Monday, November 17, 2014
Have you been getting strange(er) emails from John Kerry?
State Department unclassified email system shutdown for repairs
The US State Department has shut down its entire unclassified email system after a suspected hacker attack. The email system was shut down it give techs time to evaluate and repair any damage done by the hacking attack. The first word of the attack came Sunday from a State Department official who said that "activity of concern" had been noticed on the email network around the same time as a similar incident targeting computers at the White House was noticed.
If you don't know what your employees are doing, or don't react appropriately to unauthorized actions? This could happen to you!
As this blog noted in July 2013, a jury awarded a Walgreens customer $1.44 million after finding Walgreens and one of their pharmacists violated the customer’s privacy. In this case, a female pharmacist had looked up and shared the customer’s records when she suspected the female customer had shared a sexually transmitted disease with a man who was the customer’s ex-boyfriend and the pharmacist’s now-husband. The customer first discovered the breach when her ex-boyfriend (and father of her child) texted her [Would Walgreeens have discovered this on their own? Bob] that he had a printout of her prescription history that showed she had not renewed her birth control prescription for the two months prior to conception.
When the customer subsequently discovered that her ex-boyfriend was living with a Walgreens pharmacist, she contacted Walgreens to report the breach. Walgreens investigated and confirmed there had been a breach, [So they had the data they needed to confirm a breach, but hadn't bothered to look at it? Bob] but could not confirm that the pharmacist had shared the information with anyone else. The pharmacist was given a written warning and required to retake some HIPAA training.
The customer, Abigail Hinchy, subsequently filed a lawsuit against Walgreens and the pharmacist, Audra Withers.
As I also noted at the time of the jury verdict, I was impressed that the employer, Walgreens, was also held liable for the breach.
Not surprisingly, Walgreens appealed the judgement. One of its four arguments on appeal was that the trial court erred by refusing to grant summary judgment or a directed verdict in Walgreen’s favor on claims based on respondeat superior and negligent retention and supervision of an employee. Its fourth argument was that the jury verdict was excessive and based on improper factors.
On November 14, Judge Baker of the Court of Appeals of Indiana issued the court’s opinion in Walgreens v. Hinchy, rejecting all of Walgreen’s arguments and affirming the judgement.
Readers may find the court’s discussion of the respondeat superior aspect interesting, as well as the types of harm the jury had considered in determining their award (pp. 21-23).
Although I do not have any information on this, I do wonder what the jury might have done about Walgreens’ liability if Walgreens had fired the pharmacist promptly on learning of the breach.
Perhaps the State Department could use this App?
Telegram Provides A Secure & Fast-Growing Alternative To WhatsApp
Earlier this year we detailed some secure alternatives to WhatsApp, and one option was Telegram. Since then, it has seen a lot of growth — fuelled in part by Facebook’s acquisition of WhatsApp and receiving a further five million signups during a four-hour WhatsApp outage in February.
Telegram is becoming a serious contender for the title of best free messaging app,
… To get full end-to-end encryption, in which Telegram never receives an unencrypted version of your message, you can use what’s called a secret chat. With the end-to-end encryption, the option to confirm with your recipient that you’re using the same encryption key to increase security, and the ability to set a self-destruct timer, secret chats provide about as much security as you could ask for in messaging, though this doesn’t allow for cross-platform messages.
… Telegram is so confident in their security that they’re offering $200,000 to anyone who can crack it.
… There are always tradeoffs between convenience and security, but the non-profit team behind Telegram aims to make them minimal. Even with all of the security Telegram provides, it manages to be very convenient. To get it up and running, you just download the app, enter your phone number, and enter the security code you receive by text. You’re now ready to start messaging.
Cotse.net is now requiring its customers use encryption to send mail.
From their user login page today:
Nov 16 – We now require encryption for the sending SMTP server (between you and us), if you are experiencing errors in sending, ensure that your mail client is set up to use STARTTLS or SSL/TLS.
The reason for this change is two-fold, first, if you want to send all your mail across an unencrypted connection, why are you using a service like us? Second, because frankly, we could not find definitive answers on the downgrade attack described here with regards to all email clients, specifically during an auto-config process. So, to just negate it, if the connection between you and us isn’t encrypted at all, the send will fail.
Another reason to love that company!
“It's for the fish!” What if this technology could track your car as easily? When your “black box” connects to the Internet of Things tracking will be automatic.
Tracking Fishy Behavior, From Space
… on Friday, American non-profits SkyTruth and Oceana, supported by Google, unveiled a prototype program called Global Fishing Watch that will eventually allow anyone with a computer to observe which vessel is fishing where—and perhaps infer whether they are poaching or not.
“Our goal is to make the invisible visible,’ John Amos, the president of SkyTruth, told me.
… According to the team, it will be possible for experts to go online and zoom into areas like marine reserves where fishing is forbidden or coastal areas where it’s restricted to vessels with permits by next March.
The program is based on the Automatic Identification System (AIS), originally a voluntary collision-avoidance system for ships that relies on VHF transmitters aboard vessels that transmit their position, identity and speed continuously to other ships and to satellites.
When this guy says “comprehensive,” he means it! (Except he missed the PrivacyFoundation.org)
New on LLRX – Guide To Privacy Resources 2015
Via LLRX.com – Guide To Privacy Resources 2015 – Marcus P. Zillman’s guide is a comprehensive listing of privacy resources currently available on the Internet that impact your email, smartphones, websites, hard drives, files and data. Sources include associations, indexes, search engines as well as individual websites and organizations that provide the latest technology and information to raise awareness of privacy and security as you interact with others using the internet.
A question for my Computer Security class. What could possibly go wrong?
Facebook seeks foothold in your office
Facebook is secretly working on a new website called “Facebook at Work” to get a foothold in the office that will see the social network of more than 1bn people compete directly with Google, Microsoft and LinkedIn.
The Silicon Valley company is developing a new product designed to allow users to chat with colleagues, connect with professional contacts and collaborate over documents, competing with Google Drive and Microsoft Office, according to people familiar with the matter.
The new site will look very much like Facebook – with a newsfeed and groups – but will allow users to keep their personal profile with its holiday photos, political rants and silly videos separate from their work identity. [Unless someone looks for them... Bob]
For my Statistics class. How to tell when people you survey are lying.
This Simple Mathematical Formula Proves That We Lie About Sex
A new study on kissing in the microbiology journal Microbiome contains an interesting statistical discrepancy that demonstrates the way men and women lie about sex.
… But a section of the study briefly addresses a statistic that proves some of the people in the study must have been misreporting their numbers. The study was of couples, and there was an equal number of men and women. Yet the average number of intimate kisses per day reported by the men was twice the number of those reported by the women. This is a statistical impossibility. Men and women ought to report the same average number of kisses, and you can prove that with math. The fact that the numbers mismatch demonstrates that someone in the study was either exaggerating or downplaying the number of kisses they received, as the authors of the study helpfully point out
Better than printing your own money!
The Humans That Make The Apps We Love
… Have you ever thought about who makes the apps you love? Sure you know Facebook owns WhatsApp, but have you ever considered the humans who got it started? That’s just what this infographic takes a look at. Get ready for a fascinating look at the people responsible for the apps we love.
DATA + DESIGN a simple introduction to preparing and visualizing information
“Information design is about understanding data. Whether you’re writing an article for your newspaper, showing the results of a campaign, introducing your academic research, illustrating your team’s performance metrics, or shedding light on civic issues, you need to know how to present your data so that other people can understand it. Regardless of what tools you use to collect data and build visualizations, as an author you need to make decisions around your subjects and datasets in order to tell a good story. And for that, you need to understand key topics in collecting, cleaning, and visualizing data. This free, Creative Commons-licensed e-book explains important data concepts in simple language.
[Download or read online: https://infoactive.co/data-design