I was recently asked by a business partner to respond to the question – what would be the top five security tips I would tell a computer user. Here is it is… (more…)
Five security tips October 17, 2008
ID Theft Part 3 September 22, 2008
The sage continues – here is an update: The SSA reported that they have had my date of birth wrong since it was originally applied for back in early 1980. I always wondered why my SSN number was higher than people younger than me. Now I know, my parents applied for my SSN number well after I was born. Prior to the 80’s SSN were not issued by default at birth, however nowadays they are. Back then, you’d need to manually apply for them. Apparently a typographical error when my initial application was submitted resulted in an inaccurate date of birth. (more…)
ID Theft Part 2 September 16, 2008
In the San Jose Business Journal today there was an article regarding how Alliance Title will be discarding all of their old documents because it will be too costly for the bankrupt company to retain the files, which would not be financially responsible. However, there is a huge concern on how they are disposed of since these title files contain a complete workup on the identity of the people involved, from social security numbers, names, addresses, prior employers, children, maiden names, property, account numbers, credit reports – a virtual “ID theft in a box” storehouse!
Today, I also discovered what appears some identity theft on a personal level. I just received notice that our IRS tax return for 2007 was rejected because of a SSN mismatch. After spending 45 minutes on hold, I confirmed that the date of birth that the Social Security Administration has on file for me does not match my actual birthday! And to correct it, I’ll need to go down to the local field off with my birth certificate to straighten out the whole issue.
Pretty crazy stuff!
Behavioral Targeting August 15, 2008
In sci-fi movies we’ve seen that advertisements know your purchasing trends and provide target specific advertisements. Walking down the street, the billboard will reflect something you’re inclined to purchase. Good or bad, this is something which is beginning to take form online. In a recent Tech Republic Blog it exposes how the US House of Representatives is beginning to question ISP and other online agencies about their Behavioral Targeting practices. It is an interesting point to discuss. On one end, as a person who has no interest in beer and “female undergarments”, I really would appreciate not seeing those ads on signs, magazines and online pop-ups. Then again, it would probably be filled with the latest books, technology and most significantly ads relating to Disneyland. There may be way too much temptation for me if I saw such ads everywhere I turned… 🙂 But I digress…
There is nothing new about behavioral targeting, and it is used every day in virtually every form of advertising, ever since the science of marketing was invented. The problem that most people have is that instead of targeting a group, they are now targeting me specifically, and individually. And the fact that somebody knows that sort of information about me is concerning… or at least it is to some people. Yes, this information could be used for ill purposes. But stop for a moment and think about Amazon.com – they use this sort of individual, behavioral targeting – placing products I’d likely purchase on the homepage. Do we really have a problem with this sort of usage? At what point did we really be concerned about out privacy to this degree?
Let’s take a step back, and go low-tech for a moment. Rush back to the turn of the century, and you purchase your groceries from the local market. You see your regular clerk twice a week, and he notices by pure observation that you’re purchasing baby products, perhaps you even bring your child to the store. At some point there is a sale, or perhaps about to be a sale on cloth diapers (remember, no disposables back then!) — and he mentions this to you… Wouldn’t you be genuinely appreciative that he took a moment to acknowledge you as a unique person with specific needs – and then addressed them? Yet, fast forward to the 20th century — we would probably be offended by that same clerk today that he was prying into my private life… Last time I checked, things readily observable is not something any privacy law protects. How far is too far with this in-reach of privacy laws?
My guess is that it is the people that have something to hide – perhaps people involved in illegal or other questionable in legality — or perhaps just some things they think are slightly immoral, or would be the subject of questioning — if other people learned about their habbits. Now I don’t think our houses shoudl be made of glass walls — some things that take place in my home are made to be private… But if I am interacting with the world, then I really shouldn’t have the expectation of privacy: amazon is an extension of my local bookstore, and google is an extension of my library.
Cryptography August 14, 2008
I just completed watching the bonus features of National Treasures, Disc 2, where there was a featurette on cryptography. While it didn’t do the field much justice, it did a wonderful job of explaining the science of cryptography to the average person, along with a brief history lesson.
What disturbed me the most was a single statement which was used repeatedly as if it was fact, “current cryptography will never be broken”. Reiterated several times by several “experts”. However, if the “history” of cryptography has taught us anything, it is that all codes can be broken, given enough time and resources. And while today we do not see the computing power to break current ciphers, if we look at the computing advances in the last 50 years, we can see the quantum leaps forward in computing capacity. If that trend continues virtually every cipher today is doomed for cracking.
Some of you may remember the Oracle advertising campaign that their database was “unbreakable” — touted very strongly after Microsoft’s Secure Computing Initiative. However, it wasn’t long before it was broken, and they ceased that campaign. Anyone who tells you that something is unbreakable, doesn’t really have a full understanding of the situation. There are strong, as well as stronger security mechanisms, and there are systems which have yet to be broken…yet. But the fact that it hasn’t been broken, doesn’t mean that it is intrinsically safe.
I remember when the Mac OS X came out, and one of the false arguments to purchase a Mac was that it didn’t have any viruses written for it…yet… But today there are several. So does that argument of switching to a Mac hold true? How about Firefox (versus Internet Explorer)? Choose it because it’s faster and has no major flaws, less updates? Today we see that there are several vulnerabilities and has more patches required that Internet Explorer on a monthly basis, and it’s slowing down as it receives more patches and becomes more compatible with other websites. These arguments of “more secure” have fallen flat over the years.
Something new always promises to be better, until given the opporunity to be broken.