http://www.pogowasright.org/?p=9367
Facebook users risk blackmail, privacy czar warns
April 24, 2010 by Dissent
Jacquie McNish and Omar El Akkad report:
The world’s most popular social network has made it easier for its users to become the victims of “blackmail” by watering down its protections of personal information, Canada’s top privacy official says.
Facebook executives this week unveiled a series of changes to the site, which now boasts about 400-million users. One of the changes allows third-party developers who design games and other Facebook applications to store user data indefinitely. Previously, developers were required to delete the data after 24 hours.
“I’m very concerned about these changes. More than half a million developers will have access to this data,” Jennifer Stoddardt, Canada’s Privacy Commissioner, said in an interview in her Ottawa office. “The information will be stored indefinitely and it opens the possibility that a lot of people can be blackmailed from all corners of the world.”
Read more in the Globe and Mail.
If you want to steal data, you can do it retail (individual computers) or wholesale (NHS)
http://www.phiprivacy.net/?p=2522
UK: NHS computers hit by voracious, data-stealing worm
By Dissent, April 22, 2010 8:39 pm
Dan Goodin reports:
The UK’s National Health Service has been hit by a voracious, data-stealing worm that’s easily detected by off-the-shelf security software, according to researchers who directly observed the mass compromise.
Researchers from anti-virus provider Symantec have been monitoring the Qakbot worm since last May and have documented its behavior here and here. On Thursday, after infiltrating two of the six servers used to collect pilfered data from infected machines, they provided an update that didn’t exactly instill confidence in the healthcare system.
“The logs show that there is a significant Qakbot infection on the National Health Service (NHS) network in the UK,” the Symantec update states. “This threat has managed to infect over 1,100 separate computers that are spread across multiple subnets within the NHS. We have attempted to contact the affected parties and have no evidence to show that any customer or patient data has been stolen.”
Not that Qakbot doesn’t have the ability to clean out the NHS if it wanted do.”
Read more in The Register.
[From the article:
Over a two week period, the researchers observed 4 GB of stolen data being funneled to the monitored servers. Because that represents a fraction of the servers used by Qakbot, the amount of pilfered information is likely much higher.
… “In a nutshell, if your computer is compromised, every bit of information you type into your browser will be stolen,” Symantec researchers wrote.
Interesting – the first person they kill off is a lawyer...
http://www.phiprivacy.net/?p=2520
Paging Dr. Google
By Dissent, April 22, 2010 4:11 pm
There’s a Note by Colin P. McCarthy in the latest issue of William and Mary Law Review that reviews some of the privacy, security and regulatory issues surrounding personal health records:
“Paging Dr. Google: Personal Health Records and Patient Privacy.”
(Related)
http://www.phiprivacy.net/?p=2525
Prying eyes
By Dissent, April 23, 2010 7:34 am
Matt Anderson comments:
In a previous issue, I related a conversation I had with a patient about the electronic medical record (EMR) and described to her the problems of poor documentation and up-coding. My conversation with my patient continued, as I told her about the legal intrusions of her privacy made possible or made easier with the EMR.
[...]
I related how the government has even more authority to see your record. The government needs no consent for quality, regulatory and compliance auditing, public health, and fraud and abuse investigations. The police can see your record without a court order if they have any suspicion you may be involved in domestic or child abuse. Exemptions to your consent apply to workers’ comp, national security, the military, and some judicial proceedings.
Even mental health records, the most sensitive information about you, can be legally disclosed without your consent in some circumstances.
Minor revisions to this rule in 2008 notwithstanding, these far-reaching but legal violations of your medical privacy mocks the Oath of Hippocrates in which I pledged to “keep to myself” confidential patient information. Most people know nothing of these legal intrusions into their medical records. The Fourth Amendment prevents the government from searching your house or person without a warrant, but the government needs no warrant and requires no permission from you to access your most private information.
Read more on WorldMag.
(Related)
http://www.databreaches.net/?p=11382
Survey: Delayed Compliance with New Regulations Has Increased Data Breaches and Medical Identity Theft in U.S. Hospitals
April 24, 2010 by admin
Although some will tend to minimize survey results when the surveyor has a self-serving interest, the results of the recent Identity Force survey of over 200 hospital administrators provides unsurprising, yet troubling, data. From their press release about the survey:
PROBLEMS ARE WORSENING DESPITE MAJOR REGULATORY EFFORTS
41.5% of hospitals have TEN OR MORE data breaches each year – a 120.7% increase over last year’s survey. Currently, over 20% percent of hospitals have twenty or more breaches annually.
INSIDERS NOT OPTIMISTIC HEALTHCARE REFORM WILL HELP
56.3% of hospital compliance officers believe that the new health care reform law will either have no change or will increase medical identity theft at their institutions.
INVESTIGATION OF FRAUD IS SURPRISINGLY LOW
Despite the fact that medical identity theft is the fastest growing form of identity fraud, 71.4% of hospitals on average investigate fewer than 50 cases of possible misuse of identity annually, and over 34% still do not keep good patient ID records.
TIMELINESS OF COMPLIANCE IS POOR
To date, only 15.7% of hospitals feel they are in compliance with the HITECH Act, which went into effect in February 2010. This lack of compliance mirrors last year’s slow compliance efforts regarding the FTC’s Red Flags Rule.
SECURITY OF THIRD PARTIES IS AN UNKNOWN
48.3% of hospitals do not know if their vendors and business associates are in compliance with the HITECH Act.
You can get a free copy of their entire report, Spring 2010 National Survey of Hospital Compliance Executives, here.
It's like taking fingerprints at a crime scene. “Something the crooks left behind” is far game. Sort out who the fingerprints or DNA belongs to later... But citizens can't do it – remember the Secret Service tackling the guy who was going through the trash from ex-president Nixon's NY condo?
http://www.pogowasright.org/?p=9383
MD court: Police may use trash to get a suspect’s DNA
April 25, 2010 by Dissent
Scott Daugherty reports:
Police may sift through a suspect’s trash, collect a genetic sample and send it off for DNA testing without a warrant, the state’s highest court ruled last week in upholding a 2007 county rape conviction.
The 5-2 opinion by the state’s Court of Appeals – which was issued Thursday in Annapolis – drew praise from prosecutors who said they had “no doubt” a county police detective was in the right four years ago when she tricked Kelroy Williamson into throwing away a fast food cup and unwittingly giving her a DNA sample.
[...]
District Public Defender William Davis, who represented Williamson at trial, blasted the majority opinion, though. He said the court is ignoring the U.S. Constitution’s protection against unlawful search and seizure, and that Chief Judge Robert M. Bell and Judge Clayton Greene Jr. got it right in their dissenting opinion.
“They aren’t chipping away at the Fourth Amendment, they are taking a jackhammer to it,” Davis said. He expects police departments across the state to “pick up this opinion and run with it.”
Read more in The Capital .
Hacking for lawyers?
http://www.pogowasright.org/?p=9389
Data Redaction: You’re Doing it Wrong
April 25, 2010 by Dissent
John Bambenek writes:
PDF files are a common way to distribute documents on the Internet and even are used for distributing documents with redacted (removed) content. However, when you distribute redacted documents make sure that the data you don’t want out there isn’t, in fact, still in the file.
Case in point, take the upcoming trial of former Governor Rod Blagojevich. He just submitted a motion to force President Obama to testify during his criminal trial. As you can imagine, there is sensitive information in the motion. You can read the motion here. The areas that are redacted are pretty obvious. Now, hit Control-A. Open a text editor or Microsoft Word (or the like). Hit Control-C. [Or use Control-C, Control-V -- Dissent]
Hello, Mr. Face. Meet, Mr. Palm. This particular mistake isn’t new. There was a well-publicized SNAFU involving the US Department of Defense publishing a redacted document that contained classified information which was happily leaked on the Internet using the same method.
Read more on isc.sans.org. Although the judge called an emergency meeting Thursday evening over the redaction problem, the unredacted motion is now “out there.”
Statistics
http://www.bespacific.com/mt/archives/024096.html
April 23, 2010
Symantec Internet Security Threat Report April 2010
"The Symantec Internet Security Threat Report provides an annual overview and detailed analysis of Internet threat activity, malicious code, and known vulnerabilities. The report also discusses trends in phishing, spam and observed activities on underground economy servers...report sathe ys the U.S. was top country for malicious activity, making up 19% total."
Control access and you control third party developers. Let them develop profitable businesses, then start charging to access your data.
Twitter and the Rise of Data Platforms
Posted by Soulskill on Saturday April 24, @01:37PM
snydeq writes
"Fatal Exception's Neil McAllister sees Twitter's latest move — to develop 'analytical products' based on Twitter data and to encourage third-party developers to do the same — as part of a growing trend toward a new kind of software platform. 'In the past, tool vendors have offered developers languages and code libraries that gave them access to computing functions in simple, standardized ways. In this new paradigm, however, a platform consists of more than just frameworks and APIs. It also comes prepackaged with a complete, rich data set, and often that data is the platform's most valuable aspect. These new "data platforms" are creating exciting new opportunities for developers, though they are not without their challenges.' Chief among these issues are privacy and security, as evidenced by a recent letter to Google from government regulators and activist tools such as PleaseRobMe. But for developers, the challenges also include livelihood. 'Even more than mobile platforms such as Apple's iPhone, a data platform like Twitter's is a walled garden. If Twitter cuts off a developer's access to its data sources for any reason, that developer's business is sunk.' Even those who develop 'cloud middleware' around such data platforms stand to gain little from their efforts, as doing so pits them in competition with their data platform vendors, which are in a far better position to reach potential customers."
(Related) “How dare you make anything easy for our customers!”
6 Million Unfollows Later, Twitter Moves To Silence ManageTwitter
… As the service posted on its Posterous blog yesterday, Twitter has sent the service an email letting them know that they’re breaking one of their rules. Specifically, this is what Twitter wrote:
We’re writing to let you know that your application, ManageTwitter, breaks our Automation Rules and Best Practices (http://help.twitter.com/entries/76915). Specifically, it facilitates bulk automated user unfollowing, which is not allowed. It’s best for both our users and your users if your application follows the rules, so please make the necessary changes, such as removing the “Select All” option (and requiring users to decide on each user individually) to bring your application into compliance.
If you still have a floppy disk drive on your desktop, it's time to start copying all you old floppies to DVD. Don't have a DVD drive? How old is your computer?
The End of the 3.5 Inch Floppy Continues
Posted by timothy on Sunday April 25, @08:13AM
JoshuaInNippon writes
"In a brief press release buried within Sony Japan's website, the company announced that they would be ending sales of the classic 3.5 inch floppy disk in the country in March of 2011. Sony introduced the size to the world in 1981, which saw its heyday in the 1990s. Sony has been one of the last major manufacturers to continue shipments of the disk type they helped develop, but had ended most worldwide sales in March of this year. The company's production of the 3.5 inch floppy ceased in 2009. Sony noted the demand, or a lack thereof, as the reason. The company's withdrawal is one of the final marks in the slow death of the floppy era."
This comes up when I have my Excel class create household budgets
Is It Better to Rent or Buy? Interactive Infographic
… Users of the interactive infographic can enter variable data such as home price, interest rates, rent prices, rental rate increases, and housing market changes to determine when it's best to buy a home rather than rent. Users can also account for information like insurance rates, condo fees, and opportunity costs.
Easy editing of my porn instructional videos
http://www.killerstartups.com/Video-Music-Photo/videotoolbox-com-an-easy-way-to-edit-videos
VideoToolbox.com - An Easy Way To Edit Videos
The Video Toolbox site stands as a new resource that brings into your hands the kind of options that people who had a computer during the ‘90s will always associate with professional studios. Of course, most of these functionalities are elemental now. That is why they can be replicated by a tool that works on the browser. But that doesn’t make any single one of them any less effective.
Using the Video Toolbox you can work with videos amounting to as much as 300 MB, analyse them as in as much detail as you want, and also have them converted to all the file formats that are common currency nowadays. These include AVI., MOV,. FLV, MPA, MPEG… you know how the list continues.
No comments:
Post a Comment