Saturday, November 19, 2016

Someone needs to take a Computer Security class. 
WXYZ reports:
Michigan State University is confirming that someone breached a database that contains around 400,000 records containing personal information.
The breach happened on November 13.
According to MSU, that information “included names, Social Security numbers, MSU identification numbers, and in some cases, date of birth of some current and former students and employees.  It did not contain passwords, financial, academic, contact, gift or health information.”
MSU says they have confirmed that 449 of records were accessed, before the records were taken offline within 24 hours of the breach.
Read more on WXYZ.
NBC reports that those affected include “faculty, staff and students who were employed by MSU between 1970 and November 13, 2016, or were students between 1991 and 2016.”

The joys of mismanagement never end.
Banking Regulator Imposes New Restrictions on Wells Fargo
The federal government has put Wells Fargo & Co. on a much tighter leash, requiring the firm’s banking unit to seek approval before making a wide range of business decisions, after a regulator revoked key portions of a two-month-old settlement in the company’s sales scandal.
   The bank is now banned from offering departing executives “golden parachute” payments, according to the statement from the Office of the Comptroller of the Currency, and it must get the OCC’s permission before it changes its business plans, hires or fires senior executives, or revamps its board of directors.

Well, that didn’t take long.
Joël Valenzuela reports:
The U.S. government is seeking the identity of Coinbase users for tax purposes, sparking fears that Bitcoin’s anonymity may be compromised.
According to a legal summons filed in the Northern California District Court, the U.S. Internal Revenue Service (IRS) seeks to identify several Coinbase users and their financial activity, based on evidence that they may have violated U.S. tax laws:
Read more on Cointelegraph.

“Just do it.  We can worry about that security and privacy stuff later.”  Another example of an organization that can’t hear warnings! 
Bay Sleep Clinic (BSC) has more than one dozen locations in California offering sleep medicine diagnostic services.  Their site advertises that BSC:
Provides monitoring during a complete sleep cycle in our fully equipped, comfortable setting.
That monitoring appears to include video monitoring of their patients who, after being wired up to monitors, attempt to sleep in one of their rooms.  Unfortunately, the video monitoring was viewable by anyone and everyone because BSC (or whoever was responsible for securing the system) did not properly secure one of its Axis cameras.  As a result, anyone could view one of their rooms on
Yesterday morning, was contacted by an individual who had discovered the problem but did not want to get involved in making any notification.  After verifying his report that there was a problem and that the IP address belonged to BSC, called BSC, but was only able to leave a message in their general voicemail system.  Getting no response after several hours, called again, playing voicemail lottery to try to get any person who might connect me with their HIPAA privacy officer.  Sadly, that call, too, ultimately went to another voicemail box.  Despite tagging the message as “urgent,” there was no call back.
This morning, sent an email to the clinic.  That may have done the trick, as the cam is now no longer viewable publicly. has no information indicating whether any other cameras of theirs were, or are, also viewable online. has yet to hear back from Bay Sleep Clinic, so we have no information as to how this happened, for how long patients were publicly viewable during their sleep studies, and whether BSC intends to notify its patients, the California Department of Public Health, and/or HHS.
This post will be updated if a response is received.
Update: received a call from BSC’s external counsel a little while ago.  Unless they decide to give me a formal statement, I will not try to summarize my entire conversation with their counsel, other than to note that he suggested that it was inappropriate or unethical to upload patient images, even redacted ones.  After giving it some thought, I decided to remove the redacted screenshots.  My intention is to inform and to improve security for patient data, not to add to others’ woes.

Amusing?  Depends where you live I guess.
Map: Social Media Monitoring by Police Departments, Cities, and Counties

One of the year’s top stories, according to my students.
   It’s not yet clear exactly what the issue was with the Galaxy Note 7.  The company has blamed “a very rare manufacturing process error” which caused the anode and cathode to come into contact.  Further investigations are underway.

Is this because customers should never get free services or because some campaign contributors don’t want to have to compete with this?
Dems question FCC on data-free apps
   Seven Democratic senators targeted the so-called "zero-rating" in a letter to FCC Chairman Tom Wheeler, warning of stifled innovation and other issues if the FCC doesn't act.
“Without proper oversight and enforcement action, zero-rating can discriminate against certain services, potentially distorting competition, stifling innovation, and hampering user choice and free speech,” they wrote.
“When ISPs, not the consumer, choose online winners and losers, the very core tenants of net neutrality could be disrupted," the letter added.

A challenge for my IT Governance students.  Nothing happens until the customer start to use your service. 
The Virtual Business Process: A Dilemma
The entire telecom industry is coming to terms with the reality that existing business models are changing dramatically in the virtualization era, but there are strong indications lately that this process is proving problematic for network operators and their vendors alike.
For example, John Isch, director of the Network and Voice practice for Orange Business Services in North America, mentioned in a radio show with our sister site Telco Transformation you can hear in its entirety here, that one of the challenges to the Orange network-as-a-service initiative is getting vendors to accept an on-demand pricing scheme for software licenses of the virtual network functions (VNFs) it delivers to customers.
   "In this new environment, I don't want the VNF provider to start charging me -- Orange -- for the use of that VNF until a customer turns it up," he said.  "When the customer pushes the button, that's when the VNF provider starts charging us and we start charging the customer.  If the customer turns it off, all that stops."  

Perspective.  Another look at a changing world.
How Platforms Will Disrupt the Future of Media and Entertainment
   To put this in context, more than 20 years ago, the only outlet for individuals to broadcast their own personal and local interests was to use public access television channels or write letters to newspaper editors.  But today, we hold a lot more power as broadcasters using digital outlets like Facebook Live, Twitter, Instagram and Snapchat.  And for good reason.  The old definition of broadcast and entertainment was simplistic: Content mainly came from the establishment and sent in one direction, to us.  But that reality is changing as the media and entertainment and industries are being turned upside down and outside in.

They’re serious?  Have we gone completely bonkers?  
TSA: Keep grandma’s gravy at home but the turducken can fly
From the TSA: “Gravy is sadly prohibited from carry-on bags unless you pack it in accordance with our liquid polices mentioned above.  You can also pack it in your checked baggage.”
Gravy as well as cranberry sauce for that matter fall under the sometimes mysterious “Liquid Rules” which basically states that you’re “allowed to take as many 3.4 ounce or smaller sized containers that will fit in one sealed, clear, quart-sized zip-top bag – and one bag per person.

Every Saturday…
Hack Education Weekly News
   Deregulation of for-profits is “likely,” Inside Higher Ed reports.
   Via Chalkbeat: “Flooded with questions after Trump win, Denver Public Schools produces immigration fact sheet.”
   Via “Queensland children as young as four will learn coding and robotics as a compulsory part of their education from next year.”
   Via Inside Higher Ed: “IBM picks Blackboard and Pearson to bring the technology behind the Watson computer to colleges and universities.”
   Via Politico: “The average incarcerated adult in the U.S. scores so low in the ability to understand and work with numbers – numeracy skills, in research parlance – that they lag behind the unemployed, according to a report released today by the National Center for Education Statistics.  The report looks at the educational background and work history of prison inmates.  It finds that greater percentages of incarcerated adults scored at the lowest levels of proficiency in literacy and numeracy skills when compared to the overall U.S. population.”

No comments: