Thursday, December 22, 2011


Come on, guys! Really? Unencrypted text?
China Software Developer Network (CSDN) 6 Million user data Leaked
December 21, 2011 by admin
Chinese Software Developer Network (CSDN), operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name, password, emails, all in clear text leaked on internet.
Read more on The Hacker News.


Bad security is expensive, even in Canadian dollars...
By Dissent, December 21, 2011
Alex Cameron and Sébastien Kwidzinski write:
The Durham Region Health Decision
In Rowlands v. Durham Region Health, the plaintiffs allege that a nurse employed by the Durham Region Health Department lost a USB thumb drive containing personal and confidential health information of over 83,500 patients. The nurse involved had allegedly accessed private patient information relating to H1N1 flu vaccinations received between October 1 and December 16, 2009, including in respect of patients for whom she had not provided care. [A search for “Flu vaccinations” rather than “Nurse Betty's flu vaccinations” would return the extra data. Bob]
The class action was brought following an investigation and Order by the Ontario Information and Privacy Commissioner, which cited a number of breaches of the Personal Health Information Protection Act (PHIPA) by Durham Region Health in relation to this incident. Section 65(1) of PHIPA permits a party to commence a proceeding for damages for actual harm suffered as a result of a contravention of PHIPA.
The plaintiffs in the class proceeding seek $40 million in damages. One of the main bases for damages in the lawsuit is the risk that the confidential information contained in the USB drive might be used to facilitate identity theft. The action is based in, among other things, negligence and breach of the statutory duty to protect patient information.
The court granted certification of the class proceeding pursuant to section 5 of the Class Proceedings Act, largely with the consent of the defendants.
Read more in the newsletter of Fasken Martineau.


Bad Security: We don't need no stinking food/oil!
"The European maritime sector has next to no idea about cyber security, according to a report released by the European Network and Information Security Agency (ENISA). The shipping industry, which carried 52 per cent of goods traffic in Europe in 2010, has 'currently low to non-existent' awareness of cyber security needs and challenges, the report said. ENISA claimed the lack of understanding was evident at every layer of the industry, from government bodies to port authorities and maritime companies."


Interesting perspective.
A Cyberworm that Knows No Boundaries
December 21, 2011 18:18 Source: RAND Corporation
From the abstract:
Iran's announcement that a computer worm called Stuxnet had infected computers that controlled one of its nuclear processing facilities marked a signal event in cyber attacks. Although such attacks were known to be theoretically possible, the incident proved that a cyberworm could successfully infiltrate a system and produce physical damage. Furthermore, the sophisticated nature of the worm and the resources that would have been required to design, produce, and implant it strongly suggest a state-sponsored effort. It has become clear that Stuxnet-like worms pose a serious threat even to infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks is an increasingly complex prospect.


Speaking of boundaries...
Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices
December 22, 2011 by Dissent
From EFF:
Our lives are on our laptops – family photos, medical documents, banking information, details about what websites we visit, and so much more. Thanks to protections enshrined in the U.S. Constitution, the government generally can’t snoop through your laptop for no reason. But those privacy protections don’t safeguard travelers at the U.S. border, where the U.S. government can take an electronic device, search through all the files, and keep it for a while for further scrutiny – without any suspicion of wrongdoing whatsoever.
For doctors, lawyers, and many business professionals, these border searches can compromise the privacy of sensitive professional information, including trade secrets, attorney-client and doctor-patient communications, research and business strategies, some of which a traveler has legal and contractual obligations to protect. For the rest of us, searches that can reach our personal correspondence, health information, and financial records are reasonably viewed as an affront to privacy and dignity and inconsistent with the values of a free society.
Read more on EFF and download their free guide by Seth Schoen, Marcia Hofmann, and Rowen Reynolds.
You can also take a self-quiz on border searches and sign a letter to DHS to clarify policies and procedures. I signed the petition after editing it to reflect that as a health care professional who may have to take patient data with me when I travel, I am very concerned that people could just demand access to those data without any protections or probable cause. If you’re concerned, too, why not take a moment and do something for yourself – sign the petition.


According to the original article: “the laptop was password protected and files were deleted.” Looks to me like kids stole it and thought the password was real security...
By Dissent, December 21, 2011
A laptop stolen from a St. Charles employee’s car in late October has been recovered.
The laptop contained personal information from about 140 patients who had been in the emergency room at St. Charles Bend or Redmond. A forensic analysis indicated that someone had attempted to access the laptop but was unable to do so, making it unlikely that personal information was accessed inappropriately.
The laptop was found in brush by an 8-year-old girl riding horseback near Horse Butte at the end of November. It was returned to the hospital by the family Dec. 16.
Source: Bend Bulletin
It’s not enough we hear news of a recovery like this.


Here's a real opportunity for a Health Study! How many frequent fliers have symptoms of radiation poisoning?
Questions Linger on Safety of Airport Body Scanners
Much of the debate surrounding the increasingly common security scanners revolves around their effectiveness and privacy. But the health implications are coming to the fore as the European Union bans x-ray scanners because of health concerns. Many EU nations will instead use millimeter-wave, lower frequency scanners.
Both types use a beam of electromagnetic energy to create an image of a passenger — sans clothing — in an effort to detect weapons and other contraband. Millimeter wave scanners use a portion of the spectrum close to microwaves, while x-ray scanners, of course, use the higher frequency x-ray portion of the electromagnetic spectrum. Both devices collect the scattered waves that reflect off the body to create an image.
The dose of radiation from the x-ray scanners is very low. But whether it is low enough to be harmless remains a lingering question.
A recent report by ProPublica and PBS uncovered concerns over the level of radiation passengers are exposed to. Although the dose is very low, the scanners still violate “a longstanding fundamental principle of radiation safety — that humans shouldn’t be x-rayed unless there is a medical benefit,” the report states. There also is the concern that repeated exposure to even low doses of radiation could be a problem.


Note that it is still okay for them to track you online without telling you they are doing it. They just can't tell you you have a choice when you really don't.
FTC Accepts Final Settlement with Online Advertiser Scan Scout, Which Allegedly Used Flash Cookies to Track Consumers
December 21, 2011 by Dissent
Following a public comment period, the Federal Trade Commission has finalized a settlement order with online advertiser ScanScout, which the FTC alleged deceptively claimed that consumers could opt out of receiving targeted ads by changing their browser settings. The settlement, which was first announced on November 8, 2011, bars misrepresentations about the company’s data-collection practices and consumers’ ability to control collection of their data. It also requires that ScanScout take steps to improve disclosure of its data collection practices, and to provide a user-friendly mechanism that allows consumers to opt out of being tracked.
Source: FTC. More info on the case can be found here.

(Related) Oh look, the FTC knows something about cookies!
December 21, 2011
FTC Guidance - Cookies: Leaving a Trail on the Web
"Have you ever wondered why some online ads you see are targeted to your tastes and interests, or how websites remember your preferences from visit to visit? The answer may be in the “cookies." A cookie is information saved by your web browser, the software program you use to visit the web. Cookies can be used by companies that collect, store and share bits of information about your online activities to track your behavior across sites. Cookies also can be used to customize your browsing experience, or to deliver ads targeted to you. OnGuardOnline.gov wants you to know how cookies are used and how you can control information about your browsing activities. Here are answers to some commonly asked questions about cookies – what they are, what they do, and how you can control them."


On the other hand... This looks to be a fairly comprehensive audit. Lots of good detail, but it sounds a bit like Facebook PR helped with the wording. Merits a close read...
Ireland’s Facebook audit gives it privacy green light, but with conditions
December 21, 2011 by Dissent
John Kennedy reports:
Ireland’s Data Protection Commissioner has concluded its massive audit of Facebook – the biggest investigation in the agency’s history – and has cleared it of most charges. However, Facebook has agreed to a wide range of ‘best practice’ improvements.
Arising from the audit, Facebook has agreed to ‘best practice’ improvements to be implemented over the next six months, with a formal review happening in July 2012.
Read more on Silicon Republic. Right now, the links from the audit page to the report and its appendices do not appear to be working, but hopefully we’ll have the full report available soon.
Related: Press release on the report from the DPC and Facebook’s response.
And as always, it’s interesting to see the different media spins on this. Fox News trumpets, “Facebook Vindicated in Irish Privacy Audit,” while Kashmir Hill of Forbes reports, “Some Scolding, No Fines For Facebook After Irish Privacy Investigation.”
One wonders what the German DPA’s would have done with this complaint.
Update: The audit is now available online, here (h/t, @steph3n)


A study of “How Revolutions Happen” or “How to be Revolting” depending on your point of view?
December 21, 2011
The Revolutions Were Tweeted: Information Flows During the 2011 Tunisian and Egyptian Revolutions
The Revolutions Were Tweeted: Information Flows During the 2011 Tunisian and Egyptian Revolutions, International Journal of Communication 5 (2011), Feature 1375–1405 1932–8036/2011FEA1375 [via gigaom]
  • "This article details the networked production and dissemination of news on Twitter during snapshots of the 2011 Tunisian and Egyptian Revolutions as seen through information flows—sets of near-duplicate tweets—across activists, bloggers, journalists, mainstream media outlets, and other engaged participants. We differentiate between these user types and analyze patterns of sourcing and routing information among them. We describe the symbiotic relationship between media outlets and individuals and the distinct roles particular user types appear to play. Using this analysis, we discuss how Twitter plays a key role in amplifying and spreading timely information across the globe."


Something for those cold winter nights, and you don't even need to leave the house to get them!
… Where possible, we have included links to free versions of the books, all taken from our Free Audio Books and Free eBooks collections.
If you’re looking for a more extensive list of essential works, don’t miss The Harvard Classics, a 51 volume series that you can now download online.
1.) The Bible (eBook) - “to learn that it’s easier to be told by others what to think and believe than it is to think for yourself.”
2.) The System of the World by Isaac Newton (eBook) – “to learn that the universe is a knowable place.”
3.) On the Origin of Species by Charles Darwin (eBookAudio Book) - “to learn of our kinship with all other life on Earth.”
4.) Gulliver’s Travels by Jonathan Swift (eBookAudio Book) – “to learn, among other satirical lessons, that most of the time humans are Yahoos.”
5.) The Age of Reason by Thomas Paine (eBookAudio Book) – “to learn how the power of rational thought is the primary source of freedom in the world.”
6.) The Wealth of Nations by Adam Smith (eBookAudio Book) - “to learn that capitalism is an economy of greed, a force of nature unto itself.”
7.) The Art of War by Sun Tsu (eBookAudio Book) - “to learn that the act of killing fellow humans can be raised to an art.”
8.) The Prince by Machiavelli (eBookAudio Book) - “to learn that people not in power will do all they can to acquire it, and people in power will do all they can to keep it.”


Sometimes ya gots to like speak their lag-age, ya know?
Tuesday, December 20, 2011
Strunk and White's The Elements of Style comes alive in this fun rap video that I found on Brain Pickings through a Tweet by Open Culture. The three minute hits the fundamentals of good writing as outlined by Strunk and White.
[Lyrics are here: http://vimeo.com/33410512


No one ever calls me to consult for them. More likely they ask me to stop bugging them...
Meet the future of consulting


Some of my readers love Infographics. I must admit that I do too...
Wednesday, December 21, 2011
Infographics are all over the web these days. Some infographics are excellent and some are not, but even the bad ones seem to get passed around. Visual.ly is a website that catalogs infographics from across the web. Visual.ly has more than 5,000 infographics arranged in twenty-one categories. Some of the infographics are useful displays of information and others, like the one below are just for fun.


Every now and then I see an article and say to myself, “Putting that in my blog would just be stooping to silly childish humor.” And then I say to myself, “so how long can you keep a straight face?” It is, after all, just another example of biometric security...
Your Butt Is Your Password in the Anti-Theft Car Seat
Keys can be stolen, remote alarms can be hacked. But your butt-print is yours alone. [Now available as a wall sized poster! Bob]

No comments: