Someone stole the hard drive from the car of one of the vendor’s employees, according to the letter. UH was informed of the theft Aug. 8, and the hospital system has been determining the exact information that was on the drive since then, said hospital spokeswoman Janice Guhl. 

Link to full story

http://www.cleveland.com/healthfit/index.ssf/2013/11/uh_notifies_7100_patients_of_l.html

The post UH notifies 7,100 patients of stolen hard drive with personal medical information on it appeared first on Security Wandering.

Like a super strain of bacteria, the rootkit plaguing Dragos Ruiu is omnipotent.

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn’t know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.

linked from:
 http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

it was just a matter of time before microcode injections into the controller on various sub systems of a computer would be targeted.
This is a very troubling discovery for many people. 

The post Ultrasonic more then bugs talking…….or “bab bios” or should it be sound gaps not air gaps appeared first on Security Wandering.

bout airplane tickest a while ago…..great price
Day before try to get 2 seats together  online at check in….

That did not happen, normal not a big deal.
but this time the wife is in a walking boot for her ankle and the kid always flys next to the wife.

Security at the airport was a breeze for everyone including the wife in her ankle boot contraption.
security made sure that the kid did not go wondering off well mom got scanned.
I get to deal with the 10 little gray bins and getting them thru the xray thing
as odd as it sounds it was like they wanted to help….got to love that.

Get to the gate wait for the gate folks to get there.
Now the gate folks had always been very helpful  for me

So I know they could easily fix the seating issue for me…..

WRONG
“the flight is full figure it out yourself when you get on the plane” 
The message from the gate folks

it was like they were more concerned about themselves then helping me an mine.
no even an earl boarding invite….wife in a walking boot for her ankle injure and 7 year old boy….

so we wait and yet more self involved airline folks come and go.

they open the plane for boarding…

final yet another group of airline folks…
about half way thu boarding we get invited to board after the wife hobbles around in the waiting line.

I new face from airline….who had just helped a 13 year old traveling alone… was the yes please go bored voice of reason

we go down the empty gate ramp took like 5 minutes down hill walking slow….
get on the plane and there are people sitting in all of our seats….
kid starts crying… have i mentioned yet that the wife “does not like to fly “motion sickens””

get the tickets from the wife…
kick an old couple out of my seat and the 13 year old seat….
then the 13 year old says I’ll change with you..

So the the wife and the kids get 2 seats together…..finally
the 13 year old stranger gets a window seat beind me…

Oh yeah forgot to mention the flight crew losing it because we had stopped anyone from boarding  the plane.
that kind of happens on the small jets  when you are in row 3 waiting for some folks to move out of your seats….

longer story short..

flight was great 20 minutes early kind of great.

moral of the story you should always call the airplane phone support folks to fix seating issues and wait on hold for an hour to talk to 
SAM “shrewas”  who think that the yankees are a florida baseball team……

The post what happens when airlines merge…or why no ones cares once they get your cash appeared first on Security Wandering.

Over on the post “EU ministers seek to ban creation of ‘hacking tools’ – Computerworld” contains this text:

“EU ministers seek to ban creation of ‘hacking tools’ By Jennifer Baker June 15, 2011 07:27 AM ETComments (2)Recommended (4) IDG News Service – Justice Ministers across Europe want to make the creation of ‘hacking tools’ a criminal offense, but critics have hit back at the plans, saying that they are unworkable.

Ministers from all 27 countries of the European Union met on June 9 to discuss European Commission proposals for a directive on attacks against information systems. But in addition to approving the Commission’s text, the ministers extended the draft to include ‘the production and making available of tools for committing offenses’.

This is problematic, as much legal and legitimate software could be put to criminal use by hackers. The draft mentions ‘malicious software designed to create botnets or unrightfully obtained computer passwords,’ but goes no further in attempting to clarify what ‘tools’ might be subject to criminal sanctions. For example, the distinction between a password cracker and a password recovery tool is not specified. Nor is there any mention of legitimate use for testing. Many tools that could be used for hacking in the wrong hands, are used by system administrators and security consultants to probe for vulnerabilities in corporate systems.”

The post EU ministers seek to ban creation of ‘hacking tools’ – Computerworld appeared first on Security Wandering.

“Tennessee Makes Password Sharing Illegal Here’s a new law that won’t work: State lawmakers in country music’s capital have passed a groundbreaking measure that would make it a crime to use a friend’s login — even with permission — to listen to songs or watch movies from services such as Netflix or Rhapsody. […] The legislation was aimed at hackers and thieves who sell passwords in bulk, but its sponsors acknowledge it could be employed against people who use a friend’s or relative’s subscription. While those who share their subscriptions with a spouse or other family members under the same roof almost certainly have nothing to fear, blatant offenders — say, college students who give their logins to everyone on their dormitory floor — could get in troubl”

The post Schneier on Security: Tennessee Makes Password Sharing Illegal appeared first on Security Wandering.

