'm not talking about a minor inconvenience- I'm talking about a life-chenging event that can take years to resolve, with no guarantee that it will be resolved.
The I question think we should be asking is this: why are ot
No (Score:5, Insightful)
Compare with people who watch Faux News: they're convinced that Osama is on the verge of attacking BFE, ND, and we're also winning the war in Iraq.
agreed (Score:2)
No......sorry (Score:1)
Re:No......sorry (Score:2)
When I used to work retail, people would always freak out if I looked anywhere near their hand while they typed in their pin numbers....like I could remember a hundred pin numbers a day? I hate how paranoid everyone has gotten with this s
Re:No......sorry (Score:2)
Re:No......sorry (Score:2)
Doesn't look so clear-cut to me re choice of words -- from m-w.com [m-w.com]:
Re:No......sorry (Score:2)
Legislation in the pipeline (Score:1, Interesting)
I'm surprised the Homeland Security folks haven't done it themselves on the grounds terrorists will steal identities of US citizens to sneak in and get around.
As for a technological fix... unplug.
Re:Legislation in the pipeline (Score:2)
Re:Legislation in the pipeline (Score:1)
Re:Legislation in the pipeline (Score:1)
If it's worthless they won't steal it (Score:4, Insightful)
California (Score:1, Interesting)
This is just speculation, but I believe a lot of these new warnings are the result of California's new law forcing disclosure of these events. I'd venture that it was probably happening before, but they just kept quiet about it. And if someone doesn't conduct business in California, you still won't know until it's too late.
On the other hand, some of these may be cases where the *potential* exists that someone accessed your data, but really didn't, but the company is covering
Entire Registry of Motor Vehicles Database Hole (Score:1, Interesting)
Google Problems (Score:2)
I love Google as much as anyone else here, but this definately points out that even the geniuses at Google can make mistakes, and this is just a tiny look at what can happen with those mistakes.
I hope Google is able to fix this or pulls the web accelerator.
~Rebecca
Re:Google Problems (Score:1)
Apparently neither Rich "Lowtax" Kyanka nor yourself actually *read* the Google Accelerator information page.
http://webaccelerator.google.com/support.html [google.com]
Rich's lack of understanding leads him to make several false statements:
"Well here's the problem, folks: everything you view is now owned by Google. Do you read email? Well now Google reads your email, and now the entire world can read your email. Do you use private messages through a website?"
First and foremos
Re:Google Problems (Score:2)
Second, I read the Google page yesterday, and it doesn't say "If you log in to gmail through the accelerator, someone else might get your cached copy." Also, your link now is dead, Google took it down. As of 5:10p AZ time the page reads "The requested URL was not found on this server." and nothing else.
I believe it is a valid issue considering gmail itself uses http not httpS for the actual reading of your mail.
Re:Google Problems (Score:1)
I called troll because the problems Rich points to are a non-issue with regards to the web accelerator.
Now, if you had expounded upon his page with some of your own thoughts, like you just did, then I wouldn't have called troll.
The actual security issue, as you just pointed out, is that *gmail* doesn't use HTTPS. Unfortunately for you, this has nothing to do with the web accelerator (which, I must reiterate, was the sole topic of your original post)
BTW: The link is not dead,
Re:Google Problems (Score:2)
If http truely is the cause and has nothing to do with GWA, I challange you to get my gmail since I have not used GWA (not available for linux). If you decide to take my challange, its the same as my slashdot ID.
While gmail not using https may be a problem in itself, the problem
Re:Google Problems (Score:1)
I think you are getting ahead of yourself here. I took the liberty of looking at gmail after the last post, it (like all other webmail services I'm familiar with) does indeed use HTTPS - although only for logins. (unlike, for instance, my ISP's webmail access, which is entirely HTTPS)
If it can't
Re:Google Problems (Score:2)
~Rebecca
Re:Google Problems (Score:2)
"begs the question" (Score:5, Informative)
To top things off, these are only the cases that we're aware of, which begs the question of how many security breaches have gone unnoticed, or unannounced.
The circumstances may "raise" or "prompt" a question, but it doesn't "beg" a question. "Begging the question" is a logically fallacious practice in which one assumes one's conclusion, making a circular logic. (eg. claiming the Bible is the inerrant word of God because it says so) It has nothing to do with speculation.
Re:"begs the question" (Score:2)
"Are you still beating your wife?"
"No!"
"That begs the question--when did you stop?"
Re:"begs the question" (Score:1)
Re:"begs the question" (Score:2)
The language changes. Deal with it. It doesn't make you educated to avoid ending sentences with prepositions, nor
Re:"begs the question" (Score:1)
I am quite familiar with the attempt, especially in the 17th and 18th centuries, to make written English correspond with the formal structure of Latin grammar (that is, at least, Latin grammar as taught in English public schools). My area of p
Re:"begs the question" (Score:2)
Languages change over time. One way to assess the power of a language is to measure the rate at which it changes and evolves. This process of evolution is natural and should neither be feared nor welcomed. It's a natural state of affairs. Hence my remark of "deal with it". You may think it's rude, but I think you should deal with it, the same way I think you should deal with gravity, the sun rising
Get rid of SSNs and the problem shrinks. (Score:2)
I don't particularly *want* a copy of my college transcripts roaming the Internet, but the main problem with them ro
Re:Get rid of SSNs and the problem shrinks. (Score:2)
Re:Get rid of SSNs and the problem shrinks. (Score:1)
http://www.politechbot.com/2005/05/04/real-id-act/ [politechbot.com]
http://www.dcexaminer.com/articles/2005/04/07/opin ion/op-ed/25oped08plummer.txt [dcexaminer.com]
Problems scale, too (Score:2)
Solutions:Our Data,TrustABLE IT & Notify Honey (Score:2)
1) Our Data : an appeal - a "Plimsoll line" for computer security [google.com]:
2) Twelve Step TrustABLE IT : VLSBs in VDNZs From TBAs [blogspot.com]:
3) Do you want the Good or Bad news first? [blogspot.com]
Simple...or too simple? (Score:2)
Money (Score:2)
Re:Money (Score:2)
A solution to the ID crisis... (Score:2)
1. Replace the SSN with SecureID card with challenge keypad (none of those biometric foo-foo crap, bio is non-revokable)
2. Make data aggregation illegal (ooooh, sorry credit bureaus)
3. Make IRS the focal point of multi-keyed 2nd-generation SSN registration centre (sorry SSA, you screwed up, big-time!)
4. Customer "optionally" generate a NEW SSN for each business or financial institutions. (remember, data aggregation
Re:A solution to the ID crisis... (Score:1)
--
Phil
Re:A solution to the ID crisis... (Score:2)
Why, the massive legal ramifications.
Or, more realistically, we'd just need a better way of defining a 'web of trust.' Like statements of credit-worthiness from your bank.
Tell me about it.. (Score:3, Funny)
THEY PUT EVERYONE'S EMAIL, IN THE TO: LINE.
I (as well as every other fellow student) now have a full listing of all my fellow student's names and email addresses..
Oddly enough, this school has a "networking" course, hello security.
Re:Tell me about it.. (Score:2)
Slashdot Answers (Score:1)
Video transcripts are also available (here [americanprogress.org])
Re:Slashdot Answers (Score:1)
IDS spending (Score:2)
Simple question (Score:1)
which is worse losing 3 months customer data , or 3 years ?
Time Warner (Score:1)
Absolutely. (Score:2)