29 July, 2015

Thanks for that, Windows 10 installer

It's new. It's here. It's better than the previous version. But if the install goes wrong, as it did on the fourth machine I tried it on, the pop-up alerts aren't quite ready yet.

Thanks for that, Windows 10!

12 July, 2015

The Week of the SSN

Social maybe. Security, less so. Numbers…very very large.

It’s been a curious week here at the Crash Bunker, my place in cyberspace during times of technical fallout. I took the express elevator down here from Reboot Central on Wednesday and I’ve not surfaced since. That’s mostly because the Bunker maintains a cool 65 degree temperature year-round, and is unaffected by the humid storm weather up aloft. 

But watching news feeds down here, I’m glad I went underground.

Like most owners of private information, I’ve been hacked off about some recent news events. I’m talking mostly about the results of an investigation mounted by the U.S. government’s Office of Personnel Management, which became public on Friday.

Yes, the OPM (which by now should have become the Office of Human Resources, surely?) announced “with great confidence” that a data breach on June 12th resulted in the theft of more than 21 million social security numbers--along with other personal data, such as fingerprint records, addresses, mothers’ maiden names, and other grist for identity theft mill.

It’s a beautiful thing that the OPM should have such confidence in the findings of its investigation. Too bad that it didn’t have the same level of confidence in, oh, I don’t know, the strength of its data security systems. And a security system worthy of confidence.

Be that as it may, retribution proved to be swift and terrible, as the director of the office, Katherine Archuleta, offered her resignation, and got a presidential thumbs-down in the Coliseum of Career Sacrifice. Blood in the sand makes people feel better, apparently. 

But it doesn't take data out of the hands of criminals. 

As far as I can tell, only two people have come out of this debacle ahead: The hacker responsible for it, and Kevin Mitnick. (Lawyers take note: I’m not saying they are connected in any way other than the one in the next paragraph. Keep those lawsuits in your pants!)

The real star of the whole event was my old prison pal Kevin Mitnick, whose company profile describes him as “the world’s most famous hacker.” NPR went through its Rolodex, found Kev, and called him to conduct a guided marketing pitch for his security company. The segment was so interlaced with many phone pings and system alert sounds that I’m sure that Kev had hired one of the old prison posse as a sound effects editor for the hour.

There is some reason for optimism, here: Like most people, I should be safe from this attack, because have never applied to work for the government, and I don’t associate with anyone who does. 

Besides, with any luck, millions of those social security numbers may not be valid:  The office of the Inspector General of the Social Security Administration had audited active SSNs back in March and discovered that either a staggering 6.5 million Americans are over 112 years old, or somebody at the Social Security Death Index has a lot of overtime ahead of them.

A spokesperson for the Social Security’s Death Master File could not be reached for this article.
And now for an update…

So much for data security. Anyone fancy some good, old-fashioned bugs? Whaddaya say, New York Stock Exchange? Care to give us the lowdown on the mystery malfunction  that disrupted trading for more than three hours on Wednesday?

Nobody’s saying what caused the outage, but we’re betting on the same kind of thing that brought down NYSE in 2001—a software update.

Ah, how well I remember the chuckling at Reboot Central when the then-VP Bob Zito described the problem fourteen years ago...

“When we brought the system up in the morning, we only realized then that the software upgrade did not take.”

When the collective “Well, DUH!” from every IT guy in the universe died down, we just about made out the follow-up--When we tried to revert back to the old system, that wouldn’t work and we needed time to reboot”--before collapsing in laughter.

Surely the NYSE can’t have made the same mistake twice—especially after the news that even Samsung doesn’t trust system updates.

But frankly, the markets could have used a few brakes in the middle of the week. This is the kind of technical problem the Asian exchanges and could only have prayed for, as the Shanghai composite shed 4 percent, and Hang Seng 1.1 percent, of their worth on the same day.

I’d fly a million miles…if the damned plane would take off

As if the NYSE glitch wasn’t enough, Wednesday morning also saw United Airlines grounded its flights due to a network connectivity issue. Too bad for United that network connectivity wasn’t a problem for delayed passengers. Snidest Tweet Award goes to John B. Hammer for the following gem:

I’ve been using @united as my primary air carrier for quite a while. Why? I like to live life on the edge. #groundstop.

Two days later, in an unrelated incident, a lucky bug-swatting United customer was awarded a million bonus points for submitting a bug report. Jordan Weins’ Twitter-ready analysis? Wow. @united really paid out! Got a million miles for my bug bounty submissions! Very cool.

But where were your bug bounty reports two days earlier, Jordan? And just how do you know so much about the flaws in United’s systems, eh? Thousands of disgruntled non-flyers want to know.

Of course, things could have been worse for the airline: A United pilot could have brought live ammunition on board a flight from Texas to Germany, and tried to dispose of the evidence down the pressurized blue cyclone of an airplane lavatory. Oh, wait a minute…that actually happened

Never mind.