Sunday, October 25, 2009

UK healthcare records sold in India

According to an ITV show (just viewable in the UK - see link below for short transcript) medical records of UK residents are sold on the black market in India. The service offered is very sophisticated, even promising to break down information based on disease categories.

Besides the ethical part of this, there are various other reasons that make me want to ask the US government to heavily regulate electronic medical records and not go the usual approach of having the market determine what is good for the companies offering the service...or was it the patient? Looking back I guess I am not the only one that has that confused.

Read more: ITV article, Pete Finnigan's blog

1SSA - Security Consulting, Training and Products

Monday, October 12, 2009

Sidekicks and a Danger-eous Cloud

I think we have our first major cloud incident and nobody knows how to handle it. T-Mobile customers in the United States using Sidekick devices might not be the biggest fans of T-Mobile's approach of handling data with cloud computing. T-Mobile has outsourced it's Sidekick services to a company called Danger, which is owned by Microsoft. Sidekick devices heavily use the network and offside storage. The network storage devices used to store Sidekick data at Danger are manufactured by Hitachi.

Microsoft, Hitachi, and T-Mobile all big names but the information that leaked out does not show much professionalism. Hitachi was tasked to update Danger's network storage devices. According to an Engadget article, without a data backup or a working back-out plan that update went quite wrong. Some of the data stored by T-Mobile's Sidekick users has been deleted.

Even days later the overall system is still not stable and T-Mobile advises individuals to not turn-off their devices. Even sales of Sidekicks are on hold.

I guess cloud computing is in Danger.

Read more at:
New_york Times

1SSA - Security Consulting, Training and Products

Thursday, October 08, 2009

Trojan forging bank statements to cover traces

This is getting way too "perfect". Now malware was discovered that re-writes bank online statements on the fly, covering traces of illegal bank transactions. By doing this, criminals have more time to route the money and hide it. This new Trojan seems to be using a server in the Ukraine for control. First victims were spotted in Germany, with damages up to 300,000 Euros (approximately $400,000) in just 22 days.

You can read more at: Wired article

1SSA - Security Consulting, Training and Products

Friday, October 02, 2009

Wifi security problems - Just paint!

This was just a question of time till a company would come out with it and here it is: A paint that stops radio-waves which are used for wireless Lan (WLAN/WIFI). The same goes for cell phone and other radio waves used in modern mobile devices. For the electrical engineers: The paint claims to block radio waves up to 100 GHZ. So what exactly does that mean? An additional layer of security that can be introduced, to prevent someone to access your wireless network. You can paint the outside facing walls of your home or office with this special paint and nobody can pickup the radio waves from inside anymore...that actually also means nobody can use a cordless phone anymore when outside the home. So you might want to reconsider the paint and configure your wireless access point/router to use WPA2, the latest security standard for wireless devices. Is it a 100% assurance that nobody can break into your wireless network? Unfortunately the answer is No. Attacks that use so called rainbow tables containing precomputed keys that are used for the encryption and authentication of the wireless traffic and devices are the latest attacks, besides the usual attacks that go after flawed implementations of the wireless protocol with certain vendors. Maybe the paint is not such a bad idea but keep in mind that windows cannot be painted...

Read more at: BBC News, Wikipedia - Rainbowtable

1SSA - Security Consulting, Training and Products