Fla. springs info. leak (and hurray for sysadmins)

Kowabunga! It's IT Blogwatch, in which Florida has a security blowout. Not to mention the sysadmin song...

You don't mind putting your personal details on the Internet, do you? As Jaikumar Vijayan reports, "Details belonging to potentially millions of current and former residents of Florida are available to anyone on the Internet because sensitive information has not been redacted from public records being posted on county Web sites ... counties across the nation face the same issue ... the Ohio secretary of state is being sued for posting residents' Social Security numbers for years on state Web sites where publicly searchable records are stored ... the information on the Web is in full compliance with state statutes that require counties to post public documents on the Internet [oh how reassuring that is, NOT] ... Bruce Hogman, a county resident who raised concerns about the availability of information ... said it poses a serious risk of identity theft and fraud ... the county's failure to redact, or remove, sensitive data from images of public documents such as property records and family court documents ... A new statute set to take effect Jan. 1, 2007, will require county recorders to remove Social Security numbers, bank account numbers, and credit and debit card numbers from public documents before posting documents online."

» I am, Therefore I Think: "I used to think the outrageous news about stupid government mostly came from California ... Great, so Castro can go fishing for the people he wants dead. And he can do it from the comfort of his own mansion! ... Those records have no business being online for viewing by every petty tyrant and identity thief from all over the world. This is, without a doubt, one of the biggest failures in recent memory of a government body to serve the public interest."

» Steve Watson puts it simply: "For those who aren't aware, the information that is suggested to be divulged is enough for someone to steal your identity ... A look at my country's public record page lists our name and address. That’s more than I would prefer to have accessible ... It is interesting to see the names of all the neighbors I don’t know though..."

» Chris Elroy says the real culprit is, "Government inefficiency and lack of technical understanding ... a lot of personal data available to the public ... Ahhhh, I see. It's okay to put all that personal information out there. It's our fault because we want public records to be public. The government can't be bothered with filtering out the personal data before posting the public data ... Okay, since they are in compliance with state law, everything is okay now. Wouldn't want to go above and beyond the call of duty or anything. Wouldn't want to go ahead and use any common sense. Do the very minimum you have to in order to comply with the law."

» Skepticoverload has some great last words: "Following on the heels of the shocking revelation that AT&T has been collaborating to channel their Internet traffic through the NSA is another alarming government-sponsored privacy breach ... worst of all, [the counties are] doing it on purpose ... an enormous wake up call to the horrific incompetence rampant throughout all levels of government. On one hand, all your private communications have been handed over to those who's job it is to spy on Americans. And on the other hand, the 'government' has published your private details to those who would steal from you. What, pray tell, will be the next item in this domino catastrophe of trust?" Which drew comments like DYepes's: "Perhaps we should look at this into another light. Perhaps we can use this information and track the activities of politicians and lobbyists? If people can use it against us, why shouldn't we use it against others? I wonder how hard it actually is to find the information being posted if it was not posted."

Buffer overflow:

• George P. Alexander Jr.: EDS Learns From IBM, Accenture. Goes The Oracle Way
• Nate Anderson: Outsourcing the drive-through
• Carl Howe: Why RFID marketers should do more testing
• Richi Jennings: Defeat of Net Neutrality Amendment Isn't a Disaster
• Rebecca Herold: Example of the Insider Threat: An Insider Information Leak in the Honolulu FBI Office
• Barry Schwartz: DNS Cache Poisoning & Hijacking Search Results
• Ben Rockwood: CEO Compensation Survey 2005
• Michael Arrington:: Store Web Content Offline with Webaroo
• LifeHacker: Copy and Paste between computers
• Wired News: IBM Touts Integrated Encryption
• Martin MC Brown: Sun Ultra3 Mobile Workstation
• Rod Hamilton: When disclosure collides with privacy
• Alex Scoble: "Minimize" Firefox's memory usage
• Alex Scoble: Info for April Microsoft Patch Tuesday - 11 April 2006
• Martin MC Brown: Putting a project to bed
• Jerri Ledford: Outsourcing the mother of all data management projects
• Martin McKeay: The USPS sure is fast
• Brian Babineau: Its showtime for Information Classification solutions
• Shark Tank: What's old is new again
• Douglas Schweitzer: Some of your personal info is already public!

And finally... The Sysadmin Song

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk. Also contributing to today's post: Judi Dey, our very own Antipodean.