Sunday, April 24, 2005

Google Satellite Maps... and Other Sensitive Locations



Click here for AmazonHere's another high-res image of a reactor (hat tip: B) at an unspecified location. There's really no reason I can think of not to obscure the satellite images of these venues.

Photo
Refinery at an unspecified location
And here's another candidate for obfuscation: refineries.

Just a few weeks ago, the NRO's Frank Gaffney wrote about the national security concerns related to refineries:

"This nation is dangerously vulnerable to severe economic dislocation and possibly dire national-security threats as a result of its excessive reliance on imported oil and the infrastructure that transforms most of that oil into fuel for our transportation sector... the limited number of aging and, in some cases at least, increasingly dangerous refineries is but one aspect of this vulnerability..."

Once again, I'd recommend that you do as I did and contact Google to request that certain venues -- like reactors and refineries -- be rendered in extremely low-resolution.

Google Maps: Contact Google
 

Holy Shnikeys



Click here for AmazonFor the love of... I happened to revisit Tony's A.J. Quinnell page yesterday. And what I found there was truly a surprise - and a gift.

You may remember Quinnell, if only indirectly. He is the author of Man on Fire and eleven other works of "fiction". I quote the word fiction simply because so much of what Quinnell writes about is based upon historical fact.

Man on Fire, of course, was recently made into a Denzel Washington film. Washington starred as Creasy, the quiet, deadly ex-mercenary. Broken down and alcoholic, Creasy is offered a position as a bodyguard for a wealthy industrialist's adolescent daughter. When the daughter is kidnapped, all hell breaks loose in this novel of redemption and ultimate revenge.

There are no better books in the this genre. In fact, it is a travesty that any of Quinnell's books are out of print. All of them are five-star, without question.

Want a free sample? The surprise that I discovered is that Quinnell has released a Creasy short story entitled Gladiator. Read it and then buy the rest of his books.

A.J. Quinnell: Gladiator: a Creasy Short Story; Embassy of France in the US: The French Foreign Legion.
 

Saturday, April 23, 2005

Google Satellite Maps... and Nuclear Reactors



Click here for AmazonAfter noting the obfuscation of the U.S. Capitol Building in Google's satellite maps, I decided to see what else might be similarly obscured. Whether at the behest of DHS -- or simply because it makes sense -- I would expect Google to render certain areas of the country somewhat opaque.

Consider nuclear reactors, for instance. I can't think of any good reason to show high-resolution detail of a reactor and its surrounding environs. So, for the heck of it, I tracked down the reactor (and I won't mention the location) pictured above. At least, I'm pretty sure it's a reactor. Email me if you recognize it as something else ("Ross, that's an amusement park in Beaver Falls, Minnohsota, you maroon!").

In any case, I'd recommend that you do as I did and contact Google to request that certain venues -- like reactors -- be obfuscated. Let's not make a bad guy's job any easier.

Google Maps: Contact Google
 

Google Satellite Maps... and the Capitol



Click here for AmazonHere's some evidence that the folks at Google have brainstormed with the U.S. Government, or at least just DHS. And this is a good thing. The accompanying image is Google's satellite map image of the U.S. Capitol Building. Note the pixellated, lower-resolution of the Capitol building and its surrounding area. Hopefully this is indicative of serious air defenses and other countermeasures that can be used to fend off suicidal dirtbags like Atta -- who is certain to be roasting in hell at this very moment -- and company.

Google Satellite Maps: Capitol Building
 

Google Satellite Maps... and Area 51



Click here for AmazonHere's a blogger that (a) has entirely too much time on their hands; (b) an almost voyeuristic interest in Google's new satellite mapping capability; and (c) apparently thinks the movie Independence Day is a documentary.

So tonight I spied on Area 51
 

Letter to Senator Voinovich



Click here for AmazonHere's an open letter to Senator Voinovich, which has been copied to his office. I would encourage you to write similar letters (either email or hardcopy) and call his office to register your polite complaint regarding his mini-rebellion. His office phone number is 202-224-3353.

Senator Voinovich,

I would like to register my extreme disappointment with your handling of the Bolton nomination.

