Jackson Memorial Hospital statement on data theft
John Dorschner of the Miami Herald reports that personal information of more than 200,000 visitors to Jackson Memorial Hospital between May 2007 and March 2008 was on a hard drive that was stolen from the hospital’s mainframe data center on or before February 11. According to the hospital’s CIO, no Social Security numbers or financial data were on the missing drive. The data appear to be limited to copies of drivers’ licenses or other types of identification that were presented at various security checkpoints.
Because there was no backup of that drive, the hospital is using the media to alert those affected.
A statement on the hospital’s web site says:
On March 4, 2009, a police report was filed with the Miami-Dade Police Department to investigate the theft of a hard drive stolen from the Jackson Memorial Hospital data center. The hard drive held identification information for individuals that presented a driver’s license or other form of identification at security points while visiting Jackson Memorial Hospital between May 2007 and March 2008. While a full investigation on this matter is ongoing, it is believed that the person(s) responsible wanted the hard drive and not the information it contained. No social security numbers or financial information was stored on the missing drive.
Jackson has taken steps to ensure this does not happen again. The information is now being monitored by a third party and stored at an offsite location. Effective immediately, data collected from visitors will be destroyed after 30 days. [“We never considered a 'useful life' before” Bob] “We sincerely apologize for the inconvenience this breach may cause our visitors,” said Eugene Bassett, interim CEO, Jackson Health System. “We felt it was important for us to notify those who are potentially impacted. We collect visitor data in an effort to better manage access to our campus and, most importantly, to protect our patients. We will continue to work with law enforcement in hopes of apprehending the person or persons responsible for this crime.”
CyberWar If Russia was good at this, the attacks would have been traced to random sites all over the globe. Again it looks ike a strategy of quantity (DDOS) not quality.
Report Links Russian Intelligence Agencies To Cyber Attacks
Posted by Soulskill on Saturday March 21, @12:01AM from the send-spike-beep-bloop-spike-sent dept. Security Government The Internet
"A report released Friday by a group of cyber-security experts from greylogic finds it is very likely that the Foreign Military Intelligence agency (the GRU) and Federal Security Service (the FSB) directed cyber attacks on Georgian government servers in July and August of 2008. 'Following a complex web of connections, the report claims that an Internet service provider connected with the Stopgeorgia.ru web site, which coordinated the Georgian attacks, is located next door to a Russian Ministry of Defense Research Institute called the Center for Research of Military Strength of Foreign Countries, and a few doors down from GRU headquarters.' But Paul Ferguson, a researcher with Trend Micro who has reviewed the report, says it's a 'bit of a stretch' to conclude that the Georgia attacks were state-sponsored. 'You can connect dots to infer things, but inferring things does not make them so,' he said. One other interesting allegation in the report is that a member of the Whackerz Pakistan hacking group, which claimed responsibility for defacing the Indian Eastern Railway Web site on Dec. 24, 2008, is employed by a North American wireless communications company and presents an 'insider threat' for his employer."
Sounds suspiciously like that movie “Clueless.” Perhaps there is a subtle strategic objective, but I can't imagine what it might be.
Senators plan to shift cybersecurity from DHS to White House
by Stephanie Condon March 20, 2009 6:00 PM PDT
Forthcoming legislation would wrest cybersecurity responsibilities from the U.S. Department of Homeland Security and transfer them to the White House, a proposed move that likely will draw objections from industry groups and some conservatives.
CNET News has obtained a summary of a proposal from Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) that would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President. That office would receive the power to disconnect, if it believes they're at risk of a cyberattack, "critical" computer networks from the Internet. [Talk about redefining infrastructure! Bob]
"I regard this as a profoundly and deeply troubling problem to which we are not paying much attention," [There is a big difference between “paying attention” and “understanding” Bob] Rockefeller said a hearing this week, referring to cybersecurity.
Might be interesting in the context of “should we outsource item removal” as well as “is there any law enforcement organization that would want to analyze the raw data?”
eBay Describes the Scale of Its Counterfeit Goods Problem
Posted by Soulskill on Friday March 20, @09:58PM from the how-to-sell-a-box-of-rocks dept. The Almighty Buck Businesses The Courts The Internet
Ian Lamont writes
"As the Tiffany vs. eBay lawsuit winds its way through a federal appeals court, eBay has trotted out some numbers that show how many sellers attempt to sell fake goods on the auction site. Millions of auctions were delisted last year, and tens of thousands of accounts were suspended after reports were made to eBay's Verified Rights Owner program, which lets trademark owners notify eBay of fake goods being sold on the site. eBay says 100% of reported listings were removed from the site last year, most within 12 hours, and the company uses sellers' background information to make sure that they don't create new accounts to sell delisted items. Tiffany brought the suit against eBay in 2004, alleging that eBay was turning a blind eye to counterfeit luxury goods and demanding that eBay police its listings for bogus goods. Tiffany lost the case last July and will shortly present its arguments to the US Court of Appeals for the Second Circuit in New York. A similar case in France cost eBay $61 million."
For my Data Mining students. You can't learn much from location (unless millions of Chinese users suddenly start twittering from Siberia) so you must go deeper and learn to analyze what they are saying.
Internet Could Act As Ecological Early Warning System
Posted by ScuttleMonkey on Friday March 20, @05:30PM from the keep-your-crowd-source-off-of-mine dept.
