|Home » Industry Watch » The Technological » Hall of Monkeys
Meet the master bullshitter of the week.
Mary Volz-Peacock® works for the US government as a program director at USAJOBS®. USAJOBS® is a US government organisation (and website) dealing with US government employment. Lots of people register at the site and some actually pursue careers within the US government.
Now they've all been screwed. By Mary Volz-Peacock®.
Mary Volz-Peacock®'s outsourced her technology needs to Monster. And even though the US federal government condemned use of Microsoft web technologies years ago those idiots at Monster continue to use it. And Mary Volz-Peacock® continues to use them.
There are several traditional reasons for such criminal intransigence.
- The system and network engineers are too lame. They began their education years ago when Windows still wasn't online, they presumed Microsoft would always be kings of the shit heap, they watched as Windows got clobbered and Unix took over the Internet and did nothing. They could have gone back to school, they could have picked up a Unix admin diploma in a year's work in the evenings - but they didn't.
- Somebody in the organisation gets sexually aroused at the prospect of creating an Excel spreadsheet for holiday planning for the family.
- Microsoft sales reps typically buy off the purchasing reps with fancy meals, vintage wines, toygirls or toyboys or both, and exotic excursions all expenses paid.
- Luminaries like Mary Volz-Peacock® are left in charge to silence protests and veto suggestions to change policy.
And it's ordinary people as always who suffer all the while Mary Volz-Peacock® gussies up her sweet self again to go to another vernissage or cocktail party.
Once it became known Microsoft client Monster.com had been hacked; once it became known the idiots at Monster.com didn't even bother to encrypt client passwords; then it also became known USAJOBS had been hit.
Realising she had to act and act fast Volz-Peacock issued the following statement.
As is the case with many companies that maintain large databases of information, our technology provider (Monster) often is the target of illegal attempts to access and extract information from its database. We recently learned that the Monster database was illegally accessed and certain contact and account data were taken, including user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. The accessed information does not include - sensitive data such as social security numbers or personal financial data.
As a further precaution, we want to remind you that an email address could be used to target 'phishing' emails. USAJOBS® will never send an unsolicited email asking you to confirm your username and password, nor will Monster ask you to download any software, 'tool', or 'access agreement' in order to use your USAJOBS® account.
In order to help assure the security of your information, you may soon be required to change your USAJOBS® password upon logging onto the site. Please follow the instructions on the site. We would also recommend you proactively change your password yourself as an added precaution. We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures.
We continue to devote significant resources to ensure USAJOBS® (Monster) has security controls in place to protect our infrastructure and stakeholder's information. We hope that these efforts are helpful, and continue to allow users to defend themselves against similar attacks.
Please note Volz-Peacock admits the 'stolen' data includes the following.
- User IDs.
- Email addresses.
- Names and phone numbers.
- Unspecified 'basic demographic data'.
Please note as well how she assures people the above isn't 'sensitive data'.
There are any number of cleverly nested sidesteps in the above spin to disguise negligence. Here are a few.
'As is the case with many companies'® These things are a fact of life, dear friends. Yeah right. But running Microsoft web technologies increases the risk by an order of magnitude. And do you mean to say, Mary, that you not once audited security procedures at Monster and discovered they didn't even bother encrypting passwords? Is that the 'case', Mary?
'illegal attempts'®, 'illegally accessed'® These attempts and accesses were illegal, Mary? What other type is there? This is simply passing the buck - spiking what should be a forthright disclosure with scary rhetoric to deflect the blame onto others.
'We continue to devote significant resources'® Continue to devote significant resources? What are those resources? What's been done up to now when you won't even follow GAO directives and dump MS web technologies? It seems your 'devotion' to 'protecting' your infrastructure and stakeholder's [sic] information has been a bit lacking, hasn't it?
'continue to allow users to defend themselves'® So it's actually the clients' responsibility? They're the ones responsible for you defying a GAO directive and not controlling what your fellow idiots at Monster were doing with sensitive client data?
What a mouthful. Of bullshit.
The new White House staff were in shock when they entered 1600 Pennsylvania Avenue on 20 January 2009. They're accustomed to Apple computers and secure technologies and they found dusty old Windows PCs with MS Office 2003.
So it would seem the Obama crew have their work cut out for them more than ever before.
Mary Volz-Peacock® is hereby inducted into the Hall of Monkeys. She is simultaneously the recipient of The Technological's first annual Volz-Peacock Award®.