Has the Data Security Problem Become an Epidemic?

← Back to Stories (view on slashdot.org)

Has the Data Security Problem Become an Epidemic?

Posted by Cliff on Thursday May 5, 2005 @10:27AM from the so-much-for-privacy dept.

telstar asks: "Lately, it seems like an almost weekly occurrence: confidential customer data is exposed online, despite the assurance that security measures were in place to prevent such a problem. ChoicePoint Inc., LexisNexis, and DSW Inc. were all victims of online security breaches. Ameritrade and Bank of America both admitted lost physical data tapes containing confidential client account information. Recently, Carnegie Mellon notified 19,000 students, alumni, faculty and staff that their confidential information may have been compromised. An April 2005 GAO report found that though the IRS is making progress fixing security holes in systems that it operates, they aren't keeping pace with new vulnerabilities, risking exposure of sensitive financial data of the taxpaying population of the country. To top things off, these are only the cases that we're aware of, which begs the question of how many security breaches have gone unnoticed, or unannounced. What about companies like Google? As they expand their service offerings with GMail and Google Search History, where they are increasingly responsible for retaining client data, will they become a bigger target for attackers? This is the problem. What is the solution? Are there any tips for people to help protect their identity and confidential financial information? What firms go above and beyond the call of duty to ensure that their client data is secure?"

75 comments

Min score:

Reason:

Sort:

Write State Senators by justanyone · 2005-05-05 10:38 · Score: 4, Insightful

Write your state senators and legislators and urge adoption of california style laws that require companies to notify their customers if any private data is compromised.

Illinois does not have a law, and it should.

From what I understand, the main reason we're hearing more about these data intrusions is the California law now mandates such disclosures.

--
Unitarian Church: Freethinkers Congregate!
1. Re:Write State Senators by ZephyrXero · 2005-05-05 10:50 · Score: 1
  
  I really wouldn't be surprised if it turned out to be some sort of black ops CIA unit doing it...heh.
  
  --
  "A truly wise man realizes he knows nothing."
2. Re:Write State Senators by EnronHaliburton2004 · 2005-05-05 11:31 · Score: 1
  
  [pentagonstrike.co.uk]
  
  I hate that stupid site. It screams "Liberal Crackpot" like few other sites, and makes the Left look pretty fucking stupid.
  
  Did it ever occur to the authors that if they want to be taken seriously, perhaps they shouldn't use the 'Cheap MTV video' format. Maybe that shit works to get 13-year olds to buy more bling-bling, but it doesn't work for the rest of us.
  
  Oh, and maybe remove some of the moronic logical fallacies of their argument. "It sounded like a missle". Gee, how convincing.
  
  --
  94% of Repubs and 21% of Dems voted to renew the Patriot Act
3. Re:Write State Senators by ZephyrXero · 2005-05-05 11:55 · Score: 1
  
  It may not be the best, but it certainly grabs peoples attention...I see it as a kind of gateway tool to getting people interested in the truth.
  
  --
  "A truly wise man realizes he knows nothing."
4. Re:Write State Senators by EnronHaliburton2004 · 2005-05-05 13:02 · Score: 1
  
  I'm just not a big fan of this conspiracy theory. The arguments are pretty outdated, and ignore alot of evidence that has been published since.
  
  Honestly, they're suggesting a massive conspiracy amongst the hundreds of investigators and support staff. Pretty far fetched.
  
  --
  94% of Repubs and 21% of Dems voted to renew the Patriot Act
5. Re:Write State Senators by Anonymous Coward · 2005-05-05 19:05 · Score: 0
  
  "I hate that stupid site. It screams "Liberal Crackpot" like few other sites, and makes the Left look pretty fucking stupid."
  
  That's because most people on the Left are pretty fucking stupid. So are most people on the Right. So are most people in general, actually. If that weren't the case, we wouldn't have had people like Bill Clinton (left) and George Bush (right) occupying the White House. If you need any further demonstration of the (lack of) mental capacity of the average person, just take a look at what are the most popular shows on TV.
6. Re:Write State Senators by PaxTech · 2005-05-06 01:35 · Score: 1
  
  I hate that stupid site. It screams "Liberal Crackpot" like few other sites, and makes the Left look pretty fucking stupid.
  ..says the guy who uses "EnronHaliburton2004" as his /. nick.
  
  Thanks, dude, that totally made my day. :) +5, Funny.
  
  --
  All movements for social change begin as missions, evolve into businesses, and end up as rackets.
7. Re:Write State Senators by slaker · 2005-05-06 02:05 · Score: 1
  
  Not to derail the discussion or anything, but what exactly did Bill Clinton do that was anything other than centrist?
  
  --
  -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
Some of it is legal by MerlynEmrys67 · 2005-05-05 10:38 · Score: 3, Insightful

Companies are now legally required to publically disclose breaches... 5 years ago there was no such requirement - so they didn't bother.
That said - the cracker population is getting significantly more sophisticated with more resources available to them (think a zombie network for solving distributed problems rather than simply launching a DDoS).

Online is a scary place to be isn't it ?

--
I have mod points and I am not afraid to use them
1. Re:Some of it is legal by superpulpsicle · 2005-05-05 10:53 · Score: 1
  
  But it's still not so obvious.
  
  1.) Flaw found by QA
  2.) Flaw goes in internal database
  3.) Fix attempt by developers
  4.) Patch compiling by release eng
  5.) Now you hear about it in public
2. Re:Some of it is legal by aero6dof · 2005-05-05 12:48 · Score: 2, Interesting
  
  In California they are required to do so, but you should note that one iteration of thought that ChoicePoint reportedly went through was to consider notifying only CA residents.
  
  As far as I've read, there is no US Federal law requiring company disclosures of security breaches.
3. Re:Some of it is legal by InternetVoting · 2005-05-05 16:09 · Score: 1
  
  You are right about the lack of federal law. The disclosure laws are state by state and all have their own sets of conditions for what must be disclosed and when.
Look... by Otter · 2005-05-05 10:44 · Score: 1

Stuff still catches fire, tens of thousands years after the technology came into use. (Or whenever the hell it was -- I'm not a freaking archeologist.) You try to be careful, and fire safety has certainly improved over that time, but ultimately there's a background level that will always have to be dealt with, by insurance and by just sucking it up.
There's always going to be data compromise. One should be careful, and precautions should be kept in place but the long-term answer is that consumers will be protected like they are with credit card theft, the losses will become another background cost and you're going to have to live with the possibility that someone will know what movies you rent.

--
What I'm listening to now on Pandora...
1. Re:Look... by Motherfucking+Shit · 2005-05-05 15:35 · Score: 1
  
  There's always going to be data compromise. One should be careful, and precautions should be kept in place but the long-term answer is that consumers will be protected like they are with credit card theft, the losses will become another background cost and you're going to have to live with the possibility that someone will know what movies you rent.
  The problem is that one can't be careful. Before Choicepoint's data compromise went public, I don't think I'd ever heard of them before. I certainly didn't know they had a dossier on me and pretty much every other American. If I don't know who has my information, how can I be careful? What precautions are there against companies I've never heard of compiling and trading (and eventually losing) all the little bits and pieces of data that make me, me?
  
  This is a problem that the average person can't do a damn thing about, except to cross their fingers and hope that their bank or credit card company isn't the next one to "lose" information.
  
  --
  "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
No by Safety+Cap · 2005-05-05 10:45 · Score: 4, Insightful

Data security is no more an epidemic than "terrorism" is. You're just hearing about it more, thanks to the disclosure laws in Cali, et. al.
Compare with people who watch Faux News: they're convinced that Osama is on the verge of attacking BFE, ND, and we're also winning the war in Iraq.

--
Yeah, right.
No......sorry by Neil+Blender · 2005-05-05 10:49 · Score: 1

The word we were looking for was pandemic. Pandemic.
1. Re:No......sorry by ZephyrXero · 2005-05-05 11:01 · Score: 1
  
  Or maybe just boring. I'm tired of all these fear inciting stories that mean nothing... You think you actually had any privacy in the first place? Ha! If someone wants to do something with your personal information, getting it is alot easier than doing something with it.
  
  When I used to work retail, people would always freak out if I looked anywhere near their hand while they typed in their pin numbers....like I could remember a hundred pin numbers a day? I hate how paranoid everyone has gotten with this stuff... There's more scary things going on in the world to worry about than your "personal data" being stolen.
  [/rant]
  
  --
  "A truly wise man realizes he knows nothing."
2. Re:No......sorry by Asgard · 2005-05-05 13:28 · Score: 1
  
  Maybe you can't remember 100 PINs, but to mess with their credit you'd only need to remember *theirs*.
3. Re:No......sorry by shakah · 2005-05-06 04:46 · Score: 1
  The word we were looking for was pandemic.
  Doesn't look so clear-cut to me re choice of words -- from m-w.com:
  
  pandemic: occurring over a wide geographic area and affecting an exceptionally high proportion of the population
  
  epidemic: an outbreak or product of sudden rapid spread, growth, or development; specifically : a natural population suddenly and greatly enlarged
4. Re:No......sorry by justforaday · 2005-05-07 02:19 · Score: 1
  
  Actually, this is a very clear-cut case. Pandemic is the proper term. If it were an epidemic, you would need to show that this isn't an all-encompassing problem. The nature of the write-up indicates that it is indeed a pandemic. To help you, think of it in terms of AIDS. To say that there is an AIDS epidemic is incorrect, since there are no places on the world that do not have the AIDS problem to deal with. If you are referring to any one single location, you can refer to it as an epidemic in that context. If you are talking about it in general, it is a pandemic. This is something that news organizations repeatedly get wrong.
  
  --
  I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
Legislation in the pipeline by Anonymous Coward · 2005-05-05 10:49 · Score: 1, Interesting

I imagine there will be some laws passed about this real-soon-now. Stuff like this doesn't happen over night, but as high profile cases hit the news with greater frequency it is only a matter of time before an influential senator or congressman gets inconvenienced by it and champions a bill.

I'm surprised the Homeland Security folks haven't done it themselves on the grounds terrorists will steal identities of US citizens to sneak in and get around.

As for a technological fix... unplug.
1. Re:Legislation in the pipeline by SB5 · 2005-05-05 11:02 · Score: 1
  
  Who would want to hack a Congressman's Blackberry, when they can access Paris Hilton's?
  
  --
  If what you are reading sounds funny, or sarcastic, lame, or stupid
  it is because it is supposed to be. just laugh
2. Re:Legislation in the pipeline by luciddreamer · 2005-05-05 11:03 · Score: 1
  
  Pass a law for what? What makes you think that more laws/rules/restrictions will in any way help the problem? How about making people aware of what is happening and what could possibly happen. Then maybe give them a shove in the right direction to find something to help them with their issue. Homeland Security? If its "homeland" security shouldn't they have some kind of office in the "homeland"?
3. Re:Legislation in the pipeline by SeaEye420 · 2005-05-05 11:24 · Score: 1
  
  Paris uses a Sidekick II, like all the cool kids, not a blackberry. ;) Those are for the stuffy, suit-and-tie type. Geez, get it right! :-D
  
  --
  Wort Wort Wort!
4. Re:Legislation in the pipeline by Anonymous Coward · 2005-05-06 05:00 · Score: 0
  
  I imagine there will be some laws passed about this real-soon-now.
  I imagine that if I were a senior officer in a corporation which has or might be inconvenienced or embarassed by such an information loss, I would be quietly setting about campaigning (and campaign-fund contributing) for legislation that is, how can I put it, better-balanced and than the ah, somewhat shortsightedly populist mandatory disclosure provisions that have been enacted, in our view unwisely, into Californian state law. ... legitimate concerns for commercial confidentiality ... responsible disclosure ... excessive burdens on legitimate business activities ... hampering US ability to compete in the growing global services market ...
  Yada, yada, yada.
  
  Something modelled on that wonderful CAN-SPAM act, that superficially addresses the problem but gives mainstream business a blank cheque to continue as before. But this time, please, make sure the vital cute consumer-friendly acronym can't be so easily subverted.
  
  I'm surprised the Homeland Security folks haven't done it themselves on the grounds terrorists will steal identities of US citizens to sneak in and get around.
  I am shocked. Shocked! By your suggestion that our fine upstanding corporations would even think of taking shortcuts that would allow such a horrendous possibility. The 911 terrorists, remember, were in the country on valid visas obtained in their own names or their names-de-guerre. Taking sideswipes at the American business community is a distraction from the vital work of closing the loopholes in the processes which allowed that tragedy to unfold.
If it's worthless they won't steal it by vandezuma · 2005-05-05 10:49 · Score: 4, Insightful

As I read in some article a few weeks ago (not sure if it was /. or not), if companies made their authentication processes more stringent, data like SSN's and names and addresses wouldn't be so valuable any more. The problem is that you can get access to so many things with just basic contact info and a SSN.

--
"That is the saving grace of humor, if you fail no one is laughing at you." -A. Whitney Brown
California by Anonymous Coward · 2005-05-05 10:52 · Score: 0

This is just speculation, but I believe a lot of these new warnings are the result of California's new law forcing disclosure of these events. I'd venture that it was probably happening before, but they just kept quiet about it. And if someone doesn't conduct business in California, you still won't know until it's too late.

On the other hand, some of these may be cases where the *potential* exists that someone accessed your data, but really didn't, but the company is covering it's ass.

Some of these attacks could be mitigated if these companies encrypted their backups before they go off-site (which they should already be doing anyway).
California by Motherchucker · 2005-05-05 10:55 · Score: 1, Interesting

Whoops, posted anonymously...

This is just speculation, but I believe a lot of these new warnings are the result of California's new law forcing disclosure of these events. I'd venture that it was probably happening before, but they just kept quiet about it. And if someone doesn't conduct business in California, you still won't know until it's too late.

On the other hand, some of these may be cases where the *potential* exists that someone accessed your data, but really didn't, but the company is covering it's ass.

Some of these attacks could be mitigated if these companies encrypted their backups before they go off-site (which they should already be doing anyway).
Entire Registry of Motor Vehicles Database Hole by devexial · 2005-05-05 10:59 · Score: 1, Interesting

This was in the Boston Globe as well as The Washington times today. The govenor of the state and many celebritie's driving records were publicly available, such as Jay Leno's. Massachusetts closes personal data hole
Google Problems by rkcallaghan · 2005-05-05 11:06 · Score: 1

SA Article on Web Accelerator Flaw

I love Google as much as anyone else here, but this definately points out that even the geniuses at Google can make mistakes, and this is just a tiny look at what can happen with those mistakes.

I hope Google is able to fix this or pulls the web accelerator.

~Rebecca
1. Re:Google Problems by Vexinator · 2005-05-05 11:56 · Score: 1
  
  Ugh.. can't... resist.... troll... bait...
  
  Apparently neither Rich "Lowtax" Kyanka nor yourself actually *read* the Google Accelerator information page.
  http://webaccelerator.google.com/support.html
  
  Rich's lack of understanding leads him to make several false statements:
  "Well here's the problem, folks: everything you view is now owned by Google. Do you read email? Well now Google reads your email, and now the entire world can read your email. Do you use private messages through a website?"
  First and foremost: it does not cache HTTPS (required by any site hosting sensitive info - such as your webmail account, on-line banking, etc)
  
  Second, his description of how the process works in not quite accurate:
  "This is done by caching entire websites on Google's servers, passing copies of any page a user visits and sending them to Google HQ."
  In reality, Google has been caching web pages for a long time now - that's part of how they search through billions of pages so fast - by having a local cache of these pages! What the web accelerator does is deliver those *already cached* pages to users of the client. (the whole process would add no benefit if the pages weren't already pre-cached, what with the added over head of downloading the page, then compressing it before sending it to you)
  
  In fact his only valid issue has nothing to do with the web accelerator:
  "I'm having to pay a coder just to figure out how to prevent Google from caching all the webpages on our forums. Why is this a problem? Well first of all, it's a giant security hole, as private forums for mods and admins can now be viewed by anybody."
  
  Here's a simple solution to your problem Rich - make is so that your *private* forums are on HTTPS.
  (lets face it, if you aren't using HTTPS already then those forums aren't really private anyways, and if you are then your fears are ungrounded)
  
  -Vex
  
  --
  "Be afraid to die until you have won some victory for humanity" -Horace Mann
2. Re:Google Problems by rkcallaghan · 2005-05-05 12:13 · Score: 1
  
  First of all, just because Google isn't portrayed as a diety, doesn't make it troll bait.
  
  Second, I read the Google page yesterday, and it doesn't say "If you log in to gmail through the accelerator, someone else might get your cached copy." Also, your link now is dead, Google took it down. As of 5:10p AZ time the page reads "The requested URL was not found on this server." and nothing else.
  
  I believe it is a valid issue considering gmail itself uses http not httpS for the actual reading of your mail.
  
  But as you pointed out so well, this is slashdot, Google can't make mistakes, and those that comment on them are trolls. Check my history if you want, I don't post trolls.
  
  ~Rebecca
3. Re:Google Problems by Monkelectric · 2005-05-05 12:38 · Score: 1
  
  Lowtax is pretty strange, and extremely lazy. Hes into music in his spare time, and posts on SA asking about how to work a ceartin synth, well I own the yahoo group for this synth, I tell him go to my group and pose the question and im sure someone will answer you. Anyways he acted like it was a big deal to do that and couldn't I just do it all for him... hes probably still futzing with it
  
  --
  Religion is a gateway psychosis. -- Dave Foley
4. Re:Google Problems by Vexinator · 2005-05-05 13:55 · Score: 1
  
  I stand by the troll critique.
  I called troll because the problems Rich points to are a non-issue with regards to the web accelerator.
  
  Now, if you had expounded upon his page with some of your own thoughts, like you just did, then I wouldn't have called troll.
  
  The actual security issue, as you just pointed out, is that *gmail* doesn't use HTTPS. Unfortunately for you, this has nothing to do with the web accelerator (which, I must reiterate, was the sole topic of your original post)
  
  BTW: The link is not dead, it works fine for me.
  
  Furthermore (in response to your ad-hominem,) I think those who believe Google can do no wrong are in the minority here on slashdot. Most of us do respect their products, sure. It's difficult not to: the success of google is largely based on understanding the users concerns and needs.
  
  Despite that, the beta status of most of these products are a great indication that Google realizes there probably are problems with these services.
  
  Congratulations, you nailed one of them on the head. It's with gmail though, not web accelerator.
  
  And congratulations on posting your first troll...
  
  -Vex
  
  --
  "Be afraid to die until you have won some victory for humanity" -Horace Mann
5. Re:Google Problems by rkcallaghan · 2005-05-05 14:41 · Score: 1
  
  The actual security issue, as you just pointed out, is that *gmail* doesn't use HTTPS. Unfortunately for you, this has nothing to do with the web accelerator (which, I must reiterate, was the sole topic of your original post)
  
  If http truely is the cause and has nothing to do with GWA, I challange you to get my gmail since I have not used GWA (not available for linux). If you decide to take my challange, its the same as my slashdot ID.
  
  While gmail not using https may be a problem in itself, the problem Lowtax points out isn't a problem until we create a situation where another user can access my cached page.
  
  Since, until Google Web Accelerator, it wasn't feasible for this to occur on such a widespread basis, and GWA is required for the problem to occur, it is reasonable to say that GWA has the problem.
  
  Also, a former ISP I worked for had a similar product, a web accelerator they were pushing for their dial up customers. Had the same underlying technology, the ISP cached and compressed data on its server side, etc, etc. It did not have this problem.
  
  So, bottom line, If GWA is required for the problem to exist, and similar products do not have the problem, then the problem lies in GWA.
  
  ~Rebecca
  Can't believe I'm arguing on the internet, even if I win ...
6. Re:Google Problems by Vexinator · 2005-05-05 17:37 · Score: 1
  
  If http truely is the cause and has nothing to do with GWA, I challange you to get my gmail since I have not used GWA (not available for linux). If you decide to take my challange, its the same as my slashdot ID.
  I think you are getting ahead of yourself here. I took the liberty of looking at gmail after the last post, it (like all other webmail services I'm familiar with) does indeed use HTTPS - although only for logins. (unlike, for instance, my ISP's webmail access, which is entirely HTTPS)
  
  If it can't be demonstrated that others can access your gmail account due to the GWA, then this whole line of discussion is moot. I.e. first show that it's broken, then speculate.
  
  I haven't tested it, so I could be very wrong on this, but I suspect that gmail does not suffer from this issue which Rich is pointing us towards, because unlike his site (and many other sites, I'm sure) gmail is setup properly. I suspect any login cookies are not cached due to them being transfered with HTTPS.
  
  Since, until Google Web Accelerator, it wasn't feasible for this to occur on such a widespread basis, and GWA is required for the problem to occur, it is reasonable to say that GWA has the problem.
  
  It seems much more likely to me that GWA is not the problem, instead it shows weaknesses in the setup of websites such as Rich's.
  
  -Vex
  
  --
  "Be afraid to die until you have won some victory for humanity" -Horace Mann
7. Re:Google Problems by rkcallaghan · 2005-05-06 08:47 · Score: 1
  
  Here, it made the front page.
  
  ~Rebecca
"begs the question" by venomkid · 2005-05-05 11:11 · Score: 4, Informative

Look, I know this is OT, but I see this so often it's starting to cause me physical pain.

To top things off, these are only the cases that we're aware of, which begs the question of how many security breaches have gone unnoticed, or unannounced.

The circumstances may "raise" or "prompt" a question, but it doesn't "beg" a question. "Begging the question" is a logically fallacious practice in which one assumes one's conclusion, making a circular logic. (eg. claiming the Bible is the inerrant word of God because it says so) It has nothing to do with speculation.

--
vk.
1. Re:"begs the question" by rjh · 2005-05-05 18:27 · Score: 1
  
  This isn't strictly true. "Begging the question" has a very specific meaning in the world of logical fallacies, but it also has a very different meaning in the world of conversational English. Something may "beg a question" if there is an obvious and relevant follow-up question.
  
  "Are you still beating your wife?"
  
  "No!"
  
  "That begs the question--when did you stop?"
2. Re:"begs the question" by Lucidus · 2005-05-05 19:04 · Score: 1
  
  However, "begging the question" did not have this conversational meaning, as you call it, before this latest generation started using it that way without understanding its history. Until recently, no educated speaker of English would have used it that way - and it still makes many of us cringe.
3. Re:"begs the question" by rjh · 2005-05-05 19:11 · Score: 1
  
  Until recently, no educated speaker of English would have allowed a sentence to end with a preposition or to start with a conjunction. Today, educated speakers of English agree that these are unnecessary pseudo-remnants of the past. (The "don't end sentences with prepositions" rule isn't even English grammar; it was an attempt to dress English up by incorporating Latin grammatical elements.)
  
  The language changes. Deal with it. It doesn't make you educated to avoid ending sentences with prepositions, nor does it make you educated to embrace them. Likewise with the use of the phrase "begs the question". As long as it's used appropriately in a logical context and as long as it's used clearly outside of that context, modern language experts say there's no problem with it.
4. Re:"begs the question" by Anonymous Coward · 2005-05-05 20:11 · Score: 0
  
  There's a difference between the preposition rule and proper use of "begging the question." In one case, it's primarily a case of educated people consciously choosing to speak incorrectly because the correct form sounds unnatural and awkward. I believe even Churchill poked fun at that grammatical construct when he said, "...up with which we shall not put."
  
  However, when someone misuses "begs the question" instead of simply saying "raises the question," they're doing so out of ignorance. It's a hard distinction to glean from simply hearing it used in others' speech. If the speaker were to understand the distinction, it would be just as easy to use the correct form when they understand that the context demandeds it. If we allow the language to change based off the ignorance of those who can't be bothered to learn the correct form, U'll soon B telling us that we R wrong about aimspeak 2 (yes, I don't know aimspeak, but I type ~100wpm, so I've never felt the need to learn.)
  
  I would say that "begs the question" is more analogous to the situation that exists with words like "forte" that are commonly mispronounced. It is never correct to pronounce it for-tay, but it only needs to be corrected in certain contexts such as public speeches or other situations where the speaker is expected to have a certain level of education. In both situations, there is a field of study (Logic and French, respectively) that will maintain the correct definition of the term such that it will never be correct to use it incorrectly, no matter how prevalent the incorrect usage becomes.
5. Re:"begs the question" by Anonymous Coward · 2005-05-06 01:14 · Score: 0
  
  ...which begs the question, when'd you become such an ass. You must really be a hit with the ladies being "captain-grammar". Dude, it's Slashdot ... not a term paper. Lighten up.
6. Re:"begs the question" by Lucidus · 2005-05-06 03:33 · Score: 1
  
  Hi, rjh; always a pleasure to encounter someone who is familiar with the history of English usage. You should, perhaps, be a little careful about assuming ignorance on the part of those who might disagree with you. "The language changes. Deal with it," is simply rude.
  
  I am quite familiar with the attempt, especially in the 17th and 18th centuries, to make written English correspond with the formal structure of Latin grammar (that is, at least, Latin grammar as taught in English public schools). My area of particular interest, for what it's worth, is the great vowel shift.
  
  There is a huge difference between your examples and the phrase under discussion. Those rules were never widely adopted or practiced by writers and educated speakers. Despite the preaching of grammarians, they were honoured more in the breach than in the observance.
  
  However, "begs the question" has had, until very recently, only the one specific meaning. The casual usage you support in this case is not merely different from, but in fact contradictory to, the original meaning, and has come about because many people have heard the phrase without correctly understanding its meaning. So it does serve as a marker, if you will, as to the sophistication of its user. (And, for what it's worth, the modern language experts that I know agree with me.)
7. Re:"begs the question" by rjh · 2005-05-06 04:29 · Score: 1
  
  A marker as to the language the user learned, yes; a marker as to the sophistication of the user, never.
  
  Languages change over time. One way to assess the power of a language is to measure the rate at which it changes and evolves. This process of evolution is natural and should neither be feared nor welcomed. It's a natural state of affairs. Hence my remark of "deal with it". You may think it's rude, but I think you should deal with it, the same way I think you should deal with gravity, the sun rising in the east, or other facts of existence.
  
  I'm not in a rush to change the language, but neither do I have any sympathy for people who wish their favorite parts of the language to remain fixed in stone. The greatest virtue of the English language has always been its willingness to lead other languages into dark alleys, brutally mug them, then rifle through their pockets for any bits of interesting grammar. The language is alive and vibrant, and long may it remain.
  
  The language changes. It's the natural state of affairs. Deal with it the same way you'd deal with any other inexorable process of nature. You're the one who has to adapt. Nature is just going to be what it is, and nature will always win.
Get rid of SSNs and the problem shrinks. by mellon · 2005-05-05 11:30 · Score: 1

The biggest reason that these releases of confidential data cause harm is that practically every piece of information that exists in a corporate database about an american citizen or resident alien is keyed to the SSN, and the SSN is used as an authenticator. If it weren't for this, the mere fact that someone got a copy of your bank records would be annoying, but not particularly worrisome.

I don't particularly *want* a copy of my college transcripts roaming the Internet, but the main problem with them roaming the Internet comes if they have my SSN on them (they probably do). An identity thief can use this information in combination with other public information to apply for credit in my name, change addresses on accounts, et cetera.

So yes, by all means, write your senator. Ask him or (if you live in NY) her to do something about the SSN mess. Of course, probably what they'll do is propose legislation to start a national identity card or something stupid like that. And then there will be a big protest to stop that. So nothing will happen. Repeat until dispossessed.

Once all your stuff has been stolen, you won't have to worry about it anymore. Go pitch your tent someplace that stays warm in the winter, make sure there's water nearby, and learn how to live on mesquite meal and cactus fruit. Life under the stars will seem like heaven.
1. Re:Get rid of SSNs and the problem shrinks. by Dachannien · 2005-05-05 13:59 · Score: 1
  
  The problem isn't so much that people can get your SSN. The problem is, rather, that banks and other credit companies treat obtaining credit or changing your identifying information (your address, especially) so cavalierly. The government could do something about it, though.
2. Re:Get rid of SSNs and the problem shrinks. by grimwell · 2005-05-06 02:43 · Score: 1
  
  The U.S.Gov't is already set to pass a National ID law. And as an added bonus our friends in Canada and Mexico will have free&easy access to it.
  
  http://www.politechbot.com/2005/05/04/real-id-act/
  http://www.dcexaminer.com/articles/2005/04/07/opin ion/op-ed/25oped08plummer.txt
  
  --
  If the govt becomes a lawbreaker, it breeds contempt for law, it invites man to become his own law, it invites anarchy
Problems scale, too by b00m3rang · 2005-05-05 11:36 · Score: 1

When you have 100 times more servers and users, you'll probably have ~100 times more problems and security breaches.
agreed by js7a · 2005-05-05 11:38 · Score: 1

It hasn't "become" an epidemic, it always "has been" one. Thank goodness for California, or most people would never know.
1. Re:agreed by Anonymous Coward · 2005-05-05 17:02 · Score: 0
  
  Excuse me sir, but I've discovered a small factual error in your sig. At one point, it quite directly claims that "Tcl is better than Perl", when Perl is in fact superior to all things. Please correct this at your earliest convenience.
2. Re:agreed by Anonymous Coward · 2005-05-06 02:10 · Score: 0
  
  Perl doesn't tickle me like it should ---
Solutions:Our Data,TrustABLE IT & Notify Honey by NZheretic · 2005-05-05 12:16 · Score: 1

Please actualy read the linked articles before replying
1) Our Data : an appeal - a "Plimsoll line" for computer security:

Set up baseline expectations for all aspects of computer security
2) Twelve Step TrustABLE IT : VLSBs in VDNZs From TBAs:
Move to virtualized sandboxed environments. Make provision for auditable builds from third party Trusted Build Agents ( read the article ).
3) Do you want the Good or Bad news first?
Because security mechanisms are fallible, you need a secured secondary channel notification mechanism. It only needs a small percentage of people to opt in to such schemes for the systems to act as an effective honeypot system, detecting possible fraudulent access.
.
Comment removed by account_deleted · 2005-05-05 12:18 · Score: 3, Insightful

Comment removed based on user account deletion
Simple...or too simple? by chia_monkey · 2005-05-05 12:26 · Score: 1

One thing I don't understand is why our personal information has to be accessable to the entire world...ie, exposed to the Internet. It should be treated as any other item of high value and locked up or kept away from the public. A company doesn't keep their stock certificates or other valuables in the lobbies of their branch offices, so why should our data be "available" to the public? Why not just keep the computers that hold all this information on a separate network...one that is not connected to the outside world? Keep it guarded in a completely closed network and then workers can have a separate computer and network to interact with the rest of the Internet world.

--

"He uses statistics as a drunken man uses lampposts...for support rather than illumination." - Andrew Lang
Google wants ALL your traffic AND cookies by Anonymous Coward · 2005-05-05 12:35 · Score: 0

http://webaccelerator.google.com/
A solution to the ID crisis... by Dark+Coder · 2005-05-05 13:38 · Score: 1

To reduce the identity theft immensely, one or more of the following MUST be legislated:

1. Replace the SSN with SecureID card with challenge keypad (none of those biometric foo-foo crap, bio is non-revokable)

2. Make data aggregation illegal (ooooh, sorry credit bureaus)

3. Make IRS the focal point of multi-keyed 2nd-generation SSN registration centre (sorry SSA, you screwed up, big-time!)

4. Customer "optionally" generate a NEW SSN for each business or financial institutions. (remember, data aggregation should be illegal)

5. Credit Bureau would function just fine (just a bit laggard with aggregation effort).

Once imposed, identity theft would (I guarantee this) be reduced to insignificant amount.

UNTIL THEN, nothing is currently being done to reduce the water flow from the Dutch Boy's leaking dikes.

It doesn't take much brain to resolve this crisis, just time and money. The Congress has absolutely no clue on how to fix this mess... Write your congressman today with these suggestions.
1. Re:A solution to the ID crisis... by ldspartan · 2005-05-05 18:16 · Score: 1
  
  Under your proposed system, what prevents me from borrowing money from every bank in town and running out on my debt?
  
  --
  Phil
2. Re:A solution to the ID crisis... by SuiteSisterMary · 2005-05-06 03:19 · Score: 1
  
  Why, the massive legal ramifications.
  
  Or, more realistically, we'd just need a better way of defining a 'web of trust.' Like statements of credit-worthiness from your bank.
  
  --
  Vintage computer games and RPG books available. Email me if you're interested.
Tell me about it.. by Klowner · 2005-05-05 14:55 · Score: 2, Funny

The other day, the wonderful community college which I acquired my near worthless associates degree from, sent an email to just about all the people in my graduating class. Not a problem you may think, but consider this..

THEY PUT EVERYONE'S EMAIL, IN THE TO: LINE.

I (as well as every other fellow student) now have a full listing of all my fellow student's names and email addresses..

Oddly enough, this school has a "networking" course, hello security.
1. Re:Tell me about it.. by Anonymous Coward · 2005-05-05 15:49 · Score: 0
  
  THEY PUT EVERYONE'S EMAIL, IN THE TO: LINE
  Oh noes!
  I (as well as every other fellow student) now have a full listing of all my fellow student's names and email addresses..
  I guess there are two ways to look at this. First, the obvious negative reaction - I mean, with names and email addresses, you might be able to do something evil like contact your fellow grads later.
  
  I say look at this in a positive light. You should compile this information, you could call it something like a "Student Directory."
2. Re:Tell me about it.. by delirium+of+disorder · 2005-05-05 18:59 · Score: 1
  
  Expecting you email address to not be public is as stupid as expecting your real address not to be public. Anyone in your real community could probably find out your address, phone number, and the school you attended using no more tools/knowledge then a half an hour of time, your name, and a phone book. Why should you expect MORE pricacy from an online community?!?! I agree that individual mails are more polite on mailing lists then massive TO: blocks, but the whole idea that your email address is private is just ignorant and leads to the SPAM problem we have now. Because any idiot can put shit in your in mailbox, we need more authentication for actually accepting that mail then just a single public MAIL_ADDRESS string. The ideal system IMHO would be a mail client that would only accept email signed with your public key. It's still something you can distribute publically....but only you can read messages people send to you. Since people could sign messages with thier private keys, you also eliminate the problem with fake headers and spoofed mail. Plus, spammers just don't have the processing power to PGP each message they send.
  
  --
  ------ Take away the right to say fuck and you take away the right to say fuck the government.
Money by Detritus · 2005-05-05 15:29 · Score: 1

Dedicated private networks cost money. Money that most companies will not spend unless someone is holding a gun to their head. The problem with security is that often the risks and costs of improper disclosures are dumped on third parties, not the people who were responsible for the security breach.

--
Mea navis aericumbens anguillis abundat
1. Re:Money by chia_monkey · 2005-05-05 16:25 · Score: 1
  
  It's true that the added infrastructure does cost more money for said companies. But how many companies have to be compromised? How many millions of identities have to be stolen before the government (or even companies with a concern for the people) puts some sort of regulations in place? We now have SOX compliance to deal with which will supposedly protect investors thanks to the Enron debacle. I would think that all this personal information would actually be a higher priority...but maybe I'm wrong.
  
  --
  
  "He uses statistics as a drunken man uses lampposts...for support rather than illumination." - Andrew Lang
That comment looks familiar... by Anonymous Coward · 2005-05-05 15:45 · Score: 0

It was more interesting when I saw it here. Going for karma, or what?
Slashdot Answers by InternetVoting · 2005-05-05 16:21 · Score: 1

I just went to a very interesting panel discussion about just this very subject, hosted by hosted by the Center for American Progress (http://www.americanprogress.org). It featured some very insightful comments from the very knowledgeable James X. Dempsey of the Center for Democracy and Technology.

Video transcripts are also available (here)
1. Re:Slashdot Answers by InternetVoting · 2005-05-05 17:00 · Score: 1
  
  Also, one other note, there is a interesting paper on this "Protecting Privacy in the Digital Age." It's a pretty good read.
IDS spending by Gary+Destruction · 2005-05-05 17:13 · Score: 1

According to an article I remember reading on WindowsSecurity.com, only 0.1% of companies are spending the appropriate budget on Intrusion Detection Systems.
Simple question by spudgun · 2005-05-05 21:02 · Score: 1

Does anyone need to keep your data such as Credit card No etc after payment has been accepted ?

which is worse losing 3 months customer data , or 3 years ?

--
Type unto others as you would have them type unto you.
HIPPA is just a joke by Anonymous Coward · 2005-05-05 22:16 · Score: 0

I used to work for a company that did not take customer information seriously. They handled social security numbers and medical information.

Training employees was nonexistant. Physical security of the machines was minimal. Many HIPAA violations. The longer I worked there, the more violations I would see... like plain text transmission of SS# via email or web apps on remote systems - which is why I jumped ship when nobody thought it was a bad idea and wouldn't change.

The only thing that would change is for the Feds to take on the laws CA did... forcing the offending company that leaked the ID information to pay for all damages. It would either scare companies into taking things seriously or shut them down after a couple of screw ups.
Time Warner by losycompresion · 2005-05-06 01:48 · Score: 1

What about employee data loss. Iron Mountain lost the backup tapes of Time Warner and data on every employee for the last 15 years, including SSN!!! Employees should have the same protections/requirements to be informed as customers. They are offering credit monitoring for a year, because everyone's SSN changes after a year of course(sarcasm included) Not that /. Would care, tried submitting it and it gets rejected!

--
Linux Works
FULL DISCLOSURE by Anonymous Coward · 2005-05-06 02:00 · Score: 0

to those who have had there personal information stolen
and a ten thousand dollar fine per client paid immediately by the company to the individual whose information has been lifted regardless of the means by which it has been hacked or is guilty or letting personel information leak out by other means.

Afterwards companies would not keep the personel information unless it has a value (at least ten grand) to their business model and is worth protecting otherwise keeping it would be a liability.
Re:They can't compromise what they don't have by symbolic · 2005-05-06 03:14 · Score: 1

Posessing the data is a good part of the problem. Companies are allowed to callect and aggregate information about us, without our knowledge or permission, and then use that data in promoting their interests, which, as we've seen, can easily compromise our interests. When I say compromise, I'm not talking about a minor inconvenience- I'm talking about a life-chenging event that can take years to resolve, with no guarantee that it will be resolved.

The I question think we should be asking is this: why are others being allowed to put us at risk like this?
Absolutely. by Telastyn · 2005-05-06 03:19 · Score: 1

Why do you think Symantec made the move to buy/merge with Veritas. At face value, it seems to be an odd pairing. The end goal of computer security is to protect data. The end goal of backup solutions is to protect data.
reverse contract. by Anonymous Coward · 2005-05-06 09:57 · Score: 0

There really ought to be a reverse contract that when you give away your confidential information to (for example) a bank, THEY have to sign it. By this contract, the little guy should be protected from confidential-information-loss (CIL) due to poor security in institutions that have always insisted on having your private information on file. Not sure what the fine should be... how about no usage-charges for the ATM? More?