Thursday, April 04, 2013

They're small breaches, but they seem to be poping up everywhere...
Yet another Florida medical facility is notifying patients that their information was compromised by an insider who provided their details to others for a tax refund fraud scheme.
According to multiple media sources, the University of Florida is notifying 14,339 patients of the UF&Shands Family Medicine at Main practice that they may have become victims of ID theft. UF learned that an employee may have been acquiring and providing patients’ insurance information, including names, addresses, dates of birth and Social Security numbers, to a third party.
The breach was disclosed in a press release today, and may impact anyone who was a patient between March 2009 and October 2012. UF was informed of the breach by law enforcement on October 25, but disclosure to patients was delayed at the request of law enforcement so as not to interfere with the criminal investigation.


Perspective
April 03, 2013
FireEye Advanced Threat Report – 2H 2012
"This report provides a detailed, current look at the nature of advanced threats targeting organizations today. Drawing on data gathered by FireEye® from several thousands of appliances at customer sites around the world, across 89 million events, this report provides an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations' networks today. Key findings include:
  • On average, a malware event occurs at a single organization once every three minutes. Malware activity has become so pervasive and attacks so successful at penetrating legacy defenses—network firewalls, Intrusion Prevention Systems (IPS), and anti-virus (AV), that once every three minutes organizations on average will experience a malicious e-mail file attachment or web link, as well as malware communication—or callback—to a command and control (CnC) server. Across industries, the rate of malware activity varies, with technology experiencing the highest volume with about one event per minute."


Interesting, if somewhat confusing. They appear to be saying they can't grab the encrypted messages AND they couldn't read them even if they could. If there is no way to identify an iMessage, how does it find its way to the recipient? The Internet needs a clear (unencrypted) address to properly route the message.
Apple's iMessage encryption trips up feds' surveillance
Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.
An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge.


Action without thought (AKA: Ready, Fire!, Aim) is what the University is supposed to teach us NOT to do. Scandal driven policy is never as valuable as policy that avoids scandal in the first place.
Jaikumar Vijayan reports that Harvard University will be reviewing and revamping its email privacy policies after a recent controversial search of 16 deans’ email to identify the source of a leak turned out to be more extensive than they had originally claimed:
At Tuesday’s meeting, Harvard Dean Evelyn Hammond noted that two additional searches had taken place that were not previously disclosed. After the initial search identified the resident dean responsible for forwarding the email, Hammond said she authorized another search to look specifically for correspondence between that individual and two student reporters from the Crimson.
In addition, Hammond said she also authorized a search of the same dean’s personal email account for correspondence with the reporters
Read more on Computerworld.

(Related)
"A bill amendment proposed Tuesday could allow employers to ask for a worker's Facebook or other social media password during company investigations. [Keeping it vague? Bob] The provision was proposed for a bill that safeguards social network passwords of workers and job applicants. The measure bars employers from asking for social media credentials during job interviews. The amendment says that an employer conducting an investigation may require or demand access to a personal account if an employee or prospective employee has allegations of work-place misconduct or giving away an employer's proprietary information. The amendment would require an investigation to ensure compliance with applicable laws or regulatory requirements."
[From the article:
Under the amendment, employees would be present when their social network profiles are searched and whatever information found is kept confidential, unless it is relevant to a criminal investigation.
"Rather than just referring everything to law enforcement, we have the opportunity to work with the employee and to investigate," said Denny Eliason, who is representing the banking industry.


This could be very impolrtant, but I'd be surprised if the big audit firms didn't have the tools for this already.
Interview: Voting-Machine Hacker Tackles Your Next TSA Pat-Down
… But Felten’s latest project may be his most ambitious yet. He’s investigating what he calls “accountable algorithms.” Felten and his Princeton team are trying to develop ways to test that the computerized algorithms that loom so large over our daily lives. Take, for example, the algorithm the TSA uses to select travelers for extra security checks. Felten wants to develop a way to check that these algorithms are fair.


“We're Google! We're larger than France.”
April 03, 2013
EPIC: EU Takes Action Against Google for Privacy Policy Meltdown
EPIC: "Data protection agencies in six European countries have announced enforcement actions against Google. The agencies acted after Google ignored recommendations to comply with European data protection law. "It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," the French data protection authority said. The enforcement action follows from Google's March 2012 decision to combine user data across 60 Internet services to create detailed profiles on Internet users. Last year, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google that would have prohibited Google's changes in business practices. Google's revised privacy policies also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order."


Virtual everything?
Start an Online Store With No Skills, No Stuff — And Now No Money
The idea seems so obvious once it occurs to you: Why don’t I make a comfortable passive income selling things online? Why, I could even do that kind of work from the comfort of my own home!
After all, starting an online store today has become simpler than ever. You don’t need to build a website or an online shopping cart yourself — a cloud-based company such as BigCommerce can handle that for you. Marketing? Try Google AdWords. Selling? Through Amazon and eBay, I can reach hundreds of millions of customers with a click.
OK, I’ve got all the computer stuff covered. But what about the stuff stuff? Don’t worry! A plug-and-play third-party logistics provider such as ShipWire will store your inventory in its own warehouses, connect with the least expensive parcel carriers and send your customers’ packages on their way. Don’t have anything to sell? Not a problem! Just decide what you want to sell, connect with a drop shipper who takes on all the inventory risk and costs for you and start stumping for clicks!


Video tools
YouTube doesn’t expose some in-demand features on its website – including playing videos on repeat, downloading them, automatically enabling HD mode, and more. You can do all these things, but you’ll need to know these URL hacks.
Repeat YouTube Videos
You can use a variety of websites to repeat a YouTube video, such as youtuberepeater.com. To repeat any YouTube video, go to the address bar, change the youtube.com part of the web page address to youtuberepeater.com, and the video will load on the YouTube Repeater website, repeating itself every time the video ends. You can even use the website to specify a custom stop and start time, just in case you only want to repeat specific parts of the video.
Link Directly To Times In a Video
To link directly to a time in a video, simply add &t=#m#s to the end of the URL, where the first # is a minute and the second # is a second. For example, to link to the 2:30 point in a video, you’d add &t=2m30s to the end of the video’s address.
If you don’t want to remember this trick, you can always use youtubetime.com. Provide a video address, minute, and second, and it will create the link for you.
Download YouTube Videos
To download a YouTube video, you’ll need to use a third-party website. One convenient one is pwnyoutube.com, which gives you links to easily download YouTube videos. While viewing any video on Youtube, change the youtube.com part of the URL in your address bar to pwnyoutube.com and the video will open on pwnyoutube.com and give you download options. You can download the video as an FLV, MP4, or even MP3 audio file.
Automatically Play Videos in HD Quality
To automatically play videos back in HD mode, you can install a browser extension. Whenever you start watching a video, the browser extension will do the dirty work, automatically enabling your preferred HD video quality setting for you. Chrome users can use Auto HD for YouTube, while Firefox users can use the YouTube High Definition browser extension.
Create Video Mashups
To do this, use YouTube Doubler at youtubedoubler.com. Enter the addresses of two YouTube videos on the box at the bottom of the page.


Dilbert finally agrees that we need someone to dictate Internet Manners!

No comments: