Skip to content

Category Archives: Privacy and Security

Monumental Security Breach

Thursday, June 15, 2006

That’s what some defense department sources are calling it. The single largest data security breach… monumental? Understatement, I would say. One shmendrek at the VA decided that the personal information of some 26 million of us was appropriate for him to take home for the past three years. Amazing. Can you say criminal negligence? I thought you could.

Oh wait, what about 26.5 million violations of the Privacy Act? Monumental…I think we need a new word to describe the stupidity level and the sheer scope of this breach. But if the breach itself wasn’t bad enough it was the mishandling of the initial response by the VA that really upsets me (and I am a disabled vet with benefits, so I am directly affected by the monumental security “breach”.)

Last Friday I got a letter from the VA via the IRS informing me of the incident affecting at least 26.5 million vets, guardsmen, reservists and active duty military. So nice of them to let us know (seriously).. except that the incident occurred over a month earlier — May 3rd — and it went unreported for two weeks! Hello! Don’t you think someone should call the FBI — data security violation, 26.5 million vets names, addresses, Date of birth, socials etc.. Oy vey!

Unreported for two weeks!

26.5 million VA “customers” personal information protected by the privacy act is compromised and they sat on it for two weeks. By the time they let the FBI and police know about it they were chasing a two week old trail of what was hopefully a simple smash and grab. Unbelievable. Even more so because the analyst told senior officials about the robbery within a few hours of it happening! After that it took an additional three weeks for the VA to coordinate with the IRS to contact all veterans with the letter.

So far two heads have rolled over this, but I’m sure more will follow (they had better!) and there will soon be a complete revamping of the security policy and IT systems in the VA. Recent GAO reports, released after a recently announced VA lockdown, have only strengthened the case of congressional calls for Nicholsons head on a platter, along with the termination or resignation of all VA officials involved in any way in delaying the reporting of the theft.

In our house we will continue to monitor events in Washington as well as keeping a very close eye on all transactions in our accounts, it’s all we can do because while they were so kind in providing me with a number to call for specific information in the letter, when a veteran or service member calls the number as I did, they can’t get any information regarding whether your name is one of the compromised.

Monumental indeed… monumental stupidity in the breach of security, breach of trust and monumental mishandling of the whole affair.

Also filed in Computers | Tagged | Comments (0)

Captain Plaxo

Monday, October 25, 2004

I (well, my wife and I) keep getting these email invitations from a family member:

The person who keeps sending these is a nice guy, but…
most of the emails from him are the latest jokes from the net (many not so “latest“) and chain e-mails. We would like to stay in touch, to keep up with what he is up to and how he is doing. If he were to start a blog somewhere we would look in on it weekly or get the feed from it. But that’s not really the point of this…

This Plaxo thing. What a naming disaster. Plaxo hmmm. What does that make me think of…

Get Plaxo – the all new mouth wash and tooth whitener that works while you sleep. Plaxo also enhances your breasts and enlarges your penis – ALL at the SAME TIME.

But WAIT!
Plaxo also cures baldness, cold-sores and dysfunctional relationships! Get your Plaxo today!

Plaxo is not responsible for any of the hundreds of side-effects you will experience, including but not limited to baldness, violent spasms, erectile dysfuntion, heart failure and brain damage. In an inconclusive 83% of test cases Plaxo caused severe tooth decay, leading to complete emergency denture replacement.

Of course, Plaxo is not any of that, but if someone were to ask what I think of when I hear the word Plaxo, well there you go. Right up there with Viagra.

No, no, this is an online, contact management application for Outlook. Dont believe me? Google it.

I’m not providing a direct link because I view Plaxo as an evil little spam and spam harvester application.

Also filed in Misc, Web | | Comments (3)

Carcieri pulls bill on homeland security.

Friday, February 20, 2004

Under sharp criticism, Rhode Island Governor Carcieri pulled his bill on Homeland Security saying “This is not the kind of reaction that I anticipated or expected”. What does this say about his understanding his constituents and of the state’s history? Carcieri admitted that he had not read the bill which made modifications to existing, antiquated, anti-anarchy laws. The Rhode Island ACLU is pressing to have those old laws—blatantly unconstitutional laws restricting speech and assembly—removed from the books by the legislature. For a complete critical look at the ex-bill at it’s chilling effects take a look at the ACLU’s analysis (pdf).

While the bill is dead (thankfully) the Governor doesn’t seem to understand why there was such an uproar over it, and has promised to introduce a new bill this legislative session to provide heightened Homeland Security for Rhode Island. He has stated that he will seek input from interested and informed parties. So basically all Rhode Island citizens then?

Also filed in | | Comments (0)

Roger Williams rolling in his grave as R.I. Gov. Carcieri attacks First Ammendment

Thursday, February 19, 2004

Who could ever imagine that in the town and state founded by Roger Williams on the philosophy and promises of civil liberties, that the ideals of the First Amendment would come under such attack? Yet Rhode Island Governor Carcieri is pushing the adoption of a bill (pdf) that, if passed into law, would significantly limit some of the core freedoms many take for granted in this nation—freedoms for which Rhode Island has a long tradition of defining and protecting.

The bill in question seeks to limit the right to assemble and the right of free speech. It could also limit the right to petition—all rights defined and guaranteed in the first amendment. The act is primarily modifications of existing, outdated and probably unconstitutional acts dating from the period immediately following World War I when many ant-anarchy laws were enacted across the country. Most states have long since overturned those laws either through court decisions or legislative action, but in Rhode Island (where they are still on the books) the Governor is seeking to expand those acts into a new and chilling Homeland Defense act: “§ 11-43-12…Any person teaching or advocating…opposition to organized government,…disbelief in or opposition to organized government…shall be guilty of a felony and, upon conviction, shall be punished by a fine of not more than ten thousand dollars ($10,000), or imprisonment not exceeding ten (10) years, or both. ”

Will this come to pass? Hopefully not, it is already being opposed by Constitutional scholars and—not too remarkably considering Rhode Island’s civil liberties heritage—many private citizens who are assembling and voicing their opposition. Even if it does come to pass, I doubt it could stand the scrutiny of the courts. But better to not let it reach that point at all. As obnoxious and insulting as the Patriot Act may be, this proposed bill is even more so. I hope the citizens and legislature of Rhode Island kill this proposed bill with prejudice and send a message to the lawmakers around the nation that the First Amendment must not b sacrificed to attempt to secure a small portion of a (false) sense of security. Whats more I hope the legislature of Rhode Island sees the danger of having the old (and arguably unconstitutional) anti-anarchy laws from World War I still on the books, even if they have not ever been challenged in the state courts (probably because prosecutors chose not to use the law because they perceived them as unconstitutional and knew they risked the successful conviction of a criminal by using a highly questionable law to prosecute them when other laws existed that could be used to obtain a conviction.)

Also filed in | | Comments (0)

After 6 months Microsoft confirms: We have a big security hole! (aka CERT TA04-041A)

Tuesday, February 10, 2004

Well it took them six months to confirm and report it to all the government, corporate and home users out there, but Microsoft has in fact confirmed that they have a new security issue—one that can be used to gain system privilidges (aka root) of any server or workstation machine. Makes me all warm and fuzzy knowing that the Department of Homeland Security and others rely on Windows servers and desktops doesn’t it?

So if you are using or administering any Windows NT / 2000 / XP machines, read the CERT warning and go get your injection of Microsoft’s mystical magic antibiotic updates (if you are using IE and a flavor of XP you can just go to the Windows Update Service). “Don’t worry… it works—trust us. We’ll keep you nice and safe…we take security very seriously, after all we studied this for six months to create these patches.” In all seriousness I hope Gates gets raked over the coals on this (especially the time issue) when he delivers a keynote speech in two weeks at a security conference.

Here’s the header of CERT’s Technical Cyber Security Alert TA04-041A:

Also filed in | | Comments (0)

Eclectic Echoes is Digg proof thanks to caching by WP Super Cache!