Tuesday, July 20, 2010

Typical weasel words covering the fact that they had no clue what was happening. Apparently they didn't have the skills “in house” to press a delete key or shred magnetic tapes.

http://www.databreaches.net/?p=12550

South Shore Hospital Breach Could Affect 800,000

July 19, 2010 by admin

South Shore Hospital today reported that back-up computer files containing personal, health and financial information may have been lost by a professional data management company. [Doesn't sound very “professional” to me. Bob] The hospital had engaged the company to destroy the files because they were in a format the hospital no longer uses. The hospital has no evidence that information on the back-up computer files has been accessed by anyone. [Were they expecting a Thank You card from the thieves? Bob] An independent information-security consulting firm has confirmed that specialized software, hardware, and technical knowledge and skill would be required to access and decipher information on the files. [You would need a Word Processor, a Computer and knowledge of the “On Switch” Hardly PhD level stuff. Bob]

Based upon South Shore Hospital’s investigation so far, the back-up computer files could contain personally identifiable information for approximately 800,000 individuals. Included among those individuals are patients who received medical services at South Shore Hospital – as well as employees, physicians, volunteers, donors, vendors and other business partners associated with South Shore Hospital – between January 1, 1996 and January 6, 2010. The information on the back-up computer files may include individuals’ full names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, protected health information including diagnoses and treatments relating to certain hospital and home health care visits, and other personal information. Bank account information and credit card numbers for a very small subset of individuals also may have been on the back-up computer files.

South Shore Hospital’s back-up computer files were shipped for offsite destruction on February 26, 2010. When certificates of destruction were not provided to the hospital in a timely manner, the hospital pressed the data management company for an explanation. South Shore Hospital was finally informed on June 17, 2010 that only a portion of the shipped back-up computer files had been received and destroyed.

South Shore Hospital immediately launched an investigation when it learned that its back-up computer files may have been lost. The investigation has included working with the data management company and shippers to search for the missing back-up computer files, taking steps to verify the scope and types of information contained in the back up computer files, and assessing the possibility that someone could access that information. South Shore Hospital has advised the MA Attorney General’s office, the MA Department of Public Health, and the US Department of Health and Human Services about this matter. The hospital also has ceased the offsite destruction of back-up computer files and is putting in place policies to ensure that a similar situation cannot occur. [“...even though we don't yet know what happened.” Bob] The investigation into the matter remains ongoing.

“I am deeply sorry that these files may have been lost,” said Richard H. Aubut, South Shore Hospital president and chief executive officer. “Safeguarding confidentiality is fundamental to our mission of healing, caring and comforting. I recognize that this situation is unacceptable and would like to personally apologize to all those who have trusted us with their sensitive information.”

South Shore Hospital is working to verify whose information may have been on the missing back-up computer files. Formal notification letters will be sent to them in the next several weeks. In the meantime, a sample individual notification letter has been posted.

… Information about this matter is posted to South Shore Hospital’s website at www.southshorehospital.org and is available through a special automated toll-free Information Line at (877) 309-0176.

Source: South Shore Hospital Press Release



Eight will get you ten they underestimated (or never considered) the many risks such a juicy target posed. Too busy dreaming up ways to spend their profits?

http://www.databreaches.net/?p=12560

NDP: B.C.’s new online gambling website may have been hacked

July 20, 2010 by admin

Vivian Luk reports:

British Columbians’ personal information may have been compromised when the government’s online gambling website, PlayNow.com, crashed last week, according to the New Democratic Party.

PlayNow, the first government-sanctioned online casino in North America, was shut down only hours after it was launched last Thursday.

The B.C Lottery Corp. said unexpectedly high traffic caused the server to crash, so it had to be pulled down to be fixed. Minister of Housing and Social Development Rich Coleman, who is responsible for BCLC, also told CTV News on Friday that visitors’ information may have leaked.

“It does appear that some information — because of all the data hitting at once [Horse droppings. Bob] — might have been displayed on somebody’s computer, so we are dealing with that,” he said.

The NDP however, believes the website crashed because it was hacked, though it has no hard evidence to support that claim. “Experts have made assertions that hacking was a possibility,” said Shane Simpson, NDP critic for housing and social development. “But the most concerning thing is that the government and BCLC has not been definitive that there wasn’t some kind of activity that breached the security of the site.”

