One Shot Design

Scott McNealy, co-founder and chairman of Sun Microsystems has been asked by U.S. President Obama to produce a white paper on the benefits of open source for the government. The United States National Security Agency has already capitalized on the benefits of open source and contributed with a set of modifications and cryptographic functions, so it would make sense to extend open source to the rest of the government.

Matt Asay , writing for Cnet.com, is very sceptical about legislating open source and argues that open source is already gaining momentum by itself.

I disagree. The predominance of proprietary software on personal computers has made most people oblivious to the idea of proprietary software. There is the example of a civil servant reprimating a student for demonstrating Linux to his classmates and accusing Ken Starks of the HeliOS project of “spreading misconception”. By officially adopting and enforcing open source, a government would educate its people on the issues and hopefully brush aside ignorance.

Computer infection by viruses either happens because of bad luck (visiting a page concealing malware), poor computer literacy (opening an attached file) or plain negligence (logging with administrator rights to perform mundane tasks). Similarly, identity theft can be encouraged by negligence, especially when one forgets to log out after having used a public or shared computer.

Having found himself sitting in fron of computers with the previous private account sessions still open, Jeff Rosenberg decided to“teach a lesson to negligent students” in a manner of a highly questionable nature and legality:

I can’t tell you how many times I’ve gone to the library or a computer lab and found someone still logged into their user account. It used to make me angry. It used to make me wonder what was wrong with people. I don’t know if they just forget or just don’t care, but either way they deserve to be messed with for their stupidity. It took almost a year of my life to find these and to some degree I feel bad, but I’m pretty sure these people won’t ever forget to log out again.

In the USA, the Identity Theft and Assumption Deterrence Act makes the possession of “any means of identification [...] used without lawful authority” a federal crime. There is probably very little ground for accusing Rosenberg of identity theft since he never came in possession of the students login informations. But there is certainly something against vandalism.

Anyway, take heed and read the entry explaining Why You Should Always Log Out.

It seems Monster.com, the world’s largest job search engine, needs to hire a new sysadmin.

For the second time in 18 months, employment search site Monster.com has lost a wealth of personal data belonging to millions of job seekers after its database was illegally accessed.

In June 2008, the the Bank of New York (BNY) Mellon reported the loss of unencrypted tape sets containing details of 4,500,000 customers. Banks and civil servants generally seem oblivious to the importance of storing data in a form unaccessible to unauthorized parties. In the field of IT and database development, it is standard procedure to store user passwords as an irreversible encrypted string, such as NSA-released SHA hash functions; making it virtually impossible for hackers to decrypt the information.

In the case of Monster.com, the perpetrators could read all the user information except for the passwords; so they sent a phishing email inviting users to log on a fake Monster page, thus providing the cracker with the missing password. One solution to avoid this could have been storing email addresses using reversible encryption.

This story raises question about providing a lot of personal information to web sites (online mail, social networking, media storage and so on). Even if the company has a policy safeguarding the user’s privacy, all the confidental information is at risk if their servers are not properly secured.