Given a choice, these are the last records I'd toss out where someone could find them...
http://www.mysanantonio.com/news/metro/stories/MYSA021907.medicalrecordsdumped.KENS.184ada9d.html
Medical records found dumped
Web Posted: 02/20/2007 12:35 AM CST Barry Davis KENS 5 Eyewitness News
Hundreds of medical records from a chiropractor's office, protected under federal law, were found in the trash Monday behind a building.
The paperwork, covered under the HIPPA law, included Social Security numbers, photocopies of driver's license numbers, addresses, phone numbers and private medical history.
At least 20 boxes with medical files were recovered. Some of the files were found loose on the ground. They all belonged to Dr. James D. Strader of the now-defunct Back and Joint Institute of Texas.
... "I just finished up an identity theft myself," said a San Antonio Police Department officer whose file was dumped with the others. He wanted to remain anonymous. "This is an easy way for people to get a hold of your information. Give it back to us. Shred it. Do whatever, if it's no longer needed. But just to dump out for everybody else and their mother to pick it up [is wrong]."
Members of the police and fire unions came out to pick up the records because many of Strader's patients were cops and firefighters. Strader recently told the state chiropractic board that he moved offices to Northeast San Antonio, but that practice said he is no longer there.
... Strader later said the records must have been dumped by a bankruptcy trustee since the Back and Joint Institute of Texas folded.
Also see the next article... Are we moving toward penalties or just churning to look active?
Bill targets retailers for costs to fix data thefts
They say plan would fatten bank profits, not protect public
By Peter J. Howe, Globe Staff | February 20, 2007
Citing the high-tech theft of credit card numbers from Stop & Shop Supermarket Cos., Massachusetts bankers yesterday urged state legislators to force retailers and others who fail to keep card data protected to pay all costs for fixing security breaches.
"What happened at Stop & Shop is another example of retailers not doing enough to protect consumers," said the Massachusetts Bankers Association's spokesman, Bruce E. Spitzer. "If companies know they'll be responsible for every expense caused by a security breach, maybe they'll finally invest in better security."
... Costello's legislation would require that when any enterprise, including retailers and banks, allows card numbers to be revealed, it would have to notify affected consumers within five days. It would also be liable for covering all expenses caused by the breach, including the cost for banks to issue replacement cards.
Hurst said retailers "firmly oppose" the bill because existing card-issuer policies already let banks recoup fraud expenses from companies that mishandle credit-card data. Banks charge retailers 2 to 4 percent of sales, ostensibly in part to cover fraud costs, Hurst said. Small banks that don't want to pay for expensive round-the-clock card fraud monitoring like Bank of America Corp. and other giants perform want to shift costs to retailers, Hurst said.
But Costello said existing laws need to be clarified in several ways, which his bill would do. Spitzer, of the bankers association, said fewer than one-third of major retailers comply with national card-security standards, adding, "If this legislation passes, all retailers, all companies, and all banks will know they'll be responsible for absorbing every cost associated with a data breach."
Not the way I would do it....
http://techdirt.com/articles/20070220/105239.shtml
New Cybersecurity Czar's Crazy Ideas Won't Fit In Washington
from the might-we-suggest-starting-at-the-VA? dept
CNET News.com has an interview with Greg Garcia, the new assistant secretary for cybersecurity and telecommunications in the Department of Homeland Defense -- the country's top cybersecurity official. Perhaps the most interesting part of the interview is where he discusses his plans to call on Congress to create some incentives for companies to invest in better security and training. There's a risk in creating incentives for this sort of thing, since many companies will just focus on creating solutions that comply in order to receive benefits, rather than ensuring something is actually secure. But the idea of creating incentives, or at least removing disincentives, generally makes sense -- perhaps too much sense to survive in Washington. If you consider how courts and governments respond to security breaches that expose people's personal information, it could almost be argued that companies have an incentive not to invest in better security, since they get let off the hook so easily, and when they do get in trouble, the penalties are such a slap on the wrist that it probably makes more sense just to accept them as a cost of doing business, rather than investing in security and changing procedures to avoid paying them in the future. It appears that this is what many companies do already. For instance, in the wake of the recent TJX data leak (which looks like it's the biggest credit-card leak ever), it was revealed that just 31% of retailers follow Visa's regulations on how credit-card info should be handled. But if they don't comply, and lose data, they're not the ones on the hook for fines -- the bank that processes their payments is liable -- so they hardly have any reason to follow the rules. And in any case, Visa assessed less than $5 million in fines last year, which isn't even a drop in the bucket to the banking or retail industry. The incentives in this area are badly misaligned; hopefully this new cybersecurity czar will be able to straighten them out.
Perspective?
http://www.usnews.com/usnews/news/badguys/070220/fbi_translating_over_1000_wire.htm
FBI Translating Over 1,000 Wiretap Conversations a Day
Spurred by adding hundreds of new linguists and help from allies overseas, the FBI is translating a record 34,000 wiretapped conversations a month, bureau officials tell the Bad Guys blog. Long criticized for its lack of language specialists, the FBI, they say, is finally catching up to an unprecedented intake of foreign-language surveillance recordings, electronic data, and text since 9/11.
Most of the wiretaps are tied to counterterrorism and counterintelligence cases, officials say. Since 9/11, the FBI's counterterrorism agents, in particular, have collected a mother lode of intelligence. In a widely overlooked report to the Senate Judiciary Committee in November, bureau officials ticked off their counterterrorism take over the past four years:
519,217 hours of audio
5,508,217 electronic data files
1,847,497 pages of text
A July 2005 audit by the Justice Department's inspector general found that the bureau's counterterrorism audio backlog had doubled over the preceding year to 8,354 hours. But in their Senate report, FBI officials counter that the backlog represents only 1.35 percent of all the audio collected, and that nearly all of the agency's text and electronic data files have now been translated.
"We've made great strides," says Jeff Lanza, an FBI spokesman. "Ninety-nine percent of the backlog has been eliminated." Nearly a third of what remains is "white noise" not expected to yield anything of value, officials say. Of most concern are 3,240 hours of "audio from very obscure languages and dialects," which the bureau is scrambling to find linguists for.
The FBI has eased its backlog by markedly increasing its reservoir of translators. Since 2001, the number of FBI staff linguists has grown to 1,409, an 80 percent jump, officials say. The FBI has also turned to "the language programs of allied intelligence agencies," as well as to contract linguists, according to testimony by FBI Director Robert Mueller.
Since the 9/11 attacks in 2001, the number of national security wiretaps approved by the secret U.S. Foreign Intelligence Surveillance Court more than doubled, according to the Justice Department, from 934 in 2001 to 2,072 in 2005–an increase of 122 percent. These include wiretaps of counterterrorism suspects as well as counterintelligence targets such as foreign spies in America. In addition, thousands of electronic intercepts are thought to have been made under the National Security Agency's controversial warrantless surveillance program begun after 9/11. (That program was recently brought under the Foreign Intelligence Surveillance Court's purview.)
By contrast, the growth has been much slower in criminal wiretaps, which include eavesdropping on Mafia bosses, corrupt officials, and other suspected lawbreakers. In 2001, authorities completed 1,491 of these intercepts authorized by federal and state courts, according to the Administrative Office of the United States Courts. That number grew to 1,773 in 2005, representing an increase of 19 percent.
Posted at 06:30 PM
It is only human to want to feel superior. But this is a very dangerous attitude to have when you are trying to help users solve problems.
http://it.slashdot.org/article.pl?sid=07/02/20/1924218&from=rss
IT Departments Fear Growing Expertise of Users
Posted by kdawson on Tuesday February 20, @03:42PM from the illusion-of-control dept.
flatfilsoc recommends a long article in CIO magazine on users who know too much and the IT leaders who fear them. Dubbing the universe of consumer technology the "shadow IT department," the article highlights the extent to which the boundary between users' workplace and home have broken down. It notes the increasing clash — familiar to anyone who works in a company with an IT department — between users' home-grown productivity boosters and IT's mandate to protect corporate data. The inherent tendency of the IT department to want to crack down and control technology that it doesn't supply should be resisted at all costs, according to CIO. The article outlines strategies for co-existence. It just might persuade some desperate CIO somewhere not to embark on a career-limiting path of decreeing against gmail and IM.
More expensive than I thought!
http://slashdot.org/article.pl?sid=07/02/20/2213231&from=rss
4 GB May Be Vista's RAM Sweet Spot
Posted by kdawson on Tuesday February 20, @07:09PM from the honkin' dept. Windows Microsoft
jcatcw writes "David Short, an IBM consultant who works in the Global Services Division and has been beta testing Vista for two years, says users should consider 4GB of RAM if they really want optimum Vista performance. With Vista's minimum requirement of 512MB of RAM, Vista will deliver performance that's 'sub-XP,' he says. (Dell and others recommend 2GB.) One reason: SuperFetch, which fetches applications and data, and feeds them into RAM to make them accessible more quickly. More RAM means more caching."
No doubt the RIAA will lobby for an invasion....
http://www.technewsworld.com/rsstory/55862.html
SlySoft Tool Cracks HD DVD Encryption
By Tim Gray TechNewsWorld 02/20/07 3:20 PM PT
SlySoft, an Antigua-based software company that develops tools for breaking encryption coding, has released AnyDVD HD, a tool that cracks protections on HD DVDs and makes them easy to copy. Although the news may come as a blow to the consortium that designed the decryption specifications, it is unlikely that mass pirating of HD DVDs will occur any time soon, given the cost of the undertaking.
No comments:
Post a Comment