The IPhone can keep track of everywhere it's been in the last year, and now personal information on millions of Sony users is up for grabs. Combine this with the fact that information breaches are becoming more common and more effective, how long do you think it'll take before someone has your bank records? How much security do EBay and Amazon really give to your banking accounts? I think we're moving into a period where this will become a major concern, especially now that many businesses are operating strictly online. Even the U.S. Federal Government is slowly moving online.

My question is, how many of you really want the conveniences of the cyber age? Is it worth the risk?

1. iOS updated, it no longer has the record of everywhere you've been since July (it was never for a year)

2. Sony was stupid and didn't follow PCI standards from what I can tell, much less a decent security implementation (not encrypting the data? are you serious Sony?)

3. I don't have a bank account, I'm with a credit union (semantics FTW! )

4. Amazon doesn't have my bank info

5. Ebay follows the same regulatory requirements as banking institutions (despite not being a bank)

- I don't repeat passwords

- All my passwords are sufficiently random and of decent length (I'm actually going to be redoing my password system again soon...)

- I follow the http://en.wikipedia.org/wiki/Principle_of_least_privilege

- I keep personal/confidential information locally stored encrypted

- I maintain a secure network to the best of my ability

So I do all I can to mitigate risks :shrug:

Here's a funny thing, did you know that on one occassion people's millions of peoples Social security numbers were nearly compromised when a Department of Veteran Affairs worker got their laptop stolen? Fortunately for all involved, the laptop was recovered before data theft occured, but quite honestly, all it takes is one weak link for millions of peoples personal data to be compromised. And these aren't just problems the Government, Ebay, Amazon, and Sony face. Plenty of corporations and buisness that store personal information have numerous security vulnerabilities that can compromise the data of tens of thousands of people, and physical theft of hardware (namely laptops) is still an easy way to procure said info. Everyone from colleges, to hotel booking websites, and the like are vulnerable. In fact, I dare say that this problem goes beyond the internet. As long as these people store records at all there is a risk of data compromise, and as long someone has a work laptop with this kinda information on it, physical theft will work no matter how much you avoid online activity.

:meh: I take it you're really good at debate? :tongue:

Anyone remember that annoying paper clip from older versions of office? I think Windows should come standard with a DEFRON assistant that beats this stuff into your skull with a rusty metal shoe lace.

edit: To answer the OP's question, yes, it is worth the risk, as long as future employers can't find out much about me online. (which I guess is sorta unrelated)

I just like being stubborn in these types of threads

Really though, as DarthRavanger mentioned, the information for the most part is already out there in various databases or physical records. The biggest threat is always an insider, hackers are secondary. And the dangers insiders pose have always been there. They also often are the ones that create windows for theft to occur. There is nothing you can do about this. You can limit the companies that have your information to a degree (which would be the principle of least privilege), but it's not a new risk, it's been here since the start of the modern world.

So, just do all you can and hope that those companies with your information have a good IT staff and implement good practices. There's not much more you can really do. You don't need to make your life hard to do these things, you just need to stop being lazy, think, and only give out information as necessary.

I wouldn't mind some more stricker security protolcall while online (either shopping or gaming ala PS3 or 360). Even when PSN when dwon due to a security breach, I wasn't to conserned because I keep my info to a minimal and use PSN prepaid cards. As for online shopping---well I stick to Amazon because I can find what I want AND I don't run into the risk of getting ripped off---NOT LIKE EBAY---I'll NEVER use that place again :stare: ! I know I run into a risk of getting my ID stolen on Amazon or any online stores but the same can happen even if I was at a store. Choose your poison that's what I always say.

There's also a problem coming from corporate side though, in that they always want more and more of your information. The only way to truly minimize risk on that end is to reduce the number of people who have access to this information, and instead it's going the opposite direction. Every time I deal with a school, a bank, a doctor, or a public office I'm expected to hand over my SSN. You could easily end up with a hundred different offices carrying your social security number in their files. That's potentially tens of thousands of people with the information needed to steal any single identity.

In many cases they'd be better off just requiring a photo ID. It's secure enough for hospitals and schools I think.

(In the US, it is a bank in Europe)

It's not just from hackers; people who work for companies and have access to data have been caught selling it off to highest bidders.

CD's and laptops containing peoples sensitive information get stolen all the time.

I don't think this is anything new, just a bigger scale with electronic storage.

I'm pretty sure that if someone did get your bank details and take money out, there are legal safeguards for you to get your money back, in most cases.

You could be unlucky and be like the people who invested in Iceland banks, and after the global recession they lost all their money to Iceland!

There are a couple of ways to address this issue: education or government regulation, and neither is fool-proof.

No business wants to leak information. It's horribly bad for PR and their bottom line. The problem is a lot of companies don't see themselves as high-value targets, so they think they are "safe". Judging from how Sony treated their information (leaving it unencrypted) I'm willing to bet this was the case with Sony and their PSN servers. This is where education comes in. The problem with this is it isn't guaranteed to actually produce any results.

Regulation will definitely produce results. If every company doing online business with customers were forced to follow the same standards as banks, they would be a lot better off in forms of security. The problem here is regulation tends to lag behind the real world in terms of improvements, and as such you can have some antiquated regulations that no longer really are adding security. Companies see regulation as being all they need. If they meet that they are secure, which isn't always the case.


That's nothing really new, though, either. It's been like that since the dawn of time. Information is like intellectual gold.


Remember: just because someone requests information doesn't mean you have to give it to them. Generally speaking (especially for medical stuff) the last four digits of your SSN are enough.


Medical institutions are pretty secure, I'll mind you. I work for one. HIPPA keeps us in line pretty well. You never know when you might get an unexpected inspection to make sure you are complying with HIPPA. That said, as I said earlier, that's nothing new. Medical institutions also aren't high value targets (schools, on the other hand, sometimes are). Photo IDs are relatively easy to forge, whereas getting the SSN for a specific person isn't easy, as such the chances of impersonation are less when using SSN to ID someone.


cool, didn't know that.

A couple of good articles on risk management (mostly regarding computer security).

http://www.schneier.com/blog/archives/2006/11/perceived_risk_2.html
http://www.schneier.com/blog/archives/2004/11/computer_securi.html

Bottom line, we have to make security a financial best interest for corporations to take it more seriously.

Get an Android and a 360 :wink_smile:

I propose a two-tier fine system.

Top Tier: Fines for a security breach adjusted to the number of peoples information compromised and nature of the breach. (They'd get fined less if terrorists stormed their corporate headquarters in an armed assault and stole hard drives and files, fined more if some idiot got their laptop stolen or if there was a lack of data encyrption)

Bottom Tier: Fines equal to 150% of damages suffered by clients as a result of their information being compromised. A portion of the fines equal to damages suffered by clients would be paid to the clients to help them recover, (so, if you lost 100 dollars due to identity theft, you get 100 dollars) while the rest would become part of Government general revenues.