This is a funny IT Security Glossary. It is only meant as a joke because everyone needs a little humor in their lives, from time to time.
Security Idiot: Impress Your Peers With Your Grasp of IT Security Terminology
Friday, July 17, 2009
Friday, July 10, 2009
Nikola Tesla Day
Nikola Tesla is the true unsung prophet of the electronic age; without whom our radio, auto ignition, telephone, alternating current power generation and transmission, radio and television would all have been impossible.
Ben Johnston, My Inventions : The Autobiography of Nikola Tesla (1983)
In my adult life, when I learn of some fact of history that has been twisted or omitted – it always takes me by surprise. The rock band Tesla was the first time that I heard about Nikola Tesla. That was in 1990, when their live acoustic album, Five Man Acoustical Jam was released, which contained the "Love Song." Around that same time, I was visiting Carlsbad, Czech Republic. The hotel room had a radio that actually had the name Tesla on it.
This really caught my interest and I have studied Nikola Tesla throughout the years. One fact that astonished me was that he sold his patents for the polyphase alternating current system of generators, motors and transformers to George Westinghouse. It would have made him a wealthy man, but he later released Westinghouse from the contract. Where would we be today without his inventions and lifelong work? While this has nothing to do with Information Assurance, sometimes it is good to remember the basics and somewhere in all of this is a lesson on patents or even copyrights. Happy Nikola Tesla Day!
WHAT ARE TESLA'S GREATEST INVENTIONS?
1. AC polyphase transmission and AC motor in 1887-1888 -- (the world's primary power--electrical and mechanical). (No, not Edison--Tesla has all the US patents for polyphase AC.)
2. Fundamental circuitry for radio in 1891 -- (providing worldwide communication). (No, not Marconi--Tesla has the defining US patents for radio, upheld by the US Supreme Court.)
The Tesla Memorial Society - Links to Other Tesla-related Web Sites
The Tesla Foundation of North America (TFNA)
PBS: Tesla – Master of Lightning
The Complete Nikola Tesla U.S. Patent Collection - Title Order
Thursday, July 2, 2009
Sunbelt Software – New Partner of StopBadware.org
This is great news! I have been a longtime advocate for all the work that they do at Sunbelt Software.
StopBadware.org, Sunbelt Software partner to fight badware
New Data Will Allow Broader Reach, Richer Analysis
CAMBRIDGE, Mass., June 30, 2009 — StopBadware.org, the collaborative initiative to combat viruses, spyware, and other bad software, announced today that Sunbelt Software, developer of the VIPRE anti-malware product line, will participate in the effort as a data partner. Sunbelt Software joins Google in contributing data to the project, which is based at Harvard University’s Berkman Center for Internet & Society. The initiative is funded by Google, PayPal, Mozilla, AOL, and Trend Micro.
Hundreds of thousands of websites—some might count them in the millions—are associated with the distribution of badware. Some are deliberately malicious, trying to trick users into installing a virus on their computers, while others are legitimate websites that have been tampered with, putting the site’s visitors at risk. In the most egregious cases, such sites can infect computers with vulnerable software simply by a user browsing to the page, a practice known as drive-by downloads.
StopBadware.org collects the URLs of these badware websites, whether malicious or compromised, from its data partners. It uses the information to support and encourage site owners and web hosting companies in cleaning up and protecting their sites. The initiative also conducts analysis of infection trends, offers independent reviews of its partners’ findings, and operates a community website, BadwareBusters.org, that provides help to people who have been victims—or wish to avoid becoming victims—of badware.
“We are thrilled that a well-respected anti-malware company like Sunbelt Software has come on board as a data partner,” said Maxim Weinstein, manager of StopBadware.org. “The new data offers us a different view of the badware website landscape and will help us to extend our reach and to provide richer analysis.”
Monday, June 15, 2009
Phishing Toolkits
News-
Use of phishing toolkits on the rise
iTWire, by Peter Dinham, 14 June 2009
There’s been a huge increase in the use of phishing toolkits, with 42 percent of phishing URLs last month generated using the toolkits, and the emergence of a new trend of phishing attacks towards the popular social networking site, Facebook.
Symantec, in its June phishing report, says it observed an increase in URLs using phishing toolkits during May of 100 percent over the previous month, with a 14 percent decrease in non-English phishing sites compared to February.
The security firm also reports that during May, more than 98 Web hosting services were used, which accounted for six percent of all phishing attacks, which was a decrease of five percent from the previous month.
David Cowings, executive editor security response at Symantec, says phishing sites were categorized based upon the domains they leveraged and “a considerable increase was seen in the number of phishing sites using automated toolkits,” and, he adds, “this increase was a result of a large toolkit attack targeting an information services brand.”
More.......
Sunday, June 14, 2009
Medical Identity Theft
Medical identity theft is more devastating to the victim than traditional financial identity theft. This article from the New York Times explains some of the known affects of this crime and the bureaucratic process to fix the erroneous information in medical or health insurance records.
Medical Problems Could Include Identity Theft
New York Times
By Walecia Konrad, June 12, 2009
Excerpt……
The last time federal data on the crime was collected, for a 2007 report, more than 250,000 Americans a year were victims of medical identity theft. That number has almost certainly increased since then, because of the increased use of electronic medical records systems built without extensive safeguards, said Pam Dixon, executive director of the nonprofit World Privacy Forum and author of a report on medical identity theft.
And uncountable, Ms. Dixon said, are the people who do not yet know they are victims. They may not know that their medical information has been tampered with for months or even years until, as in Mr. Sharp’s case, it shows up in collections on a credit report.
Medical identity theft takes many guises. In Mr. Sharp’s case, someone got hold of his name and Social Security number and used them to receive emergency medical services, which many hospitals are obliged to provide whether or not a person has insurance. Mr. Sharp still does not know whether he fell victim to one calamitous perp who ended up in several emergency rooms or a ring of accident-prone conspirators.
In another variant of the crime, someone can use stolen insurance information, like the basic member ID and group policy number found on insurance cards, to impersonate you — and receive everything from a routine physical to major surgery under your coverage. This is surprisingly easy to do, because many doctors and hospitals do not ask for identification beyond insurance information.
Even more common, however, are cases where medical information is stolen by insiders at a medical office. Thieves download vital personal insurance data and related information from the operation’s computerized medical records, then sell it on the black market or use it themselves to make fraudulent billing claims.
and…..
And there are none of the consumer protections for medical identity theft victims that exist for traditional identity theft. Under the Fair Credit Reporting Act you can get a free copy of your credit report each year, put a fraud alert on your account and get erroneous charges deleted from your record. If your credit card is stolen and the thief goes on a spending spree, you’re not liable for more than $50 worth of the charges.
With medical identity theft, though, the fraudulent charges can remain unpaid and unresolved for years, permanently damaging your credit rating. Under the federal law known as HIPAA — the Health Insurance Portability and Accountability Act — you are entitled to a copy of your medical records, but you may have to pay a hefty fee for them.
Worse, HIPAA privacy rules can actually work against you. Once your medical information is intermingled with someone else’s, you may have trouble accessing your files. Privacy laws dictate that the thief’s medical information now contained in your records must be kept confidential, too.
Even when you are able to correct a record, say in your doctor’s office, the erroneous information may have been passed on to dozens of other health care providers and insurers. Victims must track down and resolve these errors largely on a case-by-case basis, Ms. Dixon says.
More…….
The FTC Red Flags rule require entities with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. This will add another layer of consumer protection against identity theft and greatly expand the reach of the FTC, helping consumers fight fraud.
I would think that the providers of health care would be the first line of defense in preventing medical identity theft. The American Medical Association (AMA) is making efforts to persuade the FTC that doctors are not “creditors.” While the enforcement of the Red Flags rule has been postponed twice (November 2008 – original date, May 2009, and August 2009), the FTC has made it clear (see below: The “Red Flags” Rule: What Health Care Providers Need to Know About Complying with New Requirements for Fighting Identity Theft) that the Red Flags rule is based on each individual business. Only after considering the definition of a “creditor” and “a covered account” can they determine the type of program that must be implemented, based on the risk of identity theft.
These are references that relate to the Red Flags rule.
Health care and the Red Flags rule-
The FTC, by Steven Toporoff, May 2009
-Hot Issues Alerts - Law Firms: Do The FTC Red Flag Rules Apply To You? What Health Care Companies Should Know About The New FTC Requirements To Prevent Identity Theft
The Metropolitan Corporate Counsel, H. Carol Saul and EpsteinBeckerGreen, 1 June, 2009
The FTC -
Fighting Fraud with the Red Flags rule
Do-It-Yourself Program for Businesses at Low Risk For Identity Theft
The World Privacy Forum - The Medical Identity Theft Information Page
An unanswered question - Do ID Theft protection services even provide coverage for medical identity theft?
Subscribe to:
Comments (Atom)