Tuesday, September 17, 2013

A video for my Computer Security students (and all my other students)
James Lyne: Everyday cybercrime -- and what you can do about it

Perhaps a long hunting season?
Will Weissert of AP reports:
A hobbyist using a remote-control airplane mounted with a digital camera just happened to capture images last year of a Dallas creek running red with pig’s blood. It led to a nearby meatpacking plant being fined for illegal dumping and two of its leaders being indicted on water pollution charges.
Yet, a Texas law that took effect Sept. 1 tightened rules not on polluters but on taking such photographs, an effort to better protect private property from drone surveillance.
Read more on Lake Wylie Pilot.

Lets call it “eSurveillance.”
Nate Anderson reports:
Recent leaks about the NSA’s Internet spy programs have sparked renewed interest in government surveillance, though the leaks touch largely on a single form of such surveillance—the covert one. But so-called “open source intelligence” (OSINT) is also big business— and not just at the national/international level. New tools now mine everything from “the deep Web” to Facebook posts to tweets so that cops and corporations can see what locals are saying. Due to the sheer scale of social media posts, many tools don’t even aim at providing a complete picture. Others do.
For instance, consider BlueJay, the “Law Enforcement Twitter Crime Scanner,” which provides real-time, geo-fenced access to every single public tweet so that local police can keep tabs on #gunfire, #meth, and #protest (yes, those are real examples) in their communities. BlueJay is the product of BrightPlanet, whose tagline is “Deep Web Intelligence” and whose board is populated with people like Admiral John Poindexter of Total Information Awareness infamy.
Read more on Ars Technica.
[Here's how to do it:
[This one is free:

“Oh, is that still legal? We gotta fix that.” (Sort of like the new Kim Dotcom site)
Jon Brodkin reports:
After eight years of existence, file sharing service Box has built a huge user base—claiming 180,000 businesses, including 97 percent of the Fortune 500—by offering cloud storage and collaboration tools with top-notch security and regulatory compliance.
But while Box may be resistant to most criminal hackers, like most cloud storage companies, it must provide the government with customer data when it is forced to. For the vast majority of Box customers, that isn’t likely to change. However, the company is developing a system for the most security-conscious customers in which even Box management would not be able to decrypt user data—making it resistant to requests from the National Security Agency.
Read more on Ars Technica.

File this one under “What could possibly go wrong?”
Here’s a situation in which there’s clearly been a privacy breach, but the privacy issues may actually be the least of the patients’ problems.
Heather Graf reports that a former patient at the Carol Milgard Breast Center has filed a complaint after discovering three other patients’ records were mixed in with her own, raising questions of the potential for medical/treatment mistakes as well as privacy and confidentiality issues. Out of 900 pages in the patient’s medical records, 141 pages belonged to other patients.
During a deposition of the clinical supervisor of the Carol Milgard Breast Center, Tsuru’s attorneys say the clinical supervisor admitted to the error.
When asked if they’d ever had troubles or issues in regards to the electronic records, the clinical supervisor had this response:
“When they did our conversion from Zotec to the RIS, they changed the way they were doing the medical record numbers. And so it caused a migration issue for when the new system was brought up, sometimes patients’ records, especially scanned documents, ended up in the wrong place.”
Deutscher says the mistake dates back to September of 2012, and could potentially impact every patient ever treated at the facility. She also says the staff there has made no attempt to fix the problem.
Read more on KING5. Although the story keeps the local color by talking about what the state might do, I’m pondering what HHS might do. If there are less than 500 patients involved, we won’t see this one on the breach tool, and I suspect their investigation will not be completed in 6 months or less like the state’s, but this is a good one to follow. And I wonder how many entities have had similar breaches due to glitches during conversion or digitizing of records. Now that you think about it, aren’t you surprised that we haven’t seen more media stories about this type of problem?

(Related) Same category... The Doctor-Patient relationship is like Attorney-Client, right?
Tom Sullivan writes:
As a self-described “rabble rouser” Brian Ahier plans to ask his doctor to send a medical record to a free e-mail account, if only to see what happens, after the omnibus HIPAA Final Rule on Privacy and Security kicks in.
“It’s obviously not the biggest thing in the omnibus rule but it’s there, relatively unknown,” Ahier, founder of Advanced Health Information Exchange Resources (AHIER) said. “And that makes it incredibly interesting.”
Read more on Government HealthIT.
I’ve always cautioned patients about the risks of e-mail but have always sent to whatever e-mail address they provide, so for me, this will be nothing new or different.

Descendants of Ned Ludd? I would have thought they would happily give management the finger...
Jasper Hamill reports:
Cleaners working on the London Underground will resort to industrial action this week in protest against the introduction of a controversial biometric clocking-in system.
Starting at just after midnight on Thursday morning, “up to 300 cleaners” will join in the action by refusing to scan their fingerprints every time they clock on for work, said the union. Their decision will set the workers on a collision course with ISS, the Danish firm which employs them.
Read more on The Register. It seems that the cleaners are citing human dignity concerns and not pointing to any data protection or data security concerns. But maybe if we give them time…..

Something for my Ethical Hackers to recreate?
Kashmir Hill reports:
After spotting a police car with two huge boxes on its trunk — that turned out to be license-plate-reading cameras — a man in New Jersey became obsessed with the loss of privacy for vehicles on American roads. (He’s not the only one.) The man, who goes by the Internet handle “Puking Monkey,” did an analysis of the many ways his car could be tracked and stumbled upon something rather interesting: his E-ZPass, which he obtained for the purpose of paying tolls, was being used to track his car in unexpected places, far away from any toll booths.
Read more on Forbes.
[From the article:
A spokesperson for the New York Department of Transportation, Scott Gastel, says the E-Z Pass readers are on highways across the city, and on streets in Manhattan, Brooklyn and Staten Island, and have been in use for years. The city uses the data from the readers to provide real-time traffic information, as for this tool. The DoT was not forthcoming about what exactly was read from the passes or how long geolocation information from the passes was kept. Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions.

Perspective Perhaps we don't need a dedicated data line?
Pew – Cell Internet Use 2013
“63% of adult cell owners now use their phones to go online, a figure that has doubled since we first started tracking internet usage on cell phones in 2009. In addition, 34% of these cell internet users say that they mostly go online using their cell phone. That means that 21% of all adult cell owners now do most of their online browsing using their mobile phone—and not some other device such as a desktop or laptop computer.”

(Related) Smart ways to use your Smartphone...
How to Automatically Download Anything to Your Android Device
… But it’s often a good idea to automatically download the stuff you want ahead of time.
Your Android device can fetch the content you want to view while it’s charging and on Wi-Fi, saving you valuable battery power and mobile data.

I have to spend more time with this App...
Turn Evernote Into An RSS Reader In A Few Easy Steps

For my students.
A 'fancy' serial number can make a $1 bill worth thousands
… At CoolSerialNumbers.com, Nashville musician and currency collector Dave Undis brings together like-minded digit-heads who have little interest in the history of money or even the denomination of a given note. Instead they are after certain patterns and series that fall under the flexible heading of “fancy” serial numbers.
Low serial numbers, from 00000001 to 00000100, are sought after, as well as palindromes (23599532), solids (with a digit that repeats eight times), seven-of-a-kinds (66666665), ladders (45678901) and important dates (12071941). The criteria get even more obscure from there: Undis is seeking a pi note, with the number 31415927. But the more apparently jumbled the digits, the less likely it is that anyone with the bill in their wallet will ever notice.

For my Statistics students. Fun with numbers, but the answer is still Never!
According To Math, Here's When You Should Buy A Powerball Ticket

No comments: