Technical Tips From A NYC IT Consultant

By now, you may have heard of the security breach at mass email marketing company Epsilon, where the names and email addresses of thousands, if not millions, of people have been stolen. The current list of companies include:

• 1-800-Flowers
• AbeBooks
• Ameriprise Financial
• Barclays Bank
• Best Buy
• Brookstone
• Citibank
• Disney Destinations
• Hilton Worldwide
• JP Morgan Chase
• Kroger
• Lacoste
• Marriott International
• McKinsey Quarterly
• New York & Company
• Robert Half
• Target
• Tivo
• US Bank
• Verizon
• Walgreens

The warning emails are starting to role in. This one from Target:

When will it become Standard Operating Procedure, and an industry standard, if you are storing customer info, to store it in an encrypted database! It can’t be that difficult!! The money you are spending on the resulting PR, could probably have been used to secure the database.

I blame, not only Epsilon, but also the companies that dealt with Epsilon for not making it a requirement that the customer info be encrypted.

I have to say, if this is true, it’s pretty impressive in a Big Brother sort of way. Basically, China is monitoring your phone calls. If you say a naughty word like “protest”, your call will be dropped. From the New York Times:

If anyone wonders whether the Chinese government has tightened its grip on electronic communications since protests began engulfing the Arab world, Shakespeare may prove instructive.

A Beijing entrepreneur, discussing restaurant choices with his fiancée over their cellphones last week, quoted Queen Gertrude’s response to Hamlet: “The lady doth protest too much, methinks.” The second time he said the word “protest,” her phone cut off.

Read the full story @ NYTimes…China Tightens Censorship of Electronic Communications

Man, security is getting tougher. When the servers at a well known security firm get hacked, we need to rethink our security protocols and business practices. From Sophos/Naked Security:

Hackers have broken into the servers of RSA, the security division of EMC, and stolen information related to the company’s SecurID two-factor authentication products.

Read the full story @ Sophos.com…Security firm RSA warns that its servers have been hacked | Naked Security.

Time to revisit your facebook privacy settings again:

Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users.

Read more…Rogue Facebook apps can now access your home address and mobile phone number | Naked Security.

President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.

If it weren’t for the Wikileaks debacle (nice security there guys!), the fact that government programs can’t be financed properly (Social Security, Medicare, the Postal Service!), I’d say ok, let’s give it a try. But not with this government. Me no trusty.

But they say:

Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential if I don’t want to,” he said. There’s no chance that “a centralized database will emerge,” and “we need the private sector to lead the implementation of this,” he said.

Yeah right. But ultimately, we won’t have much of a choice if you want to do business online.

Read more…Obama Eyeing Internet ID for Americans – Tech Talk – CBS News.