Thanks to Network World for inserting a link in the middle of Dave Kearn’s article, leading to an intriguing slide show, “10 Worst Moments in Network Security.”

Ranging from

“Digital Equipment Corp. marketing guy Gary Thuerk gets technical assistance to send what’s regarded as the first ‘spam’ message to thousands on the government-funded Arpanet”

to

“Societe Generale, the large French financial services firm, discloses that one of its low-level options traders, Jerome Kerviel, has committed stock fraud worth an astonishing $7 billion, the largest in history traced to rogue trading.”

this slide show provides a somewhat nostalgic, but provocative view of bad stuff happening out there in cyberspace.

Dave Kearns of Network World posted a thought-provoking article today,  “Data breach demonstrates need for access control policies.”

Highlighting a case where a tax collector in British Columbia, Canada, used government computers to look up “private tax files of hundreds of high-income individuals, apparently in the hopes of hitting them up for a business she ran on the side,” Dave observed:

There are so many things wrong here.

1. Why weren’t controls in place to prevent, or at least raise a flag, when an agent accessed files randomly? Were they at least audited?
2. Why did it take four years for someone to realize that there were shady dealings going on?
3. How did CRA determine the "risk of injury"?
4. Why aren’t the affected parties notified whenever there’s a breach?

In light of increasing government regulations covering data breaches, and hard evidence that the number of data breaches continues to grow, companies can be well-advised to

“review your governance, oversight and access control policies now — before your organization features prominently (and ashamedly) in a newspaper headline!”

The 2010 Data Breach Investigations Report covers a study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service.

In some ways, data breaches have a lot in common with fingerprints. Each is unique and we learn a great deal by analyzing the various patterns, lines, and contours that comprise each one. The main value of fingerprints, however, lies in their ability to identify a particular individual in particular circumstances. In this sense, studying them in bulk offers little additional benefit. On the other hand, the analysis of breaches in aggregate can be of great benefit; the more we study, the more prepared we are to stop them.

Not surprisingly, the United States Secret Service (USSS) is also interested in studying and stopping data breaches. This was a driving force in their decision to join us in this 2010 Data Breach Investigations Report. They’ve increased the scope of what we’re able to study dramatically by including a few hundred of their own cases to the mix. Also included are two appendices from the USSS. One delves into online criminal communities and the other focuses on prosecuting cybercrime. We’re grateful for their contributions and believe organizations and individuals around the world will benefit from their efforts.

With the addition of Verizon’s 2009 caseload and data contributed from the USSS, the DBIR series now spans six years, 900+ breaches, and over 900 million compromised records. We’ve learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report proves helpful to the planning and security efforts of our readers.

This document, Open Trust Frameworks for Open Government, is about a year old, but still provides an excellent overview of how OpenID and Information Card technology are being applied to provide citizen access to government websites:

Open government requires a way for citizens to easily and safely engage with government websites. Open identity technologies—specifically OpenID and Information Cards—fit this bill. They make it easier and safer for citizens to register, login, and when necessary share personally identifiable information across different websites and services. To bring open identity technologies and open government together, the OpenID Foundation and the Information Card Foundation are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

 

Note: originally published on ILoveFreedom.com.

According to a recent post in the International Business Edge, the small town of Sequim, WA, has an Identity Crisis … big time:

“The U.S. town of Sequim, Washington has long claimed that ‘in the native language of the S’Klallam tribe, ‘S’Kwim’ means quiet waters,’ as indicated on the town website. However, a linguist recently revealed that a correct translation would actually be ‘a place for going to shoot.’”

“Quiet Waters” or “A place for going to shoot.”  Quite a contrast, don’t you think?

For more insight, you can Listen to the story on NPR.org or read the article by the Associated Press.

With shooting potentially involved, I wonder why NRA.org hasn’t picked up the story!

Note: originally published on ILoveFreedom.com.

Have you ever visited Uzbekistan?  Me neither.

I may never go if I need to rely on the Uzbeki (is that a word?) national airline, whose billboard ad wishes us “Good Luck” as an airliner disappears into a dense cloud with apparent snowy weather ahead.

Thanks to The International Business Edge for pointing out this fun example of a somewhat misguided effort at language translation.

By coincidence, I stumbled today across a second encouraging article about this fine country.  The Kansas City FBI office reported today that “an Uzbekistan national pleaded guilty in federal court today to his role in a criminal enterprise involving illegal aliens working in 14 states, including employees at hotels in the Kansas City, Missouri area and in Branson, Missouri.”

Maybe this fellow and his cohorts were so scared by the prospect of the flying Uzbekistan Airlines that they came to the United States and took up smuggling illegal aliens instead.

Presentation by Gerry Gebel of Axiomatics at Kantara workshop. Includes good overview of XACML and coverage of v3.0 enhancements.

I have added a new feature, “Source Doc”, to the Discovering Identity blog.

I frequently come across source documents on the web that are relevant to the Identity Management / Information Security community. I don’t have time to blog about each in detail, but want to provide a way to announce that I have found the documents and provide a way to easily find them again.

A new category “Source Doc” has been added to the blog, so these documents can be easily selected via the “Select Category” drop down list box.  They can also be found by searching for key words.

My previous post is an example of a Source Doc post.  It references a presentation I stumbled across this morning.  I hope you find it useful.

Presentation by Ashish Jain, Andrew Nash and Jeff Hodges of PayPal Information Risk Management at OpenID Summit, 2 November 2009.

Jared Dudley, you inspire me!  You really do.

For my second sports blog of the day, I share with you three tweets that reveal why Jared Dudley succeeds.  Jared is a go-to bench player for the Phoenix Suns.  He has not been blessed with superlative talent.  In the high-flying, above-the-rim style of NBA basketball, he can barely dunk the basketball.  But the kid works, and works, and works … and his persistence pays off in games.  Time after time, his coming off the bench inspires the team to new levels of effort and performance.

A bit of his secret?

At 11pm on Tuesday night earlier this week, in the middle of the summer, Jared was watching film, trying to figure out how to improve his game.  He shares his thoughts with us:

Every night I been watching film on the top players I have to guard. Tonight is Kobe and the Lakers. It’s cuz of him I’m goin on this diet lol

I’m watching this WCF vs lakers, and Kobe can wear u down..Right when i thought I had some of his moves down he shows me something new

My thinking is I’m not getting any taller or a longer wing span.. So I better get in the best BBALL shape possible.. Back to the LAB

The best BBALL shape possible.  Yes, we can learn from that.  No matter where we are, or what we are doing in life, we can improve our performance, regardless of physical constraints that would hold us down.  We need to study, and work, and study and work some more.  Then, we can rise above our limitations and achieve greatness.