Parking Tickets…found an oops




I noticed that it’s possible to MIStype your parking tag, and still get a valid ticket ID. Why is this an issue?

A friend of mine paid a ticket for me last fall…it was the result of parking near a friendly meeting I was invited to and the consequences were unavoidable due to the meeting running over the time budgeted. So I thought “great!” That takes care of that, right?

He ended up making a numerical typo on his phone, someone else’s ticket got paid and not mine.

It appears that the ticketing system will prevent you from paying a ticket already paid, but it will not stop you from looking up another ticket and paying that one. In fact the ticket numbers appear to be assigned sequentially. This only increases the likelihood a number type in the last three or four digits will result in the lookup of a valid unpaid ticket.

We tried getting the charge looked up, but that was made doubly difficult since I was not the card owner making the payment. I hold the infraction, I cannot request payment transfer. My friend can request payment transfer but must provide all my personal info as it pertains to the license plate. Strong deterrent made even stronger by the fact that both of us are very busy IT professionals and could only try calling in. I think the total time on hold amounted to 4 hours. We only ever spoke to one live body.

I think the business process needs a serious rethink, but it could all be fixed with the addition of a random text string at the beginning or end of the parking ticket number.

But for now it’s fun looking up all the parking ticket infractions if only to see what the parking infraction staff are charging motorists.

Data is the new oil.

Verizon draws fire for monitoring app usage, browsing habits | Politics and Law – CNET News.

“We’re able to view just everything that they do,” Bill Diggins, U.S. chief for the Verizon Wireless marketing initiative, told an industry conference earlier this year. “And that’s really where data is going today. Data is the new oil.

While not new to anyone in the IT Services industry, anyone in touch with IT administration knows just how much we can deduce with advanced real time monitoring tools…it’s a good reminder as to the motivations at play in the open market at the consumer and B2B level. The knowledge of what happens on the network is the first step. Manipulation or redirection of what happens on the network is the business goal for many network owners. (think Netflix vs Comcast, net neutrality, etc…). Those who successfully gain these advantages have major advantages over competitors and anyone looking to bring new services or component services to market (think twitter, vimeo, youtube, pastebin, scribd…any service that allows embedding as a primary or secondary means of presentation).

It’ll be interesting to see what happens with this. This is the first time in my memory an executive in the network services player has openly admitted the value of the data in such simple terms. While this is generally the goal of any private network, it appears that some private network principles are being applied to the open network

But that’s really what is at stake now…data is the new oil.

LinkedIn Security Breach Triggers $5 Million Lawsuit – Security – End user/client security – Information Week

LinkedIn Security Breach Triggers $5 Million Lawsuit – Security – End user/client security – Informationweek.

Key statement:

…that LinkedIn did not recognize its databases had been compromised until it was informed through public channels provides further evidence that the company didn’t adhere to industry standards.

I do not agree with this assessment. It is possible to be compromised and simply not have a positive sign that it has occurred – until the results are circulating publicly or others notice that there are symptoms of a breach.

We’re seeing information systems develop the same kind of complexity that biological systems exhibit – one to one, one to many, and many to one relationships were common…but now we’re looking at behaviours of complex systems no one party understands. Rather than concrete evidence of changes or breaches we have insinuations of breaches. Smart actors are using heuristic techniques to gain entry without tripping defensive responses, and there is no way to guarantee a breach can’t occur, even with “industry standard” projections.

What do you do when your “industry standard” protections must evolve weekly?

I’m interested to see what level of protection LinkedIn purports to adhere to, but even if it’s good enough there will be another breach. How do we plan for that reality?

I’m curious about the practical expression of these skills in the enterprise. Every breach I’ve been privy to or personally uncovered has occurred due to the lack of maintenance in one part of the system, lack of attention to detail, or poor process (A problem is found but is unreportable as noone will act on the information or take ownership of the issue, or worse, profess ignorance out of fear for taking blame as the first responder). Any of these familiar? They’re solvable now.

So hopefully the problem at LinkedIn *is* the latter (process, policy, or technical failures), because the former – sophisticated breaches that are coming from all angles using co-operatively integrated components (inside the network, outside the network, human and robot/AI players) is concerning, yet incredibly exciting. We’re seeing complex networks behaving like biological systems and I expect data protection and AV vendors to step up to the plate. Just don’t expect the breaches to stop…they’ll inevitably continue as long as we present high value targets.