Group items tagged

Insulin pumps are vulnerable to determined hackers who could also remotely mess up the readings of blood-sugar monitors, Jerome Radcliffe, a security researcher who has diabetes revealed at the Black Hat computer security conference, Las Vegas, Nevada. In other words, a hacker could cause a diabetic patient to receive either too much or too little insulin.

According to Gartner Group report, there are 141.1 million mobile payment-ready devices in circulation and that the vast portion of the world's population (mostly in Asia) is actively using NFC and other techniques to pay for items via mobile. However, the US is lagging wildly in this regard, with nearly no activity in the space at present even though two-thirds of young people would be happy to wave their phones in front of a candy machine to grab a bite. Sadly, two-thirds of older folks would balk at the opportunity.

"Yesterday, a "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your phone right now!" message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup. Through a combination of port scanning and OS fingerprinting of T-Mobile's 3G IP range, a Dutch teenager has for the first time automatically exploited a known security vulnerability introduced on jailbroken iPhones - the SSH daemon which unless modified remains running with default users root and mobile, using the same password on each and every device."

Cable operators will sit in the hot seat Thursday as Congress reviews their plans to roll out targeted advertising amid fears that consumer privacy could be infringed if the companies were to track and record viewing habits. The House subcommittee on Communications, Technology and the Internet will hold a hearing that will look at new uses for digital set-top boxes, the devices that control channels and perform other tasks on the TV screen. Cable TV companies plan to use such boxes to collect data and direct ads more targeted to individual preferences. "We have recently called on Congress and the Federal Trade Commission to investigate cable's new interactive targeted TV ad system on both antitrust and privacy grounds," said Jeff Chester, executive director of the Center for Digital Democracy. He's concerned about Canoe Ventures, a consortium formed by the nation's six largest cable companies to oversee the rollout of targeted and interactive ads nationally. Chester worries that Canoe will track what consumers do in their homes. Currently, cable companies aim their ads based strictly on geography. Now, cable's goal is to take the Internet's success with targeted ads and transfer that to the TV medium. Thus, a household that watches a lot of Nickelodeon and the Disney Channel eventually could be targeted for theme parks promotions. This type of targeting is something broadcast TV can't do. For starters, Canoe plans to offer ads this summer that consider demographic factors such as age and income. Philadelphia-based Comcast Corp. and Cablevision Systems Corp. of Bethpage, N.Y., also have been testing or rolling out targeted ads outside the consortium. But cable operators are wary about being seen as trampling on consumer privacy and reiterate that they don't plan to target based on any personally identifiable information, such as someone's name and address. Canoe said it doesn't have plans this year to use set-top box data for ads. Instead, the first ads it pl

IT directors are adding multiple layers of protection to their networks and constantly upgrade those measures to adjust for new threats. Is this good? Is the Internet too broken to fix? Is there a better path to enterprise network security? One option is a new "gated community" Internet, where users give up their freedoms and anonymity for safety. My initiation to the Internet and the World Wide Web occurred in 1994 in a large meeting room at an Atlanta hotel. Most of the 100 or so seats were empty. Those in attendance seemed fairly rabid about this new network and took exception to one speaker's prediction that the Web would become a major marketing vehicle. "Not gonna happen," said one attendee. "We'll spam them into submission if they try. We won't let this become commercialized." I kind of chuckled to myself. Those early adopters were mainly concerned with protecting the Internet from commercialization and marketing. Security was not even part of the discussion. Now, it is threatening to dismantle the Internet as a communication and commerce tool. Cyber attacks on U.S. government computer networks increased a reported 40 percent in 2008, according to data from the U.S. Computer Emergency Readiness Team. More than 100 million credit card accounts at Heartland Payment Systems were compromised last year. In November, the Pentagon suffered from a cyber attack in the form of a global virus or worm that spread rapidly throughout a number of military networks, and caused the agency to ban the use of external storage devices, such as flash drives and DVDs. And this is just the tip of the Internet security Relevant Products/Services iceberg. Enterprise networks are being used to launch phishing Relevant Products/Services and other Internet scams, such as the Conficker worm that infected 12 million computers late last year. IT directors everywhere are adding multiple layers of protection to their networks and constantly having to upgrade those measures to adjust fo

With the nation's strictest data security law set to take effect Jan. 1 in Massachusetts, mobile phone merchant Dennis Kelly plans to parlay the regulations into a competitive advantage. Kelly will display signs at each point-of-sale device inside 28 Wireless City shops, of which he is co-owner, stating that the company complies with the state's new mandate and that protecting customers' personal information is a company-wide priority. He says that as his business has grown in a few short years, adhering to the new requirements - namely, establishing an official information security policy and deploying more stringent access control solutions - was necessary, regardless of the impending legal obligation. And now he wants to show that investment off. "We can set ourselves apart from competitors by communicating that we take this stuff seriously," he says. "I think we will be somewhat unique in that regard." Kelly's take on the regulations - the first time any state has issued such a comprehensive and prescriptive list of measures that must be taken to protect data - appears to be in direct contrast to most other business owners across the Bay State.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

The Federal Trade Commission today announced that it has approved a Federal Register notice seeking public comment on a proposed rule that would require entities to notify consumers when the security of their electronic health information is breached. The American Recovery and Reinvestment Act of 2009 (the Recovery Act) includes provisions to advance the use of health information technology and, at the same time, strengthen privacy and security protections for health information. Among other things, the Recovery Act recognizes that there are new types of Web-based entities that collect or handle consumers' sensitive health information. Some of these entities offer personal health records, which consumers can use as an electronic, individually controlled repository for their medical information. Others provide online applications through which consumers can track and manage different kinds of information in their personal health records. For example, consumers can connect a device such as a pedometer to their computers and upload miles traveled, heart rate, and other data into their personal health records. These innovations have the potential to provide numerous benefits for consumers, which can only be realized if they have confidence that the security and confidentiality of their health information will be maintained. To address these issues, the Recovery Act requires the Department of Health and Human Services to conduct a study and report, in consultation with the FTC, on potential privacy, security, and breach notification requirements for vendors of personal health records and related entities. This study and report must be completed by February 2010. In the interim, the Act requires the Commission to issue a temporary rule requiring these entities to notify consumers if the security of their health information is breached. The proposed rule the Commission is announcing today is the first step in implementing this requirement. In keeping with the Recover

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

This is a great time to be in the hard-drive shredding business, as companies scramble to destroy data before the bad guys have a chance to steal it. A look inside the belly of the beast (includes video). September 08, 2008 - CSO - Thanks to all the fear over data security breaches, a computer recycling operation has morphed into something much bigger - and potentially more lucrative - for the Saraiva brothers. That's not to say the nature of their work has changed much. They still make money off of companies looking to unload devices that have outlived their usefulness. They still stuff the gadgetry into a shredder on the back of a truck that reduces it to shrapnel. The difference is they're now part of the fight against data thieves. Their company, Peabody, Mass.-based Corporate Destruction Solutions, is rapidly expanding to accommodate organizations desperate to destroy old hard drives before they can fall into the hands of data thieves. And they're not alone. Several companies in the metal-shredding business confirm a surge in demand for their services in the wake of many highly-publicized data breaches.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

Banks and cellphone companies have a long way to go to persuade U.S. consumers to use their cellphones for banking, as many worry about security and extra fees and others are not even aware they can. In a survey of about 500 U.S. consumers, accounting firm KPMG found that only about 9 percent had tried mobile banking. In comparison, about 76 percent "consistently use" online banking services on computers. As many as 95 percent said they were so uncomfortable with conducting financial transactions on their phones that they've never used them to make a purchase on a retailer's Web site. About 48 percent of respondents cited security and privacy worries as their reason for not banking on their cellphones, according to KPMG. While many respondents said they believe mobile banking is important, according to the accounting firm, they do not think it is important enough to pay extra for it. Roughly 19 percent of respondents said they are "somewhat likely" to a use a mobile device for online banking in the next 12 months but only seven percent said are willing to pay a nominal fee for cellphone banking, according to the survey. And even though most of the major U.S. banks offer a mobile banking service, about 68 percent of the survey respondents said their bank does not offer the service. "The fact that the majority of U.S. consumers are not aware that their current banks offer mobile banking is clearly more perception than reality," said Carl Carande, a principal in KPMG LLP's Advisory and Banking and Finance practices. Banks offering mobile services include Citigroup Bank of America and Wells Fargo.

IT and business both understand the need to protect regulated customer and business data -- so long as they're in business, analysts say. Here's a look at how some folding businesses are falling short protecting data and the possible liabilities for the IT group and CIO. From HIPPA to Sarbox, a slew of regulations to protect customer and employee data force CIOs to step lively to comply. The punishment for failure to do so is costly and even dire. But once a company folds-and more are folding every week given the economy-what happens to that data? Who in the business and IT could be hit by the splatter if it all hits the fan? "Certain companies have been disposing of records containing sensitive consumer information in very questionable ways, including by leaving in bags at the curb, tossing it in public dumpsters, leaving it in vacant properties and/or leaving it behind in the offices and other facilities once they've gone out of business and left those offices," says Jacqueline Klosek, a senior counsel in Goodwin Procter's Business Law Department and a member of its Intellectual Property Group. "In addition, company computers, often containing personal data, will find their ways to the auction block," she adds. "All too often, the discarded documents and computer files will sensitive data, such as credit card numbers, social security numbers and driver's licenses numbers. This is the just the kind of data that can be used to commit identity theft." Discarded and unguarded data is now low-hanging fruit for criminal harvesters and corporate spies. "Recent client activity supports that competitors are beginning to buy up such auction devices specifically with the intention of trying to salvage the data," says James DeLuccia, author of IT Compliance & Controls. "Hard drives are being removed and sold online, or whole servers are sold via Craigslist and Ebay." In some cases, the courts insist data be sold during a bankruptcy. "Company servers, once I restore

It's never been easier to get information on the run. Smart devices such as the G1 and Apple iPhone let you put the Internet in your pocket and go - down the block or across the country. But this convenience could cost plenty in lost privacy, consumer advocates and tech analysts say. Once data have been collected and warehoused, you lose control of it forever. "The Big Brother aspect of it is troubling," says Rep. Edward Markey, D-Mass., former chairman of the powerful House Subcommittee on Telecommunications and the Internet. Mobile consumers are especially vulnerable, Markey says. Unlike PCs, cellphones tend to be used by one person exclusively. The information they telegraph - on Web browsing, lifestyle and more - tends to be "highly personalized." That's the main reason mobile data are so prized: The information is incredibly accurate. It's also why Markey and other privacy advocates say the debate about online privacy will become even more intense as advertising migrates to the mobile Web. Mobile advertising is still relatively new - G1 users, for now, get ads only through search results, for instance - but it's clearly a hot spot. The market is expected to reach $2.2 billion by 2012, from about $800 million now, according to JupiterResearch. Ultimately, it could surpass the traditional Web, now a $20 billion ad market. Yahoo, Microsoft and other ad-supported search engines collect information as Google does. But the sheer size and scope of Google's data-mining operation - the Web giant performs more than 80% of all desktop searches worldwide - makes it a uniquely pervasive presence, says Chester. Google and Yahoo, the two biggest players in search advertising, say their self-imposed privacy policies are sufficient to protect consumers, noting that they do not collect or store information in a way that can be directly tracked to an individual. Peter Fleischer, global privacy counsel for Google, says Google tries to make privacy language as

One of the more interesting panel discussions at the IDC Cloud Computing Forum on Feb 18th in San Francisco was about managing the complexities of security, privacy and compliance in the Cloud. The simple answer according to panelists Carolyn Lawson, CIO of California Public Utilities Commission, and Michael Mucha, CISO of Stanford Hospital and Clinics is "it ain't easy!" "Both of us, in government and in health, are on the front-lines," Lawson proclaimed. "Article 1 of the California Constitution guarantees an individual's right to privacy and if I violate that I've violated a public trust. That's a level of responsibility that most computer security people don't have to face. If I violate that trust I can end up in jail or hauled before the legislature," she said. "Of course, these days with the turmoil in the legislature, she joked, "the former may be preferable to the later." Stanford's Mucha said that his security infrastructure was built on a two-tiered approach using identity management and enterprise access control. Mucha said that the movement to computerize heath records nationwide was moving along in fits and starts, as shown by proposed systems likeMicrosoft (NSDQ: MSFT)'s Health Vault and Google (NSDQ: GOOG)'s Personal Health Record. "The key problem is who is going to pay for the computerized of health records. It's not as much of a problem at Stanford as it is at a lot of smaller hospitals, but it's still a huge problem." Mucha said that from his perspective security service providers in the cloud and elsewhere are dealing with a shrinking security parameter or fence, which is progressing from filing cabinets, to devices, to files, and finally to the individual, who under the latest Health Insurance Portability and Accountability Act (HIPAA) privacy rules has certain rights, including rights to access and amend their health information and to obtain a record of when and why their Protected Health Information (PHI) record has bee

Mixed receptionThe state hopes changes to Massachusetts' data privacy regulation plan will calm business community fears over the cost of the new controls, but watchers of the process say the government may have made things worse. One thing seems certain: the recent changes aren't likely to be the last word on regulating sensitive data in the Bay State. The regulations mandate all "personal information" belonging to Massachusetts residents be encrypted whenever it is stored on portable devices, transmitted wirelessly or shared on public networks. Changes enacted just in time to beat a deadline of Thursday, Feb. 12, pushed the effective date back eight months, from May 1 to Jan. 1, 2010. They also removed a requirement that businesses certify third-party vendors' compliance. The latter move was aimed to address an issue raised in a public hearing with business leaders held Jan. 15 at the State House. The change was designed to make the third-party regulations more adaptable to companies of various sizes and business models, said Massachusetts Consumer Affairs undersecretary Daniel Crane.

