Thursday, August 29, 2013

Decades of failures: Why the CIA keeps blowing it - Salon.com

http://www.salon.com/2013/08/24/decades_of_failures_why_the_cia_keeps_blowing_it/


From My iPhone

How We Killed Privacy -- in 4 Easy Steps - By Daveed Gartenstein-Ross and Kelsey D. Atherton | Foreign Policy

http://www.foreignpolicy.com/articles/2013/08/23/how_we_killed_privacy_nsa_surveillance?page=0,1


From My iPhone

What Happens to the Brain When You Meditate (And How it Benefits You)

What Happens to the Brain When You Meditate (And How it Benefits You):

There are different ways to meditate, and since it’s such a personal practice there are probably more than any of us know about.

Hack of New York Times holds a lesson for all businesses

Hack of New York Times holds a lesson for all businesses - CSO | The Resource for Data Security Executives: Before you sign up for a service, or allow a partner or supplier to connect to your network, you need to do your due diligence.

Learning About Hereditary Hemochromatosis

Learning About Hereditary Hemochromatosis: Hereditary hemochromatosis (HH) is a genetic disease that alters the body's ability to regulate iron absorption. If correctly diagnosed, HH is easily and effectively treated, but if untreated, it can lead to severe organ damage. Caucasians of northern European descent are at highest risk. An estimated one million people in the United States have hereditary hemochromatosis.

Fact-check: The NSA and Sept. 11 - ProPublica

Fact-check: The NSA and Sept. 11 - ProPublica:

U.S. intelligence agencies knew the identity of the hijacker in question, Saudi national Khalid al Mihdhar, long before 9/11 and had the ability find him, but they failed to do so.

Protecting Your Privacy Could Make You the Bad Guy | Wired Opinion | Wired.com

Protecting Your Privacy Could Make You the Bad Guy | Wired Opinion | Wired.com:

There’s a funny catch-22 when it comes to privacy best practices. The very techniques that experts recommend to protect your privacy from government and commercial tracking could be at odds with the antiquated, vague Computer Fraud and Abuse Act (CFAA).

Schneier on Security: Big Data Surveillance Results in Bad Policy

Schneier on Security: Big Data Surveillance Results in Bad Policy:

Evgeny Morozov makes a point about surveillance and big data: it just looks for useful correlations without worrying about causes, and leads people to implement "fixes" based simply on those correlations -- rather than understanding and correcting the underlying causes.

Wednesday, August 28, 2013

Intrinsic Imaging - Phase II Chronic Iron Overload

Intrinsic Imaging - Phase II Chronic Iron Overload:

" has been awarded a three year international Phase II clinical trial designed to evaluate a new therapy to treat patients suffering from chronic iron overload."

'via Blog this'

More than 100,000 health care providers paid for using electronic health records

More than 100,000 health care providers paid for using electronic health records:

"One out of every 5 Medicare and Medicaid eligible professionals in the U.S. has received an incentive payment for adopting, implementing, upgrading, or meaningfully using an EHR."

'via Blog this'

HIPAA Compliance & Meaningful Use Tech Tips (part 2) - 4Medapproved HIT Security

HIPAA Compliance & Meaningful Use Tech Tips (part 2) - 4Medapproved HIT Security:

"While encryption is Addressable for HIPAA compliance, if you don’t have it and a device containing health information is lost or stolen, you must notify patients and report the loss to the federal government for an investigation. If a lost or stolen device is encrypted you do not have to notify patients or the government."

'via Blog this'

Tech leaders call for pre-empting of states' data breach laws | Vital Signs | The healthcare business blog from Modern Healthcare

Tech leaders call for pre-empting of states' data breach laws | Vital Signs | The healthcare business blog from Modern Healthcare:

"Technology industry association leaders who testified Thursday before a House subcommittee hearing on whether legislation is needed for data breach reporting called for Congress to pre-empt state laws on data breaches. But at least one witness opposed such preemption"

'via Blog this'

Patients Put at Risk By Computer Viruses - Wall Street Journal - WSJ.com

Patients Put at Risk By Computer Viruses - Wall Street Journal - WSJ.com:

"For instance, previously unreleased Department of Veterans Affairs records show that since 2009, malware infected at least 327 devices at VA hospitals. More than 40 viruses hit devices including X-ray machines and lab equipment made by companies such as General Electric Co., Philips N.V. and Siemens AG."

