Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really Ignorant Lawmakers


  • Please log in to reply
1 reply to this topic

#1 Security Geek

Security Geek

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 20 April 2006 - 11:59 PM

Reprinted from an article at NIST.org with permission.


I use the term "ignorant" quite mercifully. Some of our politicians are just down right stupid. I define "stupid" as ignorant people that really have no interest in learning or trying to over come their ignorance. The politicians in this MSNBC story must actually be stupid and the CIO doesn't seem any better.

I'm not even going to argue the merits of a law requiring wireless encryption, which is what I think they're wanting. They discuss hackers "grabbing data traveling through the air" and the goal is to prevent people from monitoring credit card information. Their solution? "The law requires each business to install a firewall or change the default SSID, the name that identifies a wireless network, if the personal information stored has not already been encrypted." What is a firewall or changing the SSID going to do? Nothing! You can still see the SSID, you can still associate with the access point, you can still sniff the network. And just because the data is "stored" encrypted doesn't mean its encrypted going through the air. What a joke.

Ok, I thought maybe I, or the story's author, misunderstood them. But the story goes on to say "Jacknis" the county's chief information officer "said easily available firewalls would protect credit card transactions, for example, from being detected by a hacker posted outside a dry cleaner that uses a wireless network." Ok, tell us how? He goes on to say "At most, he said, installing firewall protection or just turning on the encryption and other security measures available would take an hour of a consultant's time." Ok, now you're getting warm. Maybe that encryption thing would be a good idea. And rather than requiring the firewall on the router maybe require it on PC or server. At least this way once the hackers associated to the access point they might have a harder time breaking in to the computer and stealing the data.

I thought things were bad enough with incompetent CIO's at the helm of businesses and government agencies (those CIO's that know me; I'm not talking about you :-) But having them assisting in writing law is very scary. I would rather have no law at all than totally inept law.

Can someone living in Westchester County NY please talk to these folks before they make laughing stocks of themselves (ok yea, too late for that).

BC AdBot (Login to Remove)

 


#2 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:55 PM

Posted 22 April 2006 - 08:00 PM

Not all identity theft comes from the internet. An example.....

My father-in-law is/was living in an adult foster home. He has one credit card for any medications he needs through his provided care insurance.

Recently, he fell and broke his hip...he's now undergoing physical therapy in a rehabilitation center.

My husband is taking care of his bills and we were totally shocked to see his credit card was used to purchase electronic equipment as well as a bouquet of flowers (??) amounting to over $500.00 US dollars.
This purchase was done over the internet, while he was in the hospital undergoing surgery.

Someone stole his personal information from either his adult foster home or his insurance company.

Try as one will to legislate data, the unethical will still find a way to get it.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users