Shostack + Friends Blog Archive

 

Three on Information Sharing

The New York Times has a story, “Teaching the Police to Stay a Step Ahead of Car Theft:”

The police have traditionally kept such conversations quiet, fearing they could tip off aspiring thieves. Mr. Bender’s mission is to bring investigators into the digital age and get them to share information, just as their adversaries are doing on Web sites, message boards and forums like YouTube, where dozens of videos show off car-hacking and street-racing techniques.

“I don’t think there is anything we talk about at the seminars that isn’t on the Internet, being discussed by the other side,” Mr. Bender said. “In the past, we have only been keeping information from ourselves.”

NPR has a story about the National Counter Terrorism Center, “Absences at Intel Center Raise Questions:”

“I think essentially, it boiled down to the amount of information-sharing that’s needed to go forth in order to defend the homeland,” Cunningham said. “So that was what was lacking.”

A second military official, who requested anonymity while discussing intelligence matters, said: “The priority was to make sure our commanders were receiving the intelligence they needed. That wasn’t happening.”

Me, I thought it was just the ISACs that didn’t share information.

Finally, Ken Belva discusses a personally discovered issue in “Exclusive: Tribeca Film Festival Discloses Ticket Holder Information” [link to http://www.bloginfosec.com/?p=196 no longer works]:

The voicemail was from a gentleman named Mark who saw my billing information on his screen and called me to tell me my information was disclosed to him. He also told me to monitor my Amex card. He took note that my AmEx account number was not disclosed to him. And, one should note other people’s AmEx numbers were not disclosed to me either, as represented in the two images posted on my site.

You might think it’s a trend or something.