Tuesday, January 25, 2011

Other questions to ask: Why would an employee be transporting a “backup device?” Is this a violation of policy?

http://www.phiprivacy.net/?p=5687

Grays Harbor Pediatrics notifies patients after backup device stolen from employee’s car

By Dissent, January 24, 2011

Great thanks to Grays Harbor Pediatrics for getting back to me with answers to some questions I sent them about their substitute notice concerning a stolen backup device.

According to their emailed statement to this site, the backup device was stolen from the employee’s car. In response to my question as to whether the data were supposed to have been encrypted under their policies, a spokesperson answered that “The backup device was password protected,” which was a somewhat non-responsive answer.

The statement also indicates that police were notified of the theft and that 12,009 patient records were affected.

All patients have been notified of the incident.

[From the earlier report:

Grays Harbor Pediatrics has secured all current software applications by changing passwords, implementing new encryption software and updating security protocols to ensure that no patient information may be compromised.



So, what does this suggest for Apple's future? (Are my Software Engineering students going to be much more valuable soon?)

http://apple.slashdot.org/story/11/01/25/0015216/Ex-NSA-Analyst-To-Be-Global-Security-Head-At-Apple?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Ex-NSA Analyst To Be Global Security Head At Apple

"Cnet.com reports that Apple has tapped security expert and author David Rice to be its director of global security. Rice is a 1994 graduate of the US Naval Academy and has a master's degree in Information Warfare and Systems Engineering from the Naval Postgraduate School. He served as a Global Network Vulnerability analyst (Forbes used cryptographer) for the National Security Agency and as a Special Duty Cryptologic officer for the Navy. He is executive director of the Monterey Group, a cybersecurity consulting firm. He's also on the faculty of IANS, an information security research company and works with the US Cyber Consequences Unit. In a 2008 interview with Forbes, 'A Tax On Buggy Software,' Rice talks of a 'tax on software based on the number and severity of its security bugs. Even if that means passing those costs to consumers. ... Back in the '70s, the US had a huge problem with sulfur dioxide emissions. Now we tax those emissions, and coal power plants have responded by using better filters. Software vulnerabilities, like pollution, are inevitable — producing perfect software is impossible. So instead of saying all software must be secure, we tax insecurity and allow the market to determine the price it's willing to pay for vulnerability in software. Those who are the worst "emitters" of vulnerabilities end up paying the most, and it creates an economic incentive to manufacture more secure software.'"



Another step toward ubiquitous surveillance...

http://www.allcartech.com/blog/1054140_nanny-cams-prove-popular-for-parents-of-teen-drivers

Nanny Cams Prove Popular For Parents Of Teen Drivers

… Apps and services like T-Mobile's DriveSmart encourage teens to be smarter about texting and driving. Ford's ingenious MyKey technology lets parents limit a driver's speed and the volume of the stereo. Monitors like the Progressive Snapshot work like the black boxes on airplanes, keeping track of major events. And, of course, real black box devices may be required on all cars in the U.S. in another two years.

The extreme end of this monitoring trend is the onboard video recorder. DriveCam -- arguably the most popular of such devices -- stores footage in a cache that's regularly cleared, but when it senses "erratic vehicle movements, such as extreme braking, acceleration, cornering or a collision, the device provides a video clip of what occurred the 10 seconds before and after the event." The camera then wirelessly sends that clip to DriveCam servers so that it can be shared with parents, [Might be an interesting server to hack into... Just saying... Bob] helping them coach their teens on safe driving behavior.



For my Computer Security students. To help, or not to help? Who should make this call?

http://it.slashdot.org/story/11/01/24/2017242/How-Facebook-Responded-To-Tunisian-Hacks?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

How Facebook Responded To Tunisian Hacks

"Facebook's security team opens up, shedding light on a revolution that could become a parable for Internet activism. Quoting: 'After more than ten days of intensive investigation and study, Facebook's security team realized something very, very bad was going on. The country's Internet service providers were running a malicious piece of code that was recording users' login information when they went to sites like Facebook. By January 5, it was clear that an entire country's worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades. Sullivan and his team decided they needed a country-level solution — and fast. Though Sullivan said Facebook has encountered a wide variety of security problems and been involved in various political situations, they'd never seen anything like what was happening in Tunisia.'"

