Thursday, December 31, 2015

slight paranoia: October 2006

slight paranoia: October 2006

Soghoian and the airline boarding passes

Soh goy an

http://paranoia.dubfire.net/2006_10_01_archive.html?m=1

5 Big Developments in Privacy Class Actions in 2015, and 3 to Look for in 2016 | Data Privacy MonitorData Privacy Monitor

5 Big Developments in Privacy Class Actions in 2015, and 3 to Look for
in 2016 | Data Privacy Monitor

http://www.dataprivacymonitor.com/data-breaches/significant-developments-in-privacy-class-actions-in-2015-and-what-to-watch-for-in-2016/

Street gangs migrate from drugs to white-collar crimes - The Dispatch

Street gangs migrate from drugs to white-collar crimes - The Dispatch

http://www.cdispatch.com/news/article.asp?aid=47242

How does the Cybersecurity Act of 2015 change the Internet surveillance laws? - The Washington Post

How does the Cybersecurity Act of 2015 change the Internet
surveillance laws? - The Washington Post

https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/12/24/how-does-the-cybersecurity-act-of-2015-change-the-internet-surveillance-laws/

‘Donald Trump totally thinks I’m a Muslim’: Atheist hammers Trump on proposed Muslim ban

'Donald Trump totally thinks I'm a Muslim': Atheist hammers Trump on
proposed Muslim ban

http://www.rawstory.com/2015/12/donald-trump-totally-thinks-im-a-muslim-atheist-hammers-trump-on-proposed-muslim-ban/

Spying on Congress and Israel: NSA Cheerleaders Discover Value of Privacy Only When Their Own Is Violated

Spying on Congress and Israel: NSA Cheerleaders Discover Value of
Privacy Only When Their Own Is Violated

https://theintercept.com/2015/12/30/spying-on-congress-and-israel-nsa-cheerleaders-discover-value-of-privacy-only-when-their-own-is-violated/

Thursday, December 24, 2015

Android IMSI-Catcher Detector by SecUpwN

Android IMSI-Catcher Detector by SecUpwN

https://secupwn.github.io/Android-IMSI-Catcher-Detector/#

Security Camera or Pet Monitor? Vimtag Has a Hybrid Solution! - TechAcute

Security Camera or Pet Monitor? Vimtag Has a Hybrid Solution! - TechAcute: "What’s maybe the most interesting thing about the Vimtag FI-361 HD is surely the remote viewing support. You just have to install the camera in one of the nearby locations that you want to monitor, and once that is done you can access a remote feed via your phone. "



'via Blog this'

Prevalence of 845G>A HFE mutation in Slavic populations: an east-west linear gradient in South Slavs

Prevalence of 845G>A HFE mutation in Slavic populations: an east-west
linear gradient in South Slavs.

http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3118720/

Wednesday, December 23, 2015

Juniper Networks security flaw may have exposed US government data | Technology | The Guardian

Juniper Networks security flaw may have exposed US government data | Technology | The Guardian: Two security flaws that lay undiscovered in Juniper Networks’ widely used corporate virtual private network (VPN) software for three years could have exposed sensitive informative to foreign governments or criminal groups, researchers have said.

IRS Transcript Site

...is crazy stupid picky about your address.



https://sa.www4.irs.gov/irfof-tra/start.do


Data Protection Act | Get Safe Online

Data Protection Act | Get Safe Online: The Data Protection Act (DPA) protects the privacy and integrity of data held on individuals by businesses and other organisations. The act ensures that individuals (customers and employees) have access to their data and can correct it, if necessary. It is enforced by the Information Commissioner’s Office (ICO), which has responsibility for overseeing the Freedom of Information Act and the regulation of interception of communications under the Regulation of Investigatory Powers Act 2000 (RIPA).

Federal Agency Data Protection Act (2008; 110th Congress H.R. 4791) - GovTrack.us

Federal Agency Data Protection Act (2008; 110th Congress H.R. 4791) - GovTrack.us: 6/3/2008--Passed House amended.Federal Agency Data Protection Act - Section3 - Defines "personally identifiable information" as any information about an individual maintained by a federal agency, including information about the individual's ... Read more >

Mod5: Data protection in Germany: overview

PLC - Data protection in Germany: overview: Apart from the general data protection laws there are sector-specific regulations at both state and federal level that provide data protection requirements.



Use as example 'relative' to the U.S.

Weak encryption won't defeat terrorists –�but it will enable hackers | Trevor Timm | Opinion | The Guardian

Weak encryption won't defeat terrorists –�but it will enable hackers | Trevor Timm | Opinion | The Guardian: Bizarrely, Comey told the Senate that whether or not tech companies decide to introduce backdoors in their encryption is “not a technical issue” but it’s a “business model question”. That’s a strange thing to say since a large group of the world’s leading computer scientists wrote a paper explaining that it is a technical issue, and that you can’t create a backdoor without making everyone’s communications more vulnerable to all sorts of hackers, whether they be private criminal elements or foreign governments.

China's Social Credit System: The most disturbing tech story of 2015

China's Social Credit System: The most disturbing tech story of 2015

"history has shown that such fears are prudent, whether we're talking
about China, the United States, or any other government or large
organization."
http://www.networkworld.com/article/3017417/security/china-scs-social-credit-system-most-disturbing-tech-story-of-2015.html

Weak encryption won't defeat terrorists but it will enable hackers | Trevor Timm | Opinion | The Guardian

Weak encryption won't defeat terrorists but it will enable hackers | Trevor Timm | Opinion | The Guardian: Bizarrely, Comey told the Senate that whether or not tech companies decide to introduce backdoors in their encryption is “not a technical issue” but it’s a “business model question”. That’s a strange thing to say since a large group of the world’s leading computer scientists wrote a paper explaining that it is a technical issue, and that you can’t create a backdoor without making everyone’s communications more vulnerable to all sorts of hackers, whether they be private criminal elements or foreign governments.

Facebook Threatens Security Researcher With Legal Action Over Instagram Vulnerability: - News Independent

Facebook Threatens Security Researcher With Legal Action Over Instagram Vulnerability: - News Independent: “Despite all efforts to follow Facebook’s rules, I was now being threatened with legal and criminal charges, and it was all being done against my employer,” Wineberg wrote in his blog. Announced in 2011, Facebook Bug Bounty Program offers a minimum of $500 to anyone who reports security vulnerabilities on Facebook website.

A Few Thoughts on Cryptographic Engineering: On the Juniper backdoor

A Few Thoughts on Cryptographic Engineering: On the Juniper backdoor: Because what Ralf and Steve et al. found is beyond belief. Ralf's excellent post provides all of the technical details, and you should honest just stop reading now and go read that.

Sunday, December 20, 2015

The security laws, regulations and guidelines directory | CSO Online

Another list...

http://www.csoonline.com/article/2126072/compliance/the-security-laws--regulations-and-guidelines-directory.html

United States Data Privacy Laws

Handy list...

http://www.informationshield.com/usprivacylaws.html

Business Email Compromise Attacks Rapidly Evolving

Business Email Compromise Attacks Rapidly Evolving: "Business email compromise attacks, also known as "masquerading" or invoice scams, are becoming more sophisticated and pervasive, and small businesses are the primary targets, says Joseph Opacki, vice president of threat research at security firm PhishLabs."



'via Blog this'

Evolving Microsoft SmartScreen to protect you from drive-by attacks | Microsoft Edge Dev Blog

Evolving Microsoft SmartScreen to protect you from drive-by attacks | Microsoft Edge Dev Blog: "Microsoft SmartScreen, integrated with Microsoft Edge, Internet Explorer, and the Windows operating system, has helped protect users from socially engineered attacks such as phishing and malware downloads since its initial release in Internet Explorer 7"



'via Blog this'

Pentagon weighs cybercampaign against Islamic State - LA Times

Pentagon weighs cybercampaign against Islamic State - LA Times

Righteous malware!

http://www.latimes.com/world/la-fg-cyber-isis-20151220-story.html

Cybersecurity touches clients, staff in finserv

For Jeff...

