The trouble with putting a fair usage cap on unlimited broadband accounts is, quite simply, that they are unfair. If those accounts were advertised as being ‘actually really rather limited broadband, dontcha know old chap’ then maybe I would be happier with the notion of traffic management policies. If traffic management policies were explained in real world detail to the consumer at the point of sale, before they became just another unhappy mug punter, I’d be happier still.

Not that I think that someone doing an online equivalent of the fat bloke in the all you can eat joint should pay the same as the healthy eater, that would just be unfair on the majority. However. I think that the virtual fat bloke should be able to stuff twenty burgers and fries an hour in his face if that’s what the sign on the door says he can do, without having a waiter watching his every mouthful waiting to pounce with the smallprint on the back of the menu in hand after burger number three.

Replace burger with BBC iPlayer or Spotify and all of a sudden you realise that there are more potential ‘fat blokes’ than you might imagine. Broadbandchoices recently undertook a survey of some 1400 broadband users and discovered a completely unsurprising fact: many people don’t have a clue when it comes to what fair usage actually is, what data caps their ISP imposes or even how much they themselves download in an average month.

Michael Phillips, product director at Broadbandchoices, reckons “the rules governing fair usage policies and download limits need to be taken out of the small print and made clear and easy for everybody to understand. Whilst we do urge broadband users to take responsibility for their downloading habits and find out what the rules are, ISPs also need to do more to raise awareness of this issue”.

I hate doing the math when it comes to data protection, not least because the end user security sums just don’t add up more often than not. Case in point would be a survey regarding data theft and email usage from InvisiViewmedia which has just landed on my desk. This claims that 98 percent of employees think it is “vital to protect confidential information” yet at the same time reveals that a worrying 30 percent quite happily send that confidential information unsecured in the body of an email or as an unencrypted attachment.

If those sums make you barf, wait until you get a load of this. This same survey also asked if people were worried that their sensitive and confidential data might get into the wrong hands. Now given that we live in a fairly data security-aware world these days, courtesy of so many high profile cock-ups making the mainstream news broadcasts and newspapers, you might think that the numbers would be high in favour of those who were really concerned about the prospect. But, alas, no. The math shows that 46 percent did sorry but thought there really was no alternative, and 25 percent claimed that the “risk of a security threat is too small” to even worry about. But wait, here’s the really screwed up bit: 13 percent were actually quite willing to take the risk of loss.

Jan Gunner, a director at InvisiViewmedia comments “Considering how clued-up most businesses are today when it comes to the very real threat of data interception, it is quite alarming to discover quite a complacent attitude in terms of securing confidential information. More interesting is the belief that there is no alternative to sending such data securely and this is something we are very keen to educate businesses on”.

You don’t have to be a Twitter Psychic to know when people are away from home, you can use the Please Rob Me website instead.

A group by the name of Forthehack has launched a website called Please Rob Me which serves to expose the security risk of location-aware online services such as Twitter and Foursquare. It has opted to do so by listing all the empty homes that are available to be robbed by publishing a live feed of those Foursquare players who automatically post location updates to Twitter.

As I write this there are some 180 ‘new opportunities’ to rob someone, with Twitter usernames displaying exactly when these people left home.

So why am I publicising this? Because it’s a really good idea in that it exposes the folly of sharing your location data, at all times, via services such as Twitter, Google Buzz and of course Foursquare to the world at large without a second thought to the security implications of doing so.

Some might argue that it is irresponsible to publish this data, but hang on a minute the whole point is that all this data is already in the public domain. The irresponsible action is being taken by those choosing to put it their, not by those opting to remind them how stupid they are being.

Seriously, would you put an advert in the local paper saying ‘I’m leaving my house tomorrow at 10am and won’t be back for 3 hours’ or such like? I’m guessing the answer is no, yet plenty of people are quite happy to do the equivalent online in the name of being social, or playing a game. It really does beggar belief.

Seriously again, things are even more problematical with geo-location aware services these days as they can actually post maps showing exactly where you are based on the GPS data of the mobile device being used to make your postings. So not only do people let the world know they are leaving the house empty, but they show them exactly how far away from it they are as well.

Here’s what the people behind the Please Rob me site have to say in defence of their actions:

“Don’t get us wrong, we love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications. However, the way in which people are stimulated to participate in sharing this information, is less awesome. Services like Foursquare allow you to fulfill some primeval urge to colonize the planet. A part of that is letting everyone know you own that specific spot. You get to tell where you are and if you’re there first, it’s yours. O, and of course there’s badges. The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the internet we’re not home. It gets even worse if you have “friends” who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address.. on the internet.. Now you know what to do when people reach for their phone as soon as they enter your home. That’s right, slap them across the face. The goal of this website is to raise some awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc. Because all this site is, is a dressed up Twitter search page. Everybody can get this information.”

How much will a data breach cost my business? That’s the question often asked of risk management consultants by companies looking to balance the cost of security against the potential damage of lost or stolen data. Well, courtesy of privacy and information management research specialists the Ponemon Institute we have an answer albeit a generic one: £64.

That’s £64 for each and every lost customer record, and not the total impact upon the bottom line, I hasten to add. It’s a little less for public sector organisations at £54 per record, and a little more for the private sector at £69, but the average is £64.

The Ponemon Institute, together with PGP Corporation, has completed its third annual study into the costs that UK organisations will incur following a data breach and discovered that it’s gone up by seven percent, per record, on average during 2009 when compared to the 2008 figure of £60. Compare it to the 2007 result and the increase is even more dramatic as back then the cost was just £47 per record. It would appear that much of the difference can be absorbed by reduced consumer trust which contributes a whopping £29 of that £64 total.

“This third annual study shows that the financial impact of data breaches is hitting UK organisations harder and harder each year” Dr. Larry Ponemon, founder of The Ponemon Institute says, adding “In the commercial sector the costs associated with customer churn and attracting new customers are particularly acute, but our research suggests these firms are getting better at detection, remediation and customer communications. However, these efficiencies aren’t shared in the public sector, where the direct costs of a data breach are significantly higher. For example, the cost of notifying users that their records might have been compromised is more than four times higher for public organisations than for private firms”.

Oh, and in case you were wondering, the average total cost of a data breach according to the report was a staggering £1.68 million.

The rapid advance of the cloud, along with other existing Internet-based services, into the business space has highlighted the need for trust in the underlying protocols that provide the driving force behind the Internet. Some are now arguing that a secure software-based DNS signing system is essential if business is to maximise the potential of the cloud.

With the release of OpenDNSSEC, software under a BSD licence which helps simplify the process of creating and managing DNSSEC signatures, that goal could have got a little nearer. Not least as the software can be downloaded and installed on existing systems, without interfering with existing infrastructures, and used to quickly set up and provide a secure DNS service without hassle.

What is DNSSEC do I hear you ask? Well DNSSEC essentially secures the data used to translate domain names by the addition of a cryptographic signature to that data and so providing proof that the query has not been modified in transit. This is increasingly important as the bad guys start targeting the data in DNS caches which, without such measures, is now hugely vulnerable to attack. OpenDNSSEC has been developed as an open-source turn-key solution for DNSSEC to secure zone data just before it is published by effectively taking in unsigned zones and adding signatures and other DNSSEC required before passing it on to the authoritative name servers for that zone.

Natalie Booth, organiser of the 360°IT infrastructure and security conference, is a fan of the open source initiative. She reckons that by allowing site owners and operators to download the OpenDNSSEC software, the open source initiative is paving the way for a new generation of Internet software and browser add-ins that uses this important new technology. “360°IT welcomes the release of the open beta of this BSD licensed software and expects to see a flurry of software arriving in the coming months that advances what looks like being a major evolution in Internet security” Booth says.

So a press release lands on my virtual desk this morning, informing me that I have ’so much freedom’ in my pocket and extolling the virtues of sharing the mobile 3G Internet. There is just one thing wrong with this enthusiastic release for a 3G router so I can share my mobile broadband connection around between friends, family and colleagues - and that’s the real world.

“The new Wireless Mobile Router 300N X2 enables the user to easily share wireless mobile 3G internet at any location such as a hotel, conference room, café or camping site” the email from the PR begins, and the release itself continues with such classic lines as “ideal for mobile users, who want to share mobile 3G internet with multiple users at any location”.

I particularly liked the optimism shown by Sitecom, whose product this is bigging up, when talking in terms of sharing ones “3G internet subscription with colleagues in a conference room or on a business trip, with fellow students at school or with family on the camping site”.

Have these people never actually bought a mobile phone, or indeed a 3G mobile broadband access dongle and used it for Internet related stuff? Have they never looked at the terms of the contract? Or do they live in some fantasy world where the words ‘usage cap’ and ‘monthly data limits’ have not been invented perhaps? Accessing the Internet courtesy of your mobile device is great, but exceed the monthly limit and you’ll find yourself either dumped into the world of no access (or at least no vaguely usable access) or the world of the ‘now the network provider can charge you at the truly exorbitant per Mb rate’ which is even worse.

I am fortunate in that pretty much everywhere I go my 3G connection is rubbish, meaning that I can stay within my monthly data cap. That said, when armed with a netbook and a 3G dongle in an area of decent reception and given a day with nothing better to do I am like most nerds in that I can do some serious damage to it by way of streaming video and some monster downloading sessions or perhaps a bit of chatting via Skype even.

Look, I am willing to admit that this mobile router looks impressive on paper: “two Internal High Performance Antennas to strengthen the range of the wireless network” which “reduce dead spots and guarantee expanded coverage at any location” and comes complete with 802.11n and WPA2 support via a one-button setup system.

But, and it’s a huge J-Lo booty sized but, why would anyone in their right mind want to share their 3G Internet access with anyone? Seriously, if you are on a camping trip with me bring your own Internet enabled mobile device. Honestly, if we are at a conference and your mobile phone won;t connect to the Internet well tough, should have bought a better mobile phone. And as for fellow students at school, gee whizz, if ever there’s a case for a stupid argument in a press release getting some kind of award then that has to be it.

Here’s the bottom line: buy your own 3G dongle, buy your own 3G mobile phone, use a WiFi hotspot.

So, to conclude, nice looking bit of kit which falls squarely into the for use by millionaires, tech philanthropists and idiots only.

Welcome to my oddest headline since I suggested Vista added to the global warming problem. Bear with me and I’ll explain the connection between the data thieves and carbon emissions.

As you are probably aware, the world of greenhouse gas, carbon emissions and global warming is a highly politicised and highly complex one. One of the ways that those companies which pollute the most are encouraged to reduce their carbon emissions is the good old bribery option, formally known as an economic incentive I do believe but we all know what they mean really. Anyway, these bribes, sorry I mean incentives, operate by a limit being set on the pollution level that is allowed and those companies being issued with emission permits. The companies also get an equivalent number of ‘emission credits’ that give them the authority to pollute to that level.

Which is where it starts to get interesting, as companies are not allowed to go over the cap set by the allowances and credits that they hold. Unless they buy more credits that is, and they can do this as companies which pollute less than their caps are able to sell their excess credits. Still with me, good. The idea is that the seller is being rewarded for lower emissions while the buyer is being penalised for higher emissions, and to oversee the exchange of these carbon credits there are trading registries.

And that’s where the phisher connection comes in.

According to the BBC this international carbon trading market has suffered at the hands of the bad guys, no not the highly polluting companies but rather the conmen and phishing gangs. Apparently some 250,000 carbon permits were stolen this week, with a market value in excess of 3 million Euros. Trading registries in a number of EU countries were forced to close down as a direct result, albeit temporarily.

It seems that the phishers created fake emissions registries and then emailed thousands of companies across Australia, New Zealand, Germany and Norway in order to fool them into handing over the registration details needed for the fraudsters to steal their emissions permits. Enough companies did just that for the scam to be successful.

Phil D’Angio, director and online security expert at VeriSign, told me “It’s no surprise that fraudsters targeted the lucrative business of emissions trading. Phishing scams are most often seen targeting consumers, requesting banking customers to reconfirm account information for example. However, the concept is always the same. People are duped into entering sensitive data into fraudulent sites, resulting in them or their companies losing money or crucial information.”

And how has this contributed to global warming? Well according to several reports, and common sense for that matter, the scam and subsequent closure of registries and exchanges has hampered trading in carbon credits. And trading in carbon credits is mostly agreed to be a pretty important part of the drive to slow down climate change, ipso facto online crime is making global warming worse.

Without wishing to dismiss the importance of this too much, but at the same time attempting to swing the story back around to the enterprise, the moral of this should be that phishing gangs do not just target the consumer. Sure, that is the all too readily accepted assumption in the enterprise, and many CIOs and those responsible for information security at board level will dismiss the notion that the enterprise is at risk as a result. This particular attack shows that criminal gangs target whoever and whatever can make them a return, and that includes your business. Education, or perhaps I should say re-education, at all levels from workers to directors is required to prevent people falling for this kind of ‘for security reasons you need to re-register your details’ scam.