[From the article:

At Facebook, Sullivan's team decided to take an apolitical approach to the problem. This was simply a hack that required a technical response. "At its core, from our standpoint, it's a security issue around passwords and making sure that we protect the integrity of passwords and accounts," he said. "It was very much a black and white security issue and less of a political issue." [Oh? Bob]

The software was basically a country-level keystroke logger, with the passwords presumably being fed from the ISPs to the Ben Ali regime. As a user, you just logged into some part of the cloud, Facebook or your email, say, and it snatched up that information. If you stayed persistently logged in, you were safe. It was those who logged out and came back that were open to the attack.

Sullivan's team rapidly coded a two-step response to the problem. First, all Tunisian requests for Facebook were routed to an https server. [Note that if you were not in Tunisia, you didn't get a secure connection. Bob] The Https protocol encrypts the information you send across it, so it's not susceptible to the keylogging strategy employed by the Tunisian ISPs.

The second technical solution they implemented was a "roadblock" for anyone who had logged out and then back in during the time when the malicious code was running. Like Facebook's version of a "mother's maiden name" question to get access to your old password, it asks you to identify your friends in photos to complete an account login. [Wouldn't Big Brother love that information! Bob]



Here we go again...

http://news.cnet.com/8301-31921_3-20029423-281.html

Justice Department seeks mandatory data retention

Criminal investigations "are being frustrated" because no law currently exists to force Internet providers to keep track of what their customers are doing, the U.S. Department of Justice will announce tomorrow.

CNET obtained a copy of the department's position on mandatory data retention--saying Congress should strike a "more appropriate balance" between privacy and police concerns--that will be announced at a House of Representatives hearing tomorrow.



An inevitable reaction to Behavioral Advertising...

http://www.bespacific.com/mt/archives/026340.html

January 24, 2011

Do-Not-Track" Option Now on IE, Firefox and Chrome

National Journal: Google and Mozilla both announced that they will be adding "do-not-track" options to their Internet browsers, allowing users to prevent websites from gathering personal information and selling it to advertisers. Mozilla announced its plan Sunday with Google following suit Monday. According to a company statement, Google's "Keep My Op-Outs" feature will be available as an extension for download on its Chrome browser Monday. "We made available, for all major browsers, a downloadable browser plugin that enables you to permanently opt out of Google's advertising cookie, even if you deleted all your browser's cookies," according to the statement." Mozilla's Firefox version will be an HTTP header that will tell websites that a user wants to opt-out what's called "online behavioral advertising." "The advantages to the header technique are that it is less complex and simple to locate and use, it is more persistent than cookie-based solutions, and it doesn't rely on user's finding and loading lists of ad networks and advertisers to work," said Mozilla technology and privacy officer Alex Fowler wrote in a blog post Sunday. Microsoft announced a similar feature for its Internet Explorer in December."



“There's absolutely positively nothing wrong with our scanners-- but we're going to replace them.” I wonder if more detailed images will be captured but not displayed?

http://www.pogowasright.org/?p=19834

TSA Chief: Less intrusive scanners to be introduced

January 24, 2011 by Dissent

Ken Kaye of the Sun Sentinel reports on an interview he had with John Pistole of the TSA.

Interestingly, in a matter of days or hours, Pistole seems to have gone from saying that TSA will investigate other scanners and might introduce an alternative to the current “nudatrons” to more of a commitment that they will introduce less invasive scanners:

While detecting explosives at U.S. airports remains top priority, the TSA is also ready to ease passenger privacy concerns from body imaging scanners at checkpoints, said Pistole, 54, who spent 26 years with the FBI.

[...]

He said the TSA plans to introduce a new version of its controversial body imaging scanners. Instead of generating a fuzzy view of a passenger’s entire body, the new ones will create a generic image that highlights any suspicious items with a rectangle.

Then, both the passenger and transportation officers will be able to view that image at the same time, he said. The new machines might be used experimentally as early as this year, he added.

Read more in the Chicago Tribune.


(Related)

http://www.pogowasright.org/?p=19841

Ex-Minn. governor sues over body scans, pat-downs

January 24, 2011 by Dissent

Amy Forliti of Associated Press reports:

Former Minnesota Gov. Jesse Ventura sued the Department of Homeland Security and the Transportation Security Administration on Monday, alleging full-body scans and pat-downs at airport checkpoints violate his right to be free from unreasonable searches and seizures.

Ventura is asking a federal judge in Minnesota to issue an injunction ordering officials to stop subjecting him to “warrantless and suspicionless” scans and body searches.

