- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - This November marks the ninth year for which we will be announcing the Gibbs Golden Turkey Awards ...
To refresh your memories, these awards recognize those individuals, companies or entities that don't, won't or can't come to grips with reality, maturity, ethical behavior and/or social responsibility because of their blindness, self-imposed ignorance, thinly veiled political agenda, rapaciousness and greed, or their blatant desire to return us to the Dark Ages. Or all of those faults combined.
Thus, in preparation for this year's momentous event, I need your nominations. Who do you think needs to be given the Golden Bird this year? Don't delay, nominate today!
LEFTOVERS: The Eighth Annual Gibbs Golden Turkey Awards
In the meantime, before we give one or more worthies an award that they not only won't want but will also probably ignore, we have a moment in which to consider what should be done with companies that fail to do what they should do ...
By way of example, consider this mea culpa from Yahoo from July this year:
"At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."
The sheer scale of this "oppps" is hard to wrap your head around given that it had really serious implications for the security of the affected users' not only on Yahoo but also for those users' accounts on other services such as Gmail and Hotmail.
Arguably the worst thing about the hack involved in the breach was, according to the perps (that's hip cop lingo for "perpetrators"), that it was achieved through a relatively simple SQL injection attack! Just imagine that! How unexpected! A database interfaced to the Internet without adequate input validation! When has that ever happened before?!
I asked my friend Stephen Cobb, the security evangelist for the security company ESET, where, on a scale of 1 to 10 (where 1 is hardly worth considering and 10 is where someone senior should be fired or worse), he would place the breach and he declared he would put Yahoo's intransigence at a 9.
Stephen's comment about online systems being vulnerable to SQL injection attacks: "The thing that gets old timers like me is that checking your input data is the first order of business ... we've had 15 years of websites taking [user] input; we should be doing better!"