Over on the post “iSpy Conspiracy: Break Apple’s Secret Tracking with This App” contains this text:

“iSpy Conspiracy: Break Apple’s Secret Tracking with This App

 

Sam Biddle — Not entirely cool with the idea of your iPhone or iPad following your every move without your consent? Understandable! Luckily, only a day after the privacy revelation, a fix has been cooked up that switches off Apple’s covert tracking. The root of the tracking problem is a single file that logs your location. Untrackerd nukes the location logs from that database. Although it requires a jailbroken device, it’s a cinch to use—it simply runs in the background, erasing that dubious info: ‘A package installs a daemon (process that can run in the background) to clean consolidated.db file. No new icons are added to your homescreen. There are no options to configure.’

Sounds good to us! This is, however, only a bandaid—a fairly inconvenient bandaid. This is a problem that affects and potentially compromises the privacy of every single iPhone and iPad user. And most of these users aren’t ever going to consider jailbreaking.

So as much as Untrackerd is a laudable effort, it answers none of the underlying questions about why this data was being logged in the first place where normal—not just carriers and law enforcement—can get to it from our computers and handsets. The only real fix will be one that comes from Apple, allowing all users to opt-out of the tracking with a simple tap. Or hey, crazy idea—don’t have it enabled to begin with. [via TNW]”

The post iSpy Conspiracy: Break Apple’s Secret Tracking with This App appeared first on Security Wandering.

Over on the post “Actually, iPhone sends your location to Apple twice a day – F-Secure Weblog : News from the Lab” contains this text:

“esterday, security researchers Pete Warden and Alasdair Allan released an application that can take such a file and show your movements on a map.

 

Now, this sounds bad from a privacy viewpoint. For example, authorities could gain a court order to do a forensic examination on your phone to figure out where you’ve been.

But why is Apple collecting this information to begin with? We don’t know for sure. But we’re guessing it’s likely related to Apple’s global location database.

Like Google, Apple maintains a global database of the locations of Wi-Fi networks. They use this to get an estimate of your location without using GPS. For example, if your handset sees three hotspots which have MAC addresses that Apple knows are within a certain city block in London, it’s a fair bet you’re in that city block.

We know how Google collected their location database: they recorded them world-wide while they had their Google Maps Street View cars driving around the globe.

Where did Apple get their location database? They used to license it from a company called Skyhook. How did Skyhook obtain this information? Well, they had their own cars drive around the world, just like Google.

However, the Skyhook database is expensive. So beginning with iPhone OS 3.2 released in April 2010, Apple started replacing the Skyhook location database with their own location database.

And the real question is: How did Apple create their own location database? They did not have cars driving around the world. They didn’t need to. They had existing iPhone owners around the world do the work for them.

If you run a modern iPhone, it will send your location history to Apple twice a day. This is the default operation of the device.

How can they do this? By asking for your permission first. There is an opt-in process during initial iTunes installation, but the prompt is highly misleading:

The iTunes prompt talks about helping Apple with Diagnostics information. It says nothing about recording your locations. If you take the time to read Apple’s Privacy Policy, it does explain what they are doing:

To provide location-based services on Apple products, Apple and our partners    and licensees may collect, use, and share precise location data, including the    real-time geographic location of your Apple computer or device.    This location data is collected anonymously in a form that does not personally    identify you and is used by Apple and our partners and licensees to provide and    improve location-based products and services.

We believe the new secret location database found on the devices is connected to this functionality. Apparently iPhones always collect your location information, even if it’s not getting sent to Apple. “

The post Actually, iPhone sends your location to Apple twice a day – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

“Jack Hembrough, CEO of VaporStream, continues his discussion of controlling e-mail distribution which he started in the last column. Everything that follows is Mr. Hembrough’s own work with minor edits.
* * *
Have you ever responded to an e-mail, ‘Give me a call and let’s discuss’ because you were uncomfortable putting private information in the reply? Lawyers are no longer the primary professionals who are circumspect about what they put in electronic messages. There is a growing sense that pressing ‘send’ for an electronic message is tantamount to publishing the content. The potential for disclosure and the lack of privacy in electronic communication is becoming sand in the gears of progress. The lack of privacy, or the fear of public disclosure, is driving business people away from traditional written electronic messaging, despite the proliferation of mobile devices, and ‘Give me a call and let’s discuss that’ is a phrase returning “

The post Security Research Center – Network World appeared first on Security Wandering.

“Legal issues in the Cloud – Part 4
There are no laws unique to the Cloud, but you must consider your exit strategy”

The post Legal issues in the Cloud – Part 4 – Truman Hoyle, privacy, legal, due dilligence, data sovereignty, data exit, cloud computing – CIO appeared first on Security Wandering.

“Senate bill would set consumer privacy rights
By Joelle Tessler, Associated PressPosted 11h 26m ago

WASHINGTON — A new Senate bill introduced Tuesday would establish a ‘privacy bill of rights’ to set ground rules for companies that collect consumer data, including personal data amassed on the Internet and then mined to target online advertising.”

The post Senate bill would set consumer privacy rights – USATODAY.com appeared first on Security Wandering.