http://www.investmentnews.com/article/20151220/FREE/151219912/cybersecurity-touches-clients-staff

Saturday, December 19, 2015

Shorter Devin Nunes: There Are Privacy-Violating Covert Counter-Terrorism Programs We’re Hiding | emptywheel

Shorter Devin Nunes: There Are Privacy-Violating Covert
Counter-Terrorism Programs We're Hiding | emptywheel

https://www.emptywheel.net/2015/12/02/shorter-devin-nunes-there-are-privacy-violating-covert-counter-terrorism-programs-were-hiding/

Under CISA, Would Wyndham Be Able To Pre-empt FTC Action? | emptywheel

Under CISA, Would Wyndham Be Able To Pre-empt FTC Action? | emptywheel

https://www.emptywheel.net/2015/08/24/under-cisa-would-wyndham-be-able-to-pre-empt-ftc-action/

Otis Redding - Live on the Sunset Strip - CD!

Otis Redding - Live on the Sunset Strip - Amazon.com Music:

This is the first time the recordings have been released as a complete package and the songs are sequenced exactly as they went down, complete with an emcee and spoken introductions by Redding. Booklet features rare photographs as well as extensive liner notes by Ashley Kahn, author of music biographies and a contributor to NPR's Morning Edition.

Also: Live in London and Paris

New Malware Declines in Q3 but Macros and Ransomware Flourish - Infosecurity Magazine

Triage...

http://www.infosecurity-magazine.com/news/new-malware-declines-q3-macros-1/#.VnAkEozbLUA.twitter

"cybersecurity act of 2015" - Google Search

Use the pdf links instead of dropbox...

https://www.google.com/search?q=cybersecurity&oq=%22cybers&aqs=chrome.1.69i57j0l3.6828j0j4&client=tablet-android-google&sourceid=chrome-mobile&ie=UTF-8#num=30&q=%22cybersecurity+act+of+2015%22

Study: 50 percent of patients withhold information from their doctor | NueMD Industry News

http://www.nuemd.com/news/2014/12/19/study-50-percent-patients-withhold-information-their-doctor

Calculators: Life Expectancy 84.3

84.3 and rising!

https://www.ssa.gov/planners/lifeexpectancy.html

Friday, December 18, 2015

CISA Is Now The Law: How Congress Quietly Passed The Second Patriot Act | Zero Hedge

CISA Is Now The Law: How Congress Quietly Passed The Second Patriot Act | Zero Hedge: the second Patriot Act will be the law, and with it what little online privacy US citizens may enjoy, will be gone.

3DR Solo Drone Black SA11A - Best Buy

3DR Solo Drone Black SA11A - Best Buy



Wow, what a price point!



Carries a GoPro.

Shedding Some Light on the Problem of Medical Data Loss | Healthcare Informatics Magazine | Health IT | Information Technology

Shedding Some Light on the Problem of Medical Data Loss | Healthcare Informatics Magazine | Health IT | Information Technology: "According to the study, external “actors” were behind a large number of PHI breaches (903), yet internal “actors” were responsible for 791 incidences, followed by partners with 122 incidences."



'via Blog this'

Could this 14,000-year-old bone belong to an archaic human species? - CSMonitor.com

Could this 14,000-year-old bone belong to an archaic human species? -
CSMonitor.com

http://m.csmonitor.com/Science/2015/1217/Could-this-14-000-year-old-bone-belong-to-an-archaic-human-species

FBI has lead in probe of 1.2 billion stolen Web credentials: documents | Reuters

FBI has lead in probe of 1.2 billion stolen Web credentials: documents | Reuters: "The court papers were filed in support of a search warrant the FBI sought in December 2014 and that was executed a month later related to email records.

"



'via Blog this'

Wednesday, December 16, 2015

Why are Mastercard Inc and Visa Inc Likely to Feel the Heat

Why are Mastercard Inc and Visa Inc Likely to Feel the Heat

http://www.businessfinancenews.com/26805-why-are-mastercard-inc-and-visa-inc-likely-to-feel-the-heat/

Nearly 1 in 5 health data breaches take years to spot, says Verizon • The Register

Nearly 1 in 5 health data breaches take years to spot, says Verizon •
The Register

http://www.theregister.co.uk/2015/12/16/verizon_health_breaches_survey/

Verizon report finds 90% of industries suffer a PHI breach | Healthcare Dive

Verizon report finds 90% of industries suffer a PHI breach | Healthcare Dive

http://www.healthcaredive.com/news/verizon-report-finds-90-of-industries-suffer-a-phi-breach/410867/

Lawyers Break Down 2016 HIPAA Audits, Connected Devices

Lawyers Break Down 2016 HIPAA Audits, Connected Devices

http://healthitsecurity.com/news/lawyers-break-down-2016-hipaa-audits-connected-devices

What Donald Trump and dying white people have in common - The Washington Post

What Donald Trump and dying white people have in common - The Washington Post

https://www.washingtonpost.com/news/wonk/wp/2015/12/15/what-donald-trump-and-dying-white-people-have-in-common-2/

Endothelin and erectile dysfunction: a target for pharmacological intervention? - PubMed - NCBI

Really?

http://www.ncbi.nlm.nih.gov/pubmed/15991927

Monday, December 14, 2015

SMART on FHIR

SMART on FHIR: SMART on FHIR is a set of open specifications to integrate apps with Electronic Health Records, portals, Health Information Exchanges, and other Health IT systems. You get...

LA and San Diego leads cities in solar energy production

For its size, San Diego produces more solar power than any other city. Many open air parking lots now have solar panels. Some housing estates have solar on all roofs.

http://www.scpr.org/news/2014/04/10/43425/la-leads-cities-in-solar-energy-production/

Love .... Stephen
From My iPhone

San Diego leads California in solar installations

Since 2009: San Diego leads California in solar installations |
SanDiegoUnionTribune.com

http://www.sandiegouniontribune.com/news/2009/jul/16/1m16solar001246-city-leads-california-solar-instal/?metro

Top 16 U.S. Cities For Solar Power - Forbes

Top 16 U.S. Cities For Solar Power - Forbes

http://www.forbes.com/sites/williampentland/2015/05/22/top-16-u-s-cities-for-solar-power/

Sunday, December 13, 2015

What lies beneath? The top cyber security trends of 2015 | ITProPortal.com

What lies beneath? The top cyber security trends of 2015 | ITProPortal.com

http://www.itproportal.com/2015/12/12/what-lies-beneath-the-top-cyber-security-trends-of-2015/

FossilFinder.org is cool!

FossilFinder.org

http://www.fossilfinder.org/

IoT info

Worth checking...

http://www.ptc.com/internet-of-things/harvard-business-review/download-article-2?utm_source=twitter.com%20paid&utm_medium=social&utm_campaign=CB%20EN%20HBR%202&utm_content=CB_EN_HBR_2-twitter.com_paid-social-HBR2_downloadpage-WW-1548&cl1=CB_EN_HBR_2-twitter.com_paid-social-HBR2_downloadpage-WW-1548&cmsrc=twitter.com%20paid&cid=701F0000000xMyeIAE&elqCampaignId=1331

Privacy Not Included: Federal Law Lags Behind New Tech

Privacy Not Included: Federal Law Lags Behind New Tech: "A 2009 law called on HHS to work with the Federal Trade Commission — which targets unfair business practices and identity theft — and to submit recommendations to Congress within a year on how to deal with entities handling health information that falls outside of HIPAA. Six years later, however, no recommendations have been issued."



'via Blog this'

UK online fraud losses higher than realised, University study suggests | Security | Techworld

UK online fraud losses higher than realised, University study suggests | Security | Techworld: "In the Centre for Cyber Security’s initial survey of 1,500 people using Google Customer Surveys, 11.6 percent reported computer fraud losses in excess of more than £65 ($100), although the majority of the rest lost only trivial amounts."



'via Blog this'

USDA awards $23.4 million in grants to rural telemedicine projects - FierceHealthIT

USDA awards $23.4 million in grants to rural telemedicine projects - FierceHealthIT: "The U.S. Department of Agriculture has awarded $23.4 million in grants to 75 projects across 31 states as part of its USDA Rural Development's Distance Learning and Telemedicine program, according to an announcement."



'via Blog this'

Saturday, December 12, 2015

Hundreds of thousands of engine immobilisers hackable over the net • The Register

Hundreds of thousands of engine immobilisers hackable over the net • The Register: "Kiwi hacker Lachlan Temple has found holes in a popular cheap car tracking and immobilisation gadget that can allow remote attackers to locate, eavesdrop, and in some cases cut the fuel intake to hundreds of thousands of vehicles, some while in motion."



'via Blog this'

San Diego-led lawsuits against Monsanto

Risk assessment data point

http://www.sandiegouniontribune.com/news/2015/dec/11/monsanto-pcbs-san-diego-bay-cleanup-gomez-lawyers/

Leveraging the Analog Domain for Security (LADS)

Leveraging the Analog Domain for Security (LADS)

http://www.darpa.mil/program/leveraging-the-analog-domain-for-security

HPE Matter | Gazing Into the Crystal Ball: Predicting 2016 Security Concerns

HPE Matter | Gazing Into the Crystal Ball: Predicting 2016 Security Concerns

https://www.hpematter.com/issue-no-7-fall-2015/gazing-crystal-ball-predicting-2016-security-concerns

Gout food guide

Yes: 
Fruits
Nuts
Vegetables
Whole grains
Complex carbohydrates
Vitamin C
Water
Coffee
Cherries
Eggs
Dairy
Lean meat
Ham
Chicken
Pork
Rabbit
Oysters
Crab
Shrimp
Halibut
Salmon
Tuna canned
Flounder
Sole
Catfish

No:
Herring
Sardines
Mussels
Marmite
Liver
Kidney
Anchovies
White bread
High-fructose corn syrup
Red meats
Goose
Turkey
Veal
Venison
Bacon
Scallops
Cod
Trout
Haddock
Mackerel
Tuna fresh




Matthew Fort on gout | Life and style | The Guardian

Matthew Fort on gout | Life and style | The Guardian: "The following have a high purine content (of more than 150g) and should therefore be avoided:

Fish and seafood: sardines, herring, mussels.
Meat: heart, meat extract, yeast."



'via Blog this'

Sunday, December 6, 2015

RRI: empty toolbox or opportunity to seize? | The Trovatist

RRI: empty toolbox or opportunity to seize? | The Trovatist

https://chanceseeking.wordpress.com/2015/08/24/rri-empty-toolbox-or-opportunity-to-seize/

Rainer Böhme - Google Scholar Citations

Rainer Böhme - Google Scholar Citations

Amazing scores...

https://scholar.google.de/citations?user=ez_Q6GMAAAAJ&hl=de

Univ.-Prof. Dr. Rainer Böhme – Security and Privacy Lab – University of Innsbruck

Univ.-Prof. Dr. Rainer Böhme – Security and Privacy Lab – University
of Innsbruck

Check out the publications...

http://informationsecurity.uibk.ac.at/people/rainer-boehme/

SEC Consult: House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide

SEC Consult: House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide: In some cases this behaviour can be attributed to a vendor's insecure default configuration. An example is Ubiquiti Networks, who have remote management enabled by default in most products.



For CC project?

GCHQ and data protection commission - Google Scholar

GCGQ and privacy...

https://scholar.google.com/scholar?start=20&q=gchq+data+protection+commission&hl=en&as_sdt=0,5

NSA Surveillance Programs New Limitations - Fortune

Commercial retention factor:

http://fortune.com/2015/12/05/nsa-surveillance-programs-new-limitations/

security triage - Google Search

https://www.google.com/search?q=estonia+skype&ie=utf-8&oe=utf-8#q=security+triage

Useful refs

NSA Surveillance Programs New Limitations - Fortune

NSA Surveillance Programs New Limitations - Fortune

http://fortune.com/2015/12/05/nsa-surveillance-programs-new-limitations/

Saturday, December 5, 2015

Jimmy's Famous Seafood - Home

Jimmy's Famous Seafood - Home

Crab cakes for Christmas?

http://www.jimmysfamousseafood.com/

White House to Establish Privacy Council - Infosecurity Magazine

White House to Establish Privacy Council - Infosecurity Magazine: "“The digital economy has changed how citizens interact with their government. With the click of a button, you can gain information about a job, receive health insurance, qualify for a student loan, seek immigration services or veterans’ benefits or file your taxes. This digital revolution creates enormous opportunities for our ability to search, connect and discover, but it also creates enormous challenges for our economy and our people.”"



'via Blog this'

Silicon Valley just had a 'binders full of women' moment - CNET

Silicon Valley just had a 'binders full of women' moment - CNET: ""I know there are many remarkable women who would flourish in the venture business," he said"



'via Blog this'

GCHQ admits to hacking in court, says hacking helps stop terror attacks - SC Magazine

GCHQ admits to hacking in court, says hacking helps stop terror attacks - SC Magazine: "GCHQ has admitted for the first time that it has hacked computers, smartphones, and networks in the UK and abroad."



'via Blog this'

Friday, December 4, 2015

Lahey Hospital pays $850,000 over security breach, potential HIPAA violations

Lahey Hospital pays $850,000 over security breach, potential HIPAA violations: "Lahey Hospital and Medical Center has settled with the U.S. Department of Health and Human Services' Office for Civil Rights for potential HIPAA violations related to lax security.

The nonprofit teaching hospital, which is affiliated with Tufts Medical School, will pay $850,000 and "will adopt a robust corrective action plan to correct deficiencies" in its HIPAA policies, according to HHS."



'via Blog this'

High Cost of HIPAA Violations Demonstrated in $3.5 Million Settlement | Obermayer Rebmann Maxwell & Hippel LLP - JDSupra

High Cost of HIPAA Violations Demonstrated in $3.5 Million Settlement | Obermayer Rebmann Maxwell & Hippel LLP - JDSupra: "OCR investigated Triple-S and its subsidiaries after receiving several breach notifications from Triple-S involving unsecured PHI."



'via Blog this'

OCR hits BCBS Puerto Rico affiliate with second largest HIPAA fine - FierceHealthIT

OCR hits BCBS Puerto Rico affiliate with second largest HIPAA fine - FierceHealthIT: "The Triple-S Management Corporation will pay $3.5 million in a settlement to the U.S. Department of Health and Human Services Office for Civil Rights following multiple HIPAA violations, the second largest fine paid for a failure to protect patient information.  "



'via Blog this'

More enforcement likely in second round of HIPAA audits, attorney says - FierceHealthIT

More enforcement likely in second round of HIPAA audits, attorney says - FierceHealthIT: "The second round of HIPAA compliance audits likely will include more enforcement actions, according to Anna Spencer, a partner at law firm Sidley Austin LLP."



'via Blog this'

New HIPAA Settlement: The Other Shoe Drops On PR Insurer - Food, Drugs, Healthcare, Life Sciences - United States

New HIPAA Settlement: The Other Shoe Drops On PR Insurer - Food, Drugs, Healthcare, Life Sciences - United States: "Nearly two years after being hit with an unprecedented $6.8 million fine (later reduced to $1.5 million), a Puerto Rico insurer has agreed to a new $3.5 million settlement with the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) for alleged HIPAA violations."



'via Blog this'

Here’s how Larry Klayman celebrates victory — but then, maybe the NSA already knew? - The Washington Post

Here's how Larry Klayman celebrates victory — but then, maybe the NSA
already knew? - The Washington Post

https://www.washingtonpost.com/news/style/wp/2015/12/03/heres-how-larry-klayman-celebrates-victory-but-then-maybe-the-nsa-already-knew/

Parallel Construction Revealed: How The DEA Is Trained To Launder Classified Surveillance Info | Techdirt

Parallel Construction Revealed: How The DEA Is Trained To Launder Classified Surveillance Info | Techdirt: "Last summer, Reuters revealed how the NSA and other surveillance organizations would share info with the DEA and other law enforcement agencies, but then tell them to reconstruct the evidence via a process called "parallel construction," so that the surveillance would not then be discussed in court."