The U.N. has proven itself to be relentlessly corrupt, willing to prey on the innocent, and unable to marshal any meaningful support for millions of true victims throughout the world.

Into this mix is thrown John Bolton, a man who speaks his mind and will not back down to those at the UN who have such egregiously poor track records.

President Bush supports John Bolton. I expect any Republican Senator worth his salt to do the same. Here's hoping you get realigned with the President on this issue... and fast.

Many of my peers in Ohio are similarly outraged regarding your mini-rebellion. I can assure you that we will remember this incident during any campaign in which you choose to engage from this point forward. And we will work hard either for you or against you based upon these actions.

Sincerely,

Doug Ross


Contact Senator Voinovich
 

Friday, April 22, 2005

A Soundless Sound System



Click here for AmazonElwood "Woody" Norris pointed a metal frequency emitter at one of perhaps 30 people who had come to see his invention. The emitter -- an aluminum square -- was hooked up by a wire to a CD player. Norris switched on the CD player.

"There's no speaker, but when I point this pad at you, you will hear the waterfall," said the 63-year-old Californian.

And one by one, each person in the audience did, and smiled widely.

Norris' HyperSonic Sound system has won him an award coveted by inventors -- the $500,000 annual Lemelson-MIT Prize. It works by sending a focused beam of sound above the range of human hearing. When it lands on you, it seems like sound is coming from inside your head...


One use for this technology I haven't seen discussed is telephonic. In a car or on a plane, wouldn't it be nice to talk quietly into a directional microphone while listening to a caller? While handling absolutely no equipment?

Inventor creates Soundless Sound System
 

What really happened in Deadwood?



Click here for AmazonI'm a serious fan of the hit series Deadwood. And that's saying something, given that I watch about two hours of TV a week. The show is a multi-layered drama based upon real events that transpired in the late nineteenth century near Deadwood, South Dakota. The town erupted as gold fever infected the region, which signalled prospectors, charlatans, officials, hoods, and every combination thereof to attempt to take a piece of the action.

And if there's a better actor on the planet than Ian McShane, pictured above, I haven't seen him.

In any event, I just happened upon a site that distinguishes the historical from the fictional in this outstanding series:

What really happened in Deadwood?
 

The Glamor of Travel



Click here for AmazonTed Neward, who I discovered through Pete's blog has an exceptional description of the true glory of business travel. Ted is a hardcore trainer in the enterprise OO area (i.e., J2EE and .NET) and therefore has a tough, yet rewarding (on multiple levels), road to hoe.

Ted Neward: The Glamor of Travel
 

The Daily Worker: Kos



Click here for AmazonThe Daily Kos site (no link, intentionally) is the premier home of the anti-American, left bank moonbats. In a delicious irony, Kos is not only the leading paid blogging panderer for the Democratic party but also has a stunning "oh-fer" record. Every single candidate he raised funds for lost their elections... some in absolute landslides. Candidates would probably be better off paying Kos for his non-support... or perhaps his endorsement of an opponent.

And if you think I'm being a tad harsh with the "anti-American" sentiment, rest assured I'm not. Nearly every instance of death in Iraq is highlighted on his site and, in some cases, glorified while news of any victories for the Iraqi people is not-so-mysteriously suppressed. Oh, and Kos pays lip-service to our troops... while villifying them indirectly.

Charles Johnson at LGF has been playing close attention to Kos' behavior. His history of censorship and information suppression... changing links and content... are the classic tools of socialists, communists and/or leftists the world over. Kos is no different, one must assume from his behavior.

Markos Moulitsas Zuniga of Daily Kos has done his best to make it hard to find the comment he posted on April 1, 2004, about the Americans who were torn apart and hung from a bridge in Fallujah. He erased it from the Google cache and the Internet Archive, and redirects the “permalink” on the page to an unrelated page at his site, but I managed to find a URL that still works—until the Daily Koward notices our referrals: Daily Kos: Corpses on the Cover.

Every death should be on the front page (2.70 / 40)

Let the people see what war is like. This isn’t an Xbox game. There are real repercussions to Bush’s folly.

