"There are very specific guidelines for security," said Lee McKnight, an associate professor of information studies at Syracuse University. "They are common sense, and anyone should be embarrassed if they aren't following these guidelines." Perhaps the easiest way to keep information secure is to delete data that is no longer used.
Tech Industry Paper - Finding Strength Through Customer Service Poised to capitalize on an upturn in the economy, technology companies are focused on retention & service. This paper, from Convergys, provides the latest research on customer experience for B2B & B2C technology customers. Learn more.
A government Web site meant to aid travelers in removing their names from the Do Not Fly list inadvertently exposed thousands of personal data files to malicious hackers, according to a congressional report released on Friday.
The House Committee on Oversight and Government Reform released a
report on Friday that detailed serious flaws in the architecture -- and development -- of the
Transportation Security Administration's site. Virginia-based
Desyne Web Services was given a no-bid contract to build the site in part because the TSA official in charge of the project was a former Desyne employee, the report states.
Lack of Common Sense
While the committee takes the TSA to task for failing to comply with government guidelines, the inability to implement basic security measures is more alarming, according to Lee McKnight, an associate professor of information studies at Syracuse University.
"You don't leave databases of personally identifiable information where they are easy to access," McKnight told TechNewsWorld. "This should be Fort Knox. That information needs to be locked far away."
The Organization for Economic Co-operation and Development (OECD), an international group with more than 100 member countries, has been working on
security guidelines for two decades. It has a working security document, including nine steps to ensure data privacy, that should be used by every group setting up a network, according to McKnight.
"There are very specific guidelines for security," he emphasized. "They are common sense, and anyone should be embarrassed if they aren't following these guidelines."
Exposed by Student's Blog
The guidelines were developed to help organizations ensure security, but the easiest way to keep information secure is to delete data that is no longer used, McKnight suggested. Data is oftentimes used for a specific one-time purpose. However, organizations will continue to store that information, creating a target for malicious hackers.
Even had these guidelines been followed, though, there was little follow-up on the site, the report points out. In fact, the TSA never discovered the flaws in its system.
The original site was launched in October 2006. Thousands of people submitted personal data, the report notes. However, nobody -- including the TSA officials -- realized that the security holes existed until Christopher Soghoian, a graduate student at
Indiana University's School of Informatics,
blogged about the flaws. It was his blog that eventually led to the investigation.
Neither Desyne nor the official in charge of the project has been sanctioned, and Desyne still hosts two major TSA Web sites, according to the report.
CES Thoughts: Microsoft's Future, Intel and AMD, Can HD DVD Recover? Product of the Week January 14, 2008
Boy, you really got the sense that AMD and Intel were on different paths at CES. Intel provided one of the best showcases for Intel-based technology I've ever seen, and it was focused on being mobile and WiMax, the next big thing after WiFi. Any hot notebook that used Intel technology could be found in the strategically located massive booth.
Related Stories
TSA Tests Security Scanner That Makes You Look Naked October 11, 2007
The Transportation Security Administration is testing a new type imaging scanner at the airport in Phoenix that uses electromagnetic waves to search for contraband. Privacy advocates at the Electronic Privacy Information Center, however, say the scanners can store the images they take, which are very detailed and amount to "naked pictures."
TSA Loses Track of Data-Packed Drive May 08, 2007
An external hard drive containing personal info on about 100,000 TSA current and former employees "was discovered missing from a controlled area at the TSA Headquarters Office of Human Capital," the agency said. The Transportation Security Administration has promised to give a measure of free credit monitoring and ID theft insurance to those whose records were contained in the drive.
More by Brad King
Amazon Tells NY Tax Man to Take a Hike May 05, 2008
Amazon believes New York's Internet Sale Tax Collection law is unconstitutional, and it's taking its argument to court. The law requires e-commerce vendors with any presence whatsoever in New York to pay sales tax on all purchases made by New York residents. Amazon says the law considers independently operating, New York-based sites that post links to Amazon products as engaging in active solicitation.
Sun Suffers a Reversal of Fortunes May 02, 2008
Sun Microsystems saw its quarterly results drop from a profit of $67 million a year ago to a loss of $34 million in the company's fiscal third quarter. The company said it will cut thousands of jobs and expects difficult times ahead due to the mortgage fallout and general economic malaise.
Will a $199 Price Tag Debase the iPhone? April 30, 2008
The latest Apple rumor to circulate has AT&T offering a subsidy on a 3G iPhone when it's released in June, bringing the price into the same neighborhood as all the other commoner phones. Will Apple stoop so low as to allow such a thing to happen?
Headline Feeds
Talkback: 
