Wednesday, August 31, 2005

Chasing Galaxies, Missing the Sun

Hurricane Katrina came, conquered and devastated the lives of millions of Americans in a matter of hours. It has changed the region's topography forever. Even watching the coverage on television can be depressing. But, using history as a guide, those affected -- and dare I say the nation -- will ultimately prevail and return stronger.

This disaster is the kind, like the Sept 11 attacks, that will unite Americans. The wealthy will reach a bit deeper into their pockets, the spiritual will pray a little longer and those will able hands will work a harder. Soon, there will be benefit concerts, candy drives, fund-raisers and other ways we can take care of our brothers and sisters in the South.

In these cases, some organizations actually need the media to dessiminate information to families, survivors or the public. Red Cross may want to say "we have diapers and potable water", FEMA will want to assure folks that "help is on the way" and law enforcement agencies remind us that "looters will be arrested."

But we will also see shameless self-promotion ...organizations that dedicate PR resources to do nothing more than talk about themselves (sadly, the national media, cable channels specifically, are desperate for fresh perspectives and will interview almost any talking head to cut away from stale footage loops). All these interviews do is clog the airwaves and make it that much more difficult for the charitable organizations to let the public know how to make a real difference.

FEMA, the government's lead agent for recovery, has a list of ways to help out financially here. I will post others as I learn about them, and soon figure out how to make the list more pronounced on this blog.

Sunday, August 21, 2005

AF personnel system gets hacked

I recently received news that Air Force Personnel Center's computer database was hacked into and thousands of Airmen -- including yours truly -- may now be especially vulnerable to identity theft.

On the face of it, it's ironic: I have trouble accessing my own account most of the time, often resorting to creating new passwords on every visit. Somehow, these yahoos figured out how pry open my personnel information as well as 33,300 others!

At the core, however, it's a horrible inconvenience. The biggest problem is that all of our social security numbers are now open-source intelligence. So even if none of us spot identity fraud today, our new-found vulnerability will last the rest of our lives. This is undoubtedly a major blow (actually, 33,330 blows!) to Air Force information assurance credibility.

In the Air Force's defense, the Aug. 18 form letter I received via email (read: "Dear Air Force Member") clearly spelled my options moving forward: Because of the incident, I am legally entitled to a free credit report from big-time consumer reporting firms, I can also take my case to the Federal Trade Commission and I have all the pertinent addresses, Web sites and phone numbers. In terms of outlining this crucial information, which sadly most Airmen would have probably neglected to research on their own, the Air Force gets a huge plus.

What irks me is the time it took to send out the notification. According to the message, the hacking occurred between May and June 2005. Out of the entire email, only one sentence addresses the issue ..."(W)e delayed sending you this notice for a short time in order to give our law enforcement officials the best opportunity in the early critical time period to catch the perpetrator(s)."

BULLCRAP! The Air Force should have contacted us immediately, if for no other reason than it was bad news ...I mean, if I'm obligated to immediately report "Fraud, Waste & Abuse" or computer security violations up the chain, I expect that respect to be reciprocated. And because of the blunder, 33,330 Airmen marinated in vulnerability for months, without a clue, the effects of which are yet to be determined.

The Air Force needs to nab the hackers who did this, and the details should be posted on Air Force Link -- I'm all for the occasional public hanging. More importantly, I hope the Air Force doesn't come away from this incident thinking that a 2-month notification delay is acceptable, because it ain't.