-
The summer river:
although there is a bridge, my horse
goes through the water.
Remind you of any projects you might be working on? How’s this for an interpretative slant:
-
Harried product launch:
in spite of regs, engineers
push insecure code.
Remind you of any projects you might be working on? How’s this for an interpretative slant:
Here’s a creative mix of Star Wars and Telecom marketing, although the comparison is a bit harsh:
Worried about hackers getting your data? Consumers are being asked by a company to agree that “all your data are belong to us” before they will give you any service. Those who already have service…well, that’s not so clear yet.
SFGate has the scoop:
The new policy says that AT&T — not customers — owns customers’ confidential info and can use it “to protect its legitimate business interests, safeguard others, or respond to legal process.”
The policy also indicates that AT&T will track the viewing habits of customers of its new video service — something that cable and satellite providers are prohibited from doing.
Moreover, AT&T (formerly known as SBC) is requiring customers to agree to its updated privacy policy as a condition for service — a new move that legal experts say will reduce customers’ recourse for any future data sharing with government authorities or others.
And now for the two edges of the sword…
AT&T said in a statement last month that it “has a long history of vigorously protecting customer privacy” and that “our customers expect, deserve and receive nothing less than our fullest commitment to their privacy.”
But the company also asserted that it has “an obligation to assist law enforcement and other government agencies responsible for protecting the public welfare, whether it be an individual or the security interests of the entire nation.”
So this reminds me of the old Lincoln-Douglas debate topic “Should the public’s right to know outweigh national security interests?” except that no-one even close to the oratory power of Lincoln or Douglas seems to be speaking about the topic. So far I’ve only heard lawyers from AT&T say “don’t worry, this is just a minor clarification”; not exactly a heart-warming defense.
Can you imagine if the rulers of a country had to agree that the public has full and unfettered ownership of their confidential data, even when in power, before they were allowed to take office? Just curious how far the logic might extend…
I found something ironic in this story on MSN. MySpace, made popular through the ease of connecting to other people and related “hype”, is apparently telling people not to listen to what they hear on the street.
The popular Web hangout MySpace.com is as safe as anyplace in the offline world despite recent reports that sexual predators may be using it to find and lure young victims, the company’s CEO said.
“If you go to the mall and start talking to strange people, bad things can happen,” Chris DeWolfe, the site’s co-founder, said in a telephone interview. “You’ve got to take the same precautions on the Internet.”
I am not a PR expert, but from a security perspective I find this position odd. After all, it comes from a company that provides a platoform to people that enables them to represent themselves as someone they are not.
In other words, the analogy could be translated into “if we provide a forum that strips away all the controls you might use in a mall to protect yourself (e.g. physical appearance), and don’t give you anything to protect yourself (e.g. we have no alternative checks and controls to suggest or provide to you), you can’t expect us to be liable for your behavior.” And that doesn’t sound right for a reason. The next question to DeWolfe should have been “what exactly do you mean by ‘same’ precautions?”
Back in March there was a good deal of news about a Feb attack on a retailer that exposed many debit cards:
a total of eight banking companies — Citigroup Inc., Bank of America Corp., JPMorgan Chase & Co., Wachovia Corp., Wells Fargo & Co., Washington Mutual Inc., National City Corp., and PNC Financial Services Group Inc. — have confirmed their customers may have been compromised and all said they would reissue debit cards to some customers. […] sources close to the matter said they believe the lead theory is that hackers “accessed servers at about 30 stores belonging to a large, national retailer and stole data from the cards’ magnetic stripes, encrypted customer PINs (in a format known as PIN blocks), and the keys to decode the PIN blocks. “The criminals used the magnetic stripe information to create counterfeit cards, and the decrypted PINs to withdraw cash from automated teller machines, the sources said.â€? […] Customers are asked to monitor their accounts for suspicious activity and immediately report anything out of the ordinary. Silvestri [the spokesman for Wachovia] said he is a frequent debit card user. He said he likes to check his account online at least once a day.
One might almost think about getting a link to your phone so every transaction has to be approved via cell. Imagine if an ATM sent your phone an SMS message asking for confirmation…or if your cell-phone had a random number generator that you had to type into the ATM along with your PIN.
Apparently the breach is still newsworthy as banks continue to replace cards, almost five months later, and the reporters are starting to hint that an ATM processor was the real source of problems:
Charlotte, N.C.-based Wachovia issued the card replacements last week as an antifraud measure, said bank spokeswoman Mary Beth Navarro. She declined to explain the circumstances that triggered the action after several months. […] Visa has encountered security problems with other contractors besides the ATM processor that triggered the February alert.