Thursday, July 09, 2009

Something to consider as all our health records go online.

http://www.databreaches.net/?p=6042

Alberta Health records hit by virus

July 8, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Malware, Non-U.S., Of Note

The Office of the Information and Privacy Commissioner has been notified by Alberta Health Services that a virus was present on the Alberta Health Services network in Edmonton. The virus impacted the network and Netcare, Alberta’s electronic health record, before it was discovered and removed.

The virus is a new variant of a Trojan horse program called coreflood and is designed to steal data from an infected computer and send it to a server controlled by a hacker. Coreflood captures passwords and data the user of the computer accesses. The virus was active from May 15 to 29 before it was detected and removed.

AHS identified two groups who are potentially at risk. Patients whose health information was accessed in Netcare through an infected computer and employees who accessed personal banking and email accounts from work using an infected computer. AHS is sending letters to the 11,582 patients whose information may have been exposed and has notified all affected employees.

Commissioner Frank Work says this does not necessarily mean Netcare itself has been infected by the virus; rather the virus may have captured patient data accessed through Netcare from an infected computer and sent it to an external party. [Important distinction. The application can be very secure, but if the entire processing environment isn't as secure, someone can tap in ant the weakest point. Bob] “While it appears the risk to patients is low, viruses don’t discriminate and this is an important message to everyone about the need to run up to date anti virus software”, says the Commissioner.

The Commissioner’s office is investigating. In the meantime Work is expecting a full forensic report from Alberta Health Services on how this happened and what steps will be taken to prevent future breaches. Work says “AHS responded quickly when the virus was detected and that steps have been taken to notify users and patients with advice on what they should do to protect personal and health information”.

Source: Office of the Information and Privacy Commissioner of Alberta

No statement appears on the Alberta Health Service site as of the time of this posting



The legal side is outlined. Is that all there is?

http://infoseccompliance.com/2009/07/08/pci-dss-incident-response-the-legal-perspective/

PCI DSS Incident Response: The Legal Perspective

Posted on July 8th, 2009 by David Navetta Filed under: TJX, breach notice, credit cards

The SANS Institute InfoSec Reading Room recently published an article by Christian J. Moldes entitled PCI DSS and Incident Handling: What is required before, during and after an incident. Moldes’ whitepaper is a good starting point for developing an incident response plan to address payment card security breaches. The paper hits upon the key aspects of payment card security breach handling from an information security professional’s point of view. The paper, however, speaks little of the legal implications of a payment card security breach, and the incident response considerations that arise out of those implications.



Does Microsoft have a “duty to disclose” bugs in its software? (Ask a Class Action lawyer?)

http://www.computerworld.com/s/article/9135259/Microsoft_may_have_known_about_critical_IE_bug_for_months

Microsoft may have known about critical IE bug for months

Researchers uncovered latest bug in 2007; Microsoft mum on timing

By Gregg Keizer July 7, 2009 02:31 PM ET

Computerworld - The vulnerability that sent Microsoft scrambling yesterday and is being used by hackers now to attack Internet Explorer (IE) users may have been reported 18 months ago or more.

… The CVE (Common Vulnerabilities and Exposures) number for the vulnerability -- CVE-2008-0015 -- points to a possible early 2008 reporting date. According to the database, the CVE number was reserved on Dec. 13, 2007.



Remember, North Korea has a division of hackers in its army. And since they still consider pigeons high-tech communications, how can we retaliate – short of Nuking them?

http://news.cnet.com/Cyberattacks-hit-U.S.-and-South-Korean-Web-sites/2100-7349_3-6249857.html?tag=newsLatestHeadlinesArea.0

Cyberattacks hit U.S. and South Korean Web sites

By Choe Sang-Hun The New York Times July 8, 2009 5:50 AM PDT

SEOUL, South Korea--Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea's main government spy agency said on Wednesday.

Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups. [There are pro-North Korea groups? Bob]

… In the attack, an army of thousands of "zombie computers" infected by the hackers' program were ordered to request access to these Web sites simultaneously, causing an overload that caused the sites' servers to crash, South Korean officials said.

Although most of the North Korean military's hardware is decrepit, the South Korean authorities have recently voiced their concern over possible cyberattacks from the North. In May, South Korean media reported that North Korea was running a cyberwarfare unit that operates through the Chinese Internet network and tries to hack into American and South Korean military networks.



Surprise! Surprise! Surprise!

http://www.databreaches.net/?p=6051

State Dept lost track of its laptops

July 8, 2009 by admin Filed under Commentaries and Analyses, Of Note

The State Department does not have an accurate accounting of its laptop computers, including ones meant for classified use, and has failed to encrypt machines [Deadline was July 1 last year! Bob] as it is supposed to do to protect sensitive information, according to a new report by the department’s inspector general.

Inspectors found that 27 laptops, worth $55,000 were missing out of a sample of 334 from four State Department bureaus.

“Because the content and the encryption status of the missing laptop computers are unknown, there is a risk that PII (Personally Identifiable Information) and other sensitive Department information may be susceptible to unauthorized access and use,” it says.

Read more on McClatchy.

[From the article:

More than half the machines tested were not encrypted, including some used for classified information.



An argument to watch? Is the competition worth more than vague future concerns?

http://www.pogowasright.org/?p=1590

Google’s new OS raises privacy concerns

July 8, 2009 by Dissent Filed under Featured Headlines, Internet

Google’s announcement Tuesday that it is developing an open-source operating system raised questions among privacy advocates about the amount of personal data Google will be able to collect.

Google already collects private data through products like its search engine and its Gmail e-mail service, as well as its AdSense advertising service. The Chrome operating system, to be rolled out on netbook computers next year, gives the company another avenue to collect and monetize personal information, privacy advocates said Wednesday.

Read more on PC World.



Interesting video if you have time... Not at all sure I agree.

http://www.bespacific.com/mt/archives/021769.html

July 08, 2009

Commentary: The Newsweekly’s Last Stand

Why The Economist is thriving while Time and Newsweek fade, by Michael Hirschorn, The Atlantic, July/August 2009

  • "Newsweek’s recent decision to get out of the news-digesting business and reposition itself as a high-end magazine selling in-depth commentary and reportage follows Time magazine’s emergency retrenchment along similar lines. It accelerates a process by which the 76-year-old weekly will purposely reduce its circulation from 2.7 million to a bit more than half of that. (Its circulation was nearly 3.5 million in 1988.) Likewise, Time’s circulation, which 20 years ago was close to 5 million, is now at 3.4 million. Both newsweeklies are seeking to avoid the fate of U.S. News & World Report, which after years (decades?) of semi-relevance gave up on the idea of weekly publication entirely."

[From the Article:

Given that even these daily digests are faltering, how is it that a notionally similar weekly news digest—The Economist—is not only surviving, but thriving? Virtually alone among magazines, The Economist saw its advertising revenues increase last year by double digits—a remarkable 25 percent, according to the Publisher’s Information Bureau. Newsweek’s and Time’s dropped 27 percent and 14 percent, respectively.



Fortunately, I don't use that newfangled stuff.

http://gawker.com/5310339/embedding-a-youtube-video-may-cost-you-a-bundle-in-ascap-bills

Embedding a YouTube Video May Cost You a Bundle in ASCAP Bills

By Ryan Tate, 3:46 PM on Wed Jul 8 2009,

Fresh off a court victory against Google's YouTube, ASCAP tells us it is setting its sights on users of the video-sharing site.



A huge tiny business. A whole lot of small can make a big.

http://www.bespacific.com/mt/archives/021770.html

July 08, 2009

New survey identifies top risks facing microfinance industry

CSFI - Centre for the Study of Financial Innovation: "The resilience of the global microfinance industry will be put to the test by the economic crisis, according to a new survey of the risks to the business, Microfinance Banana Skins 2009, by David Lascelles and Sam Mendelson. Far from being insulated from the economic mainstream as traditionally thought, microfinance could face a fall in growth [from 25% a year? Sounds inevitable! Bob] and funding because of the global recession and declining investor confidence. This will present the industry with its first major stress test since it emerged in recent decades as a fast-growing provider of small-scale financial services to the world's poor... The survey, published by the CSFI and sponsored by Citi Foundation and the Consultative Group to Assist the Poor (CGAP) and supported by the Council of Microfinance Equity Funds (CMEF), was designed to identify and rank the main risks, or "Banana Skins" facing the industry at a time of economic crisis and change. It reflects the views of more than 400 practitioners, investors, regulators and analysts in 82 countries."

[From the report:

Originally a small-scale, philanthropic movement to provide credit to the neediest, microfinance (MF) has grown enormously in recent years and is now firmly established as a major supplier of a wide range of financial services to millions of people around the world. The 1,200 microfinance institutions (MFIs) that report to the Microfinance Information eXchange (MIX) have 64m borrowers and 33.5m savers, and numbers are growing by 25 per cent a year, more in some countries. Total assets of these MFIs amount to $32bn.



We need to develop a “Porta-potty/renewable energy” business model. Quick

http://news.slashdot.org/story/09/07/08/1816227/Can-Urine-Rescue-Hydrogen-Powered-Cars?from=rss

Can Urine Rescue Hydrogen-Powered Cars?

Posted by timothy on Wednesday July 08, @02:43PM from the use-every-part-of-the-animal dept. transportation earth power technology

thecarchik writes with this interesting excerpt:

"It takes a lot of energy to split hydrogen out from the other atoms to which it binds, either in natural gas or water. Which means energy analysts are skeptical about the overall energy balance of cars fueled by hydrogen. Ohio University researcher Geraldine Botte has come up with a nickel-based electrode to oxidize (NH2)2CO, otherwise known as urea, the major component of animal urine. Because urea's four hydrogen atoms are less tightly bound to nitrogen than the hydrogen bound to oxygen in water molecules, it takes less energy to break them apart."



Tools & Techniques Might be useful in several contexts...

http://download.cnet.com/8301-2007_4-10282688-12.html?part=rss&subj=news&tag=2547-1_3-0-5

Archive your e-mail from almost any account

by Jessica Dolcourt July 8, 2009 5:15 PM PDT

I have thousands of e-mail messages in my corporate Outlook in-box, and thousands more in Gmail and in my ancient Hotmail account. MailStore Home is a free program that can archive them all locally, and display those archives in an interface that reads like your Outlook in-box.

Why use it? You can clear away old messages and attachments, but easily search to find them again when that inevitable moment arrives. Until universal offline in-boxes like Yahoo's Zimbra Desktop start addressing consumers on a wider scale, MailStore Home is also a good way to read mail offline in areas of spotty Wi-Fi, or to use as a de facto message backup.



Tools & Techniques (In case one didn't come with your e-Discovery suite...)

http://www.makeuseof.com/dir/finereaderonline-image-text-extractor/

FineReaderOnline: Web Based Image Text Extractor

FineReaderOnline is a new web based image text extractor using which you can extract text from a scanned image in variety of formats ( BMP, PCX, DCX, JPEG/JPEG2005, PNG and TIFF/TIF.) and convert it into a most commonly used editable document formats such as Microsoft Word, Excel, RTF, and TXT, or PDF.

www.finereaderonline.com

Similar apps: Free-ORC and OCRTerminal.



Cheat Sheets I can tell my students about...

http://www.cssreflex.com/2009/07/5-essential-google-cheat-sheets-which-surely-will-come-in-handy.html

5 Essential Google Cheat Sheets Which Surely Will Come in Handy

Posted on July 7, 2009 under Cheatsheet, Web Development

Cheat sheet is a reference tool that provides simple, brief instructions for accomplishing a specific task.

No comments: