Tuesday, August 19, 2014

The breach du jour.
Reuters reports:
U.S. hospital operator Community Health Systems Inc said it suspected personal data, including patient names and addresses, of about 4.5 million people were stolen by Chinese hackers from its computer network during April and June.
The company said the data, considered protected under the Health Insurance Portability and Accountability Act, included patient names, addresses, birth dates, telephone numbers and Social Security numbers. It did not include patient credit card or medical information, Community Health Systems said in a regulatory filing.
Read more on Fox Business.
If this is news to you, well, it’s also news to me, as I don’t recall seeing any press release from CHS, and can find no substitute notice on their web site.
In their SEC Form 8-K filing of August 8, they report:
In July 2014, Community Health Systems, Inc. (the “Company”) confirmed that its computer network was the target of an external, criminal cyber attack that the Company believes occurred in April and June, 2014.

Just another way the VA fails veterans. Small breaches, but lots of them.
One of the incidents the Veterans Administration reported to Congress for July affected thousands of veterans seen in South Carolina. The VA reports that an employee noticed on July 14 that four boxes that were being prepared for shipment to the Records Center and Vault located in Neosho, Missouri, were missing. According to the employee, the boxes were kept behind keypad locked doors; however some of the boxes were moved into the morgue hallway from the locked room without her knowledge. A search for the missing boxes did not uncover them.
Each sheet of paper in the boxes is on a separate veteran. There were a total of 3,637 veterans involved.

The South Carolina VA incident wasn’t the only large incident the Veterans Administration reported to Congress for July. In a separate incident, a folder containing multiple patients’ information including full names, SSN’s, and other medical information was found in a ladies restroom in the main lobby of the medical center in Albuquerque, New Mexico on July 30.

The Internet can handle IoT, businesses need to plan ahead.
Internet of Things Is Overwhelming IT Networks
By 2020, the Internet of things (IoT) is expected to interconnect 26 billion computing devices in businesses, homes, cars, clothes, animals and pretty much everything else, according to Gartner. That's a thirtyfold increase over the past five years. While the potential for innovation is exciting, it's taking a toll on IT resources, according to survey research from Infoblox. Many tech professionals surveyed said that any required deployments for the IoT will become part of their existing IT network, even though most said their network is already at capacity. It doesn't help, findings reveal, that the business side often does not keep the IT organization informed about their IoT-related projects.

(Related) Watch the video!
How to hack and crack the connected home
… The BBC's experiment brought together seven computer security experts who have been looking into so-called smart gadgets to find out how many they could subvert.
And how many could they crack the security on?
All of them.

(Related) More on corporate IT failing to keep up.
Four-Year Old Flaw Exploited by Stuxnet Still Targeted
It was 2010 when the Stuxnet malware first appeared in the public consciousness.
Though the years have passed however, there is no shortage of machines still vulnerable to attacks on one of the vulnerabilities the malware exploited as it trotted across the globe.
According to a paper released by Kaspersky Lab, CVE-2010-2568 remains a widely exploited security hole. Despite the age of the vulnerability, Kaspersky Lab detected tens of millions of exploits targeting the bug between November 2013 and June 2014, though not all may correlate to individual attacks due to the way the bug is exploited.

For my Ethical Hackers.
Andy Greenberg reports:
In the age of surveillance paranoia, most smartphone users know better than to give a random app or website permission to use their device’s microphone. But researchers have found there’s another, little-considered sensor in modern phones that can also listen in on their conversations. And it doesn’t even need to ask.
In a presentation at the Usenix security conference next week, researchers from Stanford University and Israel’s defense research group Rafael plan to present a technique for using a smartphone to surreptitiously eavesdrop on conversations in a room—not with a gadget’s microphone, but with its gyroscopes, the sensors designed measure the phone’s orientation.
Read more on Wired.

If Google can photograph my backyard from space, why would a drone flying at 200 feet not be able to snap a few?
John Wesley Hall writes:
Joel Celso, Comment: Droning on about the Fourth Amendment: Adopting a Reasonable Fourth Amendment Jurisprudence to Prevent Unreasonable Searches by Unmanned Aircraft Systems, 43 U. Balt. L. Rev. 461 (2014).
Read the intro to the article on FourthAmendment.com

This should be a real mess.
Court ruling: Employers must reimburse some BYOD costs
In what could be a decisive blow to the Bring Your Own Device (BYOD) mega trend, the California Court of Appeal ruled late last week that companies must reimburse employees for work-related use of personal cellphones, as described in the National Law Review.
Specifically, the Court of Appeal in Cochran v. Schwan's Home Service stated:
"We hold that when employees must use their personal cellphones for work-related calls, Labor Code section 2802 requires the employer to reimburse them. Whether the employees have cellphone plans with unlimited minutes or limited minutes, the reimbursement owed is a reasonable percentage of their cellphone bills."

Perhaps we should listen to Sir Tim?
A Magna Carta for the web
Sir Tim Berners-Lee invented the World Wide Web 25 years ago. So it’s worth a listen when he warns us: There’s a battle ahead. Eroding net neutrality, filter bubbles and centralizing corporate control all threaten the web’s wide-open spaces. It’s up to users to fight for the right to access and openness. The question is, What kind of Internet do we want?

Another Firefox extension for my researching students?
– Wikipedia is the greatest curator of human knowledge, allowing people all around the world to freely access over 30 million articles. The only problem? Wikipedia was built 13 years ago – and hasn’t changed much since then. WikiWand is a modern interface that optimizes Wikipedia’s amazing content for a quicker and significantly improved reading experience.

Something I hope my researching students can learn on their own.
Activities for Teaching Students How to Research With Google Books
Google Books can be a good research tool for students if they are aware of it and know how to use it. These are the activities that I often use to teach students and others about the features of Google Books.
1. Search for a book by using the "researching a topic?" search box.
2. Use the advanced search menu to refine your search to "full view only" books.
3. Use the advanced search menu to refine a search by date, author, or publisher.
4. Search within a book for a name or phrase.
5. Download a free ebook.
6. Share an ebook via the link provided or by embedding it into a blog post.
7. Create a bookshelf in your Google Books account and add some books to it.
8. Share your bookshelf with someone else.
The following video and slides provide directions on using Google Books.

For the student Gaming Club.
Should You Put World of Warcraft on Your Resume?
… Just as the Moneyball sensibility transformed professional sports worldwide, the ability to perform well in fantasy sports leagues signals that somebody has a decent grasp of probabilities, risks, and opportunities in a competitively transparent and transparently competitive environment. That’s a capability that deserves discussion even if it’s not directly on enterprise point.

(Related) Because Gaming can't be all serious resume-bilding stuff.
Mini Metro: A Challenging Subway System Mind Teaser
… Mini Metro is a very simple yet challenging strategy game that can be played on Windows, Mac OS X, and even Linux. After a relatively quick download, you can adjust a few settings (primarily graphics quality and screen resolution), and you’ll be thrown into the game in no time. There’s actually very little explanation, but it’s easy to pick up. If you’re having difficulties, don’t worry — I’ll lay it out step by step anyways.

(Related) and just one more.
Flappy Bird Creator Reveals Swing Copters
And finally, Dong Nguyen is back with a new game. Who’s he? Only the guy responsible for Flappy Bird, the free mobile game which took the world by storm before Dong pulled it from app stores. Flappy Bird was frustratingly difficult to beat, and Dong has sought to punish us all once again.
His new game is Swing Copters, and it’s essentially Flappy Bird by another name. Apart from the main character, the addition of swinging hammers, and the fact you play vertically rather than horizontally, this is the same game in a different outfit. It’s a free download though, so we really shouldn’t complain.

Dilbert explains contract law?

No comments: