Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Two disturbing stories from the current world of INFOSEC

leave a comment »

Story 1

From HIPPA to Sarbox, a slew of regulations to protect customer and employee data force CIOs to step lively to comply. The punishment for failure to do so is costly and even dire. But once a company folds-and more are folding every week given the economy-what happens to that data? Who in the business and IT could be hit by the splatter if it all hits the fan?

“Certain companies have been disposing of records containing sensitive consumer information in very questionable ways, including by leaving in bags at the curb, tossing it in public dumpsters, leaving it in vacant properties and/or leaving it behind in the offices and other facilities once they’ve gone out of business and left those offices,” says Jacqueline Klosek, a senior counsel in Goodwin Procter’s Business Law Department and a member of its Intellectual Property Group.

“In addition, company computers, often containing personal data, will find their ways to the auction block,” she adds. “All too often, the discarded documents and computer files will sensitive data, such as credit card numbers, social security numbers and driver’s licenses numbers. This is the just the kind of data that can be used to commit identity theft.”

Ok, so to start off let me say this.. HIPPA and SOX are NOT regulations with real teeth to them. I know the regs and both are paper tigers. In the case of SOX, there is only one page that really barely touches on real “network” security and as such, it is useless where the infosec rubber meets the legislative road.

That said, lets look at the articles thrust on “your” data being left on the front steps or in the dumpster. Umm, there’s nothing new here kids. In fact, this has been the mainstay of many a hacker from time imemorial. Dumpster diving, buying old hard drives etc, have always been used to harvest data from companies that are too stupid to really care for their client data. All too often drives are found with data on them even before the big bust of our economy. The real difference now is that companies are doing this perhaps en masse because they are failing. Overall though, this is nothing new. So, Network World is a little chicken shit on this one…

The rest of this article can be found HERE

The second article is a bit more scary for me…

Story 2

The U.S. government’s H-1B visa usage data for fiscal 2008 shows that offshore outsourcing firms based in India are employing a growing number of H-1B workers — a hiring trend that is affecting the IT workforces in communities such as Oldsmar, Fla.

Oldsmar is the home of a technology center operated by The Nielsen Co., which measures TV audiences, consumer trends and other metrics for its clients. Nielsen last year began laying off workers at the facility after announcing in October 2007 a 10-year global outsourcing agreement valued at US$1.2 billion with Tata Consultancy Services Ltd.

And while Nielsen cut employees, Mumbai, India-based Tata was increasing its hiring of H-1B workers. Tata received approval for a total of 1,539 H-1B visas during the federal fiscal year that ended last September, according to government data released this week. That was nearly double the 797 visas that the outsourcing and IT services vendor received in fiscal 2007.

In Oldsmar, “they are still bringing in Indians,” said Janice Miller, a city councilwoman who lives about a mile from the Nielsen facility. “And there are a lot of [local] people out of work.”

Yeah, so as they decrease and lay off people in this country they are still raising the H1B visa numbers? What? You would think that after all the problems lately too with foreign industrial espionage this might be thought about twice before plodding ahead. One has to wonder about this especially too after the whole Fannie Mae Logic Bomb fiasco too huh?

Look, I am not being protectionist here, but, it kind of is endemic whats going on.. Shouldn’t we re-think this a bit? Just how are we vetting these people anyway? A porous border with Pakistan, all kinds of tribal ties…. Meh.. As this economy goes up in flames I am sure I will see more shitty silliness…

Written by Krypt3ia

2009/02/26 at 02:22

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: