Security

Another day, another stolen laptop with identity information

Leave a comment

The redOrbit story shows a continuing trend in breach notification — it is all about encryption:

A laptop containing confidential information about 11,000 patients has been stolen from a Midland GP’s home.

Contrary to Department of Health guidelines, the information was not encrypted, which would have made it unreadable without a special code to unscramble it.

Shame, shame. Will we have to start monitoring for data written to a non-encrypted space? Wait a minute, why is there any non-encrypted space on a GP’s laptop? Does not compute.

The laptop was among items stolen in a recent burglary at the home of the unnamed doctor, who works at the Castlecroft Medical Practice in Wolverhampton.

I am certain the authorities will not release his name because that would be like giving away his identity information. At least they are careful about that, but what if they had a policy where they did the opposite and subjected people who lost information to similar treatment…? Too malicious? Cruel? Yes, I know. Monty Python comes to mind.

The information on the computer, which belongs to the practice, included patients’ names, dates of birth, addresses, contact details and confidential medical records. The practice has written to all of its 11,000 patients to inform them that information about them was on the stolen computer.

Dr Peter Wagstaff, senior partner at the practice, said: “The practice is treating this issue very seriously and we are extremely sorry for any distress or concern that it may cause our patients.

“Though not encrypted, the confidential information on the laptop was protected by a complex password system, which only a person with specialist computer knowledge would be able to crack.”

Wonder why the practice did not notice the gap in encryption. Complex password or a complex system? I have a strange feeling that the system might be complex, but the password was not.

Energy, Security

NERC jolted by GAO

Leave a comment

Did I write about this already? It does not look like it. Shame, as I have been doing a bunch of FISMA writing and this article has been floating in my head for a while now. Better late than never, as they might say in NERC.

US Representative James Langevin, chair of the House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, said he had “little confidence” that the North American Electric Reliability Corporation (NERC) has fully addressed a vulnerability code-named Aurora, in which electric utilities generators and other equipment comes to a grinding halt.

“I still do not get the sense that we are addressing cybersecurity with the seriousness that it deserves,” Langevin said, according to this report from IDG News Service. “I think we could search far and wide and not find a more disorganized, ineffective response to an issue of national security of this import. If NERC doesn’t start getting serious about national security, it may be time to find a new electric reliability organization.”

Yeah, go Langevin. While I can appreciate the concerns of some who say keep the whole thing offline forever, the reality is that the network is here to stay and there are real cost benefits to remote access, control and reporting. The trick is providing a secure solution, rather than throwing out the baby with the bathwater.

Food, History, Security

St. Louis voted best tasting tap water

Leave a comment

What’s the name of that guy in Dr. Strangelove with the obsession about rainwater? General Jack D. Ripper?

A station in St. Louis, KWMU, has alerted America to a water quality and anti-bottle campaign called “Think Outside the Bottle”. No, this is not just a marketing campaign for babies:

“It’s really a great idea on a few fronts: one, it’s saving taxpayer dollars; two, we have the best-tasting water in the country, and we’re encouraging our city employees, city citizens and citizens from around the region and visitors to use our tap water,” [St. Louis mayor’s environmental aide] Embree said.

During the 2007 U.S. Conference of Mayors St. Louis’ tap water was voted the best tasting.

They forgot to mention the war on terror. What modern politician could forget the war on terror as a reason to take action? Save the environment? Save taxpayer dollars? Do it for the taste or your health? What kind of Communists, oops I mean terrorists, are we dealing with here? Ol’ Ripper said it like this:

A foreign substance is introduced into our precious bodily fluids without the knowledge of the individual. Certainly without any choice. That’s the way your hard-core Commie works.

Today it would be terrorists. Those terrorist bottle companies leeching foreign substances…someone needs to launch an air-strike and protect America from “the most monstrously conceived and dangerous [terrorist] plot we have ever had to face”.

Wait, isn’t there already a Homeland Security alert on bottles?

Security

ID Ten Seven errors

Leave a comment

More from the humor department. This was just sent to me:

I was having trouble with my computer. So I called the 11-year old next door whose bedroom looks like Mission Control, and asked him to come over.

He clicked a couple of buttons and solved the problem.

As he was walking away, I called after him, ‘So, what was wrong?

He replied, ‘It was an ID ten T error.’

I didn’t want to appear stupid, but I had to ask, ‘An, ID ten T error? Can you explain that to me in case I need to fix it again?’

He smiled…. You haven’t heard of an ID ten T error before?’

‘No,’ I replied.

‘Write it down,’ he said, ‘and I think you’ll figure it out.’

So I wrote down: I D 1 0 T …

Har har. Wikipedia suggests this actually comes from adult Naval parlance.

I like the ID ten seven format better (ID107), or even ID hundred seven.

I remember those problems being termed layer 8 of the OSI model or PEBKAC errors — when a problem exists between keyboard and chair — both mentioned by Wikipedia.

Surely someone can come up with something new already, no?