That said, I feel nothing over the death of merceneries [sic]. They aren’t in Iraq because of orders, or because they are there trying to help the people make Iraq a better place. They are there to wage war for profit. Screw them.

by kos on Thu Apr 1st, 2004 at 12:08:56 PDT


UPDATE at 4/21/05 10:06:04 pm:

To see Kos’s back-room machinations at work, click the date next to his name at the bottom of the post, which is supposed to be the permalink to his comment, and see where you end up.


Daily Kos' Elusive "Screw Them" Comment
 

Thursday, April 21, 2005

You can't coach height



Click here for AmazonHow about a 7 feet, 9 inch center? Despite his immense physical size, Sun is definitely no lock for an NBA roster slot. Just being able to look down on Shaquille O'Neal... or even Manute Bol... isn't enough in the premier league of hyper-athletes.

Sun Ming Ming, whose head measures above most door frames, follows Keith Gatlin into Fitness by Design for a late morning workout.

Ball in hand, Sun, 21, muscles his 350-pound frame into training partner Dshamal Schoetz, a 7-footer who played at Greensboro College who is nearly nine inches shorter. Sun pivots and places the ball firmly into the hoop. Swish.

Photo
Sun's grasp on a basketball resembles most people holding a softball. (Joseph Rodriguez)

Sun, who is from Harbin, China, is training in Greensboro for a shot at the NBA. His agent, Charles Bonsignore, paired the prospect up with former client and former professional basketball player Keith Gatlin. Gatlin, a managing partner with 334 Sports, a local firm that trains athletes, has worked with Sun for about five weeks.

"With his size, that intrigues everybody," Gatlin said. "He can really shoot the ball to be that size. The challenge for him now is to get mobile, to get up and down the court."

Sun also can handle the ball and has a sweet outside shot that swishes with the quick flick of his wrist. When it comes to dunking, he doesn't need to leave the ground.

Basketball, Gatlin will tell you, is not Sun's problem.

Sun's weakness is his flexibility and his lack of weight training. While playing for the Junior Olympic team and then Da Qing, his province's club squad, Sun never lifted weights and is just now building upper-body strength...


News & Record: Nearly 7-foot-9 player from China training for NBA in Greensboro
 

Wednesday, April 20, 2005

Enemy of Jihad



Click here for AmazonInteresting remarks regarding the new Pope by an LGF reader. And, no, once again the mainstream media doesn't have the story -- the blogosphere does.

From my conversations with him in the late 70s, when he was archbishop of Munich, I learned a few things about him:

1) That he hated the Nazis even during his short time in the Hitler Youth. He was a nominal member, but was exempted weeks after his compulsory joining because of his fragile health and studies in the Catholic seminary (many boys actually joined Catholic institutions to avoid service in the HJ.) His teen years had a lasting effect on him as he was able to see the difference between reality and what the Nazis taught. His love for truth and being truthful all the time stems from this early experience.

2) He was a progressive Catholic in his early year (played an important role at the 2nd Vaticanum), but the intolerance of 1968 made him change his mind. He abhorred communism and the carefree nihilist thinkings in these times and became a conservative, but not a reactionary, as many claim.

3) He saw the dangers of Islamic fanatism in the 70s already. Khomeini was a menetekel for him. At this time he didn't see Islam so much as a threat for Europe (yet), but for Asia and Africa.

4) He is more a friend of the Jews than most other Catholic priests. I remember him saying that Christians and Jews are on the same direction to salvation, just on different paths. Islam instead was an aberration that would lead humanity into a religious "dead end street" (Sackgasse was his exact word). He strongly favoured a rapprochement between the Catholic and Jewish faith, but didn't see any common ground between Christianity and Islam.

Latest proof of this was that he strongly supported John Paul II travel to Israel but did have a big headache about that voyage to Damascus. I doubt you'll see Benedict XVI visiting a mosque... ever. And he sees Turkey as a big religious threat to the judeochristian identity of Europe.

He may come across as the Great Inquisitor, but he has never refused discussion and arguments. He is firm on the "essentials" of the Catholic faith. The German Catholic professors he suspended clearly violated the essential principles of Catholicism. He is an extremely intelligent, bright personality... a bit shy with people though. He won't pretend to have the charisma of JPII.

And yes, I think, we'll see a few surprises from him in the next years. I had to chuckle when I heard the Chicoms demands today. Oh boy, they are messing with the wrong guy here.

Benedict of Nursia one restored the Christian faith in a devastated Europe. Commentators have focussed much on Benedict XV as the closest role model of Ratzinger. But I think he's much closer to Benedict XIV.

http://www.newadvent...

And yes, he loved the "Apfelmaultaschen" (pasta made with potato flour, filled with apples and powder sugar and cinnamon on top) my wife prepared for him :-)

They look like this:
http://www.donau.de/...

I guess you won't find this detail on CNN :-)


LGF Comments: Enemy of Jihad
 

Tuesday, April 19, 2005

Antiques Auction Gets Punk'd



Click here for AmazonIdea for Saturday Night Live skit:

Scene: Antiques Auction in Memphis, TN. Lester Stack is a Nashville resident visiting the convention center. He is in line, carrying a painting of Elvis Presley -- the bloated, druggy Elvis from his later years -- on black velvet in an inexpensive, seventies-style wood frame. Lester is wearing a partially tucked flannel shirt, ripped jeans, and a cowboy hat. His cheek is bulging with chaw.

He is called out of line by Marcus Whitby III, an elegantly dressed gentleman who represents St. Michael's Appraisals of Manhattan. Whitby is immaculate, from the folded blue silk kerchief tucked into his Yves St. Laurent suit, to his Bally shoes, and his Brioni tie.

After introductions are made, the filming of the Antiques Auction segment begins:

Whitby: Mr. Stack, could you tell me how you acquired this piece?

Stack: My pappy gave it to me when I moved out of the double-wide into my own trailer. He said I needed something to decorate the walls. It's my favorite piece.

Whitby: Did your father ever tell you how he came across this work?

Stack: He won it in a card game, I think. Either that or he wrestled Bobby Joe Milton for it.

Whitby: So you really don't know much about the provenance of the piece?

Stack (stumped): Uhm... I guess... not.

Whitby: Let me tell you what I can determine... (turns painting over) we can see from this label and marking that the piece was resold, probably in a pawn shop. Note the label is from "Cash's Pawn" in Corbin, Tennessee. However, if we turn the painting back over to the front, notice the faint initials of LK. This is what we, as appraisers, yearn for. The lost painting of Elvis by Lucas Krypsuwski.

You see, there have been credible rumors for decades that the genius, the master, Lucas Krypsuwski had painted a single work of Elvis in his later years on black velvet. But no one, until this point, had ever substantiated this claim. No such picture existed so far as we could tell.

But, you, sir have found something we have longed for, yearned for! The proof that the genius Krypsuwski actually created such a work before he died in the great Milan-to-Paris train wreck of 1968. Yes, Krypsuwski, who painted the unparalleled masterworks of the "Orphan Backpacker" and "Still Life with Gin & Tonic"... (pauses, almost beside himself with joy)... well, I'm flabbergasted to see this lost painting found... and in such stunning condition!

In any event, can you venture a guess as to how much you think this is worth?

Stack: Uh... a grand?

Whitby: I won't keep you in suspense. The last time a Krypsuwski came up for auction, we recommended starting the bidding at $150,000. By the time the Japanese collectors were finished fighting for it, it sold for $275,000. And that was not a special, absolutely unique work like this one.

If you were to have this insured, I would recommend that you do so for a figure of $750,000.

Stack (speechless, mouth ajar): Uh... wow, holy sh*t, I'm rich! I'm rich! I'm frickin' rich!! Hey, boss, get stuffed, I'm quittin' - I've always hated you! You suck! Take your job and shove it! And Emmie Lou... I been cheatin' on you for five years! I'm leavin' you and goin' to Vegas... gonna buy a Viper... move out of the trailer park forever... this is awesome!

(Suddenly Ashton Kutscher pops out from behind a large, nearby Armoire): Dude, Lester! See that camera? You just got punk'd! You're on MTV! Whitby, how much is this painting really worth?

Whitby: I'd recommend spending no more than five to seven dollars on it. It's absolutely, stunningly bad. Virtually worthless.

(Roll credits as shots ring out in background)
 

Why PHP and not JSP?



Click here for AmazonI found a couple of interesting articles on PHP development that I thought I'd pass on. The first, from Robert Peake's blog, relates to the justification (to the typical, corporate PHBs) a move to PHP from JSP.

An associate of mine recently asked for some metrics to help him back up their decision to move away from JSP and toward PHP. In a recent post, I looked at the fact that many major corporations are using PHP, yet we rarely hear about it. To help address some of the concerns about deploying PHP in the enterprise, this month's article in International PHP Magazine will focus on, "Enterprise PHP Coding Standards" you can enforce in your organization to ensure high-quality code...


Robert Peake: Why PHP and not JSP?

The second article comes from the consistently entertaining PHP Everywhere blog, authored by John Lim. In this post, John addresses Ian Bicking's assertion that Python "could have been" PHP. In other words, it could have been the industry's juggernaut success story... instead of PHP. John critiques that assessment (and rightfully so):

I have used Python since 1997, even before I knew PHP. I smile when Ian says that PHP 5 is barely catching up with the 1995 version of Python. That's irrelevant because what made PHP successful is not what PHP is lacking but the features that PHP has that are superior to Python. Also people continue to confuse simplicity with deficiency. Here are some of the areas where Python remains inferior, despite a 5-year headstart over PHP:

* Python is not a template language, in the sense that you cannot mix code and html easily. PHP is a wonderfully flexible in this respect.

* Python is a so-so string processing language. One reason being it treats strings as immutable. PHP has much better string processing facilities: embedded "$var in strings", mutable strings, auto-conversion of other data types to strings, output buffering, etc.

* PHP's documentation is cleaner and much easier to understand than Python's. Probably because PHP is a simpler language.

* PHP has tighter integration of a lot of web related stuff. For example, HTTP and SERVER variables...


John Lim: Python never had a chance against PHP
 

Oh, Those   Risks of Outsourcing, Part Deux



Click here for AmazonI can't even begin to speculate what would happen to the outsourcing trend if a disaster recovery center became the site of a real disaster. The Kashmir separatists know full well what's happening in Bangalore and intend to make it more of a mess than John Madden's hair.

Bangalore is starting to appear on the radar of militant groups, Indian police warned this weekend, after uncovering a terrorist plan to target IT companies in the city widely regarded as the country's technology hub.

Bangalore, which is in the southern part of India, had been considered safe from possible terror attacks by separatist groups, which so far have mostly struck in India's northern and western states. But last week, Delhi police seized evidence pointing to a possible attack on certain IT companies in Bangalore...

...Hewlett-Packard, IBM, Intel, Microsoft, Motorola and Texas Instruments. Additionally, America Online, Google and Yahoo opened centers in the city last year.


News.com: Bangalore Appears on Terror Radar
 

Monday, April 18, 2005

The Wisdom of Slate



Click here for AmazonIn reviewing my blog this evening, I noticed this intriquing Google ad on the right sidebar:

Today's Blogs
What Are The Bloggers Saying Today? The Latest Chatter in Cyberspace.
www.slate.com


Hmmm, I thought. That's pretty cool. Someone's tracking the chatter on the blogosphere. I clicked the ad and read the following:

today's blogs The latest chatter in cyberspace.

"Syria Out!"
By David Wallace-Wells
Posted Monday, Feb. 28, 2005, at 5:38 PM PT

"Syria out!": Lebanese Prime Minister Omar Karami resigned this morning, dissolving the nation's unpopular, pro-Syrian government in the face of nationalist protest that followed the assassination of former Prime Minister Rafik Hariri...


Any more timely and they'd have breaking news of the Lincoln assassination and the Russo-Japanese war. How pathetic is that?

After a bit of exploration, I happened to notice a banner ad on the clickthrough page that advertised, "Five million blogs in five minutes". Once I clicked on that link, I discovered the correct page. Pity the folks running the AdSense campaign couldn't get that right.
 

What really happened in Oklahoma City?



Click here for AmazonFoxNews is pursuing some interesting angles to the now decade-old Oklahoma City bombing. Was it strictly a case of domestic terrorism? What about Terry Nichols' phone records, indicating that multiple calls were placed to Star Glad Lumber in the Philippines. Star Glad is reportedly operated by a man whose brother and cousin were both well-known terrorists involved with groups tied to the Abu Sayyaf terror group.

On several occasions, Nichols also allegedly called a boarding house in Cebu City, which had been linked to the first WTC bombing in 1993 by Ramzi Yousef. Just to reconnect the dots, the same type of fertilizer-fuel bomb was used in that bombing and in Oklahoma City.

In a follow up to addressing the joust between CAIR’s Ibrahim Hooper and Rocky Mountain News columnist Vincent Carroll, additional evidence has been produced in regard to who else may have actually been involved in the 1995 bombing of the Murrah Federal Building in Oklahoma City.

http://religion.upi.com/view.php?StoryID=20050412-124811-1156r
http://www.rockymountainnews.com/drmn/news_columnists/article/0,1299,DRMN_86_3697983,00.html

Were Timothy McVeigh and Terry Nichols the only perpetrators of this atrocity? For years, that’s what we’ve been told. However, with the nation marking the ten-year anniversary of this cowardly act, new or at least newly publicized evidence points out that these two America-hating domestic terrorists had some very unsavory associations with those who are tied to Islamic terrorism.

http://www.foxnews.com/story/0,2933,153635,00.html

There’s also the issue of John Doe number two, the all-elusive accomplice that more than two dozen witnesses say they saw in the Ryder truck with McVeigh. He has never been captured. There were two composite drawings made of this individual.

http://www.foxnews.com/story/0,2933,153644,00.html

The first composite was that of a thuggish looking man with a dark complexion.

http://www.greatdreams.com/john-doe-2.htm

The second composite, which has proven to be nearly as elusive as John Doe number two himself, was said to have been that of a white man, and looked absolutely nothing like the thug in the first composite.

On June 14, 1995, the Justice Department announced that it had all been a big mistake. One of the witnesses, Eldon Elliot of Elliot’s Body shop, had been confused when he gave his description of John Doe Two. He had mixed him up with a completely innocent, burly army private who came to the office a day later.

Back to the first composite drawing -- which many have stated bears a strong resemblance to dirty bomb suspect and Muslim convert Jose "Ibrahim" Padilla.

http://www.rotten.com/library/bio/crime/terrorists/jose-padilla/
http://www.greatdreams.com/john-doe-2.htm

4/17/2005: Fox News ran a program involving the OKC bombing. The show detailed incriminating phone records, which included repeated calls from the home of Terry Nichols to a place called Star Glad Lumber in the Philippines.

Star Glad Lumber is operated by a man whose brother and cousin were both notorious terrorists, involved in "splinter groups of the Abu Sayyaf terror group in the Philippines."

Nichols also repeatedly called a boarding house in Cebu City, an establishment that has been linked to 1993 World Trade Center bombing mastermind Ramzi Yousef. For the record, the same kind of ANFO fertilizer fuel bomb was used in New York and in Oklahoma City.

This may or may not come as a shock: Mohammed Jamal Khalifa, a brother-in-law of Osama bin Laden, who has been named co-defendant in a class action lawsuit filed on behalf of over 500 families of the 9/11 victims, also founded the Philippines branch of the International Islamic Relief Organization (IIRO), which has been designated a terrorist financing organization by the United States and other countries. There have also been some formerly classified Philippines investigative documents that have provided the basis for almost all major media reports concerning Khalifa's ties to al Qaeda and Abu Sayyaf...


What really happened in Oklahoma City?
 

Protecting Customer Data, Part II



Click here for AmazonThe rumbling sound you hear -- after the identity theft debacles at ChoicePoint, LexisNexis, and Bank of America -- is Congress mobilizing to take some sort of legislative action to "protect consumers".

Don't get your hopes up, though. The firms involved are, if nothing else, deep-pocketed and possessed of legions of well-lubricated lobbyists. Any resulting legislation will almost certainly be watered down and likely won't pin financial responsibility for bogus identity transactions on the firms themselves.

And we're nowhere close to having a government-administered system (run by, say, DHS) that could serve as a central registrar for identity data -- and could broker merchant-specific IDs for each consumer that would mitigate the risk of theft.

Today's bottom line is that responsibility for protecting consumer data lies with each company holding that data. That said, what can companies do to better protect the data?

Process: processes for managing the data have to be explicitly documented and enforced. Who can create the data? Who can update it or delete it? Who can read it?

People: roles for data access and management must be mapped to the approved processes. For example, consider a hypothetical role called keymaster. The keymaster is responsible for generating, retaining, and monitoring key-pairs used to encrypt and decrypt the consumer data. In other words, a field like SSN is never stored in the clear. It is encrypted using a public-key provided by the keymaster.

Consider another role called application developer. The app-developer never has direct access to the private-keys needed to decrypt sensitive fields. The app-developer uses documented requests (e.g., APIs) to code provided by keymasters to enable an application to decrypt a sensitive field.

Further, a role called auditor could monitor the use of data provided by the keymaster and the app-developer. The auditor has no direct access to the data, but can closely monitor the detailed logs generated by the other roles. The auditor could use manual and automated techniques to discover misuse of data or anomalies in data access. Presumably an auditor would have discovered the anachronistic behavior of the fake vendors who plugged into ChoicePoint's systems.

Technology: Firewalls, intrusion detection, intrusion prevention, network monitoring: in other words, all of the standard mechanisms for network security. But the processes and people that configure and monitor that technology are equally important. Logs, tools, APIs, clear delineation and separation of roles... all come together to provide a synergistic approach to protecting sensitive data.

Tens or hundreds of millions of dollars in market capitalization hang in the balance.
 

Saturday, April 16, 2005

The Blauction  Concept



Click here for AmazonIn the vein of life-caching, which I discussed yesterday, how about my concept of blauctions? Yep, this is a word I just coined - a hybrid of blog and auction. This technology would support the operation of controlled auctions on blogs.

Let's say you have a blog. A simple control panel would give you the ability to publish your own auctions... or select from categories of auctions that you would like to promote on your blog. And say your blog covers Red Sox baseball. You could give precedent to auctions of baseball cards and baseball memorabilia.

Just like eBay, the blog owner would get a cut of every sale made on his or her site.
 

Friday, April 15, 2005

Protecting Customer Data



Click here for AmazonThe Internet age's security guru, Bruce Schneier, has weighed in with his take on the recent spate of identity theft debacles (think ChoicePoint, LexisNexis, Bank of America). These high-profile incidents have resulted in Congressional rumblings for new legislation to protect privacy. In Mitigating identity theft, Schneier's take is that simply protecting identity data won't work.

The problem is not identity theft per se -- since you can't really steal someone's identity -- it is the proliferation of transactions that allow one person to impersonate another.

Proposed fixes tend to concentrate on... making personal data harder to steal--whereas the real problem is [the ease with which a criminal can use personal data to commit fraud]. If we're ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.

...Financial intuitions [sic] need to be liable for fraudulent transactions... Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction. ...once financial institutions are liable for losses due to these types of fraud, they will find solutions.

Right now, the economic incentives result in financial institutions that are so eager to allow transactions--new credit cards, cash transfers, whatever--that they're not paying enough attention to fraudulent transactions. They've pushed the costs for fraud onto the merchants. But if they're liable for losses and damages to legitimate users, they'll pay more attention. And they'll mitigate the risks.


As usual, Schneier is spot on. But I'll attach a caveat: companies must do more to protect critical customer data. Until the time comes that institutions are responsible for the financial consequences of impersonation (and don't hold your breath, given their lobbyists), you'll still want to protect your SSN.

I'll post some thoughts about what companies can do to better protect customer data and to validate the transactions that use that information. Until then, suckle at the teat of wisdom and read the whole thing:

News.com: Mitigating identity theft