Thursday, February 02, 2012


“Surprise, surprise, surprise!” Gomer Pyle
By Dissent, February 1, 2012
Dan Bowman reports on a new report by Redspin that analyzed breaches reported to HHS:
According to the report, nearly 40 percent of all major PHI breaches occurred on a laptop or other portable media device, a problem the authors say isn’t likely to go away anytime soon.
[...]
In the last year alone, data breaches stemming from employees losing unencrypted devices spiked a whopping 525 percent, according to the report. Total records breached in that same span nearly doubled (97 percent), increasing the average number of patient records per breach from nearly 27,000 to more than 49,000.
Read more on FierceHealthIT.

(Related) There's encryption and then there's good encryption...
FileVault 2 easily decrypted, warns Passware
… In a statement (PDF) issued this morning, password recovery company Passware has claimed that it can fully decrypt a FileVault-encrypted Mac disk within an hour. Using a live-memory analysis approach via the system's FireWire connection, Passware says its utilities can sample system memory and extract the encryption key for FileVault disks. The process apparently takes no more than 40 minutes, regardless of the length or complexity of the password used.


Local
By Dissent, February 2, 2012
Mark Meredith reports:
A Denver area non-profit medical group is asking customers to beware of hackers after the group discovered patient data had been compromised.
“On Monday, December 5th, 2011, Metro Community Provider Network became aware that a hacker potentially accessed the personal health information of some of our patients’ personal health information,” said the Metro Community Provider Network in a statement on its website.
The group believes hackers may have accessed patient names, phone numbers, and medical conditions. It’s not believed that hackers were able to access billing information like credit cards.
Read more on KWGN.
The group’s notice to patients is prominently linked from their home page. The statement indicates that the compromise occurred because employees fell for a phishing attempt:
On Monday, December 5th, 2011, Metro Community Provider Network became aware that a hacker potentially accessed the personal health information of some of our patients’ personal health information. We identified the date of the information breach to be Monday, December 5th, 2011; the same day we became aware of the breach. We are notifying affected individuals in as timely a manner as possible so they may take swift personal action along with our organization’s efforts to reduce or eliminate potential harm. The incident involving protected health information was a result of an email phishing scam. In this incident; a hacker sent an email to several of Metro Community Provider Network’s employees that claimed to be from a trusted source. The email asked for the employee to click on a link and provide login information. This was then used to gain access to the employee’s confidential emails. It is important to note that none of our employees had any intention to cause patients any harm, nor did they have any intention of allowing a hacker to access personal information; they were victims of a scam. [Interesting phrase to include... Bob]
The information that has potentially been accessed includes patients’ names, phone numbers, dates of birth, diagnoses (limited to diabetes, hypertension, hyperlipidemias and weight loss) and MCPN internal account numbers. No credit card or bank account information of any kind was accessed by the hacker. Approximately 2000 patients may have been affected.


Apparently, the downside isn't significant...
Exclusive: Hacked companies still not telling investors
… Top U.S. cybersecurity officials believe corporate hacking is widespread, and the Securities and Exchange Commission issued a lengthy "guidance" document on October 13 outlining how and when publicly traded companies should report hacking incidents and cybersecurity risk.
But with one full quarter having elapsed since the SEC request, some major companies that are known to have had significant digital security breaches have said nothing about the incidents in their regulatory filings.


“Only you can prevent forest fires.” S. Bear Question: Given that someone has the ability to shutdown the US, what would be the most advantageous time to strike? (strategic v. tactical?)
Can Homeland Security prevent a cybersecurity critical infrastructure disaster?
The U.S. is headed toward a "cybersecurity disaster," according to a Bloomberg Government study. The Ponemon Institute said that to stop 95% of the cybersecurity attacks, companies would need to spend nine times as much, which would "boost spending to a group total of $46.6 billion from the current $5.3 billion." Bloomberg reported, "Hardening those systems would require a significant investment given the increasing stealth and sophistication of hackers." According to Lawrence Ponemon, chairman of the Ponemon Institute, "The consequences of a successful attack against critical infrastructure makes these cost increases look like chump change. It would put people into the Dark Ages."
… A recent counterintelligence report [PDF] basically said, "China and Russia cyberspies are hell-bent on espionage and trying to steal U.S. secrets in cyberspace."
… While the senate cybersecurity bill is shrouded in secrecy, some of the new authorities it would grant DHS are "very scary," said Bob Dix, vice president of government affairs and critical infrastructure protection at Juniper Networks. Dix told The Hill, "The provision that establishes covered critical infrastructure presumes to give DHS new authority, that in my mind is overly broad, subject to interpretation and frankly goes beyond the boundaries of the role of government." He added, "The bill's language suggests DHS could seize control of systems owned by private firms and cloud providers." This sentiment about the implementation of a comprehensive and constitutional cybersecurity policy was echoed by privacy gurus at The Constitution Project [PDF]. "The government should not be permitted to conduct an end-run around Fourth Amendment safeguards by relying upon private companies to monitor networks."


Interesting how quickly and substantially they respond to any threat to profitability...
"Google has sought leave to submit an amicus curiae brief against Capitol Records' preliminary injunction motion in Capitol Records v. ReDigi. In their letter seeking pre-motion conference or permission to file (PDF) Google argued that '[t]he continued vitality of the cloud computing industry—which constituted an estimated $41 billion dollar global market in 2010—depends in large part on a few key legal principles that the preliminary injunction motion implicates.' Among them, Google argued, is the fact that mp3 files either are not 'material objects' and therefore not subject to the distribution right articulated in 17 USC 106(3) for 'copies and phonorecords,' or they are material objects and therefore subject to the 'first sale' exception to the distribution right articulated in 17 USC 109, but they can't be — as Capitol Records contends — material objects under one and not the other."

(Related) We are headed toward the Balkinization of the Internet. ...and a whole bunch of Little Big Brothers will control each segment.
"Google will begin redirecting blogs to country-specific URLs. Blog visitors will be redirected to a URL specific to their location, with content subject to their country's censorship laws. A support post on Blogger explains the change: 'Over the coming weeks you might notice that the URL of a blog you're reading has been redirected to a country-code top level domain, or "ccTLD." For example, if you're in Australia and viewing [blogname].blogspot.com, you might be redirected to [blogname].blogspot.com.au. A ccTLD, when it appears, corresponds with the country of the reader's current location.'"

(Related) “Would 'Privacy' by any other name smell as bad?” Juliet
What Actually Changed in Google’s Privacy Policy


“French legal reasoning” – How do you say Oxymoron in French?
Google must pay $660,000 for offering Google Maps for free
… According to Scemmama, Bottin has been arguing its case against Google for two years, claiming the search giant was engaging in anticompetitive practices by using its free service to take control over the online-mapping industry.

(Related) and sometimes it's what they don't say... 3000 are immune. That leaves 76000 second class citizens to charge with tax evasion...
Court says France cannot use stolen bank data for searches
February 1, 2012 by admin
AFP reports:
France’s highest appeals court has ruled that authorities may not use a list of 3,000 people suspected of tax evasion as a basis to conduct searches due to its illicit origin.
French authorities in January 2009 acted on a Swiss warrant and seized data about global banking giant HSBC’s customers from former computer specialist Herve Falciani’s home in France.
The decryption of the stolen files held by the former HSBC employee had allowed for the identification of 127,000 accounts belonging to 79,000 people, officials said at the time.
French authorities then used the information to launch tax evasion probes into individuals, including searches of homes to find evidence.
Read more on Expatica.com


Well, they did it. Big surprise. Let's see how much hype gets stirred up.
Facebook's IPO by the numbers: You like?
The social-networking giant's initial public offering document reveals a wealth of detail about its business operations previously known only to the likes of co-founder Mark Zuckerberg, COO Sheryl Sandberg and the company's legion of private investors.
… One thing is immediately clear: Facebook makes a ton of money. And it's making it fast.
In 2011, the company reported net income of a clean billion dollars on revenue of $3.7 billion. Just three years earlier, Facebook was an unprofitable and scrawny runt, with a net loss of $56 million and revenue less than a tenth of what it now pulls in ($272 million).
… We all expected some big user numbers, and Facebook certainly delivered on that front. It claims 845 million "monthly active users," and an astonishing 483 million "daily active users"--that is, the number of people who either log in or share something with other Facebook users in a given day.

(Related)
Can’t Get Facebook’s SEC Filing To Load? Good News, We Have It Here
Since we were getting a little frustrated with the slow-loading, totally crashing SEC.gov website, we decided to do everyone around here a favor. We made a PDF of the filing and posted it publicly on Scribd instead.
Below is the embed of the Scribd document.
Update: And Scribd is down.
Update #2 (3:58 PM PT): And Scribd is back. C’mon, Scribd, you can do it!


If you like it enough to share, stick a pin in it...
Pinterest nearly equals Twitter and Google in referral traffic
Pinterest is now the fastest growing site for referral traffic, according to a new study by content-sharing company Shareaholic. If Google+, YouTube, and LinkedIn's referral traffic were added up, they still wouldn't drive as many users as Pinterest.
Currently, Pinterest is invite-only.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)