I was reading today an article on ZDNet about how the state of how Maryland state security sloppiness exposes personal data. The article by Larry Selzer shows how, to quote him:
“Mustering all necessary resources” in this case means “cutting corners.”
This shows the dangers of lack of resources – time, expertise, money – that can point you in the direction of danger if you are not careful. One would think that if you are collecting drivers’ license numbers, social security numbers, addresses and other personally identifiable information you would carefully think about the implications of not having the information secure.
At first I was thinking that – hopefully – someone writing the solution was security-minded enough to raise the risk to management but then I realized that if this was indeed the case the problem is actually much worse: Either senior people did not recognize the issue or, worse yet again, they did not care about it. (I always think about these issues as “ignorance versus incompetence”.) Hopefully, there will be more digging into the issue to find out where the problem actually exists. Being an IT professional with security being one of my hats I find this troubling…
Here is a screen capture – the site is no longer publicly-accessible, thankfully, from ZDNet:
Screen capture of log of HTTP traffic from State of Maryland’s gun permit application site
About Mike Pelley
Let’s see… A little about me…
I’ve been around information technology since 1983 with computers such as DEC Rainbows (weird machine – the standard DOS couldn’t format its own floppy disks – remember them? – and I had to format them on a friend’s IBM PC) to Radio Shack TRS-80 to Apple ][e and Apple //c in the beginning.
I have programmed in 8-bit assembly language on 6502, FORTRAN and COBOL on IBM System/370 (and I still hate JCL), VAX BASIC and COBOL (and a weird and massive WordPerfect 4.0 macro) on DEC VMS (Alpha), C/C++ on Digital Unix (ALPHA), and C/C++, Perl (it may be powerful but I still hate it), PHP on Linux (Red Hat, Centos, Ubuntu, etc.).
I have work with databases such as Digital RDB (later to become Oracle RDB), Oracle DBMS, Microsoft SQL Server, MySQL and PostgreSQL on VAX, Alpha, Sun and Intel.
Check out my professional profile and connect with me on LinkedIn. See http://lnkd.in/nhTRZe
I still think that Digital created some of the best ideas in the world: VAX clustering, DSSI disks (forerunner to SCSI) and the Alpha processor (first commercial 64-bit processor – Red Hat screamed on an Alpha!). DEC just could not seem to be able to give air conditioners away to someone lost in the Sahara Desert!
VMware is one of the best ways to get the most out of an x64 server. And I have tried Oracle VM, Virtual Box and Microsoft Virtual Server.
Outside of that I am a huge military history buff starting in the early 20th century. I love Ford Mustangs (my ’87 Mustang GT was awesome) and if I had the money I would have a Porsche 928S4. If I had a lot of money I would have a Porsche 911 Turbo.
I also play too much AmrA 3 Exile mod. Over 5,000+ hours...
I have a wonderful son, Cameron. I have a long suffering (Do you really need all that computer junk?) wife, Paula. I live in Paradise, Newfoundland and Labrador.
