Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Security Makes Me Sick



 By: Jim Rapoza
2006-03-13
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: When it comes to security, companies are taking the path of least resistance—and getting away with it.

Imagine you went to a restaurant for dinner and became violently ill. After a little investigation, you find out that some of your food was uncooked, that the salad was prepared with a knife that had been used to cut raw chicken and that the mayonnaise in the dressing had been kept in a broken refrigerator.

With all this information, you would think that youd have a pretty good case to get compensated for your medical bills and lost workdays—and that the restaurant would be in pretty big trouble with the health inspectors.

But youd be wrong. Instead, the restaurant would defend its actions, saying, "Hey, we did cook your food; we just didnt cook it enough. And the cook did wipe the raw chicken knife before making the salads, but it was on his apron. And, oh, yeah, the regulations say only that we have to put the mayonnaise in a refrigerator; they dont say anything about the refrigerator actually working."

Even worse, the authorities would agree, basically saying that the restaurant doesnt need to prepare food safely; it need only make a token attempt to do so.

Click here to read about how to stop security leaks before they start.

Resource Library:
Imagine the outcry if something like this happened? I can already see the coverage on my local TV news: "Local judge says its OK for restaurants to poison you. Full story at 11."

But when it comes to securing your personal data, a judge has basically decided companies can do the bare minimum or less when it comes to data safety and get away with it.

As detailed in an article on the SecurityFocus Web site (www.securityfocus.com/ columnists/387), a recent Minnesota court case involved a consumer whose personal financial information was lost by the company that handled his student loan.

It turned out that this company let an analyst load detailed—and unencrypted—information about more than 500,000 loans onto a personal laptop and bring it home.

It was no surprise that the analysts laptop, along with the personal financial data of all those loan customers, was stolen.

After the company informed customers about the data loss, one decided to seek reparations for the time and money he lost—as well as the fear that was caused—as a result of the companys negligence. So he sued.

Now, its not that this person didnt win that bothers me. Its the grounds on which the judge dismissed the case. The judge basically decided the loan company didnt really need to have good security as long as it had policies stating that it cared about security.

The judge also said it didnt matter that the data on the laptop wasnt encrypted because the pertinent law (the Gramm-Leach-Bliley Act) doesnt specify that data must be encrypted. In fact, as the SecurityFocus article points out, the law doesnt require that any specific security procedures be taken—only reasonable measures (which, I guess, means a user name of "admin" and a password of "password").

So, even though the loan company failed to meet even the most basic requirements for securing vital customer data, the judge decided it had done plenty and dismissed the case.

This relates to past columns Ive written about the dangers involved when judges and politicians who know nothing about technology make decisions that have long-lasting and negative consequences for all technology.

Under the strict letter of the law, the judge probably made the right decision. Thats because decisions such as this are based essentially on whether the defendant was doing what its peers typically do.

In fact, according to several studies in the last year, there are still more companies trying to get by with the security bare minimum than there are companies that take security seriously. So, based on the standard by which the judge was deciding the case, the loan company didnt do much worse than the average company.

As if no-responsibility software licenses werent bad enough, we consumers now have to face the fact that the companies that hold our personal data can lose it negligently and not have to face any repercussions.

And you know what? That just makes me feel sick.

Labs Director Jim Rapoza can be reached at jim_rapoza@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Security Makes Me Sick
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Jim Rapoza
 


