News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Angela Gunn's picture
Angela Gunn

Pushing Buttons

More posts | Read bio

April 26, 2007 - 1:20 A.M.

Comfortably numb?

2 comments

In case you're not subscribed to the daily Security newsletter (good heavens, friend, what's wrong with you? it's free!), you might not know that we're testing a new format that includes a daily blog-type note pointing out stories or topics that caught my attention during the past 24 hours. (There are also improvements such as targeted links -- hop right to the story you want, no scrolling required -- pointers to the best of the best, and so forth. Basically we're hoping to stick a fork in the pure-text version of the newsletter without going all over-the-top HTML on you. Sign up, check it out, let us know what you think.)

Wednesday's newsletter caught me in a snarkier mood than usual, wondering what the heck it'll take to get users to pay attention to security problems on enterprise networks if they can't even be bothered to worry about problems that affect their very own bank accounts. That note ran as follows:

Jaikumar Vijayan's story Tuesday on the latest in the TJX saga leaves me even more dismayed by the American public than I usually am on a Wednesday. We are a people who get our shorts in a bunch over celebrity divorces, tone deafness on American Idol, Rosie O'Donnell vs Donald Trump, and tastes great vs less filling -- but TJX's data breach is, by and large, barely raising an eyebrow, less alone hitting the company in the cash registers.

Makes you wonder why companies pay you to protect anyone's information, it really does.

The financial institutions are the ones holding TJX's feet to the fire. As Jai's coverage explains, banks in California and Massachusetts believe themselves to be particularly hard hit by the breach, and they're looking for recompense for the trouble of canceling and re-issuing all those debit cards -- even though, as a representative noted, it's hard even to say where the costs might top out.

There's some other TJX-flogging action at the moment -- a pension fund in Arkansas is suing for access to documents showing what the company did to secure data and to respond to the breach, a Canadian law firm is seeking relief for customers up there, and a Virginia woman filing a class-action suit to push the company to pay for credit monitoring services for affected customers. Odds are there'll be more, and that TJX is going to be seeing the inside of a lot of courtrooms before this is done. Who knows -- maybe even a bankruptcy court or two. It could happen.

But why aren't the customers making a fuss? Where's the outrage? My TJ Maxx and Marshalls days are officially over, but my sister-in-law and her friends -- most of them engineers, some of them even curious about the mechanics of the breach itself -- all shrug when I ask if they've quit shopping at the company's stores. "Why bother?" they tell me. "Damage is done, and now they know, and nothing showed up on my last bank statement in any case."

I suppose I should be glad that my friends and relatives remembered the problem long enough to locate a bank statement (though the more we find out about the duration of the breach, the less impressed I am with the effort), but I wonder if we've reached a breach saturation point for security civilians. Do consumers really trust their banks and credit-card issuers to keep an eye on things for them? Do they assume that every other merchant is going to suddenly become vigilant in whatever way TJX was not, even though we're still figuring out what happened at TJX? Or are they simply crispy -- they've heard about too many breaches at this point and just stopped processing the data?

It may be a problem as unsolvable as users writing their passwords on sticky notes, but when consumers go from not caring about their company's security issues to not caring about security problems that potentially tap into their very own wallets, you start to suspect they're beyond the reach of mere education. How are you getting through to yours?

So it's 24 hours later, I'm planning Thursday's note, and which story's jumping out at me?

More phish out there than we thought: Barnum spins in grave as 14% of those targeted take the bait

We may still be evaluating the newsletter format, but I have already learned one thing from writing the daily note: No matter how cynical I think I'm being about security and the general public, I'm not cynical enough. Gah.

What People Are Saying

Add new comment

Lost me on the last sentence

Submitted by AG on April 26, 2007 - 7:58 P.M.

Lost me on the last sentence there, friend. Did you mean newsletter writers?

Understood re concerns over HTML in newsletters, though ironically that's not entirely true for ours even in text format; Lyris... does stuff. (We can get into what Lyris does and why, but the mechanics of our newsletter system are pretty ordinary stuff as far as newsletter system systems go.)

For instance, in today's Viruses newsletter -- which isn't participating in the test -- the first story concerns the Google AdWords situation. If you receive that newsletter, you saw a link that looks like this:

http://cwflyris.computerworld.com/t/1487686/8540230/60992/2/

and if you clicked it, you saw it resolve to this:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9017862&source=NLT_VVR&nlid=37

Nothing too spooky there, but it's certainly not any more obvious than the HTML version. (And yes, I've gotten letters from people who were concerned that the URL at which they ended up didn't "look right.")

Anyway, glad for a chance to respond.

Reply | Report this comment

You say "Basically we're

Submitted by Anonymous on April 26, 2007 - 10:23 A.M.

You say "Basically we're hoping to stick a fork in the pure-text version of the newsletter without going all over-the-top HTML on you." Why do think going to HTML in email is good? In text, you can see where the URLs point and not just hope that email that says it from ComputerWorld really is. Plus you do not have to worry if some smartaleck put in malicious email so one of the HTML email clients can go there & get zapped. So, what are we going to have to do to get BLOG writers to give users secure choices???

Reply | Report this comment

Related Posts

IObit accused of stealing from Malwarebytes
Is the Windows 7 adoption surge driven by piracy?
Spam culture, part 3: Nigeria (and 419 scams)
Los Angeles goes Google; dumps GroupWise; shuns Microsoft; ignores IBM

Today's Top Stories

Droid launch draws tech-savvy crowd
AMD graphics chip shortage hits PC vendors
Mozilla fixes Firefox crash bug
Update fixes iPhone sync problem with Windows 7 for some
First take: Apple's new MacBook offers sleek style, solid performance
Elpida inks DRAM tech, outsourcing deal with Taiwan's ProMOS
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.