I found something ironic in this story on MSN. MySpace, made popular through the ease of connecting to other people and related “hype”, is apparently telling people not to listen to what they hear on the street.

The popular Web hangout MySpace.com is as safe as anyplace in the offline world despite recent reports that sexual predators may be using it to find and lure young victims, the company’s CEO said.

“If you go to the mall and start talking to strange people, bad things can happen,” Chris DeWolfe, the site’s co-founder, said in a telephone interview. “You’ve got to take the same precautions on the Internet.”

I am not a PR expert, but from a security perspective I find this position odd. After all, it comes from a company that provides a platoform to people that enables them to represent themselves as someone they are not.

In other words, the analogy could be translated into “if we provide a forum that strips away all the controls you might use in a mall to protect yourself (e.g. physical appearance), and don’t give you anything to protect yourself (e.g. we have no alternative checks and controls to suggest or provide to you), you can’t expect us to be liable for your behavior.” And that doesn’t sound right for a reason. The next question to DeWolfe should have been “what exactly do you mean by ‘same’ precautions?”

Back in March there was a good deal of news about a Feb attack on a retailer that exposed many debit cards:

a total of eight banking companies — Citigroup Inc., Bank of America Corp., JPMorgan Chase & Co., Wachovia Corp., Wells Fargo & Co., Washington Mutual Inc., National City Corp., and PNC Financial Services Group Inc. — have confirmed their customers may have been compromised and all said they would reissue debit cards to some customers. […] sources close to the matter said they believe the lead theory is that hackers “accessed servers at about 30 stores belonging to a large, national retailer and stole data from the cards’ magnetic stripes, encrypted customer PINs (in a format known as PIN blocks), and the keys to decode the PIN blocks. “The criminals used the magnetic stripe information to create counterfeit cards, and the decrypted PINs to withdraw cash from automated teller machines, the sources said.â€? […] Customers are asked to monitor their accounts for suspicious activity and immediately report anything out of the ordinary. Silvestri [the spokesman for Wachovia] said he is a frequent debit card user. He said he likes to check his account online at least once a day.

One might almost think about getting a link to your phone so every transaction has to be approved via cell. Imagine if an ATM sent your phone an SMS message asking for confirmation…or if your cell-phone had a random number generator that you had to type into the ATM along with your PIN.

Apparently the breach is still newsworthy as banks continue to replace cards, almost five months later, and the reporters are starting to hint that an ATM processor was the real source of problems:

Charlotte, N.C.-based Wachovia issued the card replacements last week as an antifraud measure, said bank spokeswoman Mary Beth Navarro. She declined to explain the circumstances that triggered the action after several months. […] Visa has encountered security problems with other contractors besides the ATM processor that triggered the February alert.