George Starcher

I found a neat little site called Retaggr.com through a good blogger and Mac enthusiast Christine Cavalier over at http://www.purplecar.net/.  Christine contributed a good segment on an upcoming episode of Typical Mac User.  So I went to check out her blog.

You will see on her and now my page on the right hand side a button for a retaggr.com card.  This lets a nice popup business like card come up.  Links to all the various social services and my professional associations are consolidated all into that card.  Pretty neat.

You can embed it onto your web site like to the right or into html based email as a signature etc.  

It is interesting how self referential all these identity sites become.  Once I made my retaggr card, I then went and put a link to it at claimID.  And of course on the card is a link to my claimID profile.  You get the idea.

So I was glancing over at CNN.com today and saw the article:Airline captain, lawyer, child on terror ‘watch list’ on several definitely not terrorist folks on the terror watch list just by their name.

So let me get this straight. Our government security officials are so clever they cannot come up with better control than a simple name is either on the list or it isn’t? How about taking these folks who are OBVIOUSLY not terrorists. Gather some basic but private facts about their identity. Hash the information together. Then when these folks travel the information they provide quickly when a flag is raised is rehashed and if it matches let them go on about their business. If enough basic but not easy to obtain answers are gathered then it should serve as a much speedier check to let the person go on without risking a terrorist simply farms public facts about someone with the same name.

Well one of my fellow Friends in Tech members, Steve Holden coaxed me into setting up Friend Feed.  It lets you consolidate all your major social networking services into one feed for your friends to follow.  Mainly I did it just to reserve my name on it for Identity purposes.  That in turn led me to update my claimID page and a few other things like my 2idi (iName) link redirections.  If you want to see my friendfeed page just click the “My Social” link in the top right.  Notice the link is not the actual friendfeed page but my iName XRI formatted url redirector.  That way if I decide I want to move from Friendfeed to something else I can just update my iName redirection link and everywhere someone linked to the XRI formatted link they always go to the current service I am using.

It got me to thinking that it would be interesting to see a merged service of ClaimID and Friendfeed.  Also it really makes me wish applications like skype, IM clients and email clients like Apple mail.app would recognize iNames.  Just think if you wanted to skype a friend and not knowing their real skype name you could just type like =starcher and have it go query their iName provider for the correct name.  I bring this up because as I slowly transition the old @starinfosec.com name out of existence to @me.com it would help me hide the old starinfosec name in use on things like skype when telling folks how to find me.  I mean how hard would it be for skype to parse =starcher go to my iName provider and look for a defined skype service to tell it my real skype name as I defined it.

Oh well here’s hoping it just starts catching on.  I think if enough developers simply added it that it would turn into a slow burning ground fire.  Even if most users didn’t know the support was there till the first time a friend tells them to just type my name as =myiName.

It seems everywhere I go these days the stores and restaurants pester you for your zip code.  Granted it is better than hitting you up for your phone number like they did the past few years.  But I decided today to start running a test.  I am going to give out 55544 instead of just declining.  That it an invalid zip code.  Let’s see how many places do real input validation on what the person enters into their system.

I am completely disgusted by a local event here in Tennessee. Two laptops were stolen from the Davidson County Election Commission over the Christmas holiday. They likely held 337,000 identities including the SSN, name and address of registered voters. You can read about it in the Tennessean article.

1. Why on earth was there no alarm on a building associated with election records? A rock through a window and two laptops vanish?!?

2. Why on earth were two laptops with such data left outside a safe? Surely such backup units are regularly stored in a secure location.

3. Why on earth were they not equipped with encryption?

So who is to blame? The user/custodian of the laptops? The physical security contractor? The IT department?

It comes down to what are the policies in place. After all IT in government and business alike only can do so much if management is not forced to provide funds and resources to meet the policy. If the policy did not exist then I recommend the council members should consider resigning themselves. If the policy was in place fire the IT head. the physical security head and terminate the contract of the physical security vendor. That should send a message of accountability. It should not be a surprise to these people that such information which is required to achieve the electoral mission would be at risk without proper measures.