Monthly Archives: June 2007

Inferno Ravages Lake Tahoe

On Sunday, June 24, 2007, fire broke out in the South Lake Tahoe area. Some call it the Tahoe fire, others refer to it as the Angora fire. Irregardless, it’s the most catastrophic fire in Lake Tahoe history. To date 250 homes and 3100 acres have been destroyed. The estimated cost of damage to date is between $141 and $151 million. Full containment isn’t expected until at least July 2, 2007.

An estimated 1800 to 2000 firefighters are battling dry and sometimes windy conditions to put this inferno out. So far there have been no reported deaths.

The fire was man made but the cause isn’t known yet. Some speculation as to the origins include a campfire or possibly a cigarette butt.

It can be devastating to lose everything you’ve ever owned in a matter of minutes. A lot of people have been affected by this fire. Fortunately, a lot of people want to help. The information below is provided for people who want to donate items or money, or to help in other ways. It originally appeared in the Nevada Appeal. Visit their web site for more information and updates.

Continue reading

GAO report reveals SSNs still at risk

A new report (PDF) from the United States Government Accountability Office (GAO) says that Americans’ Social Security numbers (SSNs) are still being exposed to potential identity theft and misuse attributed to federal laws riddled with loopholes and the lack of proper oversight of information brokers.

The GAO found that there are a number of federal laws and regulations that require agencies at all levels of government to frequently collect and use SSNs. Vulnerabilities persist in federal laws addressing SSN collection and use by private sector entities.

“For example, although federal laws place restrictions on reselling some personal information, these laws apply only to certain types of private sector entities, such as financial institutions. Consequently, information resellers are not covered by these laws, and there are few restrictions placed on these entities’ ability to obtain, use, and resell SSNs for their businesses. Vulnerabilities also exist in federal law and agency oversight for different industries that share SSNs with their contractors.” wrote Daniel Bertoni, GAO Director.

The report goes on to detail how private sector entities collect SSNs from various sources and how they use them for identity verification purposes.

Continue reading

The Microsoft 6 month vulnerability report

In yet another play on numbers (not to mention another attempt to persuade consumers that Vista is the greatest thing since sliced bread), yesterday Microsoft released a report titled “Microsft Vista Has Fewest Vulnerabilities at 6-Month Mark”, (PDF) implying that Vista has turned out to be an exceptionally secure operating system (OS)…much more secure than various versions of Linux, Mac OS X and Windows XP.

The report was written by Jeff Jones, the Security Strategy Director of the Microsoft Trustworthy Computing group (no, it’s not an oxymoron). He writes that for Vista’s first 6 months (remember, it was released to businesses on November 30, 2006), 12 out of 27 disclosed vulnerabilities were patched. For Windows XP, 36 out of 39 disclosed vulnerabilities were patched in the same time frame. I don’t mention the the Linux or OS X vulnerabilities because they’re not important, nor should they be compared to Windows. Those are entirely seperate entities.

“In all four cases studied for the 6 month period after ship, Windows Vista appears to have a lower vulnerability fix and disclosure rate than other products analyzed, including the reduced Linux installations. This affirms the early results we found after 90 days and provides a supporting indicator that Microsoft Security Development Lifecycle process and heightened focus on security is having a positive impact on Microsoft Windows in terms of fewer vulnerabilities” writes Jones.

Several analysts and news writers / bloggers aren’t buying it. For that matter, I’m not either. Several online media outlets are reporting that Microsoft is better at patching XP than Vista (if you look at the numbers on his report, it’s easy to see it that way but apparently he didn’t notice that). It also neglects to mention that one of the primary reasons there are “fewer vulnerabilities” is that there are far fewer people using it. In all actuality, the report is, for the most part, meaningless. If and when more people start using Vista, there will be more hackers looking at it too. In all probability it will be hit with some major vulnerabilities.

Continue reading

OMB memo to Feds details securing data breaches

The Office of Management and Budget (OMB) issued a memo (PDF) to the Federal Government in attempts to safeguard against the breach of personally identifiable information requiring Federal Agencies to review their use of Social Security numbers. They have 120 days to come up with a plan to eliminate unnecessarily collecting them and participate in government-wide efforts to find alternate ways of identifying you.

Literally billions of records of personal information are collected by the government for a wide variety of reasons (Medicare, taxes, loans…the list goes on and on). The memo reminded agencies that they have a legal obligation under the Privacy Act of 1974 and the 2004 Federal Information Security Management Act (PDF) to protect personal data.

As well as setting a deadline for the agencies, the OMB is directing agencies to develop and implement notification policies suitable to potential risks caused by breaches of personal information and to take steps to protect federal infomation on laptops and other mobile devices.

“Safeguarding personally identifiable information in the possession of the government and preventing its breach are essential to ensure the government retains the trust of the American public,” Clay Johnson, Deputy Director for Management  wrote in the memo. “This is a responsibility shared by officials accountable for administering operational and privacy and security programs, legal counsel, Agencies’ Inspectors General and other law enforcement, and public and legislative affairs.”

Continue reading

FDA issues advisory on toothpaste made in china

The U.S. Food and Drug Administration (FDA) issued a news release advising consumers to avoid using tubes of toothpaste labeled as made in China and issued an import alert to prevent toothpaste containing the poisonous chemical diethylene glycol (DEG) from entering the United States. The information below is from the FDA news release.

DEG is used in antifreeze and as a solvent.

Consumers should examine toothpaste products for labeling that says the product is made in China. Out of an abundance of caution, FDA suggests that consumers throw away toothpaste with that labeling. FDA is concerned that these products may contain “diethylene glycol,” also known as “diglycol” or “diglycol stearate.”

FDA is not aware of any U.S. reports of poisonings from toothpaste containing DEG. However, the agency is concerned about potential risks from chronic exposure to DEG and exposure to DEG in certain populations, such as children and individuals with kidney or liver disease. DEG in toothpaste has a low but meaningful risk of toxicity and injury to these populations. Toothpaste is not intended to be swallowed, but FDA is concerned about unintentional swallowing or ingestion of toothpaste containing DEG.

Continue reading