Techie news doesn’t always make it to print. And sometimes if it does, it comes late. This past Sunday Buffalo News caught on to a story that’s been brewing since late last year (probably found it under a just melted snowbank). You can’t purchase an iPhone with cash. I never realized the fact since we bought our iPhones (yes, that’s plural) on a credit card. But that’s not much different from any of my other purchases (see “AmEx Points” or “AA miles”). So truly, if Apple is denying cash for a purchase, they MUST be using any one (or a combination) of the attributes that your credit card gives them, versus those good ole greenbacks in your pocket. But why?

Read more »

Filed under: Anonymity, Mobile Access, Privacy | 1 Comment »

It never fails. I always find a way to get into the shortest looking line at the grocery store, which turns into a 20-minute wait. I watch the lines around me empty. *ugh* I’m not sure if it’s a guy-thing, or more personal and some kind of genetic-defect. Regardless, it gives one time to think. So as I stare at the incredible price I’m paying for cereal thinking, “how could I make my own cheaper?” I glance at the person ahead of me and identify the problem. She’s writing a check. A CHECK! “Who does that anymore?” I mean, we’ve had credit and debit cards for how long now? Since the ’80s??? But maybe she’s on to something… and doing a better job of protecting her privacy than I am. Read more »

Filed under: Anonymity, Privacy | No Comments »

In the hierarchy of security, keyloggers were once considered small potatoes. The threat was deemed unlikely, and almost fanciful. Not anymore. Keyloggers are everywhere. For those new to the area, a keylogger does just what it sounds like — records keystrokes — which can then be played back. For those who can remember, it’s similar to a typewriter ribbon, which had an imprint of every key pressed and their order - a literal scroll of all the work done on that keyboard. Only digital keyloggers are a heck of a lot easier to read back.

Keylog output is scary — plain text of your IDs and passwords, your instant messaging, your private emails - it’s all there.

There are two types of keyloggers - software programs and hardware. The software programs can be detected (usually) with anti-virus/spam or even specialty keylogger-detecting software. The hardware loggers are much tougher. To catch these, you need to do a visual inspection of your keyboard and check for a dongle like this but even worse is one of these - the keylogger is inside the keyboard. (makes me wonder about trying to ’sniff’ my wireless keyboard/mouse combo… looks like it can be done, thanks to this article…) Read more »

Filed under: Legal, Privacy, Security | 2 Comments »

Every once in a while, we get one of those “I coulda had a V8” items in the news. The recently announced Lending Tree breach appears to be one of those. From the reports, Lending Tree files were breached, and full credit files were sold to both other mortgage lenders, and to criminals.

These kinds of reports barely qualify as news any more – they happen so frequently they fall in the category of “Dog Bites Man”.

I like this story though, because it’s such a great example of the type of problem that can be prevented with Identity Management software. Lending Tree wasn’t “hacked” per se. Authorized users left the company, but the company didn’t terminate the access and application permissions of those users. Those (ex)-users then stole the company confidential information.

The basic function of IDM services is to provision and DE-provision users. When someone leaves the organization (for whatever reason), you revoke their privileges- that’s just basic common sense. It’s easy for organizations to handle the physical security aspect of a departure — it’s easy to be quantitative about a stapler, file folders or access to the building — so they require building security to escort the individual off premises, and to retain their badge/key/keycard.

But when it comes to digital credentials and systems access, very often there is no one to revoke access.

Automated provisioning software from folks like Novell, Sun, IBM Tivoli, Oracle — all allow an organization to automatically de-provision users, and it check for improper and orphaned accounts.

Dilbert’s company might want to invest in some Identity Management software (in today’s paper) –

Filed under: Identification, Privacy, Provisioning, Security | No Comments »

I was having a rant with a colleague the other day about privacy and anonymity. It started with a comment that the Aussies were in a tizzy because the government was going to make it legal for businesses to monitor employee’s email. I was reminding my friend (who didn’t need reminding) that it’s been that way in the USA for years. Your communications and actions have no expectation of privacy in the US workplace.

In the biz, we define Privacy as the release of personally identifiable information. But that’s not the way most people think about it. Most people divide their world into three buckets:

• Things they do alone
• Things they do with selected others
• Things they do in public

And, no they don’t ‘consciously’ segment this way, but it does describe their basic understanding.

Things done alone are typically done because interaction creates distraction from the task at hand (reading, prayer, etc.) or because of cultural mores (bathing - in some cultures, but not others; bio-break functions, etc.). Read more »

Filed under: Anonymity, Identification, Privacy | No Comments »