Friday, September 8, 2017

Slow News Week


The quality of journalism can certainly be challenged these days.   It seems that in order to keep your job, the title of every article must sound alarming and catastrophic in nature in order to "sell print".

Sad really, since we end up with a feeling of fake news, and many other side effects.

However, a significant mass of people will be reading these articles and believing the negative feelings being conveyed.  

This morning, in Montreal's very popular "Journal de Montreal", we find an article titled "He receives a strangers card" making reference to a medicare card.   Not a credit card, not a drivers license, but a medicare card.

Poor poor man.   How traumatizing to have received your own card along with a strangers.  How will you sleep through the night and get to work on Monday.

If you ordered underwear from Amazon and received someone else's order of socks would you call the newspaper or would you call Amazon to have the error corrected?

This is not the first time a shit article has been written on a shit subject.   Last year, someone received something from the government that was miss addressed and the newspaper did the same type of article.

Lets look at the risk.

The medicare card has only one piece of sensitive information, your birthdate.  Combined with your name, the person who erroneously received your card, now has a piece of plastic with physical countermeasures similar to a credit card, that has your picture, name and date of birth on it.

What is the risk here..... well....  if the person that received it is Frank Abagnale then maybe he can cannibalise the card, change the picture and used it to get free medical services.  Frank wouldn't have your address and know where you bank, so the damages to you are limited to say the least.

In order to sound like a journalist, let me say it this way..... 

"The statistics demonstrate that sending a random medicare card to a random individual will not result in that card being used maliciously"

Did I say statistics... sorry I meant common sense.

"A random citizen does not have access to the talent required to fraudulently use someone else's medicare card"

"A random citizen doesn't have access to the underground networks that use false medicare cards for profite"

Oh oh oh wait.... here is a good one...

"A random citizen can't do shit with your name and date of birth and your ugly mug shot".   Usually considered the same pairing of information that most idiots share with their 800 Facebook "friends".

As an other note.....  news is supposed to be pertinent (in my opinion).  These types of articles only make the security uneducated worry about something that is out of context and of no value.  The fact that a rubber bushing on an envelope stuffing machine felt fat one morning and spewed two cards into an envelope instead of just one is about as newsworthy as watching paint dry or linoleum curl under high humidity. 

Imagine your next family gathering where grandma wobbles over to her security expert grandson and asks "How bad is it dear, am I going to loose my medicare, I read that they sent out my card to the wrong address".

Charming.

I'm pretty convinced that there are large masses of worthy subjects to investigate and report on.   

This happens in security articles too

Take this example: 


Bug in Windows Kernel Could Prevent Security Software From Identifying Malware




According to Microsoft, this isn't a bug, it's a design feature.   Sure we can argue that Microsoft is covering their asses, but the article actually stipulates Microsofts response.   So in my opinion, the article title should have been "Windows Kernel Design makes security software creators work for their money".... but that is far less catchy!

_______________________________________________

Eric Parent is a senior security expert, specialized in coaching senior executives.  He teaches CyberSecurity at l'Ecole Polytechnique and HEC Universities in Montreal, and is CEO of Logicnet/EVA-Technologies, one of Canada's oldest privately owned security companies.

Follow Eric on:
Twitter @ericparent
LinkedIn :  EVA-Technologies

www.eva-technologies.com


No comments:

Post a Comment

Are we even trying over at BRP

This will be a short blog entry.  Essentially, a general observation. If your enterprise was breached and screenshots of user account passwo...