x}r8s;iW1ŋvI-5m[KU-EB!)Գ~fMZllDf"H$#I"nZ΄\ܦdÀ>CO$wB}NUQR #7,(bP<HwO7n[Y0Ra᳙*,Q  tjOt0]2d6;k6!o4ekOh cߨ_X``1Zt|Rl j9iݓ \شY$)qHh] ]( Ѽ$pm<"Q}c QL NZ]"Z3ˆ辥$)5= \o4QL1H6}~8MZ Q+8VR0~b[4IƒN8CEnOuؾtwyHfjt˜HJo~cns(p}=\'BL}:n/EӝÌfؖqWth(ݑV* (GZPʍ#gCrL!-g©;hvnTUMSe{~] !GA GmGh[I#ZIkP\vOnzـ\>v..ɣ-N.|'[oLV)UjT:( Ԙ:b= u P%opK(ivdf1{PdXIc/YTUi w;ǃSҹtnotNΏo3do̲5<ZMӀ Zvf#?[ ֫۳kiOz7{#+|r>5M0\ܱ¬:֪V1?!MXCEC0JCR ?#3p;|io]8螐$˷Y>./!_w nr@ i/]"nKŗG)LY4C ! ,тmdƩ$|ǺzN3ߜjmT7oh2 f4 .έfh- @ho*K>LrM&@Sk~$GM\sb.L22z)mZ—W/(AK/-ڊ5|*(if){΀/3A.r)i! 6=aB+^,4l=j\כUsNVt];7eя1-+}י:)_=t;0*>cq4Y`I-. :oo:jj#1ß}524T G&-d`q86acJݤc}nE=><g 6aϨ>|鎓z>:AGAtišhέP7h`Cҋ;Lڠ 'pbdx: # 0f4&ztH۠h&rkIO7.[A0? { O`p\&{ xk= `DykwKGHb1LTM@#AX]7$>(@+9=PnȲc@|j Jg:;r-Ea1C.O)))/H.B$(ZȻ"!Alu [$t Xxl++~#y##!bRN[ '9Rv{B#CR\)̄rZ z)2ٜʬ$3Mf X*ȉ#o"0%X ,gZ X5ֲ fiZZOG4Mǖaf{@ZWge K0آwBrHC;Nt3Awp=7߄s ,0aEiŬ9g)9i|X#,TS ݜY,1%&B~aZ&4" 7uyE"yTXw%3Ͱ&q8G+oozfr&=|YzY۶h \MmUPS7˕L<+׬uPM g2)*[hs<8:(O7\EYbꁦ5XScX`Dazb8ugm/n)`V|\uΖMkͲG{_No6ʁveXZ @UYlc70Ԣ騬P|M$"!lsiͰ,C /0|Cb&^ethQuC|pöV/UK4LLYsX)Z-2{5k掭l0!.(2n( 进,9ق Yz>::O\%{`۩u3$8`ϟQ,C* R*}a3)403yb|Fȸ>qm?XĞ/t'L[Qz{=8`Tfha8lXb79HyäSI_(%UMHH~1:2.eX \k>Oa3,HS7Ϗ9(gdW%d)'HV/굄ЪZZAq{ 8tc}yWϷZfm^:4һL}6݁ \r/,|pZEN[O`cQ av05;?UJ?#2ByQYhw\rR2 S#ݹY$g8 MGFi$]|;P vfȭN6N1L Ma}QD ϓ1W5% d,fqNg0cp&vN{579,3?t\J :=Fh=Нt;Ǻq7X uLC-oc dS0=̞̝A-mۨ L Uav bȈCzfzJ$~ ~{qw?I L#{T*JZӳ$*+@:erz埍&~f?Н :w!aa="A`W{^i\#-0MC~WU/ozNe}Mqr`SRh3 J@FG$bw}Wsz^^OOW6zv9D2DH#r ze}J|wѻGE#{;z܉W, YG# B\t7 ǧ Ak;d4)(3~0<㥑a3+"m@PKsÙb9ki.Dz=t_5g0T h#)۵ޚ( V`!_bB!bNgG<؇AP#{ z H)'4ES|$;3^Ih !:Ua2"(BShDO§,sһis3Klo}AǯJN~NZ-g[M7S+t,c?]ѯ8ʆ=?UN:~$Br^'18/}hp)ޏH"21xc.A-6عN=$S4sJd":Q%;)~ڲOCT䵴f[UHO~D!qbwyAH0GW吜F\C=?r65m_f}z@Q'-gFq?Kȸt2Ti\'sX6 wѺB ?ݡC5=ICw5c1%/53 \:`ALup߁؉H*Ero5 78{Jn-cAɼ># ᛷG 6n2'|2JO$hשּ~Qƭo/VSYF=f/?c_;Ǎ>--8tǠY#Ҁ#K1M&ZQH**sᔤȌWNH&Xd17K0d&'q=+}#uooo=إ '֛<A'GLw5~@z@qw{gQJ=,qm@jjeIjR"y^[DHڃ}AuUN&6mt_c y‡i襎N</曂; a!3, а5MH!qG )4T8x l?|nwkJljl 41Qh9o٦h ["6a' fYOC,' ?%IVܱS,*_1;hVŗ3WOp&5;V)&5ŗ.o4y˭(L J »/Vxe[b4[8| vtf9J{~vːutǔnt:7=4}d 1| 7 ݶɅaه֢]j8:I1D7lQZ9W xcb!᧘HйB: %z3yo==Dpe8.)1usg?KyXe6 Km T&" d?zw%RRA {(Mɕ/mFZJV oJJIRKoӇr^{'̛3.宭KkH'D<Sb)XwzMSK,Fqƈ@t>`{S)lV:Wb/AP NĦ IU%-Φxp俆$XLpg3 dVU$d@bg?358XyΝ<fzZlԉ3ZiR~omRwd1mdtxp ,.JѨB\A'$;&tUh%SlP<*Z $RހQ-B}-DHA1*`+D[zMeV}1 2g, 2).N ] 6&.B] zIkTa@D"a=-m=^ -^V;ܶ u *UٚA׾u 0۩$U+FHR0OFw@]U 𐲑X xPxTLBō#^w&%Ycfxn eH@K T}1` %|HK){C1!pPI{baP< e쳗&RDӥWdvbu)1B$d{+}ԿJQ<)m`5vG4Crו}BbI4l&rf޻=bSsB2 S{^̖\Zz).e9]Ix1SdρD'(D=\ ,qX%'KU#o:[7m׽4EU=44>x&z[Ki*ijY-o9C"G8|ϦFL -YZg9J] mݡōV0ʍFx{8ZഈZ q ZJ%hc!S%lɉ/dduw0v=ZHmx41m fƄOl"A$H"aIOcP=\K(z[\x.{X8=:K70"1Mqn9sk[w"$yX P@n{IBXZЦ7iK;jy7O7O7O7O-7X0P>ׇO*B9o 9 N1 4W$~= "q~/%aڪL ˵qˁnH}x| =:|f GI_oi%HaAye|5ҷ z*:g_ڭ T+.(w :&1V>_"!HIV[ڶ(DM ;$@߿j}+ a.8qԖ赶b)&bW/yğ;ƴlhOXnBK{bv:H[ݾ >}eRO#tkE:< A H .mLJrҕ8_!؝nV?(J;7YWޭUnN>TwX|*xHܳ{YJ\H~=# \4 s=ݶ˒&⫽K(@%q/•[dx3wuy0Ɣ^⤘wmvXo ۩͍z,fER o Zߦm_ma}:"^j&/?*淵Og=]I6eb5Kqjl&DO؆_e ƗY'6iZIHgcS8wrhƊ8cYX[Ƴ@wFER M$=D`>_}nj&|Mw-E-~<#d/^"Ҷ85% d^lm/'Ib,b'rX,hELVÑBu}ų TQq Dt3nq`c~cGxqSL7cT"`26l[A\ۦ C755Ns MJ(aVRcWF%3z J 0;CX^qiP>0&I"F4Gcu\_SS[WZo[#rd! `,%7vEa,`8(ĒI g{(h#8࿬lqn2\93͒EˉtCSc%5S) ub? @,utIkb"K]ɖ1xy[/>Lz'5aLz6P;IU6'a|Q¥+@*VH5isksM<֜>7-yM13цX50yfB׵Ga^vD7be|W@O[fkhP♛U$֝uؓRc:-:fp̖@c,-k7o".IvZ1L[+x6_f~R!gI] 0!4loV/ժsZ֏E=4g|f O\YkJMU0}j;qgwwr <3viMsBK.kXl7 #W*ZTf0辽 m0 Hч%S1"kF%.a\lGN$ ~#;Fǯs#@N cˡWq\z$ zv0%S4X> kh㽻WԄm% DXceNBN}NLUtmЭT2@~j 4Zu-u/ sF@YfGP56WD:iuX C{A:`й飇U #v ^<3]~ h >zQQtLJ>@Nzl0W^-YCOˮB3䏃 O馾!F|1GB(׼9$#EwFsU_i(% cDRwrO0ឩTܘVdL4"&(qTik$ {k&(?,q֏D {GLƙ;fSZ,lv_$)FKC:E T&}fA=bAa~L­!MOM)Qw3ĒE7m<; s`EPf00a|L?gQ|O^F# 3+f)u n9 :j@ g>򽉑0u9,2usx\fH֎M$Ѕ:x,@#!9ω1a]M-#Y* AaP8Z  +z+uT'I]WP)9CȮ KTU:|.Oa@byݬd/oE\iJdR. ?h$@쌆xɾx t0 c3brLun$OwC!ۻ"ǝ-¶-j=uN??u:7ݫAufvv>4m^kLJry:2 gWSr3\h^EqɃw]d;</&rԝœ(?.E_CĸҫSm0LLsOOo:O֖C|zƫx]jyf MPЦ?h1cBjs@1@C|\tNw)"z_m_;^ @6pj;彜rSi'O6}r>?@B뼻{ZhuOsʡݜ{S~K?\~/rl׺K2K{CKe}./?/s2?QFrsϡs ro(_r#+>1~P~W{ÿmN9$)gvqv*esS^)sR}~ )PWg9 (gUsVڭ^Va{Cj{U_?Gޫ@OI{};M+ťfW*7yKxM}%kg[F1iu}WG{1:,y& )htVydSrbye?VRRw;]Cڤ\z.{]W[O'ikz(#s<2g)h{U26#{":$ƨ*AD1KAA0_w9ݧ,O ;H_ẽxĿ/NÙgݞރ}nC7Vn@xxO5iSpxg?9/yd֦WVFZkp'k͠?~%k"L^P`26UF` Ԋz!J1 4`֭tK_c(wp EЧ /v̦H˘E͛YʌMMu?/{_ۉ #Hf@2b/`{z=8˘y0`96VI2hؐMK؊9N-#G N>@&L™#wJX&3$W !=7cUrߣQ'x-(B:=A>|#N .LeSzy ;ċ"8,_bٴdi~^Pk`VϹeq-c6O-5U,%w|\tfɉ|!٫30BRheNY(08[]^ṀA: \oƒI`a\m8ĊI8q0݁u>H?70e4Ɲ1 sp01@xR|SLi=z l :o=FӴo"9ݜţ:aѡ(Yc{XmD823jw^\!Uh]XnOP;7wt%r!mc>m=]wvl#knܙ%a1H_nU (OP"q}$!3Fqs4I(KESX^[#r/HDπnuM$f@gYl)VxRDRpnmɃ+(\d~d;Tnw[1:Oe;BI<ŗ<>,D*9"[Io %Q@EikI/?H3軉Wd쥽%}Yq v.}xFʫu\z$rnR/9"% oPmJ0G`w ,CQ6L`>Nc? `nwf9cˎ Mm'#8">ؾ lQF޺qml.; +C&bz:SA\W .+b#(. D ћKt_%$~lz$_Oxƪ~SQxr=' d m-IS`oA}^nT02+1<&`cܢ_\nP\jӟf͙J.RTnbbq 8gf;i : Ǣ8&U]#6sQ/uOׂ}Q'a|d[t-k^FzL!Ү\)Vcʕ.Sܟ?Ba҇fFHk^zXݿ&gPsh݆G0ޏwPV|@xSa JvE=b\ Ѩip[TUDnns^koycE]E>*Ѝ ϰ1igNbcb@x=f_qxFN|L/X:l g)C2^#s!?"LnH2m^^kte(n aaXc1af[W`0.<,(`F,Lv"VTHkMΡmbqR!*acL 1L\U,R.7Wv!Zu΋|_E>ODNű<<Sf}')VSL_X1_,P>I&g\%ƕEySq||\WXYj /yH%H}Sw QFk'O(Uƥ2}>8\S|һ$`gd/=nT*(K ӻ9dA0}u{>]/7 ~k Whc<3xL -2VjwN㛾VtƦI:1qzPVs(1{l~ [)#Us̥D/5^JC\sjx6 }Tar4~XXqg;f†[hx.b&;f1ԲőÜ(