[SecurityRatty] tag: jefferson

NBA Preview and Flashback

Tue, 28 Oct 2008 20:42:50 +0000

NBA starts today, it is always good to have something to look forward to once the weather gets cold in Minnie. I follow two teams. The Celtics who have a decent chance at repeating as champs. KG and Pierce should be back in full force, hopefully Ray Allen holds up. Perkins and Rondo may get a little better with experience. Biggest loss is Posey and we will miss him a lot more than people think. A real glue guy, defense, passing, rebounding, makes the smart plays and as a middleware guy myself I can relate. He will make CP3 even more dangerous.

The other team I follow is the Timberwolves. I think they will be pretty good this year. Al Jefferson is a beast down low. Only four players averaged 20 and 10 last year and he is one. He is the best big man in the post after Duncan. Getting Love and Miller for OJ Mayo was a smart deal by McHale. I think McCants can be a decent instant offense 6th man. Would be good to see Foye step up this year. Weakness looks to be defense

*Flashback*

I am biased but I think the 1980s was the most fun time to watch NBA. Everyone talks about Bird and Magic, but there were a lot of great players back then. Here is my all underrated 1980s team (no Celtics included due to conflict of interest and unobjectivity)

C: Moses Malone - beast of a big man, immovable force under the hoop with fantastic foot work for a big man. It is too bad he was traded by Portland because he and Bill Walton would have been the best big man combo of all time.

PF: Bobby Jones - great defender, good rebounder, good passer for a big man. Typical Tar Heel -fundamentally sound. He would be the James Posey of this team. (Runner up: Calvin Natt)

SF: Bernard King - what a renaissance. Watch his moves on youtube, he was not that tall like say Alex English but he could go in the lane and score on anybody. Jordan of course is an all around better player but I think King was a better scorer and that is saying something. The playoffs when he was putting up 50 and 60 a night he was a terrifying force.

SG: Andrew Toney - they called him the Boston strangler and as Celtics fan there was no one I was more afraid of. Its a real shame his career got cut short. (Runner up: George Gervin)

PG: Tiny Archibald - Ok, one Celtic, but he is seriously underrated - would go flying into the lane, disappear in the trees, Tiny would fly out the bottom of the pile, and the ball would pop out the top and drop in. Probably the last great player to come out of NYC. (Runner up: Mo Cheeks)

Sixth Man - World B. Free - no doubt about this one, he was great as a sixth man. And this guy was plain fun to watch. He would bomb it from 30 feet, when he was on he was a force. He would kick his leg into the defender when he was shooting a j to draw the foul. (Runner up: Michael Cooper)

Ifoothills.org Registrants Personal data and credit card numbers possibly stolen in Foothills Park & Recreation facilities Breach

Thu, 02 Oct 2008 16:51:30 +0000

Foothills Park & Recreation District in South Jefferson County is working with the Jefferson County Sheriff’s Office in the investigation of a theft of personal information from the district’s computer network. The information have been accessed through an illegal hacking and could contain credit card information and other personal information that could be used to [...]

Twelve billion dollars!

Wed, 13 Aug 2008 10:37:00 +0000

Sounds like a Dr. Evil sound bite :). In fact this could be the potential impact of the 41 million cards stolen - according to security company Jefferson Wells. The amount is a result of simple multiplication - 41 million x $300 for each card lost. On the higher end, no doubt.

While I don't think the real cost is anywhere close to that (even by an order of magnitude), it is still a large number. Even at street price of $2 per card, someone must be making 41 million x $2 = $82M!

More scary to imagine, is where this stolen data is going, what kind of money they are making and what illegal stuff is being done with it.

Desktop computer stolen from Administrative Systems, Inc.

Mon, 11 Feb 2008 11:53:04 +0000

Technorati Tag: Security Breach

Date Reported:
2/8/08

Organization:
Administrative Systems, Inc. (ASI)*

*ASI is a licensed third party administrator that provides certain administrative services on behalf of its clients, which include insurance companies and other financial services companies. These services often include processing employee applications for insurance coverage, issuing of insurance plans and employee certificates, managing premium billing and collection for insurance plans, responding to customer service requests and other record-keeping functions.

Contractor/Consultant/Branch:
None

Victims:
Customers of various ASI partner companies**

** Lists of companies in " Strategic Partnerships" and forms.

Number Affected:
Unknown

Types of Data:
Name, dates of birth, mailing addresses, and Social Security numbers

Breach Description:
On December 29th, 2008, a desktop computer was stolen from the Seattle offices of Administrative Systems, Inc. ("ASI") that contained a database of sensitive personal information belonging to customers of the company's clients.

Reference URL:
Administrative Systems, Inc. official notice to victims
PogoWasRight.org Story

Report Credit:
Administrative Systems, Inc., with a special thanks to PogoWasRight.org

Response:
From the online sources cited above:

A desktop computer stolen from an Administrative Systems, Inc. (ASI) office in Seattle on December 29th contained names and sensitive information about customers or employees of several of the firm's clients: Continental American Medical, EyeMed Vision/Kelly Services Vision, and Jefferson Pilot Financial Dental.

ASI is a licensed third party administrator that provides certain administrative services on behalf of its clients, which include insurance companies and other financial services companies. These services often include processing employee applications for insurance coverage, issuing of insurance plans and employee certificates, managing premium billing and collection for insurance plans, responding to customer service requests and other record-keeping functions.
[Evan] Sheesh, this is some very sensitive information. There is no mention in the notification or the Administrative Systems, Inc. web site about what is done to protect this information.

personal information about customers including name, date of birth, mailing address, social security number (“sensitive information”). The information did not include credit card information or driver’s license numbers.

We are writing to notify you of this incident and to assure you that we take this matter seriously and are taking steps designed to minimize the likelihood of such an event occurring in the future.
[Evan] What specifically is being done?

We have tightened our security measures to provide greater protection for the information we maintain and are working closely with local authorities to minimize future risks.
[Evan] Again, no specifics.

The Seattle Police Department is investigating this incident and ASI is cooperating fully with this investigation.

We suggest that you remain vigilant over the next twelve to twenty-four months by reviewing your financial account statements and monitoring your credit reports to minimize your potential risk of identity theft or fraud.
[Evan] The onus is on the data custodian to protect the information according to what is expected by the data owner. The victims can remain vigilant, but what if data custodians are not? Take your business elsewhere?

ASI sincerely regrets any inconvenience this incident may cause you. We know our clients value your trust and confidence and we remain committed to ensuring the security of your personal information. If you have questions for ASI regarding this incident, please call toll free 1-866-614-9454. We will be available Monday through Friday from 8 am to 8 pm Eastern time.

In its notification letter, ASI did not indicate whether the data were encrypted nor why it took over a month for individuals to be notified of the theft

Commentary:
This is a very unfortunate breach. I assume that many of the victims do not even know who ASI is or how they came into the possession of their information. If I received one of the notifications from ASI, I would have more questions than answers and I would be frustrated. As customers of companies, we provide certain personal information. We trust that the companies we do business with will see to it that our information is adequately protected. In this instance, information was passed on to a third-party and that third-party did not do what they should have done to protect personal information.

There is no mention of any existing controls or what controls ASI plans to evaluate to further strengthen their information security and reduce risk. Victims and customers are left in the dark. One can only assume what type of physical controls were in place to protect against the physical theft or what technological controls were in place to protect against compromised confidentiality. Your guess is as good as mine.

Past Breaches:
Unknown

Betting on the SOA Horse

Sat, 05 Jan 2008 02:49:38 +0000

Selling software and related professional services is like a horse race.

The field is composed of horses named SOA, CEP, EDA, RSS, Web 2.0, Social Networking, BPM, BAM, BI, XTP and so forth. Each horse has one or more primary sponsors, some are consulting organizations, who seem to have a nack for creating and marketing acronyms, and others are software companies, who’s hope is that their horse is in the winners circle. There are also investors, venture capitalists and so much more.

There are the jockeys, those supported by the sponsors (for example the analysts) who will ride the horse fast and hard until it starts to fade, then find another horse to ride (often at the same time!). There are also the trainers, the vets, the racing forms, the cheering crowds and those who bet on the different races.

Many of us are in this profession because we love the racing action.

Just like horse racing, the technology sponsors, the jockeys and other interested parties wear many hats, sponsors and jockeys generally betting heavily on their own horse. Organizations, especially large ones, sponsor many horses and they place their bets accordingly, betting on exactas, trifectas and superfectas and various combinations.

The SOA - CEP exacta in the racing forms are interesting, including Joe McKendrick’s Complex Event Processing and SOA: a ‘beautiful thing’? and Jerry Cuomo’s, IBM WebSphere CTO sees CEP as SOA’s ‘next big thing’ . There also continues to be heavy betting on the the SOA - EDA - CEP trifecta.

Betting on horses is a risky business. Exactas and trifecta have enormous payouts, but the odds are remote. Very few people win these exactas or trifectas. I recall warm memories of my years in New Orleans when I was a university student at Tulane University. We loved the excitement (and the beer!) at Jefferson Downs, in Kenner, Louisiana. We took our dates to the horse races at Jefferson Downs and these evenings were always great fun! What a good life! Let the good times roll, as we used to say!

You know, I don’t recall anyone ever winning a trifecta. I can barely recall anyone winning an exacta.

We won, and we did win big at times (and lost big), by hedging our bets, betting on a single horse or combinations of horses to win, place and show.

This is the essense of the excitement of the software industry, isn’t it?

Companies who bet heavily on SOA are now seeing the SOA horse is fading. They see CEP coming around the track and hear the pounding of hoof against pay dirt as CEP starts to move up into the pack, and they place their bets, accordingly, on the CEP horse. Will the CEP horse really survive the race? No one knows, so they hedge their position by betting on EDA.

The main difference between real horse races and technology horse races is that you can’t bet on the live horses after the gate opens. However, you can definately bet on the technology horses at any time, and the race goes on and on and on and on.

That is why technology horse racing is so exciting!