Thursday, November 12, 2009

I expect this crime will be much more common in the “let's put all your medical records online/mine are in the secure congressional health-care vault” future.

http://www.databreaches.net/?p=8228

Indian outsourcing boss arrested for selling medical records

November 11, 2009 by admin Filed under Breach Incidents, Healthcare Sector, ID Theft, Insider, Non-U.S., Of Note, Subcontractor

From the Mail Foreign Service:

The head of an Indian outsourcing company has been arrested for selling confidential medical records of patients treated at one of Britain’s top private hospitals.

Police arrested Vikas Dhairyashil Bansode on Tuesday after an undercover investigation revealed the records were being sold for as little as £4 each.

Hundreds of files containing intimate details of patients’ conditions, home addresses and dates of birth were allegedly sold by Bansode, 29, and his accomplices.

[...]

Police in India confirmed Bansode, the director of Pro BPS, an outsourcing company in Pune, had been arrested for stealing medical data and selling it to middle men who would market the private records in internet chat rooms. He remains in police custody.

Read more in the Daily Mail.

[From the article:

'Police seized the laptop of Bansode and after checking his emails they found that he had sent out the medical data to several companies,' said investigating officer Insp Bhandkoli. [Obviously a rookie. He should have taken my “How to Commit Computer Crime” class Bob]

The arrest raises serious questions about the security of health records sent abroad by NHS and private hospitals. [All together now: “Well, DUH!” Bob]



Normally too trivial to report here, note that 1) use of the data was virtually immediate (less than one week) and 2) it was detected because someone actually noticed unusual activity(!!!) probably by reviewing the log. Very unusual.

http://www.databreaches.net/?p=8233

WA: Fraud ‘hits’ follow local data breach

November 11, 2009 by admin Filed under Breach Incidents, Education Sector, Hack, ID Theft, U.S.

As an update on a story posted here yesterday, Howard Buck reports that over 3,000 employees were affected by the breach of Vancouver Public Schools, and that:

Already, several Vancouver district employees have reported “hits” of suspicious personal banking account activity after their financial institutions were alerted to possible fraud, by the district or by employees directly.

“They are out there,” Steve Olsen, VPS chief fiscal officer, said of the Social Security numbers, along with names, birth dates and other personal identification and banking information believed compromised.

It now appears someone who gained I.D. password access cracked into the Citrix software “server farm” hosted by Educational Service District 112, based in Vancouver. That person obtained personal payroll data, said Olsen and Linda Turner, the district’s technology officer.

An out-of-order “process,” or computer data run, first drew attention of managers last Friday, Turner said.

“We believe it was an outsider that hacked into the system,” Turner said.

Read more on Columbian.com.

Thanks to Wilma of ITRC for providing this link.



Part of my Hacker class is writing a simple program to randomly surf the net from your computer (IP address) while you are off hacking from your neighbor's (or any other inadequately secured) computers

http://news.cnet.com/8301-17852_3-10395597-71.html?part=rss&subj=news&tag=2547-1_3-0-20

Facebook status update saves man from jail

by Chris Matyszczyk November 11, 2009 2:49 PM PST

According to The New York Times, Rodney Bradford decided to update his status with a call from the soul. "Where's my pancakes?" is the Times' translation of a status update it says was written in "indecipherable street slang." The fact that Bradford did this at 11:49 a.m. on October 17, using his father's computer, meant that he would not have to suffer pancakes of a more distasteful nature in the local penitentiary.

Bradford, you see, was arrested the next day for robbery. However, after he was booked, his lawyer was intelligent enough to update the district attorney with news of Bradford's Facebooking.



Should Privacy allow someone to change history?

http://www.pogowasright.org/?p=5276

German privacy law vs. our First Amendment

November 11, 2009 by Dissent Filed under Court, Featured Headlines

David Kravets writes:

Wikipedia is under a censorship attack by a convicted German murderer invoking his country’s privacy laws in a bid to remove references to him killing Bavarian actor Walter Sedlmayr in 1990.

Lawyers for Wolfgang Werle, of Erding Germany, sent Wikipedia a cease-and-desist letter (.pdf) demanding the free encyclopedia remove Werle’s name from its entry on the actor he and his half-brother killed. The lawyers cite German court rulings that “have held that our client’s name and likeness cannot be used any more in publication regarding Mr. Sedlmayr’s death.”

