I just don’t understand Julia Angwin’s scare story about cookies and ad targeting in the Wall Street Journal [The Web’s New Gold Mine: Your Secrets, July 30, 2010]. That is, I don’t understand how the Journal could be so breathlessly naive, unsophisticated, and anachronistic about the basics of the modern media business. It is the Reefer Madness of the digital age: Oh my God, Mabel, they’re watching us!
. . .
It’s a fine thing that the Journal also tells readers how to “avoid prying eyes.” And if enough people do that, then the value of the advertising-supported web falls. Without cookies, the effectiveness and price of advertising would plummet as ads everywhere turn into remnant junk (smack the money), reducing revenue for media sites and reducing their content to junk.
. . .
Oh, and I neglected to point out that it was the very same Journal that had the wingnutty story about privacy and RFID tags on our pants, quoting as an expert a woman who thinks that RFIDs are – and I exaggerate not – the work of the devil. What the hell is happening there? Are they going out for drinks too often with their new neighbors at the Post?
“Why is The Wall Street Journal So Afraid of Cookies?” by Jeff Jarvis, The Faster Times, July 31, 2010
The study found a strong correlation between ‘minor’ policy violations and more serious abuse. From the report: “Based on case data, the presence of illegal content, such as pornography, on user systems (or other inappropriate behavior) is a reasonable indicator of a future breach. Actively searching for such violations rather than just handling them as they pop up may prove even more effective.”
The Verizon study also takes aim at the hype surrounding the “advanced persistent threat,” or APT — a politically and emotionally charged term that has become virtually synonymous with the term “cyber war”. The concept of APT — which describes attackers who are motivated, skilled, well-funded and patiently directed at compromising a specific target — is not new, but it came into vogue earlier this year with Google’s public disclosure that its intellectual property had been stolen in a targeted attack originating from China.
Hacked Companies Hit by the Obvious in 2009, Krebs On Security, July 28, 2010
Including the [U.S. Secret Service] USSS cases in this year’s report shook things up a bit but didn’t shake our worldview. Driven largely by organized groups, the majority of breaches and almost all data stolen (98%) in 2009 was still the work of criminals outside the victim organization. Insiders, however, were more common in cases worked by the USSS, which boosted this figure in the joint dataset considerably. This year’s study has by far improved our visibility into internal crime over any other year. Breaches linked to business partners continued the decline observed in our last report and reached the lowest level since 2004.
2010 Data Breach Investigations Report, Verizon RISK Team (66-page PDF )
What can you do to keep your data, and your computer, “safe”? The standard advice:
- Install and keep up-to-date a reputable anti-virus program: AVG, Avast
- Have a knowledgeable person check you computer with HiJack This
- Use a new version of your browser and keep it up-to-date: FireFox, Google Chrome
- Use these browser add-ons and keep them up-to-date: NoScript, AdBlock, Better Privacy, Redirect Remover, Beef Taco (Targeted Advertising Cookie Opt-Out), SSLPasswdWarning, Lazarus: Form Recovery
- Install and keep up-to-date a malware program: Malwarebytes Anti-Malware
- Keep your Operating System (OS) up-to -date with the latest security patches
- Keep your programs up-to-date with the latest updates, especially any security patches: Acrobat
- Do not open email attachments that you are not expecting even if they appear to be from people you know
- Be judicious about forwarding mass emails of any kind. I.e., don’t.
- Do not click on unknown links in email – open up your banking, credit card and financial web sites using your trusted bookmarks or a known URL – and check to see if the link displayed at the bottom left of your browser (in FFx) matches what is displayed on the screen in your email.
- Do not give personal information, account names, and passwords to strangers in person, over the phone, in email, or on a web site.
- Do not download porn or illegal downloads – most people have no clue what hidden files they are also downloading.
- Regularly read Krebs On Security
- Protect Your Computer, from National Cyber Security Alliance
- How to Secure Your PC, from WikiHow
- How to Keep your Computer Secure and Running Smoothly, from eHow
Image Source: Credit Card Theft, from Dan Hankins, used under Creative Commons license
- Krebs On Security
- 4 steps to protect your computer, from MicroSoft
- Google Online Security Blog
- FireEye Malware Intelligence Lab
- Security Blog, from Verizon Business
- Cyber Security Tips, from United States Computer Emergency Readiness Team (US-CERT)
- InSecurity Complex, Elinor Mills, cnet
Computer and Information Security Handbook
The Myths of Security: What the Computer Security Industry Doesn’t Want You to Know
Network Security Bible
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
- Congressional Operations Briefing – Capitol Hill Workshop
- Drafting Federal Legislation and Amendments
- Writing for Government and Business: Critical Thinking and Writing
- Custom, On-Site Training
- Drafting Effective Federal Legislation and Amendments in a Nutshell, Audio Course on CD
- Congress, the Legislative Process, and the Fundamentals of Lawmaking Series, a Nine-Course series on CD
Legislative Drafter’s Deskbook: A Practical Guide
Citizen’s Handbook to Influencing Elected Officials: A Guide for Citizen Lobbyists and Grassroots Advocates
CongressionalGlossary.com, from TheCapitol.Net
For more than 40 years, TheCapitol.Net and its predecessor, Congressional Quarterly Executive Conferences, have been teaching professionals from government, military, business, and NGOs about the dynamics and operations of the legislative and executive branches and how to work with them.
Our custom on-site and online training, publications, and audio courses include congressional operations, legislative and budget process, communication and advocacy, media and public relations, testifying before Congress, research skills, legislative drafting, critical thinking and writing, and more.
TheCapitol.Net is on the GSA Schedule, MAS, for custom on-site and online training. GSA Contract GS02F0192X
TheCapitol.Net is a non-partisan small business.
Teaching how Washington and Congress work ™