A video for my Computer
Security students (and all my other students)
Perhaps a long hunting
season?
Will Weissert of AP
reports:
A
hobbyist using a remote-control airplane mounted with a digital
camera just happened to capture images last year of a Dallas creek
running red with pig’s blood. It led to a nearby meatpacking plant
being fined for illegal dumping and two of its leaders being indicted
on water pollution charges.
Yet,
a Texas law that took effect Sept. 1 tightened rules not on polluters
but on taking such photographs, an effort to better protect private
property from drone surveillance.
Read more on Lake
Wylie Pilot.
Lets call it
“eSurveillance.”
Nate Anderson reports:
Recent
leaks about the NSA’s Internet spy programs have sparked renewed
interest in government surveillance, though the leaks touch largely
on a single form of such surveillance—the covert one. But
so-called “open source intelligence” (OSINT) is also big
business— and not just at the national/international level. New
tools now mine everything from “the deep Web” to Facebook posts
to tweets so that cops and corporations can see what locals are
saying. Due to the sheer scale of social media posts, many tools
don’t even aim at providing a complete picture. Others do.
For
instance, consider BlueJay,
the “Law Enforcement Twitter Crime Scanner,” which provides
real-time, geo-fenced access to every single public tweet so that
local police can keep tabs on #gunfire, #meth, and #protest (yes,
those are real examples) in their communities. BlueJay is the
product of BrightPlanet, whose tagline is “Deep Web Intelligence”
and whose board
is populated with people like Admiral
John Poindexter of Total
Information Awareness infamy.
Read more on Ars
Technica.
[Here's how to do
it:
[This one is free:
Trendsmap
“Oh, is that still
legal? We gotta fix that.” (Sort of like the new Kim Dotcom site)
Jon Brodkin reports:
After
eight years of existence, file sharing service Box has built a huge
user base—claiming 180,000 businesses, including 97 percent of the
Fortune 500—by offering cloud storage and collaboration tools with
top-notch security and regulatory compliance.
But
while Box may be resistant to most criminal hackers, like most cloud
storage companies, it must provide the government with customer data
when it is forced to. For the vast majority of Box customers, that
isn’t likely to change. However, the company is developing a
system for the most security-conscious customers in which even Box
management would not be able to decrypt user data—making it
resistant to requests from the National Security Agency.
Read more on Ars
Technica.
File this one under
“What could possibly go wrong?”
Here’s a situation in
which there’s clearly been a privacy breach, but the privacy issues
may actually be the least of the patients’ problems.
Heather Graf reports
that a former patient at the Carol Milgard Breast Center has filed a
complaint after discovering three other patients’
records were mixed in with her own, raising questions of
the potential for medical/treatment mistakes as well as privacy and
confidentiality issues. Out of 900 pages in the patient’s medical
records, 141 pages belonged to other patients.
During
a deposition of the clinical supervisor of the Carol Milgard Breast
Center, Tsuru’s attorneys say the clinical supervisor admitted to
the error.
When
asked if they’d ever had troubles or issues in regards to the
electronic records, the clinical supervisor had this response:
“When
they did our conversion from Zotec to the RIS, they changed the way
they were doing the medical record numbers. And so it caused a
migration issue for when the new system was brought up, sometimes
patients’ records, especially scanned documents, ended up in the
wrong place.”
Deutscher
says the mistake dates back to September of 2012, and could
potentially impact every patient ever treated at the facility. She
also says the staff there has made no attempt to fix the problem.
Read more on KING5.
Although the story keeps the local color by talking about what the
state might do, I’m pondering what HHS might do. If there are less
than 500 patients involved, we won’t see this one on the breach
tool, and I suspect their investigation will not be completed in 6
months or less like the state’s, but this is a good one to follow.
And I wonder how many entities have had similar breaches due to
glitches during conversion or digitizing of records. Now
that you think about it, aren’t you surprised that we haven’t
seen more media stories about this type of problem?
(Related) Same
category... The Doctor-Patient relationship is like Attorney-Client,
right?
Tom Sullivan writes:
As
a self-described “rabble rouser” Brian Ahier plans to ask his
doctor to send a medical record to a free e-mail account, if only to
see what happens, after the omnibus HIPAA Final Rule on Privacy and
Security kicks in.
“It’s
obviously not the biggest thing in the omnibus rule but it’s there,
relatively unknown,” Ahier, founder of Advanced Health Information
Exchange Resources (AHIER) said. “And that makes it incredibly
interesting.”
Read more on Government
HealthIT.
I’ve always cautioned
patients about the risks of e-mail but have always sent to whatever
e-mail address they provide, so for me, this will be nothing new or
different.
Descendants of Ned
Ludd? I would have thought they would happily give management the
finger...
Jasper Hamill reports:
Cleaners
working on the London Underground will resort to industrial action
this week in protest against the introduction of a controversial
biometric clocking-in system.
Starting
at just after midnight on Thursday morning, “up to 300 cleaners”
will join in the action by refusing to scan their fingerprints every
time they clock on for work, said the union. Their decision will set
the workers on a collision course with ISS, the Danish firm which
employs them.
Read more on The
Register. It seems that the cleaners are citing
human dignity concerns and not pointing to any data
protection or data security concerns. But maybe if we give them
time…..
Something for my
Ethical Hackers to recreate?
Kashmir Hill reports:
After
spotting a police car with two huge boxes on its trunk — that
turned out to be license-plate-reading cameras — a man in New
Jersey became obsessed with the loss of privacy for vehicles on
American roads. (He’s not
the only one.) The man, who goes by the Internet handle “Puking
Monkey,” did an analysis of the many ways his car could be tracked
and stumbled upon something rather interesting: his E-ZPass, which he
obtained for the purpose of paying tolls, was being used to track his
car in unexpected places, far away from any toll booths.
Read more on Forbes.
[From
the article:
A spokesperson for the
New York Department of Transportation, Scott Gastel, says the E-Z
Pass readers are on highways across the city, and on streets in
Manhattan, Brooklyn and Staten Island, and have been
in use for years. The city uses the data from the readers
to provide real-time traffic information, as for
this tool. The DoT was not forthcoming about what exactly was
read from the passes or how long geolocation information from the
passes was kept. Notably, the fact that E-ZPasses will be used as a
tracking device outside of toll payment, is not disclosed anywhere
that I could see in
the terms and conditions.
Perspective Perhaps we
don't need a dedicated data line?
Pew
– Cell Internet Use 2013
“63% of adult cell
owners now use their phones to go online, a figure that has doubled
since we first started tracking internet usage on cell phones in
2009. In addition, 34% of these cell internet users say that they
mostly go online using their cell phone. That means that 21% of all
adult cell owners now do most of their online browsing using their
mobile phone—and not some other device such as a desktop or laptop
computer.”
(Related) Smart ways
to use your Smartphone...
How
to Automatically Download Anything to Your Android Device
… But it’s often
a good idea to automatically download the stuff you want ahead of
time.
Your Android device can
fetch the content you want to view while it’s charging and on
Wi-Fi, saving you valuable battery power and mobile data.
I have to spend more
time with this App...
Turn
Evernote Into An RSS Reader In A Few Easy Steps
For my students.
A
'fancy' serial number can make a $1 bill worth thousands
… At
CoolSerialNumbers.com,
Nashville musician and currency collector Dave
Undis brings together like-minded digit-heads who have little
interest in the history of money or even the denomination of a given
note. Instead they are after certain patterns and series that fall
under the flexible heading of “fancy”
serial numbers.
Low serial numbers,
from 00000001 to 00000100, are sought after, as well as palindromes
(23599532), solids (with a digit that repeats eight times),
seven-of-a-kinds (66666665), ladders (45678901) and important dates
(12071941). The criteria get even more obscure from there: Undis
is seeking a pi note, with the number 31415927. But the more
apparently jumbled the digits, the less likely it is that anyone with
the bill in their wallet will ever notice.
For my Statistics
students. Fun with numbers, but the answer is still Never!
According
To Math, Here's When You Should Buy A Powerball Ticket
No comments:
Post a Comment