With Twitter firmly established as the "conversation place to be," marketers are beginning to look for where they fit in. And that means tools. For the uninitiated, Twitter is a service that lets individuals exchange 140-character messages-via computer or mobile device-with groups of "followers." The result is a fast-and-loose, multidimensional conversation that falls somewhere in between blogging and text messaging, happening in real time between millions of users around the world. Luckily, the Web interface for Twitter.com is just the start of many ways to interact with and glean intelligence from Twitter conversations. There is big potential value for tapping into the Twitter-stream for insights into what customers are saying about your company's brand and its market. "Millions are leaning on Twitter pretty hard as a way to network and communicate with contacts new and old," said John Jatsch, a social marketing expert and operator of Duct Tape Marketing. He added that marketers have many options for how to use Twitter, including connecting with customers, monitoring conversations and testing new ideas. To use Twitter to its fullest, b-to-b marketers should consider using the following handful of tools and services: ??Twitter clients. It doesn't take long for most Twitter users to move beyond using Twitter.com to post and monitor their posts or "tweets." There are much more powerful tools at your disposal for reading, filtering, searching and posting to Twitter.com. The list of Twitter clients includes popular Mac client Twitterific; Adobe Air-based clients such as Twhirl, Tweetr and Spaz; Firefox add-ons like Twitterfox and TwitBin; and software that lets you track multiple social engines-such as Facebook, FriendFeed and even instant messaging as well as Twitter-like Digsby and AlertThingy. A new client receiving a lot of buzz is TweetDeck, which features a huge but customizable user interface that makes it easier to track posts, re

A health care industry coalition on Monday released a prescriptive security framework that organizations can use to safeguard patient records as they increasingly move online. The framework, released by the Health Information Trust Alliance (HITRUST) -- which represents health care providers, pharmacies, insurers, biotech firms and medical device manufacturers -- is based on well-known standards such as COBIT, NIST and ISO 270001. But this is the first benchmark developed specifically for protecting health data. "It's tailored to protecting health information right out of the gate," Michael Wilson, vice president and chief information security officer of McKesson, the largest U.S. pharmaceutical distributor, told SCMagazineUS.com on Monday. "It's just a different sort of data. It's still structured [like other verticals], but there's a lot more of it in health care." The framework was created to improve adoption rates with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and increase patient confidence in the security of their information. It also arrives on the heels of the new $787 billion economic stimulus bill, about $20 billion of which is earmarked to encourage health care organizations to adopt electronic health records as a way to reduce the number of medical errors and save money. The stimulus bill, in itself, contains srict privacy and security regulations for patient information. The standards took about 18 months to devise and can be implemented by organizations of any size, according to HITRUST. "2009 will be a turning point for information security in the health care industry, when organizations will begin implementing the framework...and create a cascading effect that will impact and benefit the entire health care ecosystem," Daniel Nutkis, CEO of HITRUST, said in news release. Wilson said the framework also will enable companies such as McKesson to show their customers and business partners that they are taki

Richard Acton-Maher of San Francisco was in nearby Berkeley last month and wanted to meet friends for lunch. Instead of making calls to see who was around, he looked at a digital map on his iPhone that plotted their locations. "One of my friends was also there," said Acton-Maher, 24, who used a service from a startup company called Loopt Inc. "I gave him a call and met him for lunch. It just enhances the communications tools that I already have." Google Inc., encouraged by people's willingness to share their personal lives on sites like Facebook, is betting more people like Acton-Maher will post their whereabouts online. The owner of the most popular search engine started a program this month called Latitude, seeking to compete with mobile networking services such as Loopt, Match2Blue, Whrrl and Limbo. Besides competition, Google's effort to turn mobile phones into tracking devices faces criticism from privacy advocates. Useful for friends and family, location data would also be valuable to the government, said Kevin Bankston, an attorney with the San Francisco-based Electronic Frontier Foundation, a not-for-profit organization focused on civil-liberties. "This is certainly valuable information to investigators and potentially to civil litigants," Bankston said. "This type of location information presents a very new sensitive data flow." Google says its privacy settings address such concerns. People using Google's mobile maps can opt not to use Latitude and choose whom they share their information with. The program also only stores the user's last known location, not a full history of their travels, said Steve Lee, a Google product manager. 'Ephemeral Data' While Google doesn't plan to store the data, the government could still go to court to ask for the company's help in tracking someone during an investigation, Bankston said.

Current government rules do too little to protect the privacy of people's personal health information and also hinder the use of health data in medical research, a panel of experts reported on Wednesday. A committee of the Institute of Medicine, which provides advice to U.S. policymakers, urged Congress to take an entirely new approach to protecting personal health data in research. Federal standards for protecting privacy of personal health data under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, are not doing the job, the panel said. Congress and the Obama administration are planning major changes this year to the U.S. health care system. Regarding the privacy rules, Congress should either start from scratch or thoroughly overall HIPAA's privacy provisions, the panel said. Better data security is needed, with greater use of encryption and other security techniques, the panel said. Encryption should be required for laptops, flash drives and other devices containing such data, it said. "Both privacy and health research are important. And we feel that we can strengthen privacy protections for people who participate in research while also allowing important research to proceed without unnecessary impediments," Dr. Bernard Lo of the University of California San Francisco, a member of the panel, told reporters. HIPAA governs how personally identifiable health information can be used and disclosed by health plans, health care providers and others. The intention is to protect personal health information while permitting the flow of information for health-related research and medical care. Lo said HIPAA has burdensome and confusing procedures for people to consent to have their health data used in medical research, dissuading people from taking part in such research.

Enterprise employees frequently use social networking tools, most notably Web-based applications. It's no surprise more organizations are wondering what happens if social networking data becomes relevant to an e-discovery investigation. How does an enterprise go about discovering and assessing Web 2.0 data? How responsible is an organization, legally speaking, for the information that's out there in the Web 2.0 world? What risks arise from e-discovery as it relates to Web 2.0 data, and how can you mitigate them? In this tip, we will look at e-discovery as it relates to Web 2.0 and consider the strongest options for minimizing risks to the organization. E-discovery basics We begin with a quick look at what e-discovery is and how it can create risk. Essentially, e-discovery is the electronic extension of the legal process of discovery, which Wikipedia defines as "the pre-trial phase in a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena or through other discovery devices, such as requests for production and depositions." If you're an IT person, not a lawyer, it's important to note that the rules governing the discovery process now require plaintiffs to address all electronically stored information or ESI. In other words, if your organization faces litigation, it will have to deal with the issue of e-discovery, which will entail a whole lot more than turning over some old emails. Depending upon your role in the organization, the first you may hear of this is a "notice of litigation" with perhaps a "litigation hold directive" containing a "preservation directive." Here is a generic e-discovery request below. Apart from a few limiting factors, such as subject matter, named persons and a specified time period, the scope of such a notice is likely to be broad; blame standard procedure, not some high-powered attorney pushing his or her lu

This week, the Government Accountability Office issued a report related to privacy and security issues at FDA and another report about the agency's plans to modernize its IT systems, Government Health IT reports. Privacy and Security Report On Monday, GAO released a report suggesting that FDA has not included sufficient privacy and security protections in its plans for a medical product safety monitoring system called the Sentinel Initiative. The system would use data from insurance companies, academic institutions, government agencies and health care providers to track the performance of medications and medical devices. According to the FDA Amendments Act of 2007, the initiative would have access to data from 25 million people by mid-2010 and 100 million people by mid-2012 (Foxhall, Government Health IT, 6/2). For the report, GAO conducted an audit of FDA's planning process for Sentinel from May 2008 to May 2009.

When it comes to online privacy, we all appreciate the risk of publicizing juicy factoids such as incriminating photos or credit card numbers. But few of us realize a subtler threat: In abundance, innocuous, everyday data can divulge sensitive information as well. Some questions shouldn't be asked. Employers, for instance, generally are not allowed to discriminate based on marital status, sexual orientation and so on. But our growing digital footprint is threatening our ability to dodge inappropriate inquiries. Through data mining, employers, insurers, advertisers and others can infer the answers to private questions without even asking. They need two things: a heap of personal data, and the techniques to crunch it. Both are readily available. People generate and share more information than ever before. Besides consciously generated Web content such as blogs, Facebook profiles and YouTube videos, a steady stream of data is exchanged in the background. Companies track our searches, browsing and shopping behavior. Personal electronic devices can silently disclose our location while we post status updates and photos to the Web. All this seems innocent enough - and the more others do it, the safer we all feel. After all, what's one more Twitter update among millions?