What's the big attraction for hackers? Cosmetic
surgery is rarely covered, so a new face seems out. Do you suppose
it might be that hacking health care is easier?
Now that I know what I’m looking for, I’m
finding more evidence of targeted email attacks affecting members of
Ascension Health. For previous reports on this incident, read here
and here.
On March 16, Sacred Heart Health System
in Florida posted this notice on their site about a breach they
reported to HHS as affecting 14,177 patients:
… On February 2, 2015, we were notified by one of our third-party billing vendors that one of its employee’s e-mail user name and password had been compromised as a result of an e-mail hacking attack. The hacking attack was detected by our billing vendor on December 3, 2014 and the employee’s user name and password were shut down the same day. … After careful review, we were able to determine that the billing vendor’s employee e-mail account contained personal information for approximately 14,000 individuals.
The personal health information in the e-mail account included patient names, date of service, date of birth, diagnosis and procedure, billing account numbers, total charges, and physician name. Approximately 40 individuals’, social security numbers were also compromised. The hackers did not gain access to individual medical records or billing records.
If Sacred Heart Health System is our fourth entry
for the list, then St. Mary’s Health in Indiana is
the fifth. Their breach affected 3,952 patients. The notice on
their web site reads, in part:
On December 3, 2014, St. Mary’s learned that several employees’ user names and passwords had been compromised as a result of an e-mail hacking attempt. It immediately shut down the user names and passwords and launched an investigation into the matter. After careful review, St. Mary’s learned on January 8, 2015, that employee e-mail accounts subject to the hacking attempt contained some personal information for approximately 4,400 individuals. [A month to find out what was in the email accounts of their employees? Shame. Bob]
The personal health information in the e-mail account included patient name, date of birth, gender, date of service, insurance information, limited health information and, in some cases, social security numbers. The hackers did not gain access to individual medical records or billing records.
Come on educators, it's not that hard to Google
“password best practices." It's even easier than findong
someone who knows what they are doing when it comes to security!
Melissa Stern reports:
A metro mom says some students have taken cyberbullying to a whole new level. Her daughter is the victim, and she says school-issued technology is to blame.
Amy Laughlin says school-issued iPads at Belton Middle School have become more problematic than useful. Her daughter in the seventh grade says she’s receiving bullying emails on her iPad from someone hacking into other students’ accounts.
Read more on Fox4kc.com.
The “hacking” was
facilitated by the fact that a generic password had been issued to
the students with the iPads, and many students hadn’t changed their
passwords, it seems.
“One of the first things we`ve done is have our students set up a different username or password or both,” the Superintendent explained.
The superintendent also said they remind students to keep their passwords private. The district is working on character education in class, and tracking down students using the iPads inappropriately.
I hope they educate the students that posing as
someone else could run them afoul of the law, even if they’re not
posing as someone else to harass people.
(Related) Apparently, this is not limited to
educators. Where is management?
Happy
birthday! Now anyone can login to your Betfair account
I’m not often astounded by the woefulness of a
security practice any more, but every now and then there’s a
notable exception. Take this one, for example:
@BetfairHelpdesk Is it
right that all one needs to change their password is their username
and date of birth?
Yes, that’s exactly what it looks like and just
for the sake of posterity should those Betfair responses be removed,
Paul captured the discussion here.
Now before we go on, do read that discussion in its entirety because
context is important here.
For my Computer Security students. Note that it
does not have to be your company that fails. How would you detect
and reverse this?
Social
Engineering: Attackers' Reliable Weapon
It
begins with a baited hook.
It
could be a link posted on social media that appears to lead to a
subject of interest. It could be the sudden arrival of an emailed
invoice. Whatever
the ploy, social engineering is the opening salvo in targeted
attacks against organizations all over the world. Sometimes, the
social engineering begins with an email. Other times it may involve
Facebook, and other times it may begin with a phone call.
That
last scenario was found to be the case in the recent attack on Tesla
Motors. A Tesla spokesperson
told SecurityWeek
that
a
hacker posed as a Tesla employee, called AT&T customer support
and tricked them into forwarding calls to an illegitimate phone
number.
At that point, the impostor contacted the domain registrar company
that hosts teslamotors.com, Network Solutions, and using the
forwarded number, added a bogus email address to the Tesla domain
admin account.
According
to the spokesperson, the impostor then reset the password of the
domain admin account, routed most of the site's traffic to a spoofed
website and temporarily gained access to the Twitter accounts of both
the company and its CEO Elon Musk.
(Related)
Websense Employees Targeted With Fake Raytheon Acquisition Emails
US
defense contractor Raytheon announced earlier this month that it’s
prepared to acquire
network security firm Websense in a $1.9 billion deal. Malicious
actors have leveraged this announcement in an attempt to trick
Websense employees into installing a piece of malware on their
computers.
According
to Websense, malicious emails with the subject line “Welcome to
join Raytheon” started landing in employees’ inboxes on April 23,
just three days after the announcement was made. The body of the
emails read, “Welcome to join Raytheon. The password is 123qwe.”
An
interesting question. Now videos stream in real time, can be sent to
your lawyer's server as you record, and can be made by very small
(not easily recognized) devices.
What to Say
When the Police Tell You to Stop Filming Them
First of all, they shouldn’t ask.
“As a basic principle, we can’t tell you to
stop recording,” says Delroy Burton, chairman of D.C.’s
metropolitan police union and a 21-year veteran on the force. “If
you’re standing across the street videotaping, and I’m in a
public place, carrying out my public functions, [then] I’m subject
to recording, and there’s nothing legally the police officer can do
to stop you from recording.”
“What you don’t have a right to do is
interfere,” he says. “Record from a distance, stay out of the
scene, and the officer doesn’t have the right to come over and take
your camera, confiscate it.”
Officers do have a right to tell you to stop
interfering with their work, Burton told me, but they still aren’t
allowed to destroy film.
Food for thought, students!
The Pros
and Cons of Cloud Computing
… not everyone is on board with this idea.
For every person extolling the benefits of cloud computing, there's
an opponent with an equally powerful risk or disadvantage. With so
many differing opinions, how can you possibly decide what to do?
Let's take a look at the major pros and cons of cloud computing.
Philosophy for geeks? (Notice that he says
“When,” not “If.”)
What
happens when our computers get smarter than we are?
Artificial intelligence is getting smarter by
leaps and bounds — within this century, research suggests, a
computer AI could be as "smart" as a human being. And
then, says Nick Bostrom, it will overtake us: "Machine
intelligence is the last invention that humanity will ever need to
make." A philosopher and technologist, Bostrom asks us to think
hard about the world we're building right now, driven by thinking
machines. Will our smart machines help to preserve humanity and our
values — or will they have values of their own?
I'd say this was Baksheesh, but I can't spell
Baksheesh.
Google aims
to transform European newsrooms
Google will give €150 million (US$163 million)
to European publishers and digital journalism startups in the next
three years as part of a wider package that aims
to support the news sector...
… Google’s fund is
similar to a €60 million fund set up to settle a dispute with
French publishers in 2013 over lost revenue, and to prevent a
proposed “link tax” that would make Google pay to republish news
snippets.
Perspective. I was guessing $0.99 per pound.
The Market
for Lawyers Revisited
by Sabrina
I. Pacifici on Apr 27, 2015
Spurr, Stephen J., The Market for Lawyers
Revisited (January 10, 2015). Available for download at SSRN:
http://ssrn.com/abstract=2599026
“This paper examines the changes in the market
for lawyers in the United States over several decades. Reviewing
data from 1981 through 2012, we find that the quality of entrants to
this market, as measured by the rate of attrition from law schools
and mean scores on the Multistate Bar Exam, is highly responsive to
the demand for legal services. Analyzing earnings of lawyers, we
find that females earn substantially less than males, Blacks earn
less than those of other ethnic backgrounds, and the disparity
increases over the life cycle. There is also evidence that because
of the decline of entrants to the profession, the share of older
lawyers has increased, reducing the premium paid for experience.
Finally, we examine the trend in inequality in lawyers’ earnings,
and find that it has increased substantially over the period of our
data.”
Perspective. New terms, same strategy? BiModal?
BYOT? Historically, IT has been very slow to acknowledge – let
alone attempt to integrate – new technologies. (For years, PCs
were “not real computers.”)
How to Keep
BYOT out of Bimodal IT Strategy
According
to Gartner, by 2017 75 percent of IT organizations will have gone
bimodal in some way. This shift reflects the growing need for
businesses to deploy a
modern mobile platform that encourages business user
participation in the development process, with
the full support and oversight of the IT organization.
… With BYOT (Bring Your Own Tool) there is a
risk that users from different parts of the business will download
their own tools and develop their own apps without IT’s
involvement. This "rogue IT" approach can result in risks
to data security and other corporate governance issues and should be
avoided. In addition, this fragmented approach results in a
lack of consistency across the organization, with assets
and skills that can’t be leveraged across the business.
Perspective. I'm still trying 40 years later.
Teenager
Stuns Fellow Geeks By Solving Rubik's Cube In Record 5.25 Seconds
For my Math students.
… On the GeoGebra
YouTube channel you will find more 200 video tutorials. If
you're just starting out with GeoGebra on your desktop or tablet, the
GeoGebra quickstart videos will be of use to you. The videos are
silent, but the visuals are clear.
For my Statistics students. (There's nothing like
a good argument before I pull out some facts.)
… When I found that upsets are
much less common in the NCAA women’s tournament than in the
men’s, my mind jumped to what seemed like a logical explanation:
Perhaps the lack of upsets is caused by a lack of depth in the
women’s game.
In particular, teams like the epically
dominant University of Connecticut Huskies — newly minted
winners of their third straight national title and the 10th of Coach
Geno Auriemma’s reign — must be able to win so much because they
get all the best players from a shallow talent pool. Even many who
love
and defend women’s basketball often judge it a little
differently than men’s, on the presumption that it’s a less
mature sport.
… And it would make sense if there were any
truth to the notion that women’s basketball is less talented.
But it isn’t. As it turns out, not only is
women’s college basketball as strong and deep in college-age talent
as the men’s game, but for the rarest talent, it is significantly
more so.
My students and I are trying to understand social
networks and how to use them.
50
Companies That Get Twitter – and 50 That Don’t
Corporate tweeters need to know that they aren’t
just promoting a brand or solving a problem: they are performing for
an audience, supporting customers throughout their journey, and even,
subtly, selling. The best, like American Airlines, make
it feel natural. They have given their social media staff a
clear mission and a great deal of autonomy; the account’s managers
chat with customers, offer up front to solve problems, and empathize
with frustrated travelers.
But the worst have exported their old tricks to
new media. Entirely devoid of empathy, their accounts might as well
be run by robots. Starbucks simply redirects queries to an email
address—with a grating exclamation point to add insult to injury.
At least that’s better than the 70%
of companies that plainly ignore complaints on Twitter.
This matters. Social media isn’t merely a place
for people to chat with each other and for brands to talk at their
customers. For a new generation of consumers who get their news and
form their views about the world primarily on social media, it is an
essential proving ground. A witty comment or botched response on
Twitter can travel to Facebook and even news websites in minutes
(think of the Oreo
tweet during the Superbowl blackout of 2013). But a single
miscalculated remark can cascade into an avalanche of disapproval
No comments:
Post a Comment