'via Blog this'

The Economist explains: How vulnerable are medical devices to hackers? | The Economist

The Economist explains: How vulnerable are medical devices to hackers? | The Economist:

"America’s Food and Drug Administration has just issued a warning that is rather more personal in nature: that cyber-attacks on medical devices and hospital systems could put patients’ lives in danger. "

'via Blog this'

A Plan to Mix Privacy Into Data Mining - Businessweek

http://mobile.businessweek.com/articles/2013-08-27/a-plan-to-mix-privacy-into-data-mining


From My iPhone

Tuesday, August 27, 2013

Search of: hemochromatosis - List Results - ClinicalTrials.gov

Search of: hemochromatosis - List Results - ClinicalTrials.gov:

Facebook this!

'via Blog this'

Hypoadrenalism (underactivity of the adrenal glands)

Hypoadrenalism (underactivity of the adrenal glands): "Patients with a severe deficiency of cortisol and the related hormone aldosterone, often have a low sodium level and an increased potassium level. (However, potassium may be normal in 40 per cent of patients.) A high calcium level is also seen about 10 per cent of patients."

'via Blog this'

Carmichael Man Sentenced to 11 Years in Prison for Child Porn | KTXL FOX40

Carmichael Man Sentenced to 11 Years in Prison for Child Porn | KTXL FOX40:

"A Carmichael man received a sentence of 11 years and three months in prison Tuesday for distributing child pornography."

'via Blog this'

FBI — San Diego Man Arrested on Federal Charges Involving Child Pornography and Enticement of a Minor

FBI — San Diego Man Arrested on Federal Charges Involving Child Pornography and Enticement of a Minor: "Daphne Hearn, Special Agent in Charge of the San Diego FBI Field Office, announces the arrest of Samuel Farinas Fernandez, Jr., age 32, of San Diego, California, on federal child pornography and enticement of a minor charges."

'via Blog this'

Insulation Boards | Johns Manville

Insulation Boards | Johns Manville:

'via Blog this'

1sq V-Cam RTF Quad Copter

Electric powered, 2.4GHz Radio Controlled, Ready to Fly 1SQ V-Cam Quadcopter with a video camera.

http://www.atlantahobby.com/Store/pc/viewPrd.asp?idproduct=17700&idcategory=871

The 2013 Cybersecurity Study ResultsWebinar.

http://www.databreachtoday.com/webinars/2013-cyber-security-study-results-w-359


From My iPhone

Monday, August 26, 2013

WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices | USENIX

WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices | USENIX:

Medical devices based on embedded systems are ubiquitous in clinical settings. Increasingly, they connect to networks and run off-the-shelf operating systems vulnerable to malware.

CCD COE�- Call for Papers Announced for 2014

CCD COE�- Call for Papers Announced for 2014:

CyCon 2014 will focus on ‘Active Cyber Defence’. Despite lacking a universal definition, active cyber defence is usually seen as entailing proactive measures that are launched to defend against malicious cyber activities or cyber attacks.

Conference Partner :: Security & Privacy

Conference Partner :: Security & Privacy:

"Conference Partner" includes 1383 conferences and 312 journals. It has been viewed by 2975467 PV.

When authorities confiscate your electronics: The fate of David Miranda's computer and phone | ZDNet

When authorities confiscate your electronics: The fate of David Miranda's computer and phone | ZDNet:

Brazilian citizen Miranda was held for nine hours and all his electronic equipment including mobile phone, laptop, memory sticks and smart watch were taken and kept by British police.