Read more on Star-Tribune



A question for Economists: Are they creating a bank or their own currency? (Which is more profitable?)

http://games.slashdot.org/story/11/01/25/0547222/Facebook-To-Make-Facebook-Credits-Mandatory-For-Games?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Facebook To Make Facebook Credits Mandatory For Games

"Facebook has confirmed that it is indeed making Facebook Credits mandatory for Games, with the rule going into effect on July 1 2011. Facebook says that Credits will be the exclusive way for users to get their 'real money' into a game, but developers are still allowed to keep their own in-game currencies (FarmBucks, FishPoints, whatever). For example, Zynga can charge you 90 Facebook Credits for 75 CityCash in CityVille. ... The company acknowledges that some developers may not be pleased with the news, explaining this is why it is announcing the news five months in advance, so it can 'have an open conversation with developers.' The rule only applies to Canvas games (games that use Facebook Connect aren't affected), and while it's games only at this part, Facebook says that it eventually would like to see all apps using Facebook Credits. It's a move that's been a long time coming — there has been speculation that Facebook would do this for a year now, spurring plenty of angst in the developer community."

[From the article:

Facebook’s argument is that Credits are good for users and developers alike. There’s a higher barrier to entry if a user has to pull out their wallet to buy a different currency every time they play a new game — using the same currency lowers this bar. It also means there’s less of a lock-in factor, and Facebook can do its part to educate and promote the use of Credits to get everyone used to paying real money for virtual goods.

Of course, Facebook gets something out of it: they take an industry-standard 30% cut whenever users purchase anything with Facebook Credits. That can add up to a lot of money — we’ve heard elsewhere that Zynga is paying Facebook around $30 million a month for its Credits tax.



For my Computer Security students. How will their rules differ from police in the US?

http://yro.slashdot.org/story/11/01/25/0239250/Iran-Launches-Cyber-Police-Units?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Iran Launches Cyber-Police Units

"Iran is implementing a cyber police force to combat social networks and similar sources of 'espionage and riots.' This will likely result in more control over internet access than efforts that might hinder attacks like Stuxnet. 'Ahmadi Moghaddam said that Iran's cyber police will take on the "anti-revolutionary" dissident groups that used online social networks to organize protests against President Mahmoud Ahmadinejad following disputed elections held in 2009. "Through these very social networks in our country, anti-revolutionary groups and dissidents found each other and contacted foreign countries and triggered riots," said Ahmadi Moghaddam, referring to the protests that took place at the time.'"

[From the Inquirer:

It all sounds fairly reasonable until you read that the cyber police unit's remit includes subverting social networks that police chief Esmaeil Ahmadi Moghaddam said promote "espionage and riots".


(Related)

http://www.bespacific.com/mt/archives/026331.html

January 24, 2011

China: Student Informant System to Expand, Limiting School Autonomy, Free Expression

Via FAS: China: Student Informant System to Expand, Limiting School Autonomy, Free Expression (U//FOUO - "Unclassified // For Official Use Only")- 23 November 2010, CIA-DI-10-05021 [This report was prepared by the Open Source Works, which was charged by the Director for Intelligence with drawing on language trained analysts to mine open-source information for new or alternative insights on intelligence issues.]

  • Chinese educators and Communist Party officials are expanding the student informant system (SIS) to a growing number of Chinese universities, colleges, vocational institutes, and lower level schools. Students designated as student-informants, who report to an academic affairs department, engage in political spying on both professors and fellow students and denounce professors and students for politically subversive or unconventional views. (U//FOUO) The principal objective of the SIS is to ensure campus stability and to control the debate and discussion of politically sensitive issues. Students have had their scholarships revoked and their academic records penalized because of information provided by student informants that is sometimes highly subjective, such as facial expressions. Since 2002, the SIS has added a separate, secret system of student informants who report to university security departments. (U//FOUO) Despite some teacher and student resistance, the government appears determined to continue to use the SIS as a tool to ensure political stability on Chinese campuses, as evidenced by government studies touting its utility and effectiveness for improving education. The limited public debate on the SIS focuses on its impact on freedom of speech, the risk of spreading a culture of denunciation, and the harm the system does to cultivating talented students. (U//FOUO)"


(Related) “We can, therefore we must” can quickly get out of hand... No threat implied, of course...

http://www.pogowasright.org/?p=19873

UK: Schools’ secret reports on how parents look as they build database to fight truancy: Education chiefs keep database on hair, height and build

January 25, 2011 by Dissent

James Slack reports:

Town hall bosses are compiling secret ‘Big Brother’ databases on the appearance of school children’s parents.

Education officials say they are keeping the sensitive information in case they ever want to identify a parent for legal action.

Forms are being given to staff asking them to comment on height, hair, and build, which involves assumptions on whether a parent should be considered overweight or untidy.

Read more in the Daily Mail.



If we can keep this up, we may eventually rise to “second rate!”

http://tech.slashdot.org/story/11/01/25/0442227/Two-Thirds-of-US-Internet-Users-Lack-Fast-Broadband?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Two-Thirds of US Internet Users Lack Fast Broadband

"Two-thirds of US Internet connections are slower than 5 Mbps, putting the United States well behind speed leaders like South Korea, where penetration of so-called 'high broadband connectivity' is double the rate experienced in the United States. The United States places ninth in the world in access to high broadband connectivity, at 34% of users, including 27% of connections reaching 5 Mbps to 10 Mbps and 7% reaching above 10 Mbps, Akamai says in its latest State of the Internet Report. That's an improvement since a year ago, when the United States was in 12th place with only 24% of users accessing fast connections. But the United States is still dwarfed by South Korea, where 72% of Internet connections are greater than 5 Mbps, and Japan, which is at 60%. The numbers illustrate the gap between expectation and reality for US broadband users, which has fueled the creation of a government initiative to improve access. The US government broadband initiative says 100 million Americans lack any broadband access, and that faster Internet access is needed in the medical industry, schools, energy grid and public safety networks."



Interesting statistics...

http://www.bespacific.com/mt/archives/026332.html

January 24, 2011

OCLC - Perceptions of Libraries, 2010: Context and Community

"OCLC's newest membership report, Perceptions of Libraries, 2010, a sequel to the 2005 Perceptions of Libraries and Information Resources, is now available. The new report provides updated information and new insights into information consumers and their online habits, preferences, and perceptions. Particular attention was paid to how the current economic downturn has affected the information-seeking behaviors and how those changes are reflected in the use and perception of libraries."



Attention Al Gore!

http://idle.slashdot.org/story/11/01/24/1640224/Genghis-Khan-Historys-Greenest-Conqueror?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Genghis Khan, History's Greenest Conqueror

New research suggests that in addition to being one of history's cruelest conquerors, Genghis Khan may have been the greenest. It is estimated that the Mongol leader's invasions unintentionally scrubbed almost 700 million tons of carbon from the atmosphere. From the article: "Over the course of the century and a half run of the Mongol Empire, about 22 percent of the world's total land area had been conquered and an estimated 40 million people were slaughtered by the horse-driven, bow-wielding hordes. Depopulation over such a large swathe of land meant that countless numbers of cultivated fields eventually returned to forests. In other words, one effect of Genghis Khan's unrelenting invasion was widespread reforestation, and the re-growth of those forests meant that more carbon could be absorbed from the atmosphere." I guess everyone has their good points.



For all my students

http://news.slashdot.org/story/11/01/25/0515212/The-Rise-and-Rise-of-the-Cognitive-Elite?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Rise and Rise of the Cognitive Elite

"As technology advances, the rewards to cleverness increase. Computers have hugely increased the availability of information, raising the demand for those sharp enough to make sense of it. In 1991 the average wage for a male American worker with a bachelor's degree was 2.5 times that of a high-school drop-out; now the ratio is 3. Cognitive skills are at a premium, and they are unevenly distributed."



A drill-down search tool?

http://www.makeuseof.com/tag/search-search-content-linked-current-web-page/

Search Everywhere: Search The Content Linked From The Current Web Page

It is always fun to discover new great tools people can use to search. We have shared quite a few of them already, including tools that let you quickly jump to other search engines after you search Google, plugins that support search suggestions and Firefox addons that let you search faster than Google Instant.

Search Everywhere is a great FireFox addon that allows you to search over the content linked from your web browser’s current page.



For my Lawyer friends...

http://news.yahoo.com/comics/uclickcomics/20110117/cx_crbc_uc/crbc20110117;_ylt=AiK2MQzU5GC4iDCNAdiacyfqcLQF;_ylu=X3oDMTE2MWRjdnZjBHBvcwMyBHNlYwN5bl9oaWdobGlnaHRfdmlld2VyBHNsawNwcmV2


No comments: