It's a classic case of unintended consequences.

Back in the '30s, our Uncle Sam decided it would be easier to tax his nieces and nephews if we all had numbers instead of names. And so the Social Security Number was born. No one suspected the SSN would become the beeper collar that tracks us like wildebeasts all through life. (Or did they? the conspiracy theorist in me muses.)

Anyway, SSNs were soon adopted by business as a convenient proof of identity. As a result, your unique SSN is the coveted master key that identity thieves use to breach your financial world.

And now, according to a recent article in the New York Times, thieves don't even have to steal your number. They can guess it.

Researchers at Carnegie Mellon suggest that the basic information needed to crack a Social Security Number is the owner's home state and date of birth - which you can find proudly displayed on countless Facebook pages. Even more alarming, they point out that the last four digits of the SSN are the only component unique to the owner. So collecting only this information, as many businesses do, is not really a safeguard.

In light of this, what steps can you take to protect your and your customer's identities?

• Find another way to identify customers. Legislation now before Congress may soon prohibit businesses from collecting SSNs, so you might as well get ahead of the curve.
• Be over-cautious about the personal information you choose to publish online. Everything is useful to skilled identity thief.
• If you store any sensitive customer information, be aware of your state's data breach laws.

I've started a directory of state data breach laws which you can use to begin your research. If you don't see your state listed, check back soon.

Here's something you'd never learn from Mr. Wizard: you can make your own lie detector with just two cups containing exactly the same amounts of dry rice.

The first lie detectors were being used by the Chinese 1,000 years before Christ. They used rice in a simple two-stage process:

• Fill the suspect's mouth with rice
• Ask some obvious questions to elicit a known truthful answer
• Have the suspect spit the rice into a cup and count the grains
• Fill the suspect's mouth with rice - again
• Begin the interrogation
• Have the suspect spit the rice out into a cup and re-count the grains

If your suspect spit more rice out the second time, you found your man. Think about it. The Chinese made the simple observation that when you lie, your mouth gets dry. Therefore, if you were lying, less rice would stick to the inside of your mouth and you would spit more back into the cup. The question with the known truthful answer was a control to see how much rice would stay in your mouth when you weren't fibbing.

The Chinese lie detector worked on the same principle as modern devices: telling lies results in a predictable physiological response. If you can recognize and interpret that response, you can asses whether or not a person is lying.

Why do lie detectors work? As I understand it, they work because lying is an unnatural act, and the human body rebels against this act in measurable and predicable ways.

Before Americans had organized police forces, they had private security guards. In New England towns, men were hired to patrol the streets at night. Now how would you think these guardians were viewed by the colonists?

According to Robert J. Fisher in his Introduction to Security

Such watchmen were ... without training, had no legal authority, were either volunteers or were paid a pittance, and were generally held in low regard - circumstances that bear a remarkable similarity to observations in the RAND report on private security in 1971.

Why is it that we so often undervalue those who commit to protecting our lives and property?

People react to financial stress in different ways. Some get creative. Some get criminal.

According to a recent article in the Chronicle Herald, workplace fraud is widespread in Canada and the soft economy will only make it worse. As employees feel increasing financial pressure - and possibly bitterness over missed promotions and raises - some may view workplace theft as the company's "cost of doing business."

Joyce McGeehan and Sarah Drysdale of Grant Thornton LLP offer these suggestions for curbing workplace fraud:

• Make sure employees understand management's expectation of ethical behavior
• Institute a real "open door policy"
• Start a whistleblowers hotline where individuals can report suspected fraud without fear
• Use due dilligence when researching new hires
• Immediately remove access rights to computer systems when employees are terminated
• Determine where your organization is most susceptible to fraud, and remember that customer information and other intangibles are targets as well goods and cash
• Don't assume that fraud controls are in place - conduct a walk through and test your policies and processes
• Revisit fraud controls after policy and personnel changes
• Provide written instructions to make sure that managers know what to look for
• Pay close attention to all bank account activity
• Keep a close eye on expense reports and insist on original receipts

I have some great childhood memories of going to Mets games with my Dad. It was such an uncomplicated outing; drive to Queens, park at Shea, and wait for a nice young man to walk up to your car and offer you tickets. Such service.

I think I was 15 when it finally occurred to me that some people bought tickets in places other than the parking lot.

Now it seems that ticket scalpers may soon go the way of Shea Stadium (which, if you didn't know, was bulldozed last year). Ticketmaster has decided that the best way to drive scalpers out of business is to take away the tickets. Their new "paperless tickets" can only be redeemed at the actual venue, and only after the credit card used to purchase them is swiped. Attendants armed with hand held scanners will be able to print a "seat locater" for the credit card holder.

Critics of the plan worry about bottlenecks at the venues that may result in personal safety issues.

Ticketmaster will roll the new system out at the upcoming Miley Cyrus tour. An interesting choice when you consider that many of the concert-goers will be too young to have a credit card of their own. This, worries SubHub's Sean Pate, will force parents to accompany their children to concerts.

Hmm ... even it's way uncool to a young concertgoer, is that really a bad thing from a safety standpoint?

Challenging free security programs such as AVG and Avast!, Microsoft has released the beta version of Security Essentials. The free antivirus program will replace the fee-based Windows Live OneCare, which tanked. The program has launched to some generally positive reviews; many of the negative comments I've seen swirl around Microsoft's image and business practices, not the performance of the software.

Just a digression; I'm amused by the fact that so much of the world hates Microsoft and yet 99.99999% of all computers still run on Windows. If you really believe that Microsoft is the Evil Empire, maybe you should be running Free BSD.

The Security Essentials release is in beta testing, and Microsoft's cap of 75,000 downloads has already been reached. If you want to try Security Essentials, you'll probably have to wait until October.

By the way, Microsoft is thinking about anti-trust as well as antivirus with Security Essentials. The software will not be bundled with future releases of Windows, which should head off any lawsuits.

For more information on Security Essentials, take a look at the recent review in ComputerWorld as well as Microsoft's Security Essentials site.

Really. It's just that they seem to make the news so much lately, and the stories are brimming with real world security lessons.

According to an article in today's Network World, hackers - can I call them twackers? - broke into several accounts and posted a link to a naughty tape featuring Leighton Meester.

(Let me pause for a moment to confess my pop-culture illiteracy. I don't tweet, and for all I know Leighton Meester is a German physicist.)

Anyway. The link was posted on pwnd twitter accounts including one belonging to technology guru Guy Kawasaki. Curious readers who wanted to learn more about the attractive physicist landed on a fake porn site that attempted to install malware on their computers.

Because of the sheer volume of users, Twitter has become a popular hunting ground for scammers. Kawasaki's site alone boasts almost 140,000 followers. If a twacker can fool a fraction of those users into following a bogus link, they can plant malware to steal lots of passwords and account information, or enlist scores of new zombies for their botnet.

What can you do?

• Always be suspicious online
• Stay away from porn sites - you might catch something
• Don't think you're safe just because you use a Mac - this program attacked Macs as well as PCs
• Establish an Internet and social media policy for business users
• Consider a service like AVG LinkScanner which scans websites for malware in real-time

Earlier this week, ex-Googlers Neil Daswani and Shariq Rizvi teamed up with Ameet Ranadive to launch Dasient, a service that protects web sites against against blacklisting and web-based malware.

Timely launch, in light of this week's Nine-Ball outbreak. (You can take a look at Thursday's post for more information about that infection.)

Google, and others, blacklist web-sites suspected of carrying infected code. The Dasient service will let you know if your site has been blacklisted and scan it for the malware that may have been loaded onto your site.

A blacklisted web site can be a killer, especially if you rely on e-commerce for your bread and butter. Once a site is placed on Google's blacklist, it can be pretty tough to get a clean bill of health.

That's where Dasient comes in. They offer a free service that will tell you if you've achieved blacklisting fame, and a paid subscription service ($49.95/month) that will track down and quarantine malicious code.

Good: Google crawls a website, gathering data that enhances search results.

Bad: malware that looks like Google crawls a webpage and sends you to an infected site.

A ginormous malware outbreak, dubbed Nine-Ball, has disguised itself as legit javascript on an estimated 40,000 websites.

According to Websense, this outbreak is very difficult to scan. So what can you do?

We'll keep an eye on this latest Information Super Highwayman, so check back. For up to date technical information, keep an eye on the Websense Alert page as well.

Yet another high profile Twitter hack - this time at the expense of the Mormons.

According to the Register, Hackers most likely exploited a weak password to pwn the @LDSChurchNews account and post some insulting messages.

By this time, it's old news that Twitter accounts are highly hackable - just ask Barack Obama. But two other issues are worth highlighting here: First, password strength is critical for any onilne account; Second organizations need to include social media in their security policies.

• Creating Strong Passwords
• 6 Security Policies You Need