Superconductor

How serious is phishing? According to a paper by Cormac Herley and Dinei Florêncio of Microsoft Research, it may not be as serious as we're led to believe. Here's what they say about this.

We find the oft-quoted survey-based estimates of phishing losses unreliable. In particular the victimization rate found in most surveys is smaller than the margin of error, and dollar losses are estimated by averaging unverified self-reported numbers. We estimate that recent public estimates overstate phishing losses by as much as a factor of fifty.

In other words, they claim that the victimization rate for phishing is statistically indistinguishable from zero and that estimates of the losses due to phishing are wildly inaccurate. Herley and Florêncio then try to make their own estimate of the annual losses due to phishing and come up with the figure of $61 million, which is much lower than we're usually led to believe. If that estimate is accurate then it's essentially not worth doing anything about phishing because any industry-wide effort to fight it will cost more than the $61 million in losses it could prevent.

If phishing is really not as lucrative as we're usually led to believe, why do people keep doing it? Herley and Florêncio have an answer for that too:

Repetition of questionable survey results and unsubstantiated anecdotes makes things worse by ensuring a steady supply of new entrants.

In other words, people keep trying it because they're mislead into believing that they can make money doing it. If this is the case, the best strategy is to ignore phishing and it will probably go away.

Which is true? Is phishing as serious a threat as we're often led to believe, or is it essentially not worth worrying about? Unfortunately, there's not enough accurate data to answer this question, so we'll have to keep making decisions about how to deal with phishing based on our own experiences and the data that's available.

More observations about the Fibonacci and Lucas sequences.

As before, suppose that we have a second-order linear recursion given by

x_n+2 = A x_n+1 + B x_n

and we write

x² – A x – B = (x – a) (x – b)

where

a = (1 + √(A² + 4 B)) / 2

and

b = (1 – √(A² + 4 B)) / 2

For a Fibonacci-like sequence we have that

f(n) = (aⁿ – bⁿ) / (a – b)

and for a Lucas-like sequence we have that

g(n) = aⁿ + bⁿ

Now if we look at

(a + b)ⁿ = aⁿ + … + bⁿ

we see that all but the first and last terms are divisible by ab so that

(a + b)ⁿ ≡ aⁿ + bⁿ (mod ab)

We can write

x² – A x – B = (x – a) (x – b)

= x² – (a + b) x + ab

so that

A = - (a + b)

and

B = ab

This means that we can write

g(n) = aⁿ + bⁿ

≡ (a + b)ⁿ (mod ab)

Or that

g(n) ≡ Aⁿ (mod B)

which looks like an interesting relationship.

Similarly, we can write

f(n) = (aⁿ – bⁿ) / (a – b)

= a^n-1 + … + b^n-1

≡ a^n-1 + b^n-1 (mod ab)

≡ g(n - 1) (mod ab)

≡ A^n-1 (mod B)

or that

f(n) ≡ A^n-1(mod B)

which also seems to be an interesting relationship.

As before, let’s write the nth tem of the Lucas seqence as

g(n) = aⁿ + bⁿ

Just like in the previous post, let's write

z = (n / 2) log (a / b)

so that

2 cos iz = 2 cos [ (i n / 2) log (a / b) ]

=  e ^{(n/2) log (a/b)} + e ^{- (n/2) log (a/b)}

= (a / b) ^n/2 + (a / b) ^-n/2

= (aⁿ + bⁿ) / (ab) ^n/2

Solving for

g(n) = aⁿ + bⁿ

we find that

g(n) = 2 (ab) ^n/2 cos [ (in / 2) log (a / b) ]

which is very similar to the form of the Fibonacci sequence that we found earlier that involved the sine function:

f(n) = - [ 2 i (ab) ^n/2 / (a – b) ] sin [ (in / 2) log (a / b) ]

If we have the recursion

g(n + 2) = g(n + 1) - g(n)

for example, with

g(0) = 2

and

g(1) = 1

we find that we get

g(2) = -1

g(3) = -2

g(4) = -1

g(5) = 1

g(6) = 2

where the sequence 2, 1, -1, -2, -1, 1 starts over again.

Because we can write this sequence as

g(n) = aⁿ + bⁿ

where

a = (1 + i √3) / 2

and

b = (1 - i √3) / 2

we can use the fact that

g(n) = 2 (ab) ^n/2 cos [ (in / 2) log (a / b) ]

to find that

g(n) = 2 cos( n π / 3)

much like we did in one of the previous posts.

Because we have

f(n) = - [ 2 i (ab) ^n/2 / (a - b) ] sin [ (in / 2) log (a / b) ]

and

g(n) = 2 (ab) ^n/2 cos [ (in / 2) log (a / b) ]

it seems reasonable to look for a relationship that's much like the complex exponential, where

e^iz = cos z + i sin z

perhaps something that contains lots of HTML entities for Greek letters like

ε^{ι n} = g(n) + ι f(n)

It doesn't quite look like anything nice and clean is possible, although if we write

ι = a - b

then it looks like we can write

g(n) + ι f(n) = 2 aⁿ

and

g(n) - ι f(n) = 2 bⁿ

That may be as close as we can get. 

Even more stuff that I stumbled across while thinking about the Fibonacci sequence while trying to get into the right frame of mind to think about harder things.

Suppose that we have a recursion defined by

f(n + 2) = A f(n + 1) + B f(n)

We can write this as

f(n) = α aⁿ + β bⁿ

where 

a = (A + √(A² + 4 B) / 2

and

b = (A - √(A² + 4 B) / 2

If we have that

f(0) = 0

and

f(1) = 1

like with we do with the Fibonacci sequence, then we find that

α = 1 / (a – b)

and

β = -1 / (a – b)

so that

f(n) = (aⁿ – bⁿ) / (a – b)

Suppose that we want to get other interesting forms of f(n) like where

α = 1

and

β = 1

so that

f(n) = aⁿ + bⁿ

It’s easy to show that we can get this when

f(0) = 2

and

f(1) = A

which gives what’s called the Lucas sequence when A = 1.

It’s also easy to show that if we want to make sure that we have

f(n) = (aⁿ + bⁿ) / (a + b)

then we need to have

f(0) = 2 / A

and

f(1) = 1

If we want to have integer values, making A = 2 is a reasonable way to try to do this. This gives us the Pell sequence, which is defined by the recursion

f(n + 2) = 2 f(n + 1) + f(n)

Finally, that if we want to make sure that we have

f(n) = aⁿ - bⁿ

or

α = 1

and

β = -1

then we find that we get this when

f(0) = 0

and

f(1) = a – b = √(A² + 4B)

We can get this to be an integer, for example, if we have that

A = 3

and

B = 4

or from the recursion

f(n + 2) = 3 f(n + 1) + 4 f(n)

with

f(1) = 5

That seems to cover the interesting cases, or at least the ones that I had time to think about today.

In any event, this might give us some idea of how Lucas and Pell came to think about the sequences that now carry their names.

If we think about the matrix form of the Fibonacci recursion:

To get the polar decomposition of the matrix A we write it as

A = UP

where U is unitary and P is positive definite. 

Writing a matrix in its polar decomposition is much like writing a complex number as

z = r e^iθ

where the positive definite part of the polar decomposition corresponds to the magnitude of the complex number and the unitary part of the polar decomposition corresponds to the rotational part of the complex number.

In the case of the Fibonacci recursion we find that

P

=

(1/√5)

2 1 1 3

and

U

=

(1/√5)

-1 2 2 1

so that

P2

=

1 1 1 2

P3

=

(1/√5)

3 4 4 7

P4

=

2 3 3 5

As we saw before, A has eigenvalues

a = (1 + √5) / 2

and

b = (1 - √5) / 2

while in this case we find that P has eigenvalues a and -b while U has eigenvalues 1 and -1.

