Twitter Worm

F-Secure has information regarding a cross-site scripting worm spreading in Twitter profiles for several hours last night. Twitter users started reporting that their profile had sent Twitter messages without their knowledge. Messages looked like this:   Many users thought the ‘tweets’ were legitimate communications from trusted friends and clicked on the link to ’stalk daily’. That caused [...]

Comments Off on Twitter Worm

HITECH Act and HHS: A full plate of deadlines

Robert Kolodner, the national coordinator for health information technology in the Department of Health and Human Services (HHS) recently spoke to attendees at the 2009 HIMSS Conference about the changes and deadlines that have come out of the HITECH Act. Note: Title XIII of Division A and Title IV of Division B of the American Recovery [...]

Comments Off on HITECH Act and HHS: A full plate of deadlines

HIT Policy Committee Appointments Made

In the beginning of March, we wrote about The Health Information Technology for Economic and Clinical Health Act’s (HITECH Act) provisions within the American Recovery and Reinvestment Act of 2009 (ARRA). The HITECT Act establishes additional government and agency involvement in setting policy, standards, specifications, and criteria for Health Information Technology (HRT) and Electronic Health [...]

Comments Off on HIT Policy Committee Appointments Made Press Release regarding DDoS

Here is the press release from in its entirety: Service Alert April 4, 2009: 2:52PM EST As we previously communicated, has been experiencing intermittent service disruptions as a result of a distributed denial of service (DDoS) attack. We want to update you on where things stand. As of now, all web services are operational. If you are [...]

Comments Off on Press Release regarding DDoS

DNS Servers under Attack

This is not a Conficker related blog post. There is a bigger story on the radar from last week. Major web service providers have been intermittently off line with what seems to be major Distributed Denial-of-Service (DDoS) attacks against DNS providers. An attack against DNS provider NeuStar on Tuesday morning disrupted Amazon’s S3 cloud computing service, [...]

Comments Off on DNS Servers under Attack

Security Metrics and Risk, How valuable is that dashboard report?

Information security risks are hard to quantify because they involve a lot of “what-if” and “it might happen.” Risks are basically Threats multiplied by Vulnerabilities multiplied by Consequences. Information Security departments use number driven performance dashboards to represent information security risks to a company, or to compliance. What exactly are these reports saying? Introducing a little Security [...]

Comments Off on Security Metrics and Risk, How valuable is that dashboard report?

Moving over Keystroke Loggers, now we have Dynamic Time Warping?

Researchers at InversePath announced at the Tenth Annual CanSecWest conference that they were able to detect sniff keyboard strokes and determine which letters were being typed. They were able to detect and deduce the mechanical emissions from a keyboard by pointing a laser on the reflective surface of a laptop. Security Engineer Andrea Barisani and [...]

Comments Off on Moving over Keystroke Loggers, now we have Dynamic Time Warping?