|Home » Industry Watch (» The Technological » Hall of Monkeys » Heroes Banquet)
'An Egregious Lack of Thought'
Things threatening to go topsy-turvy as usual.
The FBI in the US have begun an investigation into the AT&T iPad incident. FBI spokesperson Katherine Schweit said they began today but wouldn't comment yet. 'It's very early', she said.
The wonder is these 'investigations' get to start up at all.
AT&T were notified by the 'criminals' at the beginning of the week; by Tuesday they'd patched the flaw; by the day after that they finally notified their customers - 72 hours after the fact.
Why aren't AT&T being investigated?
The security experts who discovered the flaw aren't exactly flattering in their criticism of AT&T. Group member Escher Auernheimer told the WSJ that they waited until AT&T fixed the flaw before going public, and went public because AT&T didn't.
Auernheimer told the WSJ that AT&T showed 'an egregious lack of thought' in leaving the information publicly available with no authentication required.
AT&T chief security officer Ed Amoroso said too much when he explained his company were trying to make things easier for customers by having their email address automatically appear in a registration field - without authentication. He then concluded the retort with the deliberately discombobulating:
'If we could have done it over, we would not have pre-populated.'
You can't do it over, Ed. And you should have thought of it before you put the system online. After all, that's why they call you chief security officer.
And that only raises the issue once again about 'OPI' - 'other people's information'. Bank staff are 'bonded' against abuse and criminal activities by their employers and bank clients are insured against their banks. (By the FDIC in the US.)
Digital information is more valuable than money today, and yet corporations with no clue and no accountability are still left in charge of people's valuables.
Policing and legislating the Internet is never a good idea. But recognising the value of information and holding accountable those who take care of information - rather than letting them hide behind smoke screens and sundry diversionary tactics - is absolutely essential if the Internet is ever going to work right.
WSJ.com: FBI Start Probe of iPad Breach
Industry Watch: 114,067+ iPad Accounts Breached