Tuesday, May 25, 2010

Best Practice: Get the Auditors involved in the design of computer systems.

http://www.phiprivacy.net/?p=2783

AU: Patient data under threat, say auditors

By Dissent, May 24, 2010 5:55 pm

Mark Metherell reports:

Federal government auditors have overruled Medicare, calling on the agency to improve security of patient details held by pharmacists.

Patient information on the 200 million prescriptions pharmacists dispense each year are largely electronically held, which the Auditor-General, Ian McPhee, says ”continues to be an area of growing threats”.

In an audit report on the administration of the Pharmaceutical Benefits Scheme released yesterday, Mr McPhee revealed a long-running turf war among three health agencies over responsibility for the PBS.

Read more in the Sydney Morning Herald.

[From the article:

On security, Mr McPhee said both Medicare and the Department of Health had argued that existing security at pharmacies was either not their responsibility or were satisfactory.



Use this to check (and fix?) your own privacy leaks, then use it to suck all the useful data from whomever you are stalking?

http://www.makeuseof.com/dir/zesty-facebook-privacy-checker

Zesty Facebook Privacy Checker: See How Exposed Your Facebook Profile Is

It is remarkably simple website which shows us our Facebook information which regular internet users can view.

… Clicking on each subfield in the directory shows us the information in that directory which internet users can view. For instance clicking on the family members might bring up our Facebook family connections, in case we have not set the privacy preference to hide them.

hzesty.ca/facebook



Even rants contain some truth...

http://yro.slashdot.org/story/10/05/24/195208/Why-Online-Privacy-Is-Broken?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Why Online Privacy Is Broken

Posted by Soulskill on Monday May 24, @03:54PM

"One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it. Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects. A quick search of recent news on the privacy front reveals that just about all of it is bad. Facebook is exposing users' live chat sessions and other data to third parties. Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well. But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.' If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."


(Related)

http://www.docuticker.com/?p=35705

2010 International Piracy Watch List (PDF)


(Related) Everything you ever said online, stays online... Forever.

http://yro.slashdot.org/story/10/05/25/006201/Emergency-Dispatcher-Fired-For-Facebook-Drug-Joke?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Emergency Dispatcher Fired For Facebook Drug Joke

Posted by kdawson on Tuesday May 25, @02:43AM

"Dana Kuchler, a 21-year veteran of the West Allis' Dispatch Department, was fired from her job for making jokes on her Facebook page about taking drugs. She appealed to an arbitrator, claiming the Facebook post was a jok,e pointing out she had written 'ha' in it, and urine and hair samples tested negative for drugs. The arbitrator said she should be entitled to go back to work after a 30-day suspension, but the City of West Allis complained that was not appropriate. Is posting bad jokes on Facebook a justifiable reason to give someone the boot?"



Oh, the poor, vulnerable newspaper industry... Let's kill it!”

http://techcrunch.com/2010/05/24/publish2-disrupt/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Publish2 Wants To Disrupt The Associated Press With An Online News Exchange

Publish2 is taking a swing at the newswire mammoth – they un-lovingly call it an inefficient monopoly – by launching a platform that allows newspaper publishers and other media organizations tap the vast amount of quality content already available for free on the Web



Did anyone think the government would get it right the first time?

http://www.docuticker.com/?p=35709

PFF Report Says FCC’s Regulatory Leap Backwards Wrong for Internet



For my Security Students.

http://www.pcworld.com/article/196898/poisoned_pdfs_heres_your_antidote.html

Poisoned PDFs? Here's Your Antidote

Erik Larkin, PC World May 23, 2010 7:00 pm

… Here's the kicker: This embedded-file threat makes creative use of functionality built into the PDF standard. As such, it works not only on Adobe Reader but on other PDF readers, too, even if they're up-to-date. The makers of the Zeus Trojan horse are already using this new technique to spread their evil software.

How to Fight the New Threat

Changing a program setting in the current version of Adobe Reader can help. Head to Preferences, Trust Manager, and deselect Allow opening of non-PDF file attachments with external applications. See the Adobe Reader Blog for more details.

The latest 3.3 update for the Foxit PDF reader also has a new Safe Reading setting--enabled by default under a new Trust Manager section in the preferences--that likewise blocks embedded programs from running.

… Finally, a good antivirus program may stop a malicious PDF before it can launch an attack. And VirusTotal.com is excellent for scanning any downloaded or e-mailed file with a multitude of antivirus engines.

No comments: