Category: News

The issue caused quite the controversy among users, as it could only be exploited if an attacker was able to get access to the computer. And with access, come all kinds of power including the ability to snag files directly from the local computer.

That update is now available in form of an experimental Dropbox 1.2 build for all supported desktop operating systems. Cautious users may consider waiting for the final release of Dropbox 1.2 before updating to the new version.

It took Dropbox less than two weeks to develop the means to protect the configuration files and databases on the local system.

http://www.ghacks.net/2011/04/28/dropbox-1-2-experimental-build-fixes-security-issue/

The issue caused quite the controversy among users, as it could only be exploited if an attacker was able to get access to the computer. And with access, come all kinds of power including the ability to snag files directly from the local computer.

That update is now available in form of an experimental Dropbox 1.2 build for all supported desktop operating systems. Cautious users may consider waiting for the final release of Dropbox 1.2 before updating to the new version.

It took Dropbox less than two weeks to develop the means to protect the configuration files and databases on the local system.

http://www.ghacks.net/2011/04/28/dropbox-1-2-experimental-build-fixes-security-issue/

Usually, cellphone companies have to restore service after disasters like hurricanes by sending in their own trucks that act like mobile cell towers. But AT&T’s new product would let first responders such as police and emergency workers immediately control where they have coverage.

One of AT&T’s options is a unit that packs into a suitcase, with a satellite dish carried separately. The Remote Mobility Zone can handle 14 simultaneous calls, and data at less-than-broadband speeds.
The cost of the units will range from $15,000 to $45,000, AT&T said Monday, plus some monthly fees.

Like other carriers, AT&T also sells “femtocells,” even smaller cellular antennas that users can place indoors.

http://m.apnews.com/ap/db_260809/contentdetail.htm?contentguid=wGBw0elc

The results suggests that while most companies are aware of the need for mobile device security and a robust code of practice for employees, a failure to effectively implement and manage such policies may be exposing the corporate network to viral attack and cybercrime. Kaspersky Lab is committed to help bridge the disconnect between business and personal devices by improving the management of UK businesses mobile security solutions.

‘The growing trend towards using a single mobile device for both business and personal use can represent a significant security headache for companies, particularly when people start downloading potentially infected or insecure applications onto ‘authorised’ and network connected devices,’ said Andrew Lintell, corporate sales director for UK and Ireland, Kaspersky Lab.

The YouGov research conducted on behalf of Kaspersky Lab, interviewed more than 150 IT leaders across Britain, representing firms with 250 or more employees, found that one in four IT managers and directors (25%) have downloaded an application onto a mobile device provided for them by their organisation.

http://4g-wirelessevolution.tmcnet.com/news/2011/04/20/5457977.htm

Gorman was most recently a senior executive adviser at Booz Allen Hamilton, a consulting firm hired by Bank of America after whistleblower Web site WikiLeaks late last year said it planned release thousands of insider documents that it had obtained from a former bank worker.

Gorman will be responsible for overseeing the bank’s overall information security strategy; he will report to CTO Marc Gordon, according to a Bank of America statement issued on Thursday. The bank has been in damage-control mode since WikiLeaks founder Julian Assange disclosed last November that WikiLeaks held more than 5GB of internal data, including tens of thousands of sensitive internal documents, from an unnamed major U.S. bank. In fact, in a 2009 interview with the IDG News Service, Assange said WikiLeaks had obtained some 5GB of data that had been stored on the hard drive of a Bank of America executive.

In January, the New York Times reported that the bank had assembled a 15-to-20-person team to develop a damage-control plan in the event that WikiLeaks followed through on its threat. The team, which is headed by Bruce Thompson, Bank of America’s chief risk officer, was tasked with conducting a broad internal investigation to determine what documents might have been leaked.

In February, WikiLeaks released a document that appeared to show that the bank had hired three intelligence firms to help develop a strategic plan of attack against WikiLeaks.

And last month, a group known as Anonymous, which is a loose affiliation of hackers who support the WikiLeaks cause, released email messages and documents that purportedly prove mortgage fraud.

http://www.computerworld.com/s/article/9215426/Bank_of_America_moves_to_further_ramp_up_security_with_new_CISO?source=CTWNLE_nlt_pm_2011-04-01

The action against Cignet represented the first time since HIPAA became law that such a fine has been imposed on an organization in the healthcare field over a privacy violation. HHS said the fine was levied on Cignet for two reasons: It did not give 41 patients access to their medical records when they asked for it, and it did not subsequently cooperate with an investigation into the matter by HHS’s Office for Civil Rights (OCR).

HIPAA’s privacy rules require covered entities to provide patients with copies of their medical records no later than 60 days after they request the records, HHS noted.

Cignet’s failure to do so earned it a $1.3 million penalty under HIPAA rules. An additional $3 million penalty was assessed against Cignet for its failure to cooperate with OCR investigations and for its repeated refusal to produce records in response to HHS demands.

The HHS settlement with Massachusetts General Hospital stems from a March 2009 incident in which documents containing protected health information on 192 patients were lost when an employee inadvertently left them on a subway train.

…Both HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was passed as part of the 2009 stimulus package, contain provisions for protecting the privacy and security of patient data.

…The penalties indicate that HHS is taking a hard look at business process failures that can result in privacy violations, said Peter MacKoul, president of consulting firm HIPAA Solutions LC.

Both of this week’s actions stemmed from business process issues and not technology failures, MacKoul said. Weak business processes — such as a failure to ensure that data on laptops is encrypted, or a failure to protect against the use of USB flash drives, or the improper handling of hard copies — often result in privacy breaches, he said.

…The latest HIPAA enforcement actions follow news this week that the number of people whose healthcare data is lost or stolen continues to soar. A report released earlier this week by the accounting firm Kaufman, Rossin & Co. showed that in the first year since the HITECH Act was passed, about 5 million people had their personal health information compromised, either as a result of theft or because the data was lost.

…The largest incident involved a lost laptop containing unencrypted protected health information on 1,222.000 individuals, the report said.

http://www.computerworld.com/s/article/9211359/HIPAA_privacy_actions_seen_as_warning?source=CTWNLE_nlt_dailyam_2011-02-25