|
Ultrasaur Blog
Keeping track of exciting new threats to your digital records.
Archive for May, 2009
Friday, May 29th, 2009
Another reminder that everyone is susceptible to hacking:
The hackers, who collectively go by the name “m0sted” and are based in Turkey, penetrated servers at the Army’s McAlester Ammunition Plant in McAlester, Okla., and at the U.S. Army Corps of Engineers’ Transatlantic Center in Winchester, Va.
The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.
Tags: government, hacking, stub
Posted in worldnews | No Comments »
Friday, May 29th, 2009
We often assume that everyone will have fingerprints (as in the literal prints made from people’s fingers), bu from Reuters
A Singapore cancer patient was held for four hours by immigration officials in the United States when they could not detect his fingerprints — which had apparently disappeared because of a drug he was taking.
Although 4 hours is not exactly an impressive delay from an American airport and capecitabine is not a common drug, it raises interesting issues. Namely that when a simple process works in 99% of cases, we really aren’t prepared for that 1% of outliers. In this case, I’m curious what the Americans With Disabilities Act says about treatment of finger/hand/arm amputees in fingerprinting situations.
Tags: news, stub
Posted in fingerprinting | No Comments »
Friday, May 29th, 2009
Shorter version:
Waste Management sued SAP, for $100 million since the product didn’t live up to the demo. Nobody claims to have a copy of the demo that the case rests on.
My question is, why should Waste Management believe that SAP would necessarily produce the original demo?
I agree that it “would be wise to preserve a copy of product demonstrations as they form new license agreements with vendors” but having given and received demos, I don’t think I’ve ever seen that happen.
Tags: court case, demo, fraud
Posted in fingerprinting, record falsification | No Comments »
Friday, May 15th, 2009
Hackers ‘destroy’ flight sim site:
Yes, we dutifully backed up our servers every day. Unfortunately, we backed up the servers between our two servers.
Backups: different medium, different location.
Tags: stub
Posted in misc | No Comments »
Friday, May 15th, 2009
Another “He-said-he-said” argument making news, this time between the CIA and Sen. Bob Graham. In this case the CIA’s records indicate that they told Graham the details about waterboarding but Graham’s records indicate that they didn’t. Or rather, that’s what both party claims, so in the absence of verifiable records, it relies on which party you trust more, which isn’t obvious.
From former presidential speechwriter to Jimmy Carter James Fallows:
Graham also has a specific reputation for keeping detailed daily records of people he met and things they said. He’s sometimes been mocked for this compulsive practice, but he’s never been doubted about the completeness or accuracy of what he compiles…
So if he says he never got the briefing, he didn’t.
Tags: dispute, news, records, usa
Posted in record falsification | No Comments »
Tuesday, May 12th, 2009
In a clarification of their position on armed conflict, the United States will “not rule out a kinetic response to a cyber attack.“. Meaning that the US may consider hacking (presumably by a foreign power) as an attack similar to a physical attack on a bridge or a dam.
At the other end of the spectrum, a court has upheld the “hacking” conviction of a man for for misusing his computer at work to upload pornography.
Rasch said the problem stems from an amendment that was made to the federal Computer Fraud and Abuse Act — the federal anti-hacking law — that states have added to their own statutes.
“The early statute only talked about unauthorized access — which is breaking into computer,” he said. “But then they amended it to say ‘or exceeding the scope of authorization to access a computer’.”
Tags: news
Posted in hackers | No Comments »
Friday, May 8th, 2009
According to Verizon the average insider-sponsored data breach nets the attacker 100,000 records. This is considerably more than attacks from other vectors (outsiders & partners), which makes sense if only from a bandwidth perspective.
Interesting though it is to read about, Spire Security makes the point that multiplying %of attacks by #of records stolen to calculate pseudo-risk (likelihood x impact) isn’t especially useful. (Unlike him, I’m more inclined to forgive the base rate fallacy problem since the solution shouldn’t be to change the structure of a business’ affairs.)
I think the major flaw in calculating risk is that there is so much variety in how you can calculate the impact. If stealing 100,000 records means taking the company directory, it’s relatively benign: in fact taking so many records might be a symptom of not knowing what they want to take.
And copying 8 million prescriptions is less bad than deleting them, which is itself less bad than altering some of them to be fatal.
Tags: data, math, report
Posted in Uncategorized, hackers | No Comments »
Friday, May 8th, 2009
Representative Peter DeFazio: “I helped create the TSA.”
Rep. Peter DeFazio actually dealing with the TSA: “This is really stupid.”
Source: Washington Post
Tags: funny, stub
Posted in Uncategorized | No Comments »
Wednesday, May 6th, 2009
It’s not surprising, but it is interesting to see a concrete case of reporters reporting straight from Wikipedia without independent verification:
Student’s Wikipedia hoax quote used worldwide in newspaper obituaries. It’s from The Irish Times, but they probably just read about it in Wikipedia.
Tags: stub
Posted in record falsification | No Comments »
Wednesday, May 6th, 2009
According to a claim at WikiLeaks, a hacker has taken “8,257,378 patient records and a total of 35,548,087 prescriptions” from the Virginia Health Professions Database (website is down).
Any intrusion should call the current records into question (we often talk about what could happen if a hacker changes your financial documents, but a bad prescription can kill).
The hacker claims:
Also, I made an encrypted backup and deleted the original.
However, according to the Washington Post:
Sandra Whitley Ryals, director of the Department of Health Professions, said in a statement Wednesday that the program’s computer system has been shut down since last Thursday’s breach, but all data was backed up and those files have been secured.
Tags: attacks, government, news
Posted in events, hackers | 1 Comment »
|
|