I'm not sure how useful this polar decomposition will be, but I feel fairly sure that I'll find a use for it some day.

If instead of the recursion that we use to get the Fibonacci sequence:

f(n + 2) = f(n + 1) + f(n)

what happens if we change the sign of the coefficient of f(n) to get the recursion

f(n + 2) = f(n + 1) - f(n)

instead?

With the initial conditions

f(0) = 0

and

f(1) = 1

we get

f(0) = 0

f(1) = 1

f(2) = 1

f(3) = 0

f(4) = -1

f(5) = -1

f(6) = 0

f(7) = 1

at which point it's obvious that we'll just keep cycling through the pattern 0, 1, 1, 0, -1, -1 again. This probably means that the corresponding function of a real variable f(x) probably has an interesting graph. What does this look like?

We have that

f(x) = (a^x - b^x) / (a - b)

where

a = (1 + i √3) / 2

and

b = (1 - i √3) / 2

which means that we also have that

ab = 1

a - b =  i √3

and

(a / b) = (-1 + i √3) / 2 = exp ( 2 π i / 3 )

so that

|a / b| = 1

and

arg (a / b) = 2 π / 3

and that 

log (a / b) = log( |a / b| ) + i arg (a / b) = 2 π i / 3

We can substitute these into the expression from yesterday's post:

f(n) = - [ 2 i (ab) ^n/2 / (a – b) ] sin [ (i n / 2) log (a / b) ]

to find that

f(n) = (2 / √3) sin ( n π / 3)

so that the graph of f(x) just looks like this:

That's not quite as interesting as the graphs that we got from the Fibonacci sequence, is it?

Another possibly-interesting observation about the Fibonacci sequence that I came across recently. 

As before, let’s write the nth tem of the Fibonacci seqence as

f(n) = (aⁿ – bⁿ) / (a - b)

where

a = (1 + √5) / 2

and

b = (1 – √5) / 2

Now we have that

e ^iz = cos z + i sin z

so that

e ^z = cos iz + i sin iz

and

e ^-z = cos iz – i sin iz

Combining these, we get that

 - 2 i sin iz = e ^z - e ^-z

Now for the step that seems like magic (although it’s really the result of working backwards to get things to work out the way we want them to), write

z = (n / 2) log (a / b)

Using this definition of z we find that

- 2 i sin iz = - 2 i sin [ (i n / 2) log (a / b) ]

=  e ^{(n/2) log (a/b)} – e ^{- (n/2) log (a/b)}

= (a / b) ^n/2 – (a / b) ^-n/2

= (aⁿ – bⁿ) / (ab) ^n/2

Solving for

f(n) = (aⁿ – bⁿ) / (a - b)

we find that

f(n) = - [ 2 i (ab) ^n/2 / (a – b) ] sin [ (in / 2) log (a / b) ]

I'd never seen that form for the Fibonacci sequence before. I'm not sure how useful this is, but I found it a bit surprising.

It turns out that looking at eigenvalues and eigenvectors may be useful for more than thinking about linear recursions like the Fibonnaci sequence. They're also be useful when thinking about special relativity. In this case we have that the coordinates (x',t') in a frame of reference moving at velocity v relative to a stationary frame of reference are related to the coordinates (x,t) in the stationary frame of reference by

x' t'

=

γ

1 -v -v 1

x t

where γ = 1 / √(1 - v²) and speed of light is normalized to c = 1.

Now the matrix

γ

1 -v -v 1

has eigenvectors

 

-1 1

and

1 1

which correspond to the eigenvalues γ(1 + v) and γ(1 - v) respectively. One interpretation for this is that the natural coordinates system to use has  

1 0

and

0 1

If we had use those coordinates, lots of physics would be much simpler. On the other hand, that would also make it more difficult to actually make any measurements. Maybe our current system isn't really so bad after all.

Another observation based on thinking about the Fibonacci sequence. This one relates to what you get when you write the action of a linear recursion as a matrix and what the eigenvalues and eigenvectors of this matrix tell us.

Another way to write a linear recursion

x_n = a_k-1 x_n-1 + … + a₁ x_n-k+1 + a₀ x_n-k

is as

xn-k+1 ... ... xn

=

0 1 ... 0 1 a0 a1 ... ak-1

xn-k ... ... xn-1

Because we have a matrix, it’s natural to think about the eigenvalues and eigenvectors of the matrix and what they mean. In this case, finding these is actually fairly easy.

If λ is a solution to

x^k – a_k-1 x ^k-1 - … - a₁ x – a₀ = 0

then we have that

0 1 ... 0 1 a0 a1 ... ak-1

1 λ ... λk-1

=

λ λ2 ... λk

1 λ ... λk-1

is an eigenvector that corresponds to the eigenvalue λ. This eigenvector is also the initial state that turns the recursion into a geometric series: if we have

x₀ = 1, x₁ = λ, x₂ = λ², …, x_k-1 = λ^k-1

then we’ll always have x_n = λⁿ.

In the case of the Fibonacci recursion, for example, we have that 

a = (1 + √5) / 2  

and

b  = (1 - √5) / 2

are the eigenvalues of the matrix

0 1 1 1

and correspond to the eigenvectors

1 a

and

1 b

respectively. These are the initial conditions that get the Fibonacci recursion to produce a geometric series. If we have x₀ = 1 and x₁ = a, for example, then we’ll always have x_n = aⁿ.

Here are few interesting things I came across recently when I was thinking about the Fibonacci sequence. In particular, it involves visualizing the Fibonacci sequence.

The Fibonacci sequence is defined by the recurrence

f(n) = f(n - 1) + f(n - 2)

where

f(0) = 0

and

f(1) = 1

It's easy to show that we can also write

f(n) = (aⁿ – bⁿ) / (a - b) 

where

a = (1 + √5) / 2

and

b = (1 - √5) / 2

It's also easy to see the behavior of f(n) for negative values of n: we have that

f(-n) = (-1)ⁿ⁺¹ f(n)

What happens if we think of f as a function of a real variable instead of an integer variable?

In this case we have the function

f(x) = (a^x – b^x) / (a - b)

This turns out to be a complex-valued function that happens to have a real part of zero at integer values. If we graph f(x) for 0 ≤ x ≤ 5, it looks like this (the complex value z = x + i y is plotted as (x, y)): 

If we graph f(x) for -5 ≤ x ≤ 0, it looks like this:

In that graph we can easily see how the fact f(-n) = (-1)ⁿ⁺¹ f(n) is reflected.

To see what the graph for both positive and negative values of x look like together, here's the graph of f(x) for -4 ≤ x ≤ 5:

What about derivatives of f(x)? 

It's fairly easy to see that 

f⁽ⁿ⁾(x) = (α_n a^x - β_n b^x) / (a - b) 

where

α_n = (log a)ⁿ

and

β_n = (log b)ⁿ

so that the graph of f⁽ⁿ⁾ looks somewhat similar to the graph of f.

Here's how the graphs of f, f' and f'' look, for example:

 
If we look at how the differences between Fibonacci numbers behave, like

Δf(n) = f(n + 1) - f(n) = f(n - 1)

we might expect to see this reflected in f', but there doesn't appear to be a nice, clean relationship like

f'(x) = f(x - 1)

I'm not even sure how close you can get in this particular case.

According to the recent trust catalyst (their use of capitalization, not mine) 2009 Encryption and Key Management Industry Benchmark Report, 10 percent of people think that the reason that more people don't encrypt backup tapes is that encrypting tapes costs more than a data breach so that encrypting backup tapes isn't cost-effective.

What I learned from reading that is that 10 precent of people will pretty much believe anything.

I came across an interesting YouTube movie the other day. This particular movie shows bullets hitting various things in slow motion. The movie is really a clever advertisement for a high-speed camera that can take 1 million frames per second, but that doesn't make it any less impressive.

Most people probably just think, "Wow, that's pretty cool," when they see bullets in slow motion. When I saw it, however, it made me think of a way to visualize cryptographic key strength.

Suppose that you had an animation of the future of the Earth that shows the continents drifting around its surface. Something like the movies here. You'd have some of slider that lets you pick a multiple of the computing power of the EFF DES Cracker. Once you set that parameter, you'd watch the continents drift around and watch as the number of bits of key that that level of computing power has let you exhaust appears somewhere on the screen. If you picked 1 billion times the power of the DES Cracker, for example, at 116 bits we'd see the continents collide to form one massive supercontinent.

Or you could do a similar thing with the Andromeda galaxy that's currently approaching the Milky Way at something like 120 kilometers per second. As time passes, Andromeda would get bigger and bigger in the sky. At the same level of computing power, you'd see the two galaxies collide when roughly 119 bits of key were exhausted. At about 120 bits, the Sun would become a red giant, destroying the Earth, so the movie might stop at that point. 

Another option would be to go on a tour of the universe at the speed of light and see what sort of things you pass as as you reach various key lengths. The universe is apparently at least 156 billion light-years wide, so you'd be able to see a fair amount of stuff as your key cracking machine does its work.

With the Internet, of course, there's a good chance that someone else has already done that and I just haven't seen it yet.

It looks like our marketing guys are having another webcast about key management. The title of this one alone, "The Renaissance of Enterprise Key Management and the Barbarian Hordes Enterprise Key Management: Fact and Fiction", makes me think that it will be too good to pass up.

This entertaining and educational webcast will be held on November 17, at 10 AM PST (1 PM EST). You can sign up for it here.

What exactly is "non-repudiation?" This question has been asked many times but rarely answered, at least in a reasonable way. Part of the problem seems to be caused by the fact that "repudiation" means something particular to lawyers, and that meaning isn't the same as the one that technologists think of, and most of the debates over the meaning of "non-repudiation" can probably be reduced to the misunderstanding that using that particular term caused. If a term like "origin authentication and data integrity" (OADI) had been used instead, we'd probably have reached an agreement as to what the term actually means long ago, but it wasn't, so we're stuck with a more confusing term instead.

OADI can be ensured in more than one way. A digital signature can be the basis for ensuring OADI, but doing this gives you a scheme that's only as good as the controls around the private key that's used to create the signature. If a digital certificate is used in an OADI scheme, then you have even more controls to worry about: those used by the CA that creates the certificate. So without the right controls in place, a digital signature isn't very useful for ensuring OADI.

A MAC can also be used as the basis for ensuring OADI, and it's also only as good as the controls around the key that's used to create or verify the MAC. If you have controls in place that ensure that the sender of a message can only use a key to create a MAC and that the recipient of a message can only use a key verify a MAC, then a MAC is useful as a means of OADI. There are systems today that do this, although they're not as common as the ones used to create and verify digital signatures.

So it seems that the difference between using a digital signature for OADI and using a MAC for OADI aren't as great as you might first think. In either case, the usefulness of the OADI scheme is limited by the controls in place that limit how cryptographic keys are used. In one case you're trusting the controls that the sender of a message has in place, and probably the controls that a CA has in place as well. In the other case, you're trusting that the controls in place at both the sender and recipient. The biggest difference between the two cases seems to be the practical difficulties that limit the usefulness of MACs, but if you want to ensure OADI, either type of scheme can be used.

Ideal lattices have been mentioned a lot recently, particularly in association with Gentry's homomorphic encryption scheme. Exactly what is an ideal lattice?

Let's suppose that we know what a vector space is. With a vector space over the real numbers, for example, we have a set of vectors called a basis, and all of the sums of real multiples of the basis elements form the vector space. If we look at sums of integer multiples of the basis elements, that's a lattice. We can think of the basis as generating a lattice, and to call it a set of generators in that context.

An ideal is a generalization of the idea of "even numbers" or "multiples of 3." A bit more precisely, a set is an ideal if it fulfills two conditions. First, if we add elements in the ideal, we get something else that's also in the ideal. If you add two even numbers you get another even number, for example. We also have the property that if we multiply something in the ideal by something outside the ideal, we get something back in the ideal. That's just like what we get when we multiply any integer by an even integer and get another even integer.

If we have an ideal, we can use its generators as the basis for a lattice, so for every ideal there’s a lattice that we can associate with it in a fairly natural way. Suppose that we look at polynomials with integer coefficients, for example. In this case, if we have the ideal generated by 1 and x, the lattice with basis 1 and x corresponds to this ideal in a natural way.

Not every lattice corresponds to an ideal in the same way, however. If we consider the lattice which has 1 and 2x as its basis, we find that there's no ideal that corresponds to this lattice. The element x, which we can get by multiplying x (from outside the lattice) by 1 (from inside the lattice), isn’t an element of the lattice. This means that this example doesn’t meet the conditions necessary for an ideal, so there’s no ideal that corresponds to the lattice.

Since not every lattice corresponds to an ideal in this way, those that do are interesting, and these are what are called ideal lattices. They’re the framework used to create Gentry’s homomorphic encryption scheme, which is probably the most interesting use of ideal lattices discovered so far.

It’s possible to comply with the PCI DSS yet provide essentially no protection to credit card numbers. Here’s why.

Section 3.3 of the PCI DSS requires this:

Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed).

Then section 3.4 requires this:

Render PAN, at minimum, unreadable anywhere it is stored (including on portable digital media, backup media, in logs) by using any of the following approaches:

• One-way hashes based on strong cryptography
• Truncation
• Index tokens and pads (pads must be securely stored)
• Strong cryptography with associated key-management processes and procedures

Each of these techniques seems to provide a reasonable level of protection for credit card numbers, but when you combine the two, it turns out that the combination can actually be fairly weak. Here’s why.

If you mask a credit card number, you can keep the middle six digits and hide the rest. So you might turn this credit card number

1234 5678 9012 3456

into this

1234 56XX XXXX 3456

Now suppose that you also know that the SHA-1 hash of this credit card number is the value

0xdeed2a88e73dccaa30a9e6e296f62be238be4ade

This is enough information to let a hacker quickly and easily find the complete credit card number: all he has to do is calculate the SHA-1 hashes of all possible credit card numbers that begin with 123456 and end with 3456. There are only one million of these, and it’s possible to calculate that many hashes extremely quickly. Even on extremely my old laptop, I can do that in less than a couple of seconds. Hackers who have even more modern computers can do it even more quickly.

So if you have both the hash of a credit card number and a masked version of the same credit card number, then it can be extremely easy to find the entire credit card number. Each of the ways to protect credit card numbers may be good enough by themselves, but together they can provide essentially no security.

I've heard of more than one case where masked data from one application and hashed data from a different application gets stored in a common database, so this particular vulnerability is not purely of academic interest.

More interesting stuff from the recent X9 meeting. In this case it relates to what merchants want to help them comply with the PCI DSS. At least this is what the merchants who attended the X9 meeting said that they want.

Apparently merchants don't like how vague the PCI DSS is on several points. In particular, it tells you what you have to do in general terms, but not exactly how to do this. It leaves deciding whether or not a particular approach is good enough to the QSAs. Merchants don't like this arrangement at all. They'd rather be told more details and have to live with a possibly-imperfect solution, particularly if it's one that will guarantee to make them PCI compliant.

I don't think that we'll see that level of detail in anything from either X9 or the PCI SSC, but that seems to be what merchants want. I have an easy solution for them: they should all buy and use Voltage's SecureData. I'm not sure that I can get the PCI SSC to require all merchants and payment processors to standardize on Voltage's products, but it would certainly make life easier for them.

Standardization is crushing the heart and soul, the blood and guts, out of humanity and the eventual result will be either complete and unrelieved slavery or the destruction of civilization and return to barbarism.

Robert E. Howard, letter to H. P. Lovecraft, October 31, 1931

At the recent ASC X9 meeting, we learned that the designation X9.119 had been assigned to the new standard that will be called Protection of Sensitive Data between Device and Acquiring System. At this meeting, it actually took over an hour for the X9F6 working group to decide that this document should be a standard instead of something else, like a technical guideline (TG).

The most amazing part was the fact that after over an hour of loud and bitter debate over this, it was actually unanimously decided that the document should indeed become a standard! In other words, we spent over an hour arguing over a point over which there was total and complete agreement. That might give you some idea of how long it takes to resolve points over which there is actually some disagreement.

I should also mention that I was impressed by the people from Heartland Payment Systems during this hour-long discussion. While people from other organizations were willing to spend lots of time talking about things that weren't really related to the issue at hand, Heartland did their best to keep the discussion on track. Unfortunately, their efforts weren't quite enough to do this, but I hope that they won't be discouraged by this experience. We need more of that type of contribution at standards meetings instead of less.

In the recent X9F4 meeting we discussed the most recent draft of the X9.111 standard, Penetration Testing within the Financial Service Industry. There was lots of discussion of how disciplined, methodical and careful the penetration testing industry is these days. Most people seemed to think that this was a good thing. Some people even think that it’s a good idea to require your penetration testers to give you a complete list of all the tools that they plan to use in their testing, including the exact versions of the tools that they’ll be using.

On the other hand, I have to wonder if that sort of approach really gives an accurate impression of how well protected you are against hackers. After all, some hackers may use a similarly disciplined, methodical and careful approach, but others probably don’t. And if you restrict your testing to only attacks that the more disciplined hackers would use, you’ll almost certainly miss some of the attacks that less careful ones would use.

I’m out of touch with exactly how hackers operate these days, but I’d guess that most of them aren’t as careful and disciplined as professional penetration testers. If that’s the case, professional penetration tests may not really be giving you a good idea of how well you’re defended against hackers. But because that may not actually be the point of penetration tests, this may not really be a problem.

A new report from Javelin Research, Data Breach Notifications: Victims Face Four Times Higher Risk of Fraud, has some interesting information in it. In particular, it says that 11 percent of American consumers received a data breach notification letter in the past year. Of the people who received these letters, 19.5 percent claimed to have been victims of identity theft in the same period, while only 4.3 percent of those who didn't receive such a letter were victims.

Any time I see data like this, the first thing I do is try to apply Bayes' theorem to it. Here's what I get when I do that.

Let T represent the event that a person suffers identity theft and N be the event that a person receives a breach notification letter. If my interpretation of Javelin's data is correct, this means that we're given that

 P(T|N) = 0.195

P(T|not N) = 0.43

P(N) = 0.11

and

P(not N) = 0.89

From the data that the Department of Justice has, it looks like

P(T) = 0.0275

Using Bayes' theorem we have that

P(not N|T) = P(T|not N) P(not N) / P(T)

= (0.43) (0.89) / 0.0275

= 0.22

In other words, if you're a victim of identity theft, there's probably about a 22 percent chance that you won't have received a breach notification letter. On the other hand, that also means that there's about a 78 percent chance that you will have received a breach notification letter. I'll bet that number's higher than it was a few years ago.

Standards meetings aren't just mind-numbing line-by-line reviews of drafts of documents and bitter debates by partisan vendors trying to promote the technology that their products use. Here's what actually happened at the recent ASC X9 meeting.

(The phone rings. A bored attendee of the meeting answers it.)

Bored meeting attendee: Hello?

Man on the line: Yes, I'm calling about the chairs. You need an additional five chairs brought up, right?

Bored meeting attendee: No, that should have been fifty: five zero.

Man on the line: Really!?!?

Bored meeting attendee: No, not really. You really just dialed the wrong number.

Man on the line: Oh, that's good.