Small Bits of Chaos
- “Los Angeles Consumers File Class Action Lawsuit Against Used-Car Dealer Drive Time For Allegedly Leaking Their Private Financial Information to Unauthorized Third Parties.”
- “Down To Business: Time To Get Tough On Security Slackers” Rob Preston in Information Week, “Perhaps if the VA secretary faced personal fines or jail time for that foot dragging, those security measures would have been put into practice long ago.”
- Speaking of those clowns at the VA, they’re trying to convince 12% of adult Americans that they’re safe because “Stolen VA Data in Unusual Format.” (At CSO Online.) Oooh, unusual formats. What is it, SAS or SPSS?
- Tom Maddox’s analysis (“Identity Theft, in Arizona & Elsewhere“) of the numbers in “Technology and Easy Credit Give Identity Thieves an Edge” is worth reading. Don’t miss the money snark:
“Well, hell, folks, no wonder you’re leading the country in identity (or credentials) theft.”
- “Crashing the Wiretapper’s Ball” by Thomas Greene is about how Greene showed up at a wiretappers conference, and was confronted by someone who said his engineers were
just following ordersjust doing their jobs: “Now leave these guys alone; they make a product, that’s all. It’s nothing to them what happens afterward.” Maybe they should read the ACM code of ethics. - Bruce Schneier argues again that we should “Make Vendors Liable for Bugs.” I’d like to know which bugs, without enriching the lawyers. We’ve had the general suggestion for a while, let’s get some specifics out there. (I’ve talked about this before in “Following Up ‘Liability For Bugs’.”)
I read the Bruce article, its the same old stuff. I really don’t think the argument is thought out at all. Its net populism, a simplistic pseudo-solution to a complex problem. The software vendors are not the people who are dragging their feet on security. I did a longer piece on my own blog