Improving the Security and Privacy of Implantable Medical Devices — NEJM

Improving the Security and Privacy of Implantable Medical Devices — NEJM:

"In 1982, the threat to the security of the world's drug supply was recognized when seven people died from taking Tylenol that had purposely been contaminated with cyanide. "

'via Blog this'

Amanda Ripley’s ‘Smartest Kids in the World’ - NYTimes.com

http://www.nytimes.com/2013/08/25/books/review/amanda-ripleys-smartest-kids-in-the-world.html?pagewanted=all&_r=0


From My iPhone

Flickr: Discussing Cleaning old cameras. in Camerapedia

Flickr: Discussing Cleaning old cameras. in Camerapedia:

For cleaning battery acid off metal parts, I've always used a little household amonia on a cotton swab. Amonia will neutralize battery acid.

Sunday, August 25, 2013

Tweet from TweetCaster

@0xBEADCAFE: Modern day bank robbers make hollywood movies look boring. http://t.co/ryD5e3Jp0t
Shared via TweetCaster

Tweet from TweetCaster

@charleymelia: Enterprises gain an 'F' grade in protecting themselves against cybercrime http://t.co/BobwoEdjzz
Shared via TweetCaster

Friday, August 23, 2013

Is Windows 8 an NSA trojan? | Kevin Townsend

Is Windows 8 an NSA trojan? | Kevin Townsend: Anybody who believes that Microsoft and the NSA don’t go hand in hand is living in cloud cuckoo land under heavy surveillance.

Walkera W100S FPV 2.4gHz Drone WiFi Edition RC 4 Channel RTF w/ Camera

Walkera W100S FPV 2.4gHz Drone WiFi Edition RC 4 Channel RTF w/ Camera: The W100S also has an upgraded feature we have not seen on any other drone. It implements quick change motors and legs. If you happen to damage a motor or snap one off through a crash, you can quickly disconnect the entire arm/motor assembly and make quick repairs.

Why Apple customers should worry about security | Computerworld Blogs

From a security perspective, having one multi-billion-dollar company in charge of vetting all apps before they are sold or given away seems like a rock-solid strategy

http://m.blogs.computerworld.com/mobile-security/22701/why-apple-customers-should-worry-about-security?mm_ref=http%3A%2F%2Ft.co%2F5Yk0GDeOTF


From My iPhone

Silent Circle's Phil Zimmermann on why it's shuttering its encrypted email service | Marketplace.org

Silent Circle's Phil Zimmermann on why it's shuttering its encrypted email service | Marketplace.org: You know things are serious when companies that provide encrypted email servers shut themselves down.

Thursday, August 22, 2013

Never Give Stores Your ZIP Code. Here's Why - Forbes

http://www.forbes.com/sites/adamtanner/2013/06/19/theres-a-billion-reasons-not-to-give-stores-your-zip-code-ever/

Lawsuits filed over malfunction at sperm bank - Chicago Tribune

Some men lost the chance to be biological fathers last year after their sperm samples were destroyed when a tank keeping them frozen at Northwestern Memorial Hospital failed, an attorney who filed lawsuits against the hospital said Tuesday.

http://articles.chicagotribune.com/2013-08-20/news/chi-lawsuits-filed-over-malfunction-at-sperm-bank-20130820_1_sperm-bank-malfunction-matthew-jenkins


From My iPhone

STIX - Structured Threat Information Expression

STIX - Structured Threat Information Expression: The STIX Language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible.

CybOX - Cyber Observable Expression

CybOX - Cyber Observable Expression: CybOX is a standardized schema for the specification, capture, characterization, and communication of events or stateful properties that are observable in the operational domain.

Infosecurity - Fort Disco – a Botnet that Delivers Brute Force Logon Attacks

Infosecurity - Fort Disco – a Botnet that Delivers Brute Force Logon Attacks: "Blogs and CMSs tend to be hosted in data centers with immense network bandwidth. Compromising multiple sites gives the attacker access to their combined bandwidth, much more powerful than a similarly sized botnet of home computers with limited network access by comparison." This makes a server botnet particularly attractive for delivering high volume spam and DDoS attacks.

