The story unfolds like an episode of 24, with this poor chap being followed on CCTV cameras, which seem to litter the streets of Britain in greater numbers than cigarette butts, before armed police swooped and carted him to have his fingerprints mugshot and DNA sample taken.

The frightening thing about this story isn’t that the guy was arrested at gunpoint – a member of the public called it in, and the police have a duty to act, and where weapons are suspected, of course, they require an armed response. No, the frightening thing is this quote from the Staffordshire Police (my emphasis):

…the man was released and taken home, as no further action was required.

Wrong.

Wrong, wrong, wrong. I’ll tell you what action is required: By the police’s own admission, the guy is innocent. That means his fingerprints, mugshot and DNA information has no place in a criminal database, and it should be removed.

My first reaction to this story was, wow!, that’s harsh, but then I read on and saw that, against company policy, the data wasn’t encrypted. And I started to wonder how I’d feel if I was the CTO, or IT Manager, or whoever is responsible for Boeing’s personal computing infrastructure. From the article:

Jim McNerney, Boeing’s chairman, president and chief executive, said the breach of company policy was so serious that some Boeing managers also will be disciplined.

I think Boeing have got it dead right; this doesn’t just stop with the person taking that laptop off-site. There must be a reason for that user not encrypting their data, and I suspect responsibility for that lies at the feet of the people running Boeing’s IT as much as it lies at the feet of the user.

Think about it – why do you not do some things? Usually because they take too long, or they’re too complicated, or both. Would you forget to set your burglar alarm? No. Would you forget to lock your front-door before leaving the house? No. The reason that you don’t is because setting the alarm and locking your door are simple, 5-second jobs.

Using IT security should be that simple, too – a 5-second job that quickly becomes second nature. If you’re responsible for IT Security in your organisation, put yourself in the shoes of your users and tell me; is your security so easy to use that your users would never take unencrypted data off-site….?

[tags]EFS, Boeing, IT Management, CTO, encryption[/tags]

It would be easy to joke about an Ebay transaction gone way, way wrong, but for the fact that some pretty heavy explosives were used to make the point:

“Whatever caused this (blast) was pretty strong,” added Fire Department Capt. Jose Guerrero. “It’s tough to break one of these [... plate glass... ] windows.”

Thankfully no-one was hurt in the blast, but I wonder what on earth the motive could be?

Update:02/11/2006 – Personally, I’ve never had a problem, but it seems that Paypal has quite a poor reputation after all. Take a look at some of the links posted over dvorak.org

[tags]ebay, paypal, halloween, bombing[/tags]

With IE7 having been available in Beta form for a long time, there will inevitably be a trickle of new vulnerabilities over the coming weeks, while the people who research these things for “fun and profit” take advantage of the fact that IE7 is being pushed out via WIndows Update.

As always, while most corporate IT users will have the rollout of IE7 managed for them, it’s the unsuspecting home user who will be the target of these weaknesses.

Update @13:47: The IE Team at Microsoft have now been alerted to this, and posted some guidance, which you can read here. It mentions that the built-in Phishing Filter should warn against this technique, but because the Phishing Filter works against a list of known phishing sites rather than behaviour, I think this will still catch some people out. My advice would be change browsers or trust no-one.

[tags]internet explorer, IE7, vulnerability, weakness, phishing, Secunia, Microsoft[/tags]