Read more in the Vancouver Sun.



e-Discovery

http://e-discoveryteam.com/2010/07/18/survey-of-103-e-discovery-cases-in-the-first-half-of-2010-the-campbell-soup-case-and-the-wisdom-of-andy-warhol/

Survey of 103 e-Discovery Cases in the First Half of 2010, the “Campbell Soup” case, and the Wisdom of Andy Warhol

A new survey on 103 e-discovery cases from the first half of 2010 shows that sanctions are up, along with motions to compel. It also shows that judges are fed up with hide-the-ball aggressive tactics, and continue to urge attorneys to learn how to cooperate.



Another example of “How to think(?) like a Lawyer”

http://www.wired.com/threatlevel/2010/07/copyrightfiltering-scribd/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Lawsuit Dropped; Claimed That Copyright-Filtering Violates Copyright

Lawyers have abandoned a closely watched lawsuit against the document-sharing site Scribd that alleged the site’s copyright filtering technology is itself a form of copyright infringement.

The Texas federal court case broached a novel legal theory that the U.S. courts have never squarely decided.

The Scribd suit maintained that the copying and insertion of a copyrighted work into a filtering system without compensating the copyright holder, or obtaining their consent, was a violation of the Copyright Act. The suit said the filters breached copyrights because Scribd “illegally copies the work into its copyright protection system” without authorization.

[In other words, “We want you to identify copyrighted works but you can't actually look at the copyrighted works to do it – unless you pay us!” Bob]


(Related) And “How to think (??) like a Government”

http://www.wired.com/dangerroom/2010/07/search-through-top-secret-americas-network-of-private-spooks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Search Top Secret America’s Database of Private Spooks

U.S. spy agencies, the State Department and the White House had a collective panic attack Friday over a new Washington Post exposé on the intelligence-industrial complex. Reporters Dana Priest and William Arkin let it drop Monday morning.

It includes a searchable database cataloging what an estimated 854,000 employees and legions of contractors are apparently up to. Users can now to see just how much money these government agencies are spending and where those top secret contractors are located.

Check out the Post’s nine-page list of agencies and contractors involved in air and satellite observations, for instance. No wonder it scares the crap out of official Washington: It’s bound to provoke all sorts of questions — both from taxpayers wondering where their money goes and from U.S. adversaries looking to penetrate America’s spy complex.

... Still, in compiling all this information, there’s a risk that the Post provides a hostile foreign agent looking to infiltrate the U.S. security apparatus with an online yellow pages for sending out his resume.


(Related) That's 0.00033% of our population. India would have almost 4000 and China nearly 4400 just based on population.

http://www.npr.org/templates/story/story.php?storyId=128574055

Cyberwarrior Shortage Threatens U.S. Security

"We don't have sufficiently bright people [Probably not what he meant to say... Bob] moving into this field to support those national security objectives as we move forward in time," says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency and the Energy Department.

Gosler estimates there are now only 1,000 people in the entire United States with the sophisticated skills needed for the most demanding cyberdefense tasks. To meet the computer security needs of U.S. government agencies and large corporations, he says, a force of 20,000 to 30,000 similarly skilled specialists is needed.



A chilling effect? Will this require hosts to adopt a test similar to the “check for copyrighted material” RIAA wants? How many suspect blogs out of 70,000 are enough to shut down a host?

http://www.wired.com/threatlevel/2010/07/blogetery-al-qaeda/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Blog Platform Shut Down as FBI Probes al-Qaida Posts

Blogging platform Blogetery.com was cut off by its hosting company last week after the authorities said al-Qaida “terrorist material” was found on one of its servers, said a statement from web host BurstNET Technologies Monday.

Blogetery, a platform for some 70,000 blogs, was taken down by BurstNET after the Federal Bureau of Investigation asked BurstNET “to provide information regarding ownership” of the server hosting Blogetery.com,” BurstNET said.

BurstNET shuttered Blogetery at its own discretion, after concluding it was violating its “Acceptable Use Policy.”

“It was revealed that a link to terrorist material, including bomb-making instructions and an al-Qaida ‘hit list,’ had been posted to the site,” BurstNET said.



Not scholarly or complete, but we do need to remind our geeks every now and then. Maybe I could take an expanded version on the rubber chicken circuit – “101 Ways You c\Could Go To Jail!”

http://yro.slashdot.org/story/10/07/19/1948208/How-IT-Pros-Can-Avoid-Legal-Trouble?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

How IT Pros Can Avoid Legal Trouble



Interesting statistic and a missed point.

http://online.wsj.com/article/SB10001424052748703720504575377472723652734.html?mod=wsj_share_digg

Amazon Says E-Book Sales Outpace Hardcovers

Amazon.com Inc. said it reached a milestone, selling more e-books than hardbacks over the past three months.

