Local
A follow-up on a case reported
previously on this blog by Erica Meltzer:
A nurse accused of
improperly accessing patient records at numerous hospitals in the
Denver metro area faces five counts of identity theft and 46 counts
of theft of medical records in connection with his time at Boulder
Community Hospital between May 2010 and January 2011.
Cannon Lamar
Tubb, 31, worked for a now-defunct Denver nurse staffing agency that
placed him as an intensive care unit nurse in numerous Centura Health
facilities, the Platte Valley Medical Center and Boulder Community
Hospital, according to court documents.
Fanatically local. Using a TSA wand to
check body cavities has to hurt!
Safer (and less painful) to sit in front of the TV. Looks like I
won't be traveling to Green Bay.
Green
Bay Packers to use TSA wands to check fans entering Lambeau Field
starting with Sunday’s game against the Denver Broncos
Lambeau Field may
seem a lot like an airport beginning Sunday.
The Packers will
use TSA hand-held wands to check fans entering Lambeau Field starting
with the game against the Denver Broncos as part of the NFL’s
enhanced security measures. Pat-downs also may be used for the
process.
The procedure will
use the same lines at entry gates, but fans should expect a longer
wait to get into the stadium. That’s why the Packers organization
is asking fans to arrive early to allow for extra time when entering
the stadium.
“The enhanced
security procedures at Lambeau Field recommended by the NFL will
increase the safety of fans at our games,” said Doug Collins,
Packers director of security/risk management.
I wonder how many of these machines
have been purchased and “couldn't possibly” be replaced before
the next Presidential election. And what percentage of these
districts vote for which party...
"[T]he
Argonne team's attack required no
modification, reprogramming, or even knowledge, of the voting
machine's proprietary source code. ... The team's
video demonstrates how inserting the inexpensive electronic device
into the voting machine can offer a "bad guy" virtually
complete control over the machine. A cheap remote control unit can
enable access to the voting machine from up to half a mile away. ...
The video shows three different types of attack, each demonstrating
how the intrusion developed by the team allows them to take complete
control of the Diebold touch-screen voting machine. They were able
to demonstrate a similar attack on a DRE system made by Sequoia
Voting Systems as well."
Apparently a “smiley face” is a
legitimate (as in not automatically edited out) character in the FIU
database. Also it is apparent that they do not monitor the database
for security breaches or unusual activity.
Smiley
Face Emoticon Triggers FIU Data Scare
September 27, 2011 by
admin
Steve Litz reports:
Thousands of
students at Florida International University are hoping their
personal information is not used against them after being informed of
a possible security breach of the university’s computer system.
An undergraduate
education database containing 19,500 current and former students’
names, social security numbers, birth dates, and grade point averages
was discovered to be unsecured when university
officials found someone had typed a smiley face emoticon on the
database’s internal website.
Students and
alumni who took the College-Level Academic Skills Test and other
standardized exams during a multi-year period were informed in
letters that their personal details may have been “inappropriately
accessed.”
This makes FIU’s
fourth known incident. And of
three
previous incidents, an incident last year also involved a
database that reportedly held 19,500 names, social security numbers,
birth dates, and grade point averages.
So… was this the same database that
was exposed last year?
And how many times does a university
have to have a breach before they do a better job of protecting SSN?
When, oh when, will we finally see the day when universities stop
using SSN as identifiers and disconnect all legacy databases that
still contain SSN from the internet?
[From the article:
"We do not know if someone
actually took this data, downloaded the data, or is actually
utilizing the data," said Robert Grillo, FIU's chief information
officer.
Yesterday they told the Wall Street
Journal that they did gather data after logout, after earlier
denying that they did. Now they say they don't, except that their
cookies do, but they don't talk to those cookies and anyway it the
users' fault!
Facebook
addresses latest privacy concern over cookies
Richard Chirgwin follows up on the
recent privacy flap over Facebook cookies tracking users who had
logged out. Of note, Facebook sent The Register a
statement, which says in relevant part:
Nik Cubrilovic
provided us with additional information that allowed us to identify
three cookies on some users’ computers that inadvertently included
unique identifiers when the user had logged out of Facebook.
However, we did not store these identifiers for logged out users.
Therefore, we could not have used this information for tracking or
any other purpose. Even though we weren’t using this information,
it’s important to us that we address even potential issues, and we
appreciate that Nik Cubrilovic brought it to our attention.
There was no
security or privacy breach—Facebook did not store or use any
information it should not have. Like every site on the internet that
personalizes content and tries to provide a secure experience for
users, we place cookies on the computer of the user.
On Twitter, @Internetlock argues that
Facebook did nothing wrong and nothing that other companies don’t
do. The gist of the argument seems to be that users
“should know” to clear cookies at the end of a browser session.
As I replied, there are many things people “should know,” but
companies still have a responsibility to inform them and be
transparent about their practices. And in a litigious world, it is
even more prudent for companies to be clear about their practices and
to inform users of what users need to do.
For Data Mining and e-Discovery
purposes...
Which
Telecoms Store Your Data the Longest? Secret Memo Tells All
The nation’s major mobile-phone
providers are keeping a treasure trove of sensitive data on their
customers, according to newly-released Justice Department internal
memo that for the first time reveals the data retention policies of
America’s largest telecoms.
The single-page Department of Justice
document, “
Retention
Periods of Major Cellular Service Providers,” (.pdf) is a guide
for law enforcement agencies looking to get information — like
customer IP addresses, call logs, text messages and web surfing
habits – out of U.S. telecom companies, including AT&T, Sprint,
T-Mobile and Verizon.
The most respected newspaper in the
country did this? Wow, you'd think Rupert Murdock owned them...
