F-Secure has information regarding a cross-site scripting worm spreading in Twitter profiles for several hours last night. Twitter users started reporting that their profile had sent Twitter messages without their knowledge. Messages looked like this: Many users thought the ‘tweets’ were legitimate communications from trusted friends and clicked on the link to ’stalk daily’. That caused [...]
Robert Kolodner, the national coordinator for health information technology in the Department of Health and Human Services (HHS) recently spoke to attendees at the 2009 HIMSS Conference about the changes and deadlines that have come out of the HITECH Act. Note: Title XIII of Division A and Title IV of Division B of the American Recovery [...]
In the beginning of March, we wrote about The Health Information Technology for Economic and Clinical Health Act’s (HITECH Act) provisions within the American Recovery and Reinvestment Act of 2009 (ARRA). The HITECT Act establishes additional government and agency involvement in setting policy, standards, specifications, and criteria for Health Information Technology (HRT) and Electronic Health [...]
Here is the press release from Register.com in its entirety: Register.com Service Alert April 4, 2009: 2:52PM EST As we previously communicated, Register.com has been experiencing intermittent service disruptions as a result of a distributed denial of service (DDoS) attack. We want to update you on where things stand. As of now, all web services are operational. If you are [...]
This is not a Conficker related blog post. There is a bigger story on the radar from last week. Major web service providers have been intermittently off line with what seems to be major Distributed Denial-of-Service (DDoS) attacks against DNS providers. An attack against DNS provider NeuStar on Tuesday morning disrupted Amazon’s S3 cloud computing service, [...]
Information security risks are hard to quantify because they involve a lot of “what-if” and “it might happen.” Risks are basically Threats multiplied by Vulnerabilities multiplied by Consequences. Information Security departments use number driven performance dashboards to represent information security risks to a company, or to compliance. What exactly are these reports saying? Introducing a little Security [...]
Researchers at InversePath announced at the Tenth Annual CanSecWest conference that they were able to detect sniff keyboard strokes and determine which letters were being typed. They were able to detect and deduce the mechanical emissions from a keyboard by pointing a laser on the reflective surface of a laptop. Security Engineer Andrea Barisani and [...]
