Shostack + Friends Blog Archive

 

Note on Design of Monitoring Systems

Dissent reports “State Department official admits looking at passport files for more than 500 celebrities.”

A passport specialist curious about celebrities has admitted she looked into the confidential files of more than 500 famous Americans without authorization.

This got me thinking: how does someone peep at 500 files before anyone notices? What’s wrong with the State Department’s IDS systems?

One can get lists of famous people pretty easily. They’re not complete, but you don’t need complete. You simply track queries against it, and look at the outliers in your peepers list.

For the State department to have takens so long to notice, they’re obviously not doing this. I join Barack Obama, Hillary Clinton and more than 500 famous people in hoping they get on it soon.

Also, I wonder if the celebs got breach notice letters?

But to the question of what can you learn from this, think about how your employees might peep, and how you can catch that behavior on the cheap.

One comment on "Note on Design of Monitoring Systems"

Comments are closed.