jump to navigation

Guest Post: “Of Payments, Privacy, and Social Networks” April 15, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy.
Tags: , , , , ,
add a comment

As I have been out of town at a charity event and had little time to blog, I am publishing a blog from the incomperable Dr. Heather Mark 😉  Please enjoy…

“By now, many of you have probably heard about the smartphone app creatively and aptly named “Girls Around Me.” For those that have not heard, it is essentially an application that aggregates the “check in” location data of women using Facebook, foursquare, and other social, location based services.  It then displays for the user the locations and names of “girls around” him (or her, I don’t think the app discriminates).  The app promises to “turn your town into a dating paradise.”  For privacy professionals, the app sparks an interesting debate.  Is privacy infringed if the person in question volunteers the information.  On one side of the argument are those that would say “no – if the user has volunteered information then privacy is not compromised by the application.”  The converse of that argument, however, is one that centers on a definition of privacy that hinges on the appropriate use of information.  If the user did not volunteer the information in an effort to join this “dating paradise” then privacy is certainly infringed.  Certainly, one can see that the application in the wrong hands has the potential for misuse.  But, what if we use the information for good, rather than evil?”  read more here! 

Another Total Security Failure!?- 750K Socials Stolen in Utah April 10, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy.
Tags: , , , , , , ,
add a comment

(RANT ALERT) While everyone is fighting over who gets to eviscerate Global Payments in the press today, a major breach of sensitive data goes unnoticed.  For the record…Credit Card theft is NOT identity theft.  Steal my credit card every day of the week…I have zero liability. Do NOT steal my social or passport or drivers license. We seem to be focused on the wrong data at times. I live in Utah and am pretty sure my wife, and my own 2 year old son’s Social was included in this breach.

Today on Foxnews.com a story was posted about how hackers stole “hundreds of thousands of social security numbers” from the Utah Health Department.  Well…this is not entirely accurate.  The data thieves did steal the Socials but they also stole medical information and other personal information such as names, addresses etc.  The total number of records is nearing 900,000.  Here is my beef…according to  the story: (more…)

“Privacy, Terrorism, Blowback, and Crime” – Where to start? April 10, 2012

Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.
Tags: , , , , , ,
add a comment

There is an interesting story on the front page of Foxnews this morning where a self-proclaimed patriot hacker who calls himself “The Raptor” is “…waging his own war on terror..” by taking down online forums used by Al Qaeda sympathizers.  Certainly, known, and admitted terrorist organizations are not in the public interest. This blog is not justifying their position their tactics, or anything else they do.

The purpose of this post is to question the value of an individual (if you believe his tweets) taking unilateral action and then basking in the attention given to his actions. While vigilante actions may have a visceral appeal to many (including this author, at times) do actions such as this exacerbate the situation?  Additionally, one has to ask whether he is right in taking unilateral action?  As an American my gut reaction is to applaud the person but upon closer review, I don’t know if his actions are positive or altruistic.

In espionage there is a term called Blowback that refers to the unintended consequences of a covert action.  (more…)

Ethical Relativism- Sky News Morphs into Anonymous? April 5, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , ,
2 comments

By now most are probably aware of the email hacking scandal that severely damaged Rupert Murdoch’s NewsCorp empire.  NewsCorp reporters were caught illegally accessing phone calls of the UK Royal family and hacking into email accounts of individuals.  Murdochs’ son had to resign from his position as Chairman of BSkyB which own UK’s Sky News.

According to a report on CNN this morning UK news channel Sky News said Thursday it had authorized its journalists to hack into the e-mail of individual members of the public on two occasions.  The very same people (journalists) that will scream for “freedom of speech” and “freedom of the press” and claim journalistic integrity are now violating the public’s privacy in a scramble to maintain market share and increase revenue?  (more…)

“Oh the humanity!”- Financial Institution Breached 3 Times in 2 Weeks! April 4, 2012

Posted by Chris Mark in Data Breach, Industry News, Uncategorized.
Tags: , , , , , , ,
add a comment

STOP THE PRESSES!  According to the Patriot Ledger, a financial institution’s security was breached 3 times in 2 weeks and assets were stolen.  The media, however, has been quiet on the story.  I have not heard a single Gartner or other analyst publicly eviscerate the financial institution for their poor security practices nor has Information Week, CNN, or any other major media outlet opined on the breaches. Why?

The financial institution was a actually a bank branch and the breaches were not data thefts rather they were good old fashioned bank robberies.  In 1968, in response to increasingly violent and frequent bank robberies, the US Government passed the Code of Federal Regulations Title 12 part 208.61- Bank Security Procedures.  The purpose of the Act is as follows: (more…)