BreachExchange mailing list archives
Re: At Least 20 Big-Name Passports Breached
From: "Allan Friedman" <allan_friedman () ksgphd harvard edu>
Date: Thu, 27 Mar 2008 14:59:23 -0400
Another seemingly simple solution would be to flag certain high-profile accounts with an option that requires a supervisor's electronic okay to open a record.
Flagging or escalating is fine for presidential candidates and probably academy award winners, but where does that leave you and me, who happen to live next door to anyone with access to a major database. Access control and least privilege are huge privacy issues that we haven't even started to get into: they are human scale rather than technical.
Another seemingly simple solution would be to flag certain high-profile accounts with an option that requires a supervisor's electronic okay to open a record. It seems like what they have now is that certain accounts are flagged as high-profile (government officials, celebrities, etc) and the management is notified AFTER somebody pulls up the record. Kind of like closing the barn door after the cows have left. -Max -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Chris Walsh Sent: Thursday, March 27, 2008 8:04 AM To: Richard Forno Cc: dataloss () attrition org Subject: Re: [Dataloss] At Least 20 Big-Name Passports Breached Reports I read said that as part of their training, contractors are told to bring up the file on somebody (whom they pick). Most trainees pick a relative, the article said. This is of concern on several levels, the most obvious of which is the blatant disregard for privacy that it shows. In 30 seconds, I could rewrite this training regime to preserve privacy -- just have trainees be instructed to bring up a record which exists solely for training! John Q Public of 123 Main St., Anytown USA comes to mind. The fact that live data is used for training, when the contents are sensitive is quite disheartening. This is a systemic problem, not one that just impacts Senators or dead celebrities. cw On Wed, Mar 26, 2008 at 11:12:05PM -0400, Richard Forno wrote: > At Least 20 Big-Name Passports Breached Last Edited: Wednesday, 26 Mar > 2008, 6:47 PM EDT > > http://www.myfoxdc.com/myfox/pages/News/Detail?contentId=6140974&versi > on=2&l > ocale=EN-US&layoutCode=TSTY&pageId=3.3.1 > > > WASHINGTON -- State Department workers viewed passport applications > containing personal information about high-profile Americans, > including the late Playboy playmate Anna Nicole Smith, at least 20 > times since January 2007, The Associated Press has learned. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- At Least 20 Big-Name Passports Breached Richard Forno (Mar 26)
- Re: At Least 20 Big-Name Passports Breached Chris Walsh (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Max Hozven (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Allan Friedman (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Max Hozven (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Jim Kerr (Mar 28)
- Message not available
- Re: At Least 20 Big-Name Passports Breached Allan Friedman (Mar 28)
- Re: At Least 20 Big-Name Passports Breached Jim Kerr (Mar 28)
- Re: At Least 20 Big-Name Passports Breached Casey, Troy # Atlanta (Mar 28)
- Re: At Least 20 Big-Name Passports Breached Max Hozven (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Chris Walsh (Mar 27)