Perhaps my Computer Security class is more valuable than I realized...
http://www.pogowasright.org/article.php?story=20080413082950146
UT tells employees of potential data breach
Sunday, April 13 2008 @ 08:29 AM EDT Contributed by: PrivacyNews News Section: Breaches
Personal information of nearly 6,500 University of Toledo employees - the majority having worked on the Health Science Campus in 1993 and 1999 - last month was inadvertently placed on a server [failure of access control Bob] to which all employees had access.
The information, which was used for payroll purposes, included basically what is on a W-2 - name, address, and Social Security number - and was accessible for about 24 hours.
Source - Toledo Blade
The details begin to trickle in...
http://www.phiprivacy.net/?p=251
Apr-13-2008
‘SCAM’ GUY HIT 50,000
Douglas Montero and Kati Cornell of the NY Post give us a more precise number and additional detail on the New York-Presbyterian Hospital breach:
Dwight McPherson, a 38-year-old patient-admissions representative from Brooklyn, admitted he began to access the files and sell information in early 2006 after being approached by a man in New York working for an Atlanta-based identity-theft ring, according to court documents.
He said he had been asked to provide the names, addresses and Social Security numbers of male patients born between 1950 and 1970.
McPherson - who worked the night shift at the hospital - allegedly admitted he had sold the information of approximately 1,000 patients around December 2007 for $750. He then sold the information of another 1,000 patients to a second person for $600 early this year.
[…] McPherson’s alleged scam was uncovered when postal inspectors in Atlanta executing a search warrant on an identity-theft operation there discovered 221 documents that had come from New York-Presbyterian Hospital.
They then contacted hospital officials and began an investigation. After looking through computer logs, [apparently something they had not done before... Bob] they realized McPherson’s user login had been used to improperly access the files of 49,841 patients.
Full story - NY Post
For my friends at the Law School? (Those who speak English...)
http://www.pogowasright.org/article.php?story=20080414062943524
Invitation to Tender – Review of EU Data Protection Law
Monday, April 14 2008 @ 06:29 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News
The Information Commissioner is the United Kingdom’s independent data protection regulator, with a range of responsibilities set out in the Data Protection Act 1998. A central focus of the Commissioner’s approach has been to improve the effectiveness of data protection in practice, which includes promoting and supporting legislative change.
To this end, the Commissioner wishes to stimulate debate about the strengths and weaknesses of the EU Data Protection Directive (95/46/EC).
Source - ICO Press Release
I admire ingenuity... Think of those factory signs: “3 days since the last ;lost time' accident!”
What a librarian can teach you about privacy
By Mark Hall
... In 2003, the chief librarian of the city of Santa Cruz, Calif., was able to warn her patrons about whether the FBI had served a National Security Letter (NSL) demanding information about who was reading what books. She managed that task despite specific provisions in the USA Patriot Act at the time that prohibited librarians or booksellers from revealing to anyone that they'd been issued an NSL.
So, how did the librarian get the word out? By regularly reporting to the library board that no NSL had been issued to any of the city's 10 branches, which was perfectly legal.
Interesting justification: employees as potential terrorists.
http://www.computerworld.com.au/index.php/id;1138979225
Businesses get green light on IM interception
Conversations could be used by law enforcement
Darren Pauli 14/04/2008 19:21:33
Businesses will be able to intercept e-mail and instant messaging communications under proposed changes by the federal government to prevent data leakage.
The changes will give employers power to intercept all Internet-based communications without consent, including e-mails, IM and chat room discussions.
Attorney-General Robert McClelland told The Herald today the changes are a counter-terrorism measure to prevent hackers stealing sensitive data.
He said such legislation could prevent a breach similar to the Estonian Denial of Service (DoS) attacks in which hackers from unknown origin disabled the Web sites of banks, schools and the Prime Minister's office. [does not match the facts as reported. Something here we don't know? Bob]
... Industry experts and ISPs criticised the provision and argued it is technically impossible to intercept Voice over Internet Protocol (VoIP), online game chat and other encrypted IP communications.
Ahead and behind. What the other guys are doing...
http://www.bespacific.com/mt/archives/018092.html
April 13, 2008
Legally eHealth: Putting eHealth in its European Legal Context
Legally eHealth: Putting eHealth in its European Legal Context. Legal and regulatory aspects of eHealth Study report March 2008.
"The Legally eHealth Report...seeks to examine some keys of the legal questions raised by the adoption of eHealth tools in healthcare. It looks at how EU legislation on data protection, product and services liability, and trade and competition law applies. In considering the law of privacy, the report examines the European Directives on Data Protection Directive, Privacy in Electronic Communications, as well as the European Convention of Human Rights against the backdrop of a number of scenarios exploring data transfer for the purposes of better care provision both across European and international borders, as well as for commercial purposes."
Fighting the inevitable is both expensive and doomed to failure, so what is the alternative?
Guerrilla IT: How to stop worrying and learn to love your superusers
Your organization is filled with IT rogues and tech renegades. Here's how best to embrace them
By Dan Tynan April 14, 2008
Here's a sobering statistic: Eighty percent of enterprise IT functions are being duplicated by folks outside of the IT department, says Hank Marquis, director of ITSM (IT systems management) consulting at Enterprise Management Associates. In other words, for every 10 people doing IT work as part of their jobs, you've got another eight "shadow IT" staffers doing it on their own.
You probably know them. They're the ones who installed their own Wi-Fi network in the break room and distribute homemade number-crunching apps to their coworkers on e-mail. They're hacking their iPhones right now to work with your company's mail servers. In short, they're walking, talking IT governance nightmares.
But they could be your biggest assets, if you use them wisely.
The reason superusers go rogue is usually frustration, says Marquis. "It's a symptom of the IT organization being unable to meet or even understand the needs of its customers," he says. "Otherwise, it wouldn't be happening."
Related Since many organizations are now blocking YouTube, this allows you to download them to a thumbdrive and bring them to work through the backdoor...
http://googlesystem.blogspot.com/2008/04/download-youtube-videos-as-mp4-files.html
Sunday, April 13, 2008
Download YouTube Videos as MP4 Files
An interesting side-effect of YouTube's recent push for higher quality videos is that most videos can be downloaded as MP4 files directly from YouTube. Until now, you could only get FLV files from your browser's cache or using one of the many websites that let you download YouTube videos.
No comments:
Post a Comment