They probably hate it now, since they’ve just admitted they mixed consumer data with airline passenger info while working on the Secure Flight initiative.

The process is now considered a serious privacy issue, after DHS culled info from consumer databases provided by Acxiom, Insight America and Qsent. Beyond that fact, auditors found security problems with the software that was being used.

DHS is blaming the mess on “inadvertent oversight.” If the weak systems get hacked, it’ll be another one of those “anomalies”, so you can be pretty certain your data is still safe.

UPDATE: More on the Secure Flight issue from Bruce Schneier.

Homeland Security issued a terrorist warning to the financial services sector, and the bankers yawned. No wonder - DHS’s information security is pretty paltry in it’s own right.

Then again, we already knew that.

Homeland Security has been searching far and wide for a chief of cybersecurity. Yes, while virtually every US Government department is getting piss poor grades for computer security (including Homeland Security), the bureacrats have been sitting on the fence (then again, what’s new there).

Now they’ve found their man. It’s Greg Garcia, former VP of the Information Technology Association of America.

Now, what’s their grade in human resources acquisition?

The Department of Homeland Security announced that you should patch your Windows systems right away.

Yes, the folks that fail miserably on their own cybersecurity are telling everyone else to get on the ball.

So, when you see that little “Updates” popup in the lower right hand corner of your screen (you know, the one that appears each and every time Microsoft issues patches), pay attention this time - a wise and wary group of governmental types say so.

Boy am I glad I read the news the morning, even if I am on a Mac.

***UPDATE***

A suggestion: If the government will pass a law stating that if an employee of an organization (including bureacracies) leaves a laptop in a parked car (or unattended in any other public place for that matter), and it gets stolen, the employee must be terminated immediately. In return, all citizens will then listen to government warnings about computer security threats.

If you are highly proficient with telecommunications and information technology, there is a job opening for you. Yes, the Department of Homeland Security’s Cybersecurity Czar post is still vacant, a year after the position was created.

Anyone with the talent to truly make a difference is almost certainly very busy nowadays, and would likely consider the position a demotion. Hence, I am not holding my breath as to its getting filled by someone competent and/or motivated to do the job, anytime soon.

The Department of Homeland Security thinks new laws against rootkits may be in order after the recent flurry of discoveries of their use (led by Sony BMG).

Like I said, I am getting more spam than ever (despite CAN-SPAM), so I have to withhold all comment, as the result is likely beyond my imagination.

I think the latest “predictions” regarding online threats by the fine and fair Department of Homeland Security are just their way of saying “We’re paying attention, and some legislator has a bill in waiting to pump up his/her profile prior to elections.”

Tops on the list of “predictions”….spear phishing (already happening), and brokerage account break-ins (don’t worry here, the brokerages are already pretty good at losing the data themselves).

The safety recommendations include the ultra-creative “turn on your firewall,” “install and update anti-virus and anti-spyware,” and “perform regular operating system updates.”

The insight, the forethought!

Ever since 9-11, everyone has been clamoring for business with the US Government. Business is booming in and around Washington, and everyone who wants to bid on work must run through the venerable General Services Administration. Unfortunately, that organization is running a system woefully lacking in security.

It isn’t the first time the government hasn’t paid attention to their own shop. A spammer is now going to jail after bouncing his mail off government servers, and that is just news from the last week.

The government needs to wake up and smell the coffee. While they clamor to peek into Americans’ private lives, driven by groupthink paranoia, they are sitting on holes in their own systems big enough to drive trucks through.

When I say “hit” I don’t mean getting hammered either.

Novell just announced that they are going to be releasing their AppArmor intrusion prevention software under the GPL. The product will likely get some improvements from the OS community, albeit at the expense of Homeland Security adding many line items on the Linux side of their less than accurately represented vulnerabilities list.

You gotta wonder, however, if the whole US-CERT list thing was a public relations move, as Homeland Security just made a grant to three groups to improve open source security. Yep. Over a million bucks is going to Stanford University, Coverity, and Symantec to work on OS bugs. The Stanford/Coverity bit makes total sense to me - Coverity has a service that allows you to upload your C/C++ code to their system, at which time they scrub the heck out it looking for unnecessary complexity and the potential pitfalls that go along with that. The technology, by the way, came out of Stanford. I guess Symantec is just along for the ride.

I might of actually recommended this list of security precautions, especially considering the target. A lot of folks have just unwrapped their fancy new machines, and now that the kids are all in bed, are probably going to plug them in to the net. They will be quickly infected with some virus or spyware, and that’s all she wrote.

In comes the Department of Homeland Security making suggestions about how to stay safe - but their opening blows the credibility out of the water. Instead of saying trojan horse software “was first discovered in May 2005,” they could have stated “the Department of Homeland Security first discovered the trojan horse threat in May 2005, even though every computer security company on the planet was isolating plenty of them by the late-90’s.”

At least someone might have listened if they were honest. Now a bunch of folks are going to get screwed (with the exception of those who got a boxed Linux distro in their stockings, or were lucky enough to have a loved one who braved the lines at the Apple Store).