The NSA Intends To Fire 90% Of Their System Administrators To Eliminate Future Leaks - Business Insider

The NSA Intends To Fire 90% Of Their System Administrators To Eliminate Future Leaks - Business Insider: (Reuters) - The National Security Agency, hit by disclosures of classified data by former contractor Edward Snowden, said Thursday it intends to eliminate about 90 percent of its system administrators to reduce the number of people with access to secret information.

How Dozens of Companies Know You're Reading About Those NSA Leaks | Electronic Frontier Foundation

How Dozens of Companies Know You're Reading About Those NSA Leaks | Electronic Frontier Foundation: Here are some examples of prominent news websites that have been reporting on surveillance issues and which domain names they load third party resources from as of June 2013:

Use of Tracking Cookies on the Rise as Advertisers Seek More Data From Web Surfers | Digital - Advertising Age

Use of Tracking Cookies on the Rise as Advertisers Seek More Data From Web Surfers | Digital - Advertising Age: The number of third-party cookies -- little pieces of software set on users' machines to track web users for ad targeting or site analytics purposes -- rose from 1,887 on the home pages of the most-popular 100 websites in May to 2,324 in October,

The Web Cookie Is Dying. Here's The Creepier Technology That Comes Next - Forbes

The Web Cookie Is Dying. Here's The Creepier Technology That Comes Next - Forbes: To combat the cookie’s flaws, advertisers and publishers are increasingly turning to something called fingerprinting.

Feds put heat on Web firms for master encryption keys | Politics and Law - CNET News

Feds put heat on Web firms for master encryption keys | Politics and Law - CNET News: Whether the FBI and NSA have the legal authority to obtain the master keys that companies use for Web encryption remains an open question, but it hasn't stopped the U.S. government from trying.

PRISM, Surveillance and PHI: What the NSA’s data collection means for HIPAA privacy and security compliance concerns. | HIPAA, HITECH & HIT

PRISM, Surveillance and PHI: What the NSA’s data collection means for HIPAA privacy and security compliance concerns. | HIPAA, HITECH & HIT: The existence of the program, known as PRISM, was leaked by a former National Security Agency (NSA) contractor, Edward Snowden.

Lavabit, Silent Circle Shut Down: Crypto In Spotlight - Security -

Lavabit, Silent Circle Shut Down: Crypto In Spotlight - Security -: Encrypted email service provider Lavabit is shutting down, but a gag order prevents the company from detailing exactly what triggered that business decision.

Campaigns Mine Personal Lives to Get Out Vote - NYTimes.com

http://www.nytimes.com/2012/10/14/us/politics/campaigns-mine-personal-lives-to-get-out-vote.html?pagewanted=all&_r=0


From My iPhone

Why big companies buy, sell your data

http://www.cnn.com/2012/08/23/tech/web/big-data-acxiom


From My iPhone

Monday, August 19, 2013

Before You Share, Ask Yourself "Is This TMI?"

Hackers use information you post online to try and trick you into giving up access to your email, social networking and financial accounts.

http://m.huffpost.com/us/entry/3762818


From My iPhone

Tuesday, August 13, 2013

Episode 55- Social Engineering, Importance of Vulnerability Assessments and Red Teaming | The Loopcast

Episode 55- Social Engineering, Importance of Vulnerability Assessments and Red Teaming | The Loopcast: "social engineering attacks, the importance of vulnerability assessments and red teaming, and end with ethics and whether "hack back" is a good idea. "

'via Blog this'

Dating coach shows how to get classified military intel using social engineering | The Verge

Dating coach shows how to get classified military intel using social engineering | The Verge:

"Private contractors, government employees, and active duty military told Harbinger what they were working on and, if they were deployed, where they were stationed."

'via Blog this'

U.S. Agencies Said to Swap Data With Thousands of Firms - Bloomberg

U.S. Agencies Said to Swap Data With Thousands of Firms - Bloomberg: Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said

Get to know Stacey, the savvy single

Get to know Stacey, the savvy single: In part two of Marketplace series on data mining, Stacey Vanek Smith visits a data mining company and sees what they know about her through her credit card transactions, Facebook account... It's a lot.

Dyatlov Pass incident - Wikipedia, the free encyclopedia

http://en.m.wikipedia.org/wiki/Dyatlov_Pass_incident


From My iPhone

Wednesday, August 7, 2013

Page 2 - HIPAA Healthcare Data Breach Fines Climb With Enforcement Boost

Page 2 - HIPAA Healthcare Data Breach Fines Climb With Enforcement Boost: "Small provider organizations and even larger research facilities often have a hard time addressing and maintaining security and lack adequately trained IT staff and a security officer with the level of authority needed to run an effective program, said Kate Borten, president of The Marblehead Group, a consultancy that specializes in healthcare security."

'via Blog this'

Do I Need New HIPAA Business Associate Agreements? - Bloomberg Law

Do I Need New HIPAA Business Associate Agreements? - Bloomberg Law

Commentary: Why healthcare must operationalize data breach response | Government Health IT

Commentary: Why healthcare must operationalize data breach response | Government Health IT: “C-level executives and boards now realize the costly consequences of material data loss and appear to be more willing to approve investments in data protection technologies and expert personnel,” Ponemon explained. “That’s a hopeful sign.”

Do I Need New HIPAA Business Associate Agreements? - Bloomberg Law

Do I Need New HIPAA Business Associate Agreements? - Bloomberg Law: companies across the health care industry and an enormous range of service providers are struggling to meet the challenges presented by these new rules by the Sept. 23 compliance date.

Latest HIPAA Data Breach Penalty Contains Important Messages | Semel Consulting

Latest HIPAA Data Breach Penalty Contains Important Messages | Semel Consulting: The latest HIPAA data breach penalty reported by the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) includes some simple but important messages for all health care organizations and their Business Associates.

Banks Remain the Top Target for Hackers, Report Says - American Banker Article

Banks Remain the Top Target for Hackers, Report Says - American Banker Article: For thieves, cash is usually the motive – so when high-tech crooks commit data breach crimes, banks are the top target.

OCC: Cyber Threats Among Top Risks - DataBreachToday

OCC: Cyber Threats Among Top Risks - DataBreachToday: One of the top U.S. banking regulators has for the first time named cyberthreats as a major factor heightening banks' operational risks. And banking security experts say this is a sign that greater regulatory scrutiny will come.

DHS gears up to press industry to enact cybersecurity measures

DHS gears up to press industry to enact cybersecurity measures: The Department of Homeland Security's efforts to prevent cyber attacks on critical infrastructures are shifting into high gear with the development of a program to encourage industry to adopt emerging security standards.

HIPAA/HITECH Comprehensive Final Rule Issued | Segal

HIPAA/HITECH Comprehensive Final Rule Issued | Segal: The final rule confirms that business associates are now directly liable for compliance with the Security Rule’s administrative, physical and technical safeguards, and documentation requirements.

EHR Incentive Programs - Centers for Medicare & Medicaid Services

EHR Incentive Programs - Centers for Medicare & Medicaid Services: "The Medicare and Medicaid EHR Incentive Programs provide incentive payments to eligible professionals, eligible hospitals and critical access hospitals (CAHs) as they adopt, implement, upgrade or demonstrate meaningful use of certified EHR technology"

'via Blog this'

“Hand of Thief” banking trojan doesn’t do Windows—but it does Linux | Ars Technica

“Hand of Thief” banking trojan doesn’t do Windows—but it does Linux | Ars Technica:

"RSA researcher Limor Kessem said she expects Hand of Thief to become a full-blown banking trojan that includes more advanced features such as the ability to inject attacker-controlled content into trusted bank webpages."

'via Blog this'

Dynamism - 3D Printers

Dynamism - 3D Printers:

"Offers best-of-class ultramobile PCs, 3D printers, and gadgets with great service."

'via Blog this'

HIPAA Compliance and Meaningful Use Tech Tips

HIPAA Compliance and Meaningful Use Tech Tips:

Our advice if you want to achieve HIPAA Compliance is to assume that everything in the Security Rule is required, and you should set a very high bar if you decide not to implement an Addressable item.

HIPAA Compliance and Meaningful Use Tech Tips

HIPAA Compliance and Meaningful Use Tech Tips:

Our advice if you want to achieve HIPAA Compliance is to assume that everything in the Security Rule is required, and you should set a very high bar if you decide not to implement an Addressable item.

Infosecurity - Fort Disco – a Botnet that Delivers Brute Force Logon Attacks

Infosecurity - Fort Disco – a Botnet that Delivers Brute Force Logon Attacks: Dubbed Fort Disco, a brute force logon campaign started in May and is continuing today. It delivers its attack to targeted servers, primarily CMS sites such as Wordpress and Joomla.

Florida Hospital sued over data breach - Tampa Bay Business Journal

Florida Hospital sued over data breach - Tampa Bay Business Journal:

A data breach at an Adventist HealthCare hospital has led to a federal lawsuit alleging the hospital failed to protect patients’ protected health information.

Chiropractor's lawsuit alleges referral kickbacks | Jacksonville.com

Chiropractor's lawsuit alleges referral kickbacks | Jacksonville.com:

a lawsuit alleging that former business associates are providing kickbacks to emergency room doctors and other staff for patient referrals

Top destinations for cyber security pros

http://www.net-security.org/secworld.php?id=15358

Tuesday, August 6, 2013

HIPAA-compliant, Antivirus-protected Computers Can Still Get Infected | Physicians Practice

HIPAA-compliant, Antivirus-protected Computers Can Still Get Infected | Physicians Practice:

" One of those practices is contained in Standard 164.308(a)(5)(ii)(B): PROTECTION FROM MALICIOUS SOFTWARE: (The Covered Entity must implement) "Procedures for guarding against, detecting, and reporting malicious software.""

'via Blog this'

Insurer WellPoint to pay $1.7 million HIPAA penalty | Modern Healthcare

Insurer WellPoint to pay $1.7 million HIPAA penalty | Modern Healthcare:

"WellPoint, which serves nearly 36 million people through its affiliated health plans, has agreed to pay a $1.7 million penalty to HHS for potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996."

'via Blog this'

Feds impose first civil fine ever in HIPAA case - FierceHealthcare

Feds impose first civil fine ever in HIPAA case - FierceHealthcare:

2011 "The Department of Health and Human Services' Office for Civil Rights hit Cignet Health with a $4.3 million civil penalty for violating the HIPAA Privacy Rule and failing to cooperate during the subsequent probe even after a federal subpoena was issued, according to an HHS announcement."

'via Blog this'

Perkins Coie - News / Publications - SECURITY BREACH NOTIFICATION CHART

Perkins Coie - News / Publications - SECURITY BREACH NOTIFICATION CHART:

"Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification.  "

'via Blog this'

Monday, August 5, 2013

Is Privacy Overhyped? Four Views of Technology, Security, and Democracy Online | Open Society Foundations (OSF)

Is Privacy Overhyped? Four Views of Technology, Security, and Democracy Online | Open Society Foundations (OSF):

" Is there a presumptive right to privacy online? Is sharing of one's personal information virtuous, especially if doing so advances the public interest? Does an obsession with privacy prevent us from achieving important policy goals, such as bolstering personal safety and national security?"

'via Blog this'

Thursday, August 1, 2013

Great paper

http://www.welivesecurity.com/wp-content/uploads/2013/08/Brazilian_Malware.pdf

'via Blog this'