Category Archives: Information risk

IT Security: Unnatural Industry

Bruce Schneier says the obvious:
Last week I attended the Infosecurity Europe conference in London. Like at the RSA Conference in February, the show floor was chockablock full of network, computer and information security companies. As I often do, I mused about what it means for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren’t IT products and services naturally secure, and what would it mean for the industry if they were?

Do We Really Need a Security Industry? Bruce Schneier, Schneier on Security, 3 May 2007

Obvious in an emperor’s new clothes sort of way. Continue reading

More SSN Exposures

Well, and I just signed up for a federal tree planting program:

The Social Security numbers of tens of thousands of people who received loans or other financial assistance from two Agriculture Department programs were disclosed for years in a publicly available database, raising concerns about identity theft and other privacy violations.

Officials at the Agriculture Department and the Census Bureau, which maintains the database, were evidently unaware that the Social Security numbers were accessible in the database until they were notified last week by a farmer from Illinois, who stumbled across the database on the Internet.

“I was bored, and typed the name of my farm into Google to see what was out there,” said Marsha Bergmeier, president of Mohr Family Farms in Fairmount, Ill.

U.S. Database Exposes Social Security Numbers By RON NIXON, New York Times, April 20, 2007

And she found not only her own farm and social security number on the web, but also 30,000 others. The Agriculture Dept. says probably 100,000 to 150,000 people are at risk. Ah, I see they’ve narrowed it to 38,700 people.

Continue reading

Yahoo! Sued about China Again

A year ago, someone lodged a complaint against Yahoo! in Hong Kong regarding jailed activist Shi Tao. This month, there’s another suit against Yahoo! for revealing user information to the Chinese government, this time in a U.S. court:

A suit filed in federal court in San Francisco on Wednesday by the wife of Wang Xiaoning accuses Yahoo of “aiding and abetting” torture and human rights violations by linking her husband and others to e-mail and online comments.

Yahoo sued in US court for giving user data to China, Sydney Morning Herald, April 20, 2007

The previous suit noted that Yahoo! operates as a Hong Kong company, so it’s not clear whether it actually had to go by mainland Chinese rules instead of Hong Kong ones. Continue reading

Science Publishers Get Confused

Interesting discussion in Salon, provoked by a brief blog review of an article in Nature:

The free information movement is really coming of age, if one is to judge by the enemies it’s making. Nature has a doozy of an article out this week reporting that a group of scientific publishers, including Elsevier, Wiley and the American Chemical Society, have hired a notorious public relations gunslinger to fight back against those kooks who think scientific information should be freely accessible to all.

Science publishers get stupid, Andrew Leonard, How the World Works, Salon, 25 Jan 2007

Continue reading