Wall
Street Journal Revises its Privacy Policy
Julia Angwin reports:
The Wall Street
Journal revised its website
privacy
policy on Tuesday
to allow the site to connect
personally identifiable information with Web browsing data without
user consent.
Previously, the
Journal’s privacy policy stated that it would obtain “express
affirmative consent” to combine personal data with “click stream
information” culled from the website.
While I am pleased to see the paper
call attention to the change through its own reporting, it is
disappointing that the same paper that gave us the
“What They Know” series would take a backwards step on
user consent. Rather than achieving consistency across sites by
making this change, why not change the other sites to make them more
privacy-oriented?
(Related)
Under
Fire, OnStar Revises Plan To Continue Tracking Former Subscribers
Faced with a
flurry of criticism from users, sites like this one, and even
Congress, OnStar has gone back on at least one of the
changes.
OnStar announced
today it is reversing its proposed Terms and Conditions policy
changes and will not keep a data connection to
customers’ vehicles after the OnStar service is canceled.
If OnStar ever
offers the option of a data connection after cancellation, it would
only be when a customer opted-in, Marshall said. And then OnStar
would honor customers’ preferences about how data from that
connection is treated.
Consider that you no longer have a
relationship with the owner of the local bookstore. Now your
relationship is the “Property” of the local bookstore and they
can sell it if they want to...
You
can opt out of having your Borders’ data transferred to B&N,
but you only have 15 days
Nick Brown reports:
A bankruptcy judge
gave Borders Group Inc (
BGPIQ.PK)
the go-ahead to sell its customer information to former rival Barnes
& Noble Inc (
BKS.N)
after both sides addressed concerns about customer privacy.
[...]
At a hearing on
Thursday, Glenn voiced uncertainty about whether Borders’ customer
privacy policy covered longer-standing customers and whether the sale
would require customer consent. He held off on approving the deal
until he could be sure state and federal regulators supported it.
The deal announced
on Monday gives customers 15 days to opt out of the transfer by
responding to an email that will be sent when the deal closes,
Borders lawyer Andrew Glenn said at the hearing. A closing date is
still uncertain, but the parties are working to close as quickly as
possible, added Glenn, no relation to the judge.
Another interesting find by Gary
Alexander. This is not the only tool – they are becoming
increasingly common.
Desktop
Encryption Moves to the Cloud
The most sensational stories about data
loss tend to involve a government or corporate road warrior losing a
laptop full of sensitive data while out of the office. Those stories
are perhaps extreme examples of carelessness, but data loss is a real
problem and can happen in any number of ways. Laplink recently
introduced
PC
Lock, an all-new utility that encrypts files on
a computer or laptop and even remotely protects computers if they're
lost.
… For lawyers and other
professionals handling sensitive data, encryption is an increasingly
popular and necessary utility. According to the 2010 ABA Legal
Technology Survey, 17 percent of those surveyed said that their firm
had experienced a data breach. The survey also found that a quarter
of legal professionals reported having encryption software in their
firm, up from 18 percent the year before.
This is interesting as it addresses
both “employee owned” computing and transfer of organizational
data out of the traditional environment.
Zenprise
Launches New Product To Lock Down iPhones And iPads In Enterprise
Mobile device management company
Zenprise is today introducing
its new enterprise-grade mobile DLP (Data Leakage Prevention) that
aims to help I.T. departments with the growing “bring your own
device” to work trend.
… The problem with I.T.’s lack of
control over end user devices is that they’re starting to create a
blind spot for companies with sensitive data. Executives
are emailing themselves documents and viewing them on their iPads.
Other times, they’re accessing them via an online storage service,
instead of using traditional, albeit less glamorous, solutions like
laptops that access the company’s SharePoint servers.
The “negotiated in secret”
agreement...
"The
negotiation has been carried out among Australia, Canada, the
European Union and its Member States, Japan, the Republic of Korea,
Mexico, Morocco, New Zealand, Singapore, Switzerland, and the United
States, and reached a general agreement at the negotiation meeting
held in Japan in October 2010, followed by the completion of
technical and translation work in April 2011. ... The signing
ceremony will be attended by the representatives of all the
participants in the ACTA negotiations, and those that have completed
relevant domestic processes will sign the agreement. The agreement
is open for signature until May 1, 2013."
[From the comments:
Mexican Senate has already voted to not
let president sign ACTA, yet, mexican IP officials and the content
industry local representatives frequently make public statements
about Mexico signing ACTA.
This is strange. What do you suppose
really happened?
"A year ago, Google sued the
U.S. government because the government's request for proposals for a
cloud project mandated Microsoft Office; Google felt, for obvious
reasons, that this was discriminatory. Google
has now withdrawn the suit, claiming that the Feds promised
to update their policies (PDF) to allow Google to compete. The
only problem is that the government claims it did no such thing."
The scope of the Cloud? Either “Wow,
look how fast we are growing!” or “Wow, did we underestimate our
requirements or what?”
Microsoft
Builds Two-Headed Data Center in Feds’ Backyard
Microsoft will spend $150 million
dollars building a second data center alongside its $499 million
facility already under construction in southern Virginia — a move
that underlines the software giant’s efforts to create a set of
“cloud computing” services that compete with the likes of Google
and Amazon.
… As
Data
Center Knowledge points out, the announcement may indicate
that Microsoft needs more data center capacity in the short term than
previously expected. Other outfits such as Google, Facebook,
and Yahoo! will build multiple data centers on the same site, but
typically, they will complete one before building more. Microsoft, it
seems, is now building two Boydton facilities at once.
Another guide to Social Media...
September 27, 2011
Marine
Corps Social Media Principles Manual
This seems strange. A bio of Steve
Jobs, available only from one of his major competitors...
Fortune
releases Kindle-only Steve Jobs biography