The Risk Factor

A computer failure at Wells Fargo, the fifth-largest bank in the US, that knocked out its Internet access, telephones and ATMs over the weekend, has been fixed. The bank had to revert to its back-up systems until the issue was cleared up.

However, as reported in ComputerWorld, phishers are rapidly gearing up to exploit the event. According to the article, on-line scammers have been waiting for a problem to crop up at a large bank or financial institution which will help add legitimacy to their message.

So if you get something purporting to be from Wells Fargo, the best course is to ignore it.

I don't know how I missed it, but the Humane Society of the United Sates has been extremely successful at getting states, and now it looks like the Federal government, to outlaw Internet hunting via H.R. 2711, the Computer-Assisted Remote Hunting Act.

According to a recent story in the Wall Street Journal (subscription may be required), the Humane Society has been mailing people "an urgent message, underlined and in bold type":

Such horrific cruelty must stop and stop now.

No debate there - except, as the WSJ article points out, no one is actually hunting using the Net, even though the Humane Society's site implies that it is rampant.

Better safe than sorry, I guess.

E Bay admitted yesterday that it had overpaid for Skype by over $1 billion (purchase price:$2.6 billion) two years ago and that its original projections for future profitable growth were, shall we say, overly optimistic. While Skype has 220 million registered users, fewer that 45 million are estimated to be active users, and the percentage of active users to registered users has been dropping. In addition, those who are active users are shunning Skype's premium (meaning paid) services - and this is a surprise how, given that calling is free?

When E Bay bought Skype, there was all this happy talk about synergies to be had:

"Skype will streamline and improve communications between buyers and sellers as it is integrated into the eBay marketplace. Buyers will gain an easy way to talk to sellers quickly and get the information they need to buy, and sellers can more easily build relationships with customers and close sales. As a result, Skype can increase the velocity of trade on eBay, especially in categories that require more involved communications such as used cars, business and industrial equipment, and high-end collectibles.

The acquisition also enables eBay and Skype to pursue entirely new lines of business. For example, in addition to eBay’s current transaction-based fees, ecommerce communications could be monetized on a pay-per-call basis through Skype. Pay-per-call communications opens up new categories of ecommerce, especially for those sectors that depend on a lead-generation model such as personal and business services, travel, new cars, and real estate. eBay’s other shopping websites — Shopping.com, Rent.com, Marktplaats.nl and Kijiji – can also benefit from the integration of Skype."

Oh well, not is all lost, if you believe Pop!: Why Bubbles Are Great For The Economy author Daniel Gross who argues that bubbles are the way to get infrastructure paid for which otherwise wouldn't get built.

Hmm, maybe the real reason why E Bay failed is that it didn't pay enough for Skype. Well, there may be hope yet, if you believe those who are encouraging other companies like Google, Microsoft, or Yahoo to buy Skype from E Bay. All of them (except maybe Yahoo) can afford to blow a couple of billion more blowing bubbles.

At 0819 this morning, a gentleman emailed to the Department of Homeland Security (DHS) a note that said he was changing jobs, and would like to receive the DHS daily reports at his new email address. The DHS daily report provides an open source news summary of articles involving the US infrastructure that might be of interest to the security community.

This gentleman mistakenly sent his request to the Distribution List email header, which was also configured incorrectly. Instead of this gentleman's request being bounced, his email went out to all the DHS daily report distribution list recipients. Chaos (and spam) soon began.

People who received this gentleman's email soon emailed back him saying that he had made a mistake - unfortunately, some used the "Reply All" button. This started another round of email broadcasts.

The New York Times wrote a nice little article this morning on the e-mail spamming mess. It claims that over 2.2 million emails were generated by the incident.

What will be more interesting to watch is how people who helped keep the spurious email traffic going and disclosing their personal contact information along the way to boot, will like seeing their names and email posted in the New York Times.

I would love to be a fly on the wall when some of these folks are explaining in the future to their bosses why IT security policy is important, why everyone needs to follow it, why they need more resources for improving security, etc., etc., and then being asked by their boss why they couldn't keep their own damn hands off the keyboard.

As the Times article notes:

"The accident raised questions among cybersecurity experts about how well prepared the Homeland Security Department is to defend against a cyberattack because it had trouble dealing with this computer problem."

No kidding.

I wouldn't be surprised that Congress gets interested in this little episode, given the response of both DHS and the many government security professionals (the term is debatable) who kept it going. Maybe Congress will call a few in to testify to find out what was so irresistible about keeping a spam chain letter going, and clogging up government servers. Or maybe disclosing what appeared to me to be email addresses and telephone numbers including cell phones of folks doing highly classified work. And now that this incident has been reported world wide, how valuable do you think this information is going to be, even if only for a short time?

I'll also be curious to see how the employers of those folks looking for new jobs will view it. Maybe they will help their employees find new ones.

Please, all of you who I am sure are happy to get their names and places where they work in the NY Times, let me know.

Last Tuesday, the General Services Administration, which manages '.gov" websites, shut down California's state government use of the Internet for three hours because a small California state website had been hacked (again) by a porn provider.

Needless to say, this was a bit of bothersome overkill. If this happened every time a ".gov" website was routinely hacked, well, ...

The GSA later apologized "to the citizens of California" but protecting everyone from the scourge of pornography was a highly important matter at GSA.

Contrast GSA's action to DHS's inaction the following day when the email spam problem occurred. Maybe the GSA and DHS can do a joint lessons learned and figure a good strategy to manage e-gov in times of trouble.

The New York Times reported that on the 12th of February, WellCare Health Plans Inc inadvertently posted the names, Social Security numbers, birth dates, and dates of eligibility for some 71,000 adults and children enrolled in Medicaid or PeachCare for Kids insurance programs in Georgia. WellCare Health Plans was hired by the State of Georgia to administer health benefits for low-income patients.

The information was on the web for seven weeks. WellCare was notified on 28 March that the information was publicly accessible, but it took another 5 days for the information to be removed.

WellCare Health Plans, which has sent out letters to those patients affected, is offering to pay them for credit monitoring services for a year.

This is the second time that Georgia's Medicaid and PeachCare for Kids participants have had their data compromised. Last year, Affiliated Computer Services lost a computer disk in the mail containing data on 2.9 million recipients.

The Washington Post has a story today about a number of Internet and broadband companies such as Knology and Cable One, that admit to using targeted-advertising technology without explicitly informing their customers.

This information was disclosed yesterday by the US House Energy and Commerce Committee. The Committee has been looking into issues of comsumer privacy on the Internet, and whether new on-line privacy laws are required.

The House Committee queried 33 companies about their targeted-advertising practices, and 25 responded.

The Post story highlighted that there seemed some apparently discrepancy in the responses the House Committee received from the companies and what they were advertising to potential ad customers.

For instance, Comcast said in its letter that "Comcast has not used, nor authorized others to use, its facilities as an Internet provider to tailor or facilitate the tailoring of Internet advertising to its Comcast High-Speed Internet customers."

Yet, the Post points out that, "On Comcast's site promoting 'interactive advertising,' for instance, the company promotes its ability to receive users' monthly data: 'over 3 billion page views, 15 million unique users . . . and over 60 million video streams.' "

Comcast declined to comment to the Post about the apparent differences.

I wonder why?

Reuters is reporting that Netflix has suffered its second major outage of the year. According to the story, an undefined technical problem (different from the one that caused the outage in March) has kept the company from sending out any DVDs on Tuesday, only some on Wednesday, and none so far today.

Netflix spokesman Steve Swasey said, "This time, the site's been up but our shipping system is down. It's worse than it was in March. We're really backlogged."

Update Friday morning: Apparently Netflix is starting to ship out DVDs again, although there also appears to be a large backlog. Netflix is also refusing to say exactly what went wrong, saying that "We're not real big on pointing fingers or attaching blame or airing this out in public."

A story in Reuters this week said that the high end clothing retailer J. Crew posted lower-than-expected quarterly profit and cut its 2008 profit forecast again, citing a weak economy and costs related to website glitches. As a result of the news, its shares fell more than 7 percent.

According to the conference call posted at Seeking Alpha with financial analysts on Tuesday, the company sees its on-line business as an integral part of its growth strategy: "The way we see it, our online business will continue to get bigger as our customers are shopping this format more often and the world as we know it continues to change."

In addition, "The growth we have experienced over the last five years, combined with the growth we see in the future, required us to make these investments. This was absolutely not an optional issue. It was mandatory that we do it. Additionally, these upgrades provide the ability to operate separate websites for new concepts such as Made Well and Crew Cuts. This was not possible under our old system."

Furthermore, "We’ve also added new functionality, such as enhanced search, to allow customers to more quickly and easily locate items and image zoom that provides up close views of our products."

However ... "Having said all this, we did and still are encountering some challenges, more than expected, that are impacting our ability to capture, process, ship, and service customer orders. It is also taking longer than originally planned and as a result, the costs are higher than expected."

Thus, ... "In hindsight, we should have been more conservative in our plans regarding the length and extent of the disruption caused by these upgrades."

The problem, the company said, started in June: "On the weekend of June 28th, after taking our website down for 24 hours, we cut over to the new systems. Over the next several weeks, we experienced issues related to the site performance, order fulfillment, and call center performance. We had worked diligently since the conversion to address these issues and have made significant progress."

The financial impact? "As I mentioned, the conversion had an impact on our direct sales trend for the quarter, as well as our gross margin. The second quarter also included approximately $3 million of unanticipated costs related to the conversion. This amount does not attempt to quantify the lost sales and related gross margin impact experienced in the second quarter due to the disruption."

J. Crew has also had to postpone other infrastructure projects until the web-related upgrades stabilize, which it hopes it will very soon.