I'm going to make two predictions.
One: Every single American will have his identity stolen in the next five
years.
Two: Some of the management folks who read ISSJ will go to jail in the next
five years for poor security practices.
OK, time to explain. In the last year or so, unless you are dead, you've seen
the headlines about countless private databases that have been compromised by
criminal hackers, insiders, lost or stolen computers, misplaced tapes, and
other abuses of private data. The numbers are staggering.
In 2004, there were 9.3 million cases of identity theft - and those are just
the ones that were reported! Heaven knows how many other clueless Americans
are wandering the streets and malls with debt loads that are ballooning
because of organized crime. Guess: 50 million or more? Whatever. Too many.
This year is shaping up to be a banner year for stolen IDs... (more)
When my company was designing its data center, we had to make a choice: What
kind of database storage system was going to be the backbone of our
operations? As in most things IT, the options were seemingly endless, and
there are many criteria to consider before investing time or money into
development and deployment.
1. Price
Some database storage approaches can be very expensive, often requiring
recurring license fees and specific hardware. Others are virtually free and
can function perfectly well on generic platforms.
2. Scalability
How much expansion is going to be needed over w... (more)
Antonio Marcelli killed people for a living. At least a few he admitted to.
The feds caught him, he turned state's evidence, testified in open court
against the capos and subsequently entered the witness protection program. He
was safe until his new name and location hit the Internet.
A computer junkie from Kentucky had bought a heap of old hard drives that the
Justice Department had discarded. Lo and behold, names and addresses of
people in the witness protection program popped up in a perfectly readable
format.
Embarrassing? Yes. Deadly? Potentially. What went wrong? The DOJ fo... (more)
Fourteen years ago I warned MyBank (who is not one of my clients, I am one of
theirs) about using social security numbers as solid identification. The Head
of Security, three weeks retired from the Secret Service, said he would look
into it. Nothing has changed except the security at MyBank has gotten worse.
I was recently met with the familiar telebanking voice, "Please enter your
bank account and social security numbers." Whoah! Security alert! MyBank's
new and improved system was using two pieces of publicly available
information as proof positive remote identification. An emba... (more)
I often think like I'm paranoid. I get paid for it.
So when I think about availability, I can conjure up an amazing array of
things that can go wrong. But, instead of discussing the many
security-related aspects of your storage systems availability, let's talk
about how your systems may be too available. That's right - too available.
When a man wearing a telephone company hard hat and a service belt comes to
your offices, where is he permitted to go? Does he have free rein of your
offices including your NOC (Network Operations Center)? Can he get to the
executive floor and repair... (more)
Winn Schwartau is one of the country's leading experts on information security,
Scott Sellers
David M. Adler
Anthony Franco
Daniel Morris
Wayne Walls
Niki Acosta
Jereme Hancock
Oren Michels
Marvin Wheeler
Douglas Kim
Ken Guiberson
