Wednesday, March 28, 2012

Trivial, but ties in nicely with the next article...
By Dissent, March 27, 2012
*sigh*
Howard University Hospital this week sent notification to patients of a potential disclosure of their protected health information in late January. A former contractor’s personal laptop containing patient information was stolen, according to a statement by the hospital.
The laptop, taken from the former contractor’s vehicle, was password protected.
[...]
The hospital has sent letters to 34,503 patients affected by the breach. The records contained the Social Security numbers for a number of those patients.
Read more on WUSA9.com, although you can probably write the story by now yourself. [...while napping Bob]
A link on the hospital’s homepage says:
Howard University Hospital this week sent notification to patients of a potential disclosure of their protected health information that occurred in late January when a former contractor’s personal laptop containing patient information was stolen.

(Related)
By Dissent, March 27, 2012
ID Experts points us to a post by Pamela Lewis Dolan:
Physicians who own mobile devices should make the following assumption: If they lose a smartphone or tablet, someone is going to try to see what’s on it.
With an estimated 80% of physicians using a mobile device on the job, a lot of patient data is vulnerable to breaches unless steps are taken to protect it. Data encryption is the one thing that protects physicians from having to report a breach if data go missing. But ensuring data encryption on a mobile device can be a little tricky. At the least, there are other ways to help ensure that data aren’t accessed if you happen to leave your phone behind in a taxi or at a restaurant.
Read more on amednews.com


What kind of lawyering is this?
Proposed lawsuit settlement includes free soft drinks
March 28, 2012 by Dissent
Jeff Eckhoff and James Heggen report:
The failure of a Des Moines restaurant chain to fully comply with a federal anti-identity theft law will soon lead to free soft drinks for some of its former patrons, assuming a federal judge approves.
Lawyers in a complicated class-action lawsuit have submitted a proposed settlement that will, if it is approved by U.S. District Judge James Gritzner, eventually lead to $170,000 for the plaintiffs’ attorneys and coupons for people who can prove they used a credit card or debit card during a three-year period at Palmer’s Deli & Market.
The lawsuit, filed initially on June 1, 2011, accused Palmer’s of willfully violating a 2003 federal law that requires the truncation of credit card numbers and expiration dates on printed store receipts.
Read more in the Des Moines Register.
This is not the first time we’ve seen a settlement like this. Olive Garden had a similar one in May 2009, but the members of that class got coupons for $9.00 worth of appetizers. And members of a class action lawsuit against Primanti Brothers got coupons for free sandwiches in October 2010. Although it doesn’t seem like members of this class benefit significantly in the usual sense of “significantly,” the settlement may say save Palmer’s from being bankrupt should they have to pay statutory damages. The firm’s insurance company is also suing them, claiming they should not be liable for any costs or expenses from this incident.

(Related) Shouldn't the settlement reach at least a penny a victim?
FTC releases proposed settlement order in RockYou breach; $250k fine for breaching COPPA
March 27, 2012 by admin
The RockYou breach, disclosed in December 2009, stands as the 10th largest breach on DataLossDB’s counter after 32 million login credentials were compromised. A civil suit, Claridge v. RockYou, is still unsettled, although a proposed settlement was submitted to the court in November 2011. Previous coverage on this breach can be found here. Now the FTC has issued a statement on a proposed settlement of its charges against the firm:
The operator of a social game site has agreed to settle charges that, while touting its security features, it failed to protect the privacy of its users, allowing hackers to access the personal information of 32 million users. The Federal Trade Commission also alleged in its complaint against RockYou that RockYou violated the Children’s Online Privacy Protection Act Rule (COPPA Rule) in collecting information from approximately 179,000 children. The proposed FTC settlement order with the company bars future deceptive claims by the company regarding privacy and data security, requires it to implement and maintain a data security program, bars future violations of the COPPA Rule, and requires it to pay a $250,000 civil penalty to settle the COPPA charges.
According to the FTC complaint, RockYou operated a website that allowed consumers to play games and use other applications. Many consumers used the site to assemble slide shows from their photos, using a caption capability and music supplied by the site. To save their slide shows, consumers had to enter their email address and email password. [email is an identifier, what purpose does sharing the password serve? Bob]
The FTC’s COPPA Rule requires that website operators notify parents and obtain their consent before they collect, use, or disclose personal information from children under 13. The Rule also requires that website operators post a privacy policy that is clear, understandable, and complete.
The FTC alleged that RockYou knowingly collected approximately 179,000 children’s email addresses and associated passwords during registration – without their parents’ consent – and enabled children to create personal profiles and post personal information on slide shows that could be shared online. The company asked for kids’ date of birth, and so accepted registrations from kids under 13. In addition, the company’s security failures put users’ including children’s personal information at risk, according to the FTC. The FTC charged that RockYou violated the COPPA Rule by:
  • not spelling out its collection, use and disclosure policy for children’s information;
  • not obtaining verifiable parental consent before collecting children’s personal information; and
  • not maintaining reasonable procedures, such as encryption to protect the confidentiality, security, and integrity of personal information collected from children.
The proposed settlement order bars deceptive claims regarding privacy and data security and requires RockYou to implement a data security program and submit to security audits by independent third-party auditors every other year for 20 years. [Ask any accounting firm to do this – it will probably save you more than $250,000 Bob] It also requires RockYou to delete information collected from children under age 13 and bars violations of COPPA. Finally, RockYou will pay a $250,000 civil penalty for its alleged COPPA violations.
The FTC has a new publication, Living Life Online, to help tweens and teens navigate the internet safely.
The Commission vote to authorize the staff to refer the complaint to the Department of Justice and to approve the proposed consent decree was 4-0. The DOJ filed the complaint and proposed consent decree on behalf of the Commission in U.S. District Court for the Northern District of California on March 26, 2012. The proposed consent decree is subject to court approval.
So… if it wasn’t for the children’s data, would the FTC have gone after RockYou or fined them? The passwords were stored plain-text, but the only reference to encryption in this release applies to children’s data, not the adults’.
Update: I see that in his coverage of the proposed order, Jaikumar Vijayan reports that the civil suit against RockYou settled in December. If he’s referring to Claridge v. RockYou, the motion for settlement is due to be heard tomorrow (March 28).


Now Perry Mason doesn't need to ask, “Where were you on the night of the crime?”
Want to know where your teen is? Ask OnStar
If you're nervous about giving your teen driver the keys to the family car, you may be able to buy peace of mind from OnStar. The telematics company now offers the ability to tell you where your vehicles, and possibly the drivers, are at any time.
Family Link is an optional add-on service to the operator assisted emergency response and navigation services offered by OnStar. Subscribers can log on to OnStar's Family Link Web site to view a map with the vehicle's location at any time. They can also schedule email or text alerts to update them periodically on the location of the automobile on specific days or times.


If they had trained their officers in a misinterpretation of the law, I can't see how they could be disciplined for following their training. So it appears they had no training in that area.
"The City of Boston has reached a $170,000 settlement with Simon Glik, who was arrested by Boston Police in 2007 after using his mobile phone to record police arresting another man on Boston Common. Police claimed that Glik had violated state wiretapping laws, but later dropped the charges and admitted the officers were wrong to arrest him. Glik had brought a lawsuit against the city (aided by the ACLU) because he claimed his civil rights were violated. According to today's ACLU statement: 'As part of the settlement, Glik agreed to withdraw his appeal to the Community Ombudsman Oversight Panel. He had complained about the Internal Affairs Division's investigation of his complaint and the way they treated him. IAD officers made fun of Glik for filing the complaint, telling him his only remedy was filing a civil lawsuit. After the City spent years in court defending the officers' arrest of Glik as constitutional and reasonable, IAD reversed course after the First Circuit ruling and disciplined two of the officers for using "unreasonable judgment" in arresting Glik.'"


The downside of building your own country to avoid the laws of other countries is...
"Ars has a great article about the history of Sealand, a data haven — a place where you can host almost anything, as long as it follows the very bare laws of Sealand Government. Quoting: 'HavenCo's failure — and make no mistake about it, HavenCo did fail — shows how hard it is to get out from under government's thumb. HavenCo built it, but no one came. For a host of reasons, ranging from its physical vulnerability to the fact that The Man doesn't care where you store your data if he can get his hands on you, Sealand was never able to offer the kind of immunity from law that digital rebels sought. And, paradoxically, by seeking to avoid government, HavenCo made itself exquisitely vulnerable (PDF) to one government in particular: Sealand's.'"


This is as old as the “razors and blades” model – probably older (Og give you fire. You give Og mastodon steaks!)
Temple Run and the Rise of the Free, Profitable Videogame
… When Apple launched its digital game store in 2008, most games cost a few dollars. The success of 99-cent apps drove prices down. Then in 2009, Apple changed its store to allow free downloads to feature in-app purchases, for the first time making it possible to give away a game and make money later.
Now free is the most lucrative price point. From kids’ games like Smurfs’ Village to puzzles like Bejeweled Blitz, 15 of the first 20 games on Apple’s Top-Grossing Apps list are free. The analyst group Distimo estimates that half of the revenue for the 200 top-grossing apps comes from the freemium model. Everyone from indie game developers to established companies is jumping on the freemium bandwagon.
… The released Temple Run on the App Store in August for 99 cents.
It did well, at first. “It got a ton of critical acclaim, it got featured [on the App Store menu], people loved it,” says Luckyanova. Temple Run was one of the top 50 paid apps. The couple sold about 40,000 copies at 99 cents a pop. But then it started sliding down the list. With little to lose, Shepherd and Luckyanova abruptly changed the price to zero, hoping to make money by getting players to trade real-life cash for virtual currency.
Revenue immediately increased. People told their friends — hey, play this game. It’s free. You can grab it right now. By Christmas, it was the top-grossing app on the store. “It snowballed into a viral effect,” says Shepherd. The game is now at 46 million free downloads — and Shepherd and Luckyanova estimate that 1 to 3 percent of players wind up spending money on the game.


My Ethical Hackers can hack your phone in 1 minute 50 seconds! I mean, a “four digit passcode?”
"Micro Systemation, a Stockholm-based company, has released a video showing that its software can easily bypass the iPhone's four-digit passcode in a matter of seconds. It can also crack Android phones, and is designed to dump the devices' data to a PC for easy browsing, including messages, GPS locations, web history, calls, contacts and keystroke logs. The company's director of marketing says it uses an undisclosed vulnerability in the devices it targets to run a program on the phone that brute-forces its passcode. He says the company's business is 'booming' and that it's sold the devices to law enforcement and military customers in 60 countries. He says Micro Systemation's biggest customer is the U.S. military."


Since China is in flux (to the point where civil war is possible?) are stories like these just a way for the government to admit publicly what we kind of knew anyway but no one wanted to say for fear of “offending” the Chinese government?
China nabbing 'great deal' of U.S. military secrets
Testifying before the Senate Armed Services Committee yesterday, Gen. Alexander said that China is stealing a "great deal" of the U.S. military's intellectual property, adding that the NSA sees "thefts from defense industrial base companies." According to a story in Information Week, he declined to provide any information on those attacks. However, he did confirm speculation swirling around the security space that China was behind last year's attacks on RSA.


The world is changing, again...
Harry Potter And The Great Sideloading Gamble. A ‘Dark Day’ For Publishers?
A milestone today in the world of publishing, as Pottermore.com, the site dedicated to all digital things Harry Potter, opened for business as the exclusive distributor of Harry Potter e-books and audiobooks. This marks the first time that a major author has ventured forth to offer e-books directly to the public, bypassing publishers’ sites and online bookstores in the process, to allow readers to buy the content direct and then sideload it to their reading platform of choice.


...let's change it even more. Something for all my students.
Regina Dugan: From mach-20 glider to humming bird drone


Perspective An Infographic
What Happens In An Internet Minute?


Something for my geeks? (No RSS feed yet)
You may have noticed that we've posted quite a few original videos on Slashdot in the past few months. Rather than being the work of a few rogue editors with newly-acquired Christmas cameras, this was part of the groundwork for a new site we're launching today. SlashdotTV, found at http://tv.slashdot.org, will let you easily find and watch all of our videos in one convenient location. In addition to Slashdot content, you also can watch videos from our sister sites, SourceForge and ThinkGeek. The site is brand new, and we're interested in hearing your feedback -- what you think about it, and what kind of videos you'd like to see. Currently, you can embed our videos on your own site or show them to your friends with our share feature. Commenting is coming soon. Check back often for new videos, and keep watching!
[Learn fun things like:


An interesting start-up...
Skillshare Says Anyone Can Be A Teacher And Wants To Connect You To Students [TCTV]


Arthur C. Clarke wrote, “Any sufficiently advanced technology is indistinguishable from magic.” This video show what can happen when you combine technology with magic...


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)