Friday, August 05, 2011

Perhaps we should try “thoughtful legislation” rather than knee-jerk, “we gotta do something” laws?

http://www.phiprivacy.net/?p=7379

Data Breach Bills Exclude Health Information

By Dissent, August 4, 2011

I’ve often disagreed with the Center for Democracy & Technology, but I laud them for pointing out the glaring holes in proposed federal data security and data breach notification laws that exclude health information. Harley Geiger writes:

One of the negative side-effects of the sectoral approach the United States has taken to privacy regulation is confusion over whether certain types of personal information are protected under existing rules. Specifically, many people – and, it appears, legislators – seem to assume that all health information is protected under HIPAA. This is incorrect, however, and the assumption that health information is already fully protected in commercial contexts may be leading to its exclusion in proposed data breach bills currently circulating in Congress. Not only do the bills fail to protect health data, but the preemption clauses in some of the bills would prevent state legislatures from enacting their own health privacy safeguards. As a result, if any of the data breach bills introduced in this Congress pass as currently written, a commercial entity that loses, say, your full name and a list of your medications would not be obligated to notify you.

Read more on CDT.



Why would they stop with search?

Widespread Hijacking of Search Traffic In the US

"The Netalyzr research project from the ICSI networking group has discovered that on a number of US ISPs' networks, search traffic for Bing, Yahoo! and sometimes Google is being redirected to proxy servers operated by a company called Paxfire. In addition to posing a grave privacy problem, this server impersonation is being used to redirect certain searches away from the user's chosen search engine and to affiliate marketing programs instead. Further analysis is available in a post at the EFF."

[From the NewScientist article:

Patents filed by Paxfire, the company involved in the hijacking, suggest that it may be part of a larger plan to allow ISPs to generate revenue by tracking the sites their customers visit. It may also be illegal.



For my Ethical Hackers...

http://news.cnet.com/8301-1009_3-20087470-83/black-hat-defcon-all-about-hacking-roundup/

Black Hat, Defcon: All about hacking (roundup)



Remember those “old” crime movies where people looked through huge albums of Mugshots? Facebook has created what could be a national (international?) Mugshot book. Another chip in your Privacy wall...

http://news.cnet.com/8301-31921_3-20088456-281/face-matching-with-facebook-profiles-how-it-was-done/

Face-matching with Facebook profiles: How it was done

Facebook's online privacy woes are well-known. But here's an offline one: its massive database of profile photos can be used to identify you as you're walking down the street.

A Carnegie Mellon University researcher today described how he assembled a database of about 25,000 photographs taken from students' Facebook profiles. Then he set up a desk in one of the campus buildings and asked willing volunteers to peer into Webcams.

The results: facial recognition software put a name to the face of 31 percent of the students after, on average, less than three seconds of rapid-fire comparisons.

In a few years, "facial visual searches may become as common as today's text-based searches," says Alessandro Acquisti, who presented his work in collaboration with Ralph Gross and Fred Stutzman at the Black Hat computer security conference here.

As a proof of concept, the Carnegie Mellon researchers also developed an iPhone app that can take a photograph of someone, pipe it through facial recognition software, and then display on-screen that person's name and vital statistics.


(Related) A “secret” command for Twits?

http://techcrunch.com/2011/08/04/twitter-photo-search/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Fake John Doerr Tips Us About Cool Twitter Photo Search Trick

The Fake John Doerr wanted to tell us about a cool new search shortcut on Twitter.com. If you type in “sp” anywhere on the page (but not in the search box or the Tweet box) a new “search photos” box will appear that will search only photos. If you do that, you get a nice visual grid of photos people have Tweeted out.


(Related)

Transparency vs. Anonymity: Where Do You Stand? [INFOGRAPHIC & POLL]

Many of us don’t think twice about laying out details of our personal lives in public for all to see. Many might even be using our real names, just as Facebook‘s Mark Zuckerberg likes it. On the other hand, consider free-for-all meme site 4chan, where users cavort about in complete anonymity. That site’s founder, Christopher “Moot” Poole, thinks anonymity fosters creativity, honesty, and authentic content sharing.



You already have Cloud Storage... Free while in Beta, try it and see if it is useful enough to pay for...

SharedSafe.Com - Share Your Folders

Why pay for online storage space when you can use the space that comes with your email instead? That's the idea from which this new application sprung into life. Named Shared Safe, it enables users to resort to their existing email storage in order to both synchronize and share folders with his friends, acquaintances and colleagues. This is an application that lends itself both to personal and professional uses, with the same simplicity.

As it is only fit, all the files that one stores and shares like this are encrypted. And nobody gets to see them without the express consent of the user. In no case are the keys stored online.

The Shared Safe application is currently available for Windows. You can download the latest version on the site, and have it installed without having to exert yourself that much. And while Shared Safe is in beta, you will be able to use it for free. When the license the app comes with when you download it expires (after 90 days), then you can get a new one at no cost. And so on.

http://www.sharedsafe.com/



Try this security add-on.

http://download.cnet.com/8301-2007_4-20088435-12/https-everywhere-opens-to-all/

HTTPS Everywhere opens to all

The security add-on for Firefox called HTTPS Everywhere (download) that forces HTTPS encryption on numerous popular Web sites has graduated to its first stable release, about a year after it was released into public beta.

The tool does not let you force HTTPS (Hypertext Transfer Protocol Secure) willy-nilly on Web sites. Instead, it includes a series of rules that supports sites that allow HTTPS encryption. The Electronic Frontier Foundation said in the blog post announcing the release that it encompasses more than 1,000 popular sites, including Google Search, Wikipedia, Twitter, Facebook, bit.ly, GMX, Wordpress.com blogs, The New York Times, Paypal, EFF.org, Tor, and Ixquick. The extension was co-developed between the EFF and The TOR Project, which is a Web service that encrypts data transmitted to and from your computer.



The changing Social environment...

http://techcrunch.com/2011/08/04/linkedin-now-adding-two-new-members-every-second/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

LinkedIn Now Adding Two New Members Every Second

In LinkedIn’s first earnings call as a public company, CEO Jeff Weiner revealed that LinkedIn is adding two new members every second, which is up from one member per second in November 2010. In Q2 alone, LinkedIn added 14 million members, after passing the 100 million mark earlier this year.

Weiner also said that the network is now north of 120 million members, so LinkedIn has added 5 million members in the past month. While LinkedIn’s IPO is a financial event for the company, some of this growth in membership could be the marketing influence of now being a public company. And LinkedIn’s IPO received a ton of media attention, as it was the first major social networking company to go public.



For my students.

http://www.makeuseof.com/dir/google-docs-templates-thousands-templates-increase-productivity/

Google Docs Templates: Thousands Of Templates To Increase Productivity

Google Docs serves as one of the best alternatives to Microsoft Office and now they are making it even better by offering thousands of templates that users can use to cut down their time and efforts. The templates are uploaded by other users and cover a massive variety of areas including resumes, presentations, invoices, billing documents, budgets and financial models, agreements and contracts, labels, business cards and many more.

You can preview each template and start using it right away. The templates can be browsed by category, languages, template type and even by popularity and rating.

www.docs.google.com/templates?view=public

Similar sites: EbookBrowse and Calameo.

Also see our article “3 Websites To Publish & Share Your PDFs Online“.



I know some of my students can read...

Discover Books to Match the Websites You Read

Book Discovery is a browser extension that helps you find books that are related to the content of the websites you read. With Book Discovery installed in your browser whenever you're viewing a website you can click "book discovery" and have a page of suggested books generated for you. The Book Discovery extension is available for Chrome, Firefox, Opera, Safari, and Internet Explorer.



From an ISACA email...

IT Control Objectives for Cloud Computing

Interactive Webinar Presentation and Q&A

Date: Thursday, 11 August 2011 Schedule time: 11am (CDT) / 9am (PDT) / 12pm (EDT) / 16:00 (UTC) Duration: 60 minutes

Be among the first to examine this pivotal new book, designed to help organizations better understand the cloud computing landscape. The book provides useful guidance for enterprises considering moving applications into cloud environments, and outlines the governance and controls needed to ensure the cloud is delivering effective security and value.

Join us in this interactive forum as our featured speakers and contributing authors discuss the new book, explain the benefits and nuances of cloud computing, and answer your questions live!


No comments: