They're small breaches, but they seem
to be poping up everywhere...
Yet another Florida medical facility is
notifying patients that their information was compromised by an
insider who provided their details to others for a tax refund fraud
scheme.
According to multiple
media
sources, the University of Florida is notifying 14,339 patients
of the UF&Shands Family Medicine at Main
practice that they may have become victims of ID theft. UF learned
that an employee may have been acquiring and providing patients’
insurance information, including names, addresses, dates of birth and
Social Security numbers, to a third party.
The breach was disclosed in a press
release today, and may impact anyone who was a patient between
March 2009 and October 2012. UF was informed of the breach by law
enforcement on October 25, but disclosure to patients was delayed at
the request of law enforcement so as not to interfere with the
criminal investigation.
Perspective
April 03, 2013
FireEye
Advanced Threat Report – 2H 2012
"This report
provides a detailed, current look at the nature of advanced threats
targeting organizations today. Drawing on data gathered by FireEye®
from several thousands of appliances at customer sites around the
world, across 89 million events, this report provides an overview of
the current threat landscape, evolving advanced persistent threat
(APT) tactics, and the level of infiltration seen in organizations'
networks today. Key findings include:
- On average, a malware event occurs at a single organization once every three minutes. Malware activity has become so pervasive and attacks so successful at penetrating legacy defenses—network firewalls, Intrusion Prevention Systems (IPS), and anti-virus (AV), that once every three minutes organizations on average will experience a malicious e-mail file attachment or web link, as well as malware communication—or callback—to a command and control (CnC) server. Across industries, the rate of malware activity varies, with technology experiencing the highest volume with about one event per minute."
Interesting, if somewhat confusing.
They appear to be saying they can't grab the encrypted messages AND
they couldn't read them even if they could. If there is no way to
identify an iMessage, how does it find its way to the recipient? The
Internet needs a clear (unencrypted) address to properly route the
message.
http://news.cnet.com/8301-13578_3-57577887-38/apples-imessage-encryption-trips-up-feds-surveillance/
Apple's
iMessage encryption trips up feds' surveillance
Encryption used in Apple's iMessage
chat service has stymied attempts by federal drug enforcement agents
to eavesdrop on suspects' conversations, an internal government
document reveals.
An internal Drug Enforcement
Administration document seen by CNET discusses a February 2013
criminal investigation and warns that because of the use of
encryption, "it is impossible to intercept
iMessages between two Apple devices" even with a court order
approved by a federal judge.
Action without thought (AKA: Ready,
Fire!, Aim) is what the University is supposed to teach us NOT to do.
Scandal driven policy is never as valuable as policy that avoids
scandal in the first place.
Jaikumar Vijayan reports that Harvard
University will be reviewing and revamping its email privacy policies
after a recent controversial search
of 16 deans’ email to identify the source of a leak turned out
to be more extensive than they had originally claimed:
At Tuesday’s
meeting, Harvard Dean Evelyn Hammond noted that two additional
searches had taken place that were not previously disclosed.
After the initial search identified the resident dean responsible for
forwarding the email, Hammond said she authorized another search to
look specifically for correspondence between that individual and two
student reporters from the Crimson.
In addition,
Hammond said she also authorized a search of the same dean’s
personal email account for correspondence with the reporters
Read more on Computerworld.
(Related)
"A bill amendment proposed
Tuesday could allow
employers to ask for a worker's Facebook or other social media
password during company investigations.
[Keeping
it vague? Bob] The provision was proposed for
a bill that safeguards social network passwords of workers and job
applicants. The measure bars employers from asking for social media
credentials during job interviews. The amendment says that an
employer conducting an investigation may require or demand access to
a personal account if an employee or prospective employee has
allegations of work-place misconduct or giving away an employer's
proprietary information. The amendment would require an
investigation to ensure compliance with applicable laws or regulatory
requirements."
[From the article:
Under the amendment, employees would be
present when their social network profiles are searched and whatever
information found is kept confidential, unless it is relevant to a
criminal investigation.
"Rather than just referring
everything to law enforcement, we have the opportunity to work with
the employee and to investigate," said Denny Eliason, who is
representing the banking industry.
This could be very impolrtant, but I'd
be surprised if the big audit firms didn't have the tools for this
already.
Interview:
Voting-Machine Hacker Tackles Your Next TSA Pat-Down
… But Felten’s latest project may
be his most ambitious yet. He’s investigating what he calls
“accountable algorithms.” Felten and his Princeton team are
trying to develop ways to test that the computerized algorithms that
loom so large over our daily lives. Take, for example, the algorithm
the TSA uses to select travelers for extra security checks. Felten
wants to develop
a way to check that these algorithms are fair.
“We're Google! We're larger than
France.”
April 03, 2013
EPIC:
EU Takes Action Against Google for Privacy Policy Meltdown
EPIC: "Data protection agencies in
six European countries have announced enforcement actions against
Google. The agencies acted after Google ignored recommendations to
comply with European data protection law. "It is now up to each
national data protection authority to carry out further
investigations according to the provisions of its national law
transposing European legislation," the French data protection
authority said. The enforcement action follows from Google's
March 2012 decision to combine user data across 60 Internet services
to create detailed profiles on Internet users. Last year, EPIC
sued the Federal Trade Commission to force the FTC to enforce the
terms of a settlement with Google that would have prohibited Google's
changes in business practices. Google's revised privacy policies
also prompted objections from state
attorneys general, members
of Congress, and IT
managers in the government and private sectors. For more
information, see EPIC:
Google Buzz and EPIC:
Enforcement of Google Consent Order."
Virtual everything?
Start
an Online Store With No Skills, No Stuff — And Now No Money
The idea seems so obvious once it
occurs to you: Why don’t I make a comfortable passive income
selling things online? Why, I could even do that kind of work from
the comfort of my own home!
After all, starting an online store
today has become simpler than ever. You don’t need to build a
website or an online shopping cart yourself — a cloud-based company
such as BigCommerce can
handle that for you. Marketing? Try Google
AdWords. Selling? Through Amazon and eBay, I can reach hundreds
of millions of customers with a click.
OK, I’ve got all the computer stuff
covered. But what about the stuff stuff? Don’t worry! A
plug-and-play third-party logistics provider such as ShipWire
will store your inventory in its own warehouses, connect with the
least expensive parcel carriers and send your customers’ packages
on their way. Don’t have anything to sell? Not a problem! Just
decide what you want to sell, connect with a drop
shipper who takes on all the inventory risk and costs for you and
start stumping for clicks!
Video tools
YouTube
doesn’t expose some in-demand features on its website – including
playing videos on repeat, downloading them, automatically enabling HD
mode, and more. You can do all these things, but you’ll need to
know these URL hacks.
Repeat YouTube
Videos
You can use a
variety of websites to repeat a YouTube video, such as
youtuberepeater.com. To repeat any YouTube video, go to the address
bar, change the youtube.com part of the web page address to
youtuberepeater.com, and the video will load on the YouTube Repeater
website, repeating itself every time the video ends. You can even
use the website to specify a custom stop and start time, just in case
you only want to repeat specific parts of the video.
Link Directly
To Times In a Video
To link directly
to a time in a video, simply add &t=#m#s to the end of the URL,
where the first # is a minute and the second # is a second. For
example, to link to the 2:30 point in a video, you’d add &t=2m30s
to the end of the video’s address.
If you don’t
want to remember this trick, you can always use youtubetime.com.
Provide a video address, minute, and second, and it will create the
link for you.
Download
YouTube Videos
To download a
YouTube video, you’ll need to use a third-party website. One
convenient one is pwnyoutube.com, which gives you links to easily
download YouTube videos. While viewing any video on Youtube, change
the youtube.com part of the URL in your address bar to pwnyoutube.com
and the video will open on pwnyoutube.com and give you download
options. You can download the video as an FLV, MP4, or even MP3
audio file.
Automatically
Play Videos in HD Quality
To automatically
play videos back in HD mode, you can install a browser extension.
Whenever you start watching a video, the browser extension will do
the dirty work, automatically enabling your preferred HD video
quality setting for you. Chrome users can use Auto
HD for YouTube, while Firefox users can use the YouTube
High Definition browser extension.
Create Video
Mashups
To do this, use
YouTube Doubler at
youtubedoubler.com. Enter the addresses of two YouTube videos on
the box at the bottom of the page.
Dilbert finally agrees that we need
someone to dictate Internet Manners!
No comments:
Post a Comment