German media have already ceased using the Werle’s full name regarding the attack. Jennifer Granick, an attorney with the Electronic Frontier Foundation, says German publications must also alter their online archives in a bid to comport with laws designed to provide offenders an avenue to “reintegrate back into society.”

“It’s not just censorship going forward. It’s asking outlets to go back and change what is already being written,” Granick said in a telephone interview.

Read more on Threat Level.

So now what? Although Kravets describes this as a “censorship attack,” and many here would likely agree with that characterization, the German law firm, Stopp & Stopp, are described as a pro-privacy law firm. And while the German approach to privacy in attempting to reintegrate the convicted killers is thought-provoking and might merit some voluntary support, the lawyers’ letter to San-Francisco-based WikiMedia Foundation seems to assert that we are all subject to German law, an approach that raises this Brooklyn-born blogger’s hackles:

[...]

As your article deals with a local German public figure (such as the actor Walter Sedlmayr), we expect you are aware that you have to comply with applicable German law.

German law provides that our client is not a public figure after many year have passed [sic] since the crime. The German courts including several Courts of Appeals, have held that our client’s name and likeness cannot be used any more in publication regarding Mr. Sedlmayr’s death (cf. e.g. Nuremburg Court of Appeals Judgment dated December 12, 2006, File No. 3 U 2023/06, published in Magazindienst 2007, 313-31,OLGR Nuremberg 2007, 227,ZUM-RD 2007, 133-134 and Court of Appeals Frankfurt, Judgment dated February 6, 2007, File. No. 11 U 51/06).

Our client is currently litigating against you in the trial court of Hamburg (file no. 324 O 740/07).

We therefore ask you to sign the attached cease and desist declaration, which is a binding commitment under German law. In case you do not sign the cease and desist declaration, we are authorized to pursue all available remedies against you.

You are also obligated to pay for our client’s attorney’s fees under applicable German law.

Jennifer Granick of the Electronic Frontier Foundation also discusses the cease and desist letter and conflict between American and German laws here.

So… does every American web site that names names in reporting this news story of public interest and import get a cease and desist letter? Do the German lawyers really intend to sue every American blog that covers this? I wonder if they’ve heard of the Streisand Effect. A search of Google News shows three stories that now name convicted murderers whereas there were none until now and over 60 results on Google web, mostly all new and in response to the legal threat.

It’s one thing to argue, as a UK court did recently, that news publications must issue corrections or go back and amend archived stories or risk losing libel protection, but does Germany really expect to be able to censor non-German publications under their privacy laws?

Amazing.

Futile, but amazing.



The economics of a maturing industry? I've repeatedly made reference to Paul David's paper “The Dynamo and the Computer” (available here: http://elsa.berkeley.edu/~bhhall/e124/David90_dynamo.pdf ) and I see this as an indication that the infrastructure of computing is finally changing to optimize performance.

http://news.cnet.com/8301-13505_3-10394966-16.html?part=rss&subj=news&tag=2547-1_3-0-20

Cloud to suck money out of market, report says

by Matt Asay November 11, 2009 7:20 AM PST

A recent survey suggests that CIOs are loosening the purse strings on IT spending. IT vendors may want to hold off their celebrations, though, because much of the spending appears to be headed for deflationary forces like cloud computing, virtualization, and their kissing cousin, open source.

An economic rebound never looked so dire.

That's unless you're an IT buyer, of course, suggests a new report from Goldman Sachs. In this week's report, titled "A Paradigm Shift for IT: The Cloud," Goldman Sachs said it expects that pent-up IT dollars will flow in the short term to building out next-generation data centers (e.g., cloud computing). But in the long term, less money is expected to find its way into fewer wallets:

After the initial build-out, Cloud Computing could drive some headwinds for the IT industry, as a result of two factors. First, we see virtualization as a deflationary technology. Second, we see IT spending consolidating in the hands of fewer buyers--the Cloud providers, hosting vendors, and large enterprises. These factors will likely dampen IT spending growth due to greater utilization and buyer pricing power.



I can't count the number of times I told you this business model would eventually dominate the Internet. Now even Hollywood seems to 'get it.” I'm gonna invest in this company before it explodes like Google or Google buys it. (You should be able to capture these movies with the DownloadHelper add-on to Firefox)

http://entertainment.slashdot.org/story/09/11/12/058216/Hollywood-Backs-Swedish-Movie-Streaming-Site?from=rss

Hollywood Backs Swedish Movie Streaming Site

Posted by samzenpus on Thursday November 12, @05:24AM from the take-a-peek dept.

paulraps writes

"Forget Spotify and Skype: the latest strangely-named-but-hey-it's-free service from Sweden offers users streamed on-demand movies free of charge, has deals with two major Hollywood studios, and is called Voddler. Since its launch two weeks ago, the service has signed up a quarter of a million users and has almost the same number queuing for an invitation. After signing deals with Disney and Paramount, the company provides access to thousands of films, which are shown uninterrupted after a barrage of ads. The target is the file-sharing generation: 'Our customers can be sure that Voddler is totally legal, secure, and that there are no risks of computer viruses infecting their machines from downloaded files,' says executive vice president Zoran Slavic."



“There are some things man was not meant to know.” Or at least, things that I won't encourage my hacker class to try out.

http://www.pogowasright.org/?p=5290

How to DDOS a federal wiretap

November 12, 2009 by Dissent Filed under Surveillance

Robert McMillan reports:

IDG News Service – Researchers at the University of Pennsylvania say they’ve discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

The flaws they’ve found “represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial,” the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.

Read more on Computerworld

[From the article:

This time, the team wanted to look at newer devices, but they couldn't get a hold of a switch. So instead they took a close look at the telecommunication industry standard -- ANSI Standard J-STD-025 -- that defines how switches should transmit wiretapped information to authorities. This standard was developed in the 1990s to spell out how telecommunications companies could comply with the 1994 Communications Assistance for Law Enforcement Act (CALEA).

"We asked ourselves the question of whether this standard is sufficient to have reliable wiretapping," said Micah Sherr, a post-doctoral researcher at the university and one of the paper's co-authors. Eventually they were able to develop some proof-of-concept attacks that would disrupt devices. According to Sherr, the standard "really didn't consider the case of a wiretap subject who is trying to thwart or confuse the wiretap itself."

… Luckily for the cops, criminals usually don't take their communications security that seriously.



Over hyped? We'll find out today.

http://news.cnet.com/8301-17939_109-10395910-2.html?part=rss&subj=news&tag=2547-1_3-0-20

Clicker launches for all today. Watch it.

by Rafe Needleman November 12, 2009 6:00 AM PST

The online video directory service Clicker launches Thursday at the NewTeeVee Live conference. If you watch TV, you will love this site.

Clicker is not a full-on video search engine, like Bing or Google, and it's not a video-viewing site like Hulu. It is, instead, a carefully curated directory of full-length video content, with several extremely nice features and user interface flourishes that make it a good first stop online if you're looking for an episode of your favorite show to watch.

… This service does an amazing job of taming the morass of online video, and I cannot recommend it highly enough. The site has been in private beta for a few months; it is scheduled to go live Thursday at 10:30 a.m. PST.



Look, this is serious, why do I see straight lines everywhere?

http://mashable.com/2009/11/11/google-safesearch-lock/

There’s No Sex When Google Shows You Colored Balls

November 11th, 2009 by Jennifer Van Grove



An alternative to “Forums?”

http://voicethread.com/#home

VoiceThread

With VoiceThread, group conversations are collected and shared in one place from anywhere in the world. All with no software to install.

A VoiceThread is a collaborative, multimedia slide show that holds images, documents, and videos and allows people to navigate pages and leave comments in 5 ways - using voice (with a mic or telephone), text, audio file, or video (via a webcam). Share a VoiceThread with friends, students, and colleagues for them to record comments too.

Users can doodle while commenting, use multiple identities, and pick which comments are shown through moderation. VoiceThreads can even be embedded to show and receive comments on other websites and exported to MP3 players or DVDs to play as archival movies.



I use these in my classes. Honest!

http://www.makeuseof.com/tag/5-really-cool-video-entertainment-sites-you-should-check-out/

5 Really Cool Video Entertainment Sites You Should Check Out

Nov. 12th, 2009 By Karl L. Gechlik



Got more text that you'd like to type? Take a picture (like in those old spy movies) and let the Cloud convert it for you.

http://www.newocr.com/

Free Online OCR

NewOCR.com is a brand new free online OCR (Optical Character Recognition) service. Whether you have a scanned document or a photo, NewOCR.com can analyze the text in any image file that you upload, and then convert the text from the image into text that you can easily edit on your computer.

No comments: