Came across this article PRIVACY LOST - No secrets in the digital age, very good content about privacy.
Let me enlighten you with some facts I have come across in my career. It is very important that everyone understands how everything and anything they do today can be directly linked back to them. Some real life examples:
- Using your credit card - shows where you were and what you purchased
- Using your debit card - shows which bank you bank with, where you were, and what you purchased
- Making a phone call - Your phone records record everyone you called
- Surfing the internet - All your surfing details are recorded in your browsers cache, which if not cleared can be read to identify your browsing patterns.
- Using a search engine - Every search you do is stored in the search engine logs with your IP address and what you were looking for and where did you end up.
- Sending email - Who did you send the email to and what was it about.
- GPS on your cellphone - if always running can pinpoint your location
- Online communities - Facebook where eveyone these days is niavely publishing details on their friends, schools, family etc. The funny thing is that Facebook’s terms and conditions specify that any data you publish on their website becomes their property and they can use it any way they like. Other such sites are myspace.
These are some of the points one has to be aware of as “BIG BROTHER IS WATCHING” syndrome is not a myth but a reality in this time and age.
Came across this article today about the Jet Propulsion Laboratory (JPL) at Caltech performing detailed background checks on their employees. I agree every employer has the right with employees’ permission to perform a background check. Employers should ensure that the background checks are commensurate with the duty the employee is to perform. The fact that same in-depth background checks are performed at NASA/JPL, from janitors to most senior level is a violation of an individuals’ privacy. Individuals are still not aware of their rights, but if they are, the employer throws them a job security card, which anyone succumbs to, as a job is a source of income.
I am proud of these individuals who are suing these corporate goons to make them understand their bounds. We have to make every effort to protect our privacy and understand our legal and constitutional rights.
Of all the organizations, IRS the money Police seems to have a flaw in their business practices. The issue came to light when a caller called a number of IRS managers, contractors, other employees posing as in IT guy, and requested the to provide them their user ID’s and passwords, to which they willingly complied.
In this time and age where computer fraud is happening at unbeleivable proportion the least an organization of this status employ is common sense, which means educating their employees on how to deal with such situations. If you cannot trust these guys who can then be trusted?
Security and Privacy seem to be ignored by most organizations, what will it take for organizations and users alike to understand this issue and take it more seriously.
As most of us are now accustomed to using the keyless car entry systems installed in on our cars daily without ever thing it could be HACKED. Well security researchers in Israel and Belgium have discovered an electronic eqivalent of a Slim Jim. Most car manufacturers have implemented a 20 year old encryption system called KeeLoq. The technique involves intercepting a number of transmissions, after which producing a master key takes about 1 hour. Whereas with out the interceptions the activity could take about a day.
PKI is a great technology but it is like racing against time, as computers become faster and cheaper, decrypting information becomes quicker…..should we return back to conventional lock and key?
Published at August 27, 2007
in Hacking.
So much for AT&T’s strategy to have exclusive rights to sell Apple’s iPhone. Apple probably convinced AT&T into beleiving that their Mac osX is very secure and so would their iPhone OS. The fact that an 17-year old can unlock the code on iPhone makes Apple look like fools.
The morale of this story is, no matter how secure you make your application, OS, or platform there is someone out there who will infiltrate it and make you look like a fool.
I was just following up on news today and came across an article on BBC news. According to the article most of the information lost pertained to North American users, and about 5000 non-north american users. The attack originated in UKRAINE, what this means is that the users whose information was lost should expect a lot of SPAM, and PHISHING type email asking for more personal/private information. I wonder if Monster.com is lining up its lawyers in preparation of a law suit. Should be interesting.
The two most worrysome issues in corporations were dealing with use of emails and webservers. Now a third more potent tool are the BLOGs. People can blog to their hearts content on the internet, but when it comes to blogging on the corporation intranet a lot of issues surface like:
- Content of the blog
- Compliance with Legal and HR policies
- Privacy concerns
In my opinion all blogs on a corporate intranet musst be moderated with AUP (Acceptable Use Policy and user education
What to you guys out there think? you opinions are welcome.
How important is data classification for an organization? and should the meta data be stored centrally?
what is the difference between privacy and security?