But publishers said it is still too early to gauge for the entire industry whether the growth of e-books is cannibalizing sales of paperback books, a huge and crucial market. [Similar to asking is Television spelled the end of Radio. Missing the fact that books are now created and edited on computer, so when it is ready to go to the printer it is also ready to go online – instantly and with zero printing cost. Bob ]



Some hacks are too easy to make it into the weekly quiz, let alone a MidTerm Exam.

http://www.wired.com/threatlevel/2010/07/siemens-scada/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

SCADA System’s Hard-Coded Password Circulated Online for Years

A sophisticated new piece of malware that targets command-and-control software installed in critical infrastructures uses a known default password that the software maker hard-coded into its system. The password has been available online since at least 2008, when it was posted to product forums in Germany and Russia.



This could make the Hacking Mid-Term. Carefully identify your target and deliver a totally inappropriate ad. Extra points for humor.

http://news.cnet.com/8301-17938_105-20010963-1.html?part=rss&subj=news&tag=2547-1_3-0-20

Japan tests billboards that know your gender, age



A tool for stalkers?

http://www.makeuseof.com/dir/pick-n-zip-download-entire-albums-photos-facebook/

Pick ‘n Zip: Easily Download Entire Facebook Albums

www.picknzip.com

Similar tools: Facepad.



Applications?

http://www.makeuseof.com/tag/tips-tricks-google-earth-street-view/

Some Tips & Tricks While Using Google Earth Street View



Like a little yellow sticky note on your videos

http://www.killerstartups.com/Video-Music-Photo/vidscan-com-watch-only-the-best-parts-of-videos

VidScan.com - Watch Only The Best Parts Of Videos

http://www.vidscan.com/

Coming across a YouTube video that lasts five full minutes and which has only one minute which is remarkable is quite commonplace, for the simple reason that you are watching something which was uploaded by an individual who wanted to capture something the exact way he saw it.

VidScan is a ... tool that can delineate the best parts of any YouTube video, as determined by viewers.

VidScan utilizes the YouTube API in order to check for usable time comments, and if these are found then you will be able to skip straight to that part. A “usable time comment” is something as simple as a time snippet that reads “mm:ss”. Any video that has got that (which is not something uncommon to begin with) will be compatible with this system to the full.



Another tool for creating very large slideshows...

http://www.killerstartups.com/Web-App-Tools/kizoa-com-slideshows-made-easy

Kizoa.com - Slideshows Made Easy

http://www.kizoa.com/

Kizoa is a slideshow maker that is usable by just anybody, at absolutely no cost. It will let you take as many pictures as you want and concatenate them together in order to come up with a slideshow that can also include music and sound effects. Besides, images can be edited using the provided interface, and effects can be readily applied to them.

And once you have done that, you will be capable not only of sharing the results online with all your loved ones, but also of burning it all into a DVD.



After teaching for a few years, I probably have more than enough information to create a few classes... Probably try a few “Free” courses, then some larger “for Pay” courses. Free: “How to turn on your computer” For Pay: “How to do something useful”

http://www.spaceded.com/

SpacedEd

SpacedEd is a platform designed to allow learners and teachers to harness the educational benefits of spaced education. Spaced education is a novel method of online education developed and rigorously investigated by Dr. B. Price Kerfoot (Associate Professor, Harvard Medical School).

It is based upon two core psychology research findings: the spacing effect and the testing effect.

You may include photos, YouTube videos, audio, animations, and hyperlinks in your course.

For courses priced between $1.99 and $20 ($1.99 minimum), course authors will receive 60% of gross revenue. For courses priced above $20, course authors will receive 80% of the balance above $20 for each enrollee.

If you wish, you may post your course for free. In this case, SpacedEd reserves the right to place advertising and/or sponsorship on the course materials.

Please consider interacting with the learners on the Answer Blogs for each question. This is an excellent method to create a community of learners around your course. The learners may also be able to identify errors in the questions, make suggestions for improvements, and/or add new information and references on the topic on hand.

You can follow the progress of learners and their ratings of your course the 'course reports' pages.

No comments: