We live in a world made of swiss cheese

Have you ever felt like we are living in a world made of swiss cheese?

I do. Particularlly today.

First, while it's really just more of the same, here are four articles (all datelined July 6, 2005, a rather ordinary day) that illustrate just how porous our private financial details really are:

1. Citi National Bank, Thousands of Millionaires, Iron Mountain
2. Russia's Black-Market Data Trade
3. George's Story—Watching My Ameritrade Account Get Phished Out in 3 Minutes
4. USC Admissions, 320,000 SSNs, SQL Injection

Second, after work I spoke with a friend who related an experience she'd had at her job today. She's been recently assigned to a new project and, while getting herself up to speed on things, had discovered that a particular piece of software (that was facing the public internet) had some known vulnerabilities that she thought required patching/addressing.

When she brought her concerns to the attention of more senior colleauges she was brushed off. "Well, in practice those are probably largely obscure attacks." "Most people wouldn't even know anything about <X>." "It [remediation] doesn't really need to be a priority."

Well, duh... security isn't about keeping the honest people honest; by definition they are honest! It's about protecting your information and assets from "the bad guys" who no longer even need to be on the same continent, let alone town, as you.

Sing with me: ...It's a small world made of cheese...

—Michael A. Cleverly
Wednesday, July 06, 2005 at 20:11