Google to Store Patient Health Data

By Trip Volpe at 11:53 pm on February 24, 2008 | 7 Comments

News article here, covered on Slashdot here.

Google, with the cooperation of the Cleveland Clinic, is beginning a project to record medical history and other health-related data for patients. The stated goal is to provide patients with a way to access and manage their own health data, as well as to work towards a “more efficient and effective national health care system.”

While a common database of this information could indeed be useful for patients and healthcare providers, it raises some privacy and security issues. (Read on …)

Filed under: Current Events,Ethics,Privacy7 Comments »

ISP caching issue exposes Gmail data

By harsh at 11:35 pm on | 3 Comments

Last week, when a Kuwait-based Gmail user tried logging in, he was denied access to his own account, and instead was granted access to over 30 accounts that did not belong to him. He was able to peek into other people’s private information and personal emails, including one that contained “keycodes for some embassy gate”. This incident that occurred during the last weekend was fixed on the following Wednesday.

A Google spokesman who confirmed the issue said that the problem occurred due to a caching issue experienced by the ISP in that region. However, another user in Sri Lanka reported a similar issue with his Gmail account.

The same user who faced problems with his Gmail account wrote to CNN that he had no problems with his other accounts such as Hotmail. Though Google confirmed that the issue was caused by the ISP, I think it is also Google’s responsibility to enforce security measures which will prevent such minor issues outside itself from compromising its users’ accounts.

Fortunately, in this case, the issue was not widespread. If it were, one can only imagine how much damage it can potentially cause.


Filed under: Current Events3 Comments »

Security Review: Coin-Operated Laundromats

By zaxim at 11:27 pm on | 6 Comments

They’re out there…Some of us use them everyday…Especially college students living away from home…We can’t avoid them, unless we want to be stinky…

Yes I’m talking about coin-operated laundries…

Coin-operated washing facilities provide an interesting security problem, since the users only maintain a single asset, their clothes. The owners and operators of the facility are at most risk since they have to protect against people stealing money or gaining free use.

(Read on …)

Filed under: Miscellaneous,Physical Security,Security Reviews6 Comments »

Collaborative Security Review: Wave2Go

By Chad at 9:57 pm on | 2 Comments

This security review is intentionally left incomplete. It is simply a topic that I think would be interesting for us as a group to explore. If you can add to the discussion, please do, even if it’s simply to propose an idea, or to shoot one down.

Washington State Ferries have been using the Wave2Go system for over a year now. The old system required passengers to remain in a holding area after they had bought their tickets from one of three booths. Many patients would wait to buy their tickets just before the ferry would board, causing long lines right before departure and occasionally delaying ferries.

Wave2Go allows clients to buy tickets from multiple kiosks in addition to the three ticket booths. Alternatively, you can purchase tickets ahead of time online and then print them out. (Read on …)

Filed under: Physical Security,Security Reviews2 Comments »

U.S. Intelligence wants to monitor WoW chat

By sky at 9:46 pm on | 2 Comments

Called The Reynard project, it is a series of plans for the U.S. Intelligence to monitor more internet traffic, most notably, data mining from several major MMORPGs, including WoW. The goal being to eventually create a system that can “automatically detecting suspicious behavior and actions in the virtual world.” Games often have things like bombs and assassinations in them, and it seems like the potential for a very high false positive rate is there. It kinda makes me wonder if custom UIs will have an option to use some sort of encryption with their in-game chat for those who are really bothered by big brother being over their shoulder.


Filed under: Current Events,Policy,Privacy2 Comments »

Security Review: Full disk encryption

By mccoyt at 9:24 pm on Comments Off on Security Review: Full disk encryption


The past week has seen a renewed interest on the part of the security community in the reliability of hard disk encryption. With the recent revelation that data on encrypted drives is vulnerable to unauthorized access via memory manipulation, the technology has come under new scrutiny, and the integrity of existing disk encryption technologies is being questioned. While this blog has explored both the recent security breach and specific encryption tools (cold-boot attacks , Truecrypt security review), this security review will take a broad look at the security principles behind disk encryption and vendor-independent weaknesses and strengths of the technology.

(Read on …)

Filed under: Security ReviewsComments Off on Security Review: Full disk encryption

Security Researchers Crack Wireless GSM Encryption

By esoteric at 3:52 pm on | 6 Comments

Security researchers have announced the development of a ultra-fast method of cracking wireless GSM encryption in 30 minutes or less.  The 64-bit encryption algorithm was cracked in theory over 10 years ago, but the development of new technology has exploited the vulnerability on a timescale that poses a serious threat.  GSM is used by many mobile companies worldwide, including T-Mobile and AT&T in the United States.  With a GSM wireless frequency receiver and the proper resources, hackers will be able to eavesdrop on phone conversations and text messages at will.  Fortunately, the technology is currently not cheap.  The developers are charging $1,000 for a solution that cracks GSM in 30 minutes, and $100,000 for a solution that cracks it in 30 seconds.  Still, the potential for privacy invasion in the future is tremendously daunting.

Who else is ready to switch to Verizon or Sprint?


Filed under: Current Events,Privacy6 Comments »

Now that we are being listened to

By joyleung at 2:43 pm on Comments Off on Now that we are being listened to

The government has decided to continue wiretapping phones with assistance from phone companies. These companies are also pushing a bill for immunity from lawsuits for participating in the tapping. What is the line at which informational surveillance pushes too far into privacy? Should immunity be granted?


Filed under: Current Events,Policy,PrivacyComments Off on Now that we are being listened to

16 hackers got arrested in Quebec recently

By felixctc at 12:49 am on | 2 Comments

Recently, the police department in Quebec, Canada, busted an international hacking network. 16 people that were between the ages of 17 and 26 were arrested and this was the biggest hacking scam in Canadian history according to the police. These hackers collaborated online to attack and took control about one millions computer all over the world that didn’t have firewall or anti-virus software. Because of that, they injected Trojans or worms in those computers. The investigators mentioned that the hackers profited about 45 million dollars.
(Read on …)

Filed under: Current Events,Ethics,Integrity2 Comments »