The Gibbs Golden Turkey Awards nominations: Vote early, vote often!
- 09 November, 2012 15:48
This November marks the ninth year for which we will be announcing the Gibbs Golden Turkey Awards ...
To refresh your memories, these awards recognize those individuals, companies or entities that don't, won't or can't come to grips with reality, maturity, ethical behavior and/or social responsibility because of their blindness, self-imposed ignorance, thinly veiled political agenda, rapaciousness and greed, or their blatant desire to return us to the Dark Ages. Or all of those faults combined.
Thus, in preparation for this year's momentous event, I need your nominations. Who do you think needs to be given the Golden Bird this year? Don't delay, nominate today!
LEFTOVERS: The Eighth Annual Gibbs Golden Turkey Awards
In the meantime, before we give one or more worthies an award that they not only won't want but will also probably ignore, we have a moment in which to consider what should be done with companies that fail to do what they should do ...
By way of example, consider this mea culpa from Yahoo from July this year:
"At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."
The sheer scale of this "oppps" is hard to wrap your head around given that it had really serious implications for the security of the affected users' not only on Yahoo but also for those users' accounts on other services such as Gmail and Hotmail.
Arguably the worst thing about the hack involved in the breach was, according to the perps (that's hip cop lingo for "perpetrators"), that it was achieved through a relatively simple SQL injection attack! Just imagine that! How unexpected! A database interfaced to the Internet without adequate input validation! When has that ever happened before?!
I asked my friend Stephen Cobb, the security evangelist for the security company ESET, where, on a scale of 1 to 10 (where 1 is hardly worth considering and 10 is where someone senior should be fired or worse), he would place the breach and he declared he would put Yahoo's intransigence at a 9.
Stephen's comment about online systems being vulnerable to SQL injection attacks: "The thing that gets old timers like me is that checking your input data is the first order of business ... we've had 15 years of websites taking [user] input; we should be doing better!"
Indeed, we most definitely should, and as Stephen pointed out, once a breach happens there's another problem: There are at least 40 jurisdictions in the U.S. that determine how corporations have to act. And given that the Internet isn't bounded by state or even national borders, we need to at least get a national data breach handling standard in place as a matter of urgency.
Along with that should go serious, level 9 consequences for organizations that screw up as royally as Yahoo did.
And the worst thing about this whole mess is that Yahoo wasn't the only organization this year to mess up at a biblical level. There were scores of security breaches affecting dozens of companies over the last 12 months that exposed hundreds of millions of customer records but did enough (or any) heads roll? Nope.
I think it's obvious that Yahoo will be in the running for this year's Gibbs Golden Turkey Awards, as will many other organizations involved in major breaches and the U.S. government for not being serious enough about the problem as it affects consumers.
So, I'm sure you have your nominees for the GGTAs ... as they say in mainstream politics: Vote early and vote often! The Gibbs Golden Turkey Awards needs you!
Gibbs is rabble rousing in Ventura, Calif. Your nominations to firstname.lastname@example.org and follow him on Twitter and App.net (@quistuipater) and on Facebook (quistuipater).
Read more about wide area network in Network World's Wide Area Network section.