More from: security.

Why Privacy Laws Are Making Our Information Less Secure

Fadookie_CaduceusThis is one of those articles where I fear what I write will be read by a lot of people with preconceived notions of what I’m saying and therefore misunderstand the point I’m making. To be clear I’m not arguing for, or against privacy laws, I’m simply pointing out an effect that they are having in the real world. I think this is issue unknown to most, and the potential severity is ignored by those who should know better. I’m going to use HIPPA as an example because it’s the one I’m most familiar with and have actually worked with. This issue is affecting all industries though as companies fearing violations or potential lawsuits over information leaks push that liability to a growing industry of third parties.

Lets say you run a medical facility. You have a few options, you can bury your head in the sand and ignore HIPPA regulations. You can try your best to figure things out on your own, something that no office really has the time for. You can hire someone who has been trained and certified to take care of it. Or finally and this is the preferred option you can pay a cloud offsite secure hosting service to take over all your data. This is by far the most popular choice industry wide.
Everyone in your company simply launches a web browser, logs into a web site and takes care of all your data entry and forms online. Sounds amazing right. Everything is taken care of. All the liability is now on someone else’s shoulders. All the HIPPA required secure off site backups are taken care of. All the patient records are secure, well hopefully secure, ehh who cares if there is a breach you are no longer liable. It’s great you pay a reasonable fee, you are now compliant, you no longer even need a server, all you need is a computer that can get on the internet. What an amazing solution. These HIPPA compliant cloud soloutions are already a four billion dollar industry and they have jsut started to grow.

What an amazing solution for the increasing number of corporate Doctors offices, not so amazing for the patients in my opinion.

What we have done is create giant juicy targets. We have created huge server farms full of every important piece of data you can have on a person. Name, DoB, family history, in many case work history…
Think of the endless amounts of data that is sitting in a file that your Doctor has now placed “securely” online.
Sure we would like to think all this data is secure. I mean it should be relatively simple to make it very very secure. As we have seen with the now endless stream of credit card terminal breachs, and the recent Chase breath were servers company wide were hacked and gigabytes of personal data were stolen companies who should know better are terrible, lazy, and I’m sure in many case intentionally neglectful of security. We know there are endless amounts of companies that have a take the money and run approach to business. Ehh by the time they catch us we will have made so much the fines wont mater.

So who are these third party companies that are securing our data? Who is watching them? How many breaches have there been already that we don’t k now about?


An Update On The Scurity Theater of Complex Password Rules

Last month I made a post about trying to create password for a site that implemented and insane list of password rules. At the time I pointed out that this all felt like security theater and putting up a false front to make customers feel secure even though backend security is the real problem. At the time for my own security I removed ant references to what institution this was.

Well in light of recent events I now feel like coming forward and saying it was Chase.com. Yes that’s right the same Chase.com that recently leaked gigabytes of data, from 90 servers and compromised the lives of tens of millions of customers.


Facebook Security and Privacy Tips

Nice article from ESET about Facebook settings.:

“Facebook settings explained

The only way to keep data truly private is not to share it on Facebook at all. But there are steps users can take using their Facebook settings to manage the way the social network uses data – and it’s worth refreshing your account, privacy-wise, even if you’re a seasoned and security-conscious site user, as new ‘features’ from Facebook often seem to involve further security concerns.

The most important thing to remember is that simply visiting the Facebook Settings menu is not enough. It’s a good first step, allowing you to take control of who you share posts with (see step one), how to control what other people post about you (step two) and apply quick controls to older posts (step three). But for a “deep clean”, you need to visit your profile page as well (click on your portrait in the top left of the main News Feed), and do some tidying in Activity Log, which details all your past posts and posts you have been tagged in (steps two and three). Facebook’s own guide to privacy offers some useful advice, broken down by section.

If you want to take control of your Facebook settings, it’s best done from a PC or Mac – Facebook’s mobile apps don’t offer the fine control that the browser version does.

Below are five quick steps to changing your Facebook settings and to ensure you’re managing what people know about you effectively.”


Windows 7 Service Pack 1 Imminent

The final tweaks are being made to SP1 for Windows 7.  Most users will never notice the changes as no new features are being added to Windows 7 with this service.  It will however take care of compatibility issues with Server 2008 and provide several bug fixes.   As with all updates users should install it when available and if users have any issue they should not hesitate to make an appointment.