These days no one is immue to the “data binging”. The reason I say that is because everyone has an MP3 player, digital camera, and or both, not forgetting resumes, personal finance spreadsheets etc.. We are constantly moving from one system to another in our quest for “better and bigger”, and in doing so leave some data behind, which if it ends up in wrong hands will cause you your credit rating or identity theft.
If you are going to sell you laptop/desktop, please make sure to erase all data on the drive. Delete helps, but this data is still recoverable as it only deletes the address, while the data is still in the disk. This data can be recovered by the prying eyes.
I have come across an excellent utility DBAN, which is very helpful in erasing all the data on a particular drive.
Warning: You have to be absolutely sure that you do not need the data, as it will not be recoverable after the above mentioned utility has been used.
TD Ameritrade follows www.monster.com ’s footsteps. About 6.3 million customer records were hacked, although TD Ameritrade states that the records did not contain social security numbers and account numbers. No other details around the incident were disclosed.
As a result of this customer have started receiving phishing emails, which could lead to identity theft.
In my opinion TD Ameritrade should send the customers a Internet security 101 course to protect them from identity theft and impending law suits.
Finally, PATRIOT ACT is being scrutinized for being too one sided and not caring about an individuals privacy. The questions that are being asked are “should the ISP’s relinquish their customer records on a request from FBI” without proper paperwork. FBI has in issued NSL’s (National Security Letters) to get private & personal information from ISP’s, phone companies, and other public organizations. Use of NSL’s should be discontinued and a proper search warrant be issues via proper channels.
This highly intrusive program which violated personal privacy at every level has been abandoned, why? Because the genii (plural of genius) testing the application violated all security principles by performing test on REAL personal data. Known as ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement) was initiated in 2003, it was to be used by DHS components, including immigration, customs, border protection, biological defense and its intelligence office.
Kudos to those who put this privacy intrustion to an end!
Monster.com information theft was not realy a hack but more a case of identitiy theft. How so? well… some gullable individual working for a recruiter or in the HR department of a company managed to provide their credential via a PHISHING email. Once the hackers got hold of these credentials, they were able to use TROJANS to login and capture information. Even a US Government agency which uses monsters services for recruitment lost data this way.
This again gets back to the issue of “USER EDUCATION”, every organization is responsible for educating their employees. If the employer fails to do so, the legally they should be held liable for the resulting damages and not the employee.
Came across this article PRIVACY LOST - No secrets in the digital age, very good content about privacy.
Let me enlighten you with some facts I have come across in my career. It is very important that everyone understands how everything and anything they do today can be directly linked back to them. Some real life examples:
- Using your credit card - shows where you were and what you purchased
- Using your debit card - shows which bank you bank with, where you were, and what you purchased
- Making a phone call - Your phone records record everyone you called
- Surfing the internet - All your surfing details are recorded in your browsers cache, which if not cleared can be read to identify your browsing patterns.
- Using a search engine - Every search you do is stored in the search engine logs with your IP address and what you were looking for and where did you end up.
- Sending email - Who did you send the email to and what was it about.
- GPS on your cellphone - if always running can pinpoint your location
- Online communities - Facebook where eveyone these days is niavely publishing details on their friends, schools, family etc. The funny thing is that Facebook’s terms and conditions specify that any data you publish on their website becomes their property and they can use it any way they like. Other such sites are myspace.
These are some of the points one has to be aware of as “BIG BROTHER IS WATCHING” syndrome is not a myth but a reality in this time and age.
Came across this article today about the Jet Propulsion Laboratory (JPL) at Caltech performing detailed background checks on their employees. I agree every employer has the right with employees’ permission to perform a background check. Employers should ensure that the background checks are commensurate with the duty the employee is to perform. The fact that same in-depth background checks are performed at NASA/JPL, from janitors to most senior level is a violation of an individuals’ privacy. Individuals are still not aware of their rights, but if they are, the employer throws them a job security card, which anyone succumbs to, as a job is a source of income.
I am proud of these individuals who are suing these corporate goons to make them understand their bounds. We have to make every effort to protect our privacy and understand our legal and constitutional rights.
Of all the organizations, IRS the money Police seems to have a flaw in their business practices. The issue came to light when a caller called a number of IRS managers, contractors, other employees posing as in IT guy, and requested the to provide them their user ID’s and passwords, to which they willingly complied.
In this time and age where computer fraud is happening at unbeleivable proportion the least an organization of this status employ is common sense, which means educating their employees on how to deal with such situations. If you cannot trust these guys who can then be trusted?
Security and Privacy seem to be ignored by most organizations, what will it take for organizations and users alike to understand this issue and take it more seriously.
I was just following up on news today and came across an article on BBC news. According to the article most of the information lost pertained to North American users, and about 5000 non-north american users. The attack originated in UKRAINE, what this means is that the users whose information was lost should expect a lot of SPAM, and PHISHING type email asking for more personal/private information. I wonder if Monster.com is lining up its lawyers in preparation of a law suit. Should be interesting.
The two most worrysome issues in corporations were dealing with use of emails and webservers. Now a third more potent tool are the BLOGs. People can blog to their hearts content on the internet, but when it comes to blogging on the corporation intranet a lot of issues surface like:
- Content of the blog
- Compliance with Legal and HR policies
- Privacy concerns
In my opinion all blogs on a corporate intranet musst be moderated with AUP (Acceptable Use Policy and user education
What to you guys out there think? you opinions are welcome.