Wired is reporting that ecologists think the internet could act as an early ecological warning system based on data mining human interactions. While much of this work has been based on systems like Google Flu Trends, the system will remain largely theoretical for the near future.
"The six billion people on Earth are changing the biosphere so quickly that traditional ecological methods can't keep up. Humans, though, are acute observers of their environments and bodies, so scientists are combing through the text and numbers on the Internet in hopes of extracting otherwise unavailable or expensive information. It's more crowd mining than crowd sourcing."
For my Intro to Computer Security class
March 20, 2009
Regulations & IT Governance Frameworks 101
With so many regulations and IT governance frameworks out there, it can be confusing to keep them all straight. I recently saw a whitepaper put out by Qualys that had (I thought) a really go brief description of the major ones. Here it is: [NOTE: Requires registration Bob]
SOX – The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud.
HIPAA – The Health Information Portability and Accountability Act of 1996 requires tight controls over handling of and access to medical information to protect patient privacy.
GLBA – The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.
FISMA – The Federal Information Security Management Act of 2002 is meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.
Basel II – The Capital Requirements Directive/Basel II Accord established an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.
UK Data Protection Act of 1998 – The eight principles of the Data Protection Act state that all data must be processed fairly and lawfully; obtained and used only for specified and lawful purposes; adequate, relevant and not excessive; accurate, and where necessary, kept up to date; kept for no longer than necessary; processed in accordance with individuals rights as defined in the Act; kept secure; and transferred only to countries that offer adequate data protection.
IT Governance Frameworks
COBIT® 4.0 – Published by the IT Governance Institute (ITGI) COBIT 4.0 emphasizes regulatory compliance. It helps organizations to increase the value attained from IT and enables alignment with business goals and objectives. COBIT offers the advantage of being very detail oriented, which makes it readily adoptable across all levels of the organization. It also makes use of the Capability Maturity Model Integration (CMMI) as a way of assessing the status of security processes.
ISO 17799:2005 (ISO 27001) – This is an international standard for the management of IT security that organizes controls into ten major sections, each covering a different topic or area. These are: business continuity planning, system development and maintenance, physical and environmental security, compliance, personnel security, security organization, computer operations and management, asset control, and security policy.
NIST 800-53 – This publication from the National Institute of Standards and Technology is a collection of “Recommended Security Controls for Federal Information Systems.” It describes security controls for use by organizations in protecting their information systems, and recommends that they be employed in conjunction with and as part of a well-defined information security program.
Local Search. A list of sites that claim to know everything about every neighborhood everywhere.
Know your neighborhood: Thirteen sites
by Don Reisinger March 20, 2009 3:05 PM PDT
Something for the Swiss Army folder? Allows you to split or merge PDFs, so I can take parts of several documents and merge them for my students!
How To Merge Multiple PDF Files In A Single PDF File
March 20, 2009 · Filed Under Uncategorized
If you want to merge, combine or join different PDF files into a single PDF File, PDFMerge is a free utility to perform this task.
Another potentially useful tool that allows me to point my students to a YouTube video without all the distractions. Article even has a video for the technologically challenged.
Quietube makes YouTube watching distraction-free
by Josh Lowensohn March 20, 2009 4:16 PM PDT
Quietube is a new tool to enhance the YouTube watching experience. The idea is that you can watch just the video with none of the other YouTube page elements. To do this you simply add its bookmarklet to your browser's bookmarks toolbar, and click it on any YouTube page.
Another tool. I want to start gathering these now, since I expect all my textbooks will be e-reader (Kindle or similar) compatible within three years.
Calibre: iTunes for e-books?
by Seth Rosenblatt March 20, 2009 5:42 PM PDT
Calibre is a cross-platform, open-source library for your e-books that can also sync them to your e-book reader. Available for Windows, Mac, and Linux, it offers a massive range of individual book customizations, as well format conversion and newspaper-style RSS feed grabbing, but lacks a slick interface that would go a long way towards convincing skeptics that it's a powerful tool.
… You can add books, convert formats, and edit meta data on the fly. Much like the metatags for digital music, you can choose a cover of your own liking. If you have the ISBN number of a book in the metatag, there's a helpful button that will grab the cover from the Internet. You can also choose a cover that you have stored locally. Other meta data includes author name, book name, search tags, publisher, rating, series, reader comments, and available formats. Calibre manages multiple formats of books under one book name, so it's easy to sync the MOBI to a Kindle without having to confuse it with the EPUB or PDF version you've stored locally.
… Calibre also comes with a default desktop e-book reader, accessible from the View button, so you can check out your books without having a device.
… Calibre also has a killer feature: it manages RSS feeds into a newspaper format. [Potential to replace my RSS Reader – requires a bit more work for each site, but looks interesting. Bob] Currently, it supports just under 100 English-language feeds in this style, including various tech news, general news, and niche market Web sites.
Not sure this works, but it is fun to try it at various speeds. How much can you retain at 1500wpm?
Eyercize.com - Reading Super Quick & Super Easy
Eyercize is a site that has a program on offer that allows you to increase the speed at which you read. These days people have to read more and more, and reading a bit quicker would certainly not hurt anyone.
… The app itself works in quite a simple way, which is by letting you upload your text and then shoot it out at you at a standard speed. This in turn forces you to try and keep up with the text that is coming up therefore making you read more quickly! The application allows you to adjust a series of parameters such as the speed and the size of the text so that it suits your needs better.