Our thoughts are with friends and family of Brad Smith

http://blogs.csoonline.com/security-leadership/2465/our-thoughts-are-friends-and-family-brad-smith

By Bill Brenner Salted Hash CSO.com November 28, 2012

I want to take a moment and say a few things about Brad Smith, an infosec professional who has had a big influence on the community. He suffered a devastating stroke at last year’s Hacker Halted conference in Miami as he was delivering a talk, and his recovery has been full of emotional ups and downs.

Sadly, according to a blog message from his wife, Nina, Brad has entered a final decline. From her message [1]:

More than a month ago, Brad had surgery to replace his skull with a prosthetic medical grade plastic. The surgery went well. The doctors were all very pleased. Then Brad began to have seizures and subsequently suffered two additional hemorrhages – strokes.

The first of which was on the right side of his brain, almost a mirror image of the very first one, affecting mobility on his left side. The next was a hemorrhage in his left temporal lobe. At first, Brad was responsive, and could track with his eyes and tried to communicate, but he has been declining since. He is currently at a long-term acute hospital north of Longmont, near Loveland, CO. The VA has graciously provided for us once again.

Monday, we had a family meeting to address the next steps. The doctor has seen no improvements in the two weeks since Brad arrived here, and the likelihood of him ever being able to live on his own without 24/7 assistance is next to zero. Life for Brad would be in some kind of a nursing home facility. There’s no quality in that and he would never want that kind of existence (I couldn’t let that happen either). It was up to me to make a very difficult decision, one of the hardest ever in my life.

I chose comfort care, which will honor his wishes and avail him a dignified end. We agreed to have all medications stopped and feeding tube turned off with the exception of pain medications as needed.

Now it’s just a matter of time. His parents and brother (and wife) will arrive in Denver on Wednesday to be with us.

I met Brad a couple times, but didn’t know him very well. But I’m well aware of the respect and love people in the community have had for him.

To those in the community who are close to Brad, we at CSO extend our sincere thoughts and prayers.

And for Brad and his family, we wish you peace and blessings in the coming days and beyond.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

Samsung to issue firmware fix for printer security flaw on Friday

http://www.computerworld.com/s/article/9234118/Samsung_to_issue_firmware_fix_for_printer_security_flaw_on_Friday

By John Ribeiro IDG News Service November 29, 2012

Samsung Electronics will close a security hole in the firmware of some of its printers by issuing an update on Friday, and said they could be protected by disabling SNMP.

The affected printers have a backdoor administrator account hard-coded in their firmware that does not require authentication and can be accessed over the Simple Network Management Protocol (SNMP) interface, the U.S. Computer Emergency Readiness Team (US-CERT) said earlier this week in an advisory.

The affected Samsung printers, and some Dell printers made by Samsung, contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility, US-CERT said.

SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Patient Monitoring Firm Reports Theft of Laptop Containing EHRs

http://www.ihealthbeat.org/articles/2012/11/27/patientmonitoring-firm-reports-theft-of-laptop-containing-ehrs.aspx

iHealthBeat November 27, 2012

Alere Home Monitoring, a provider of patient monitoring and management services, recently notified about 116,000 individuals about a data breach involving their personal health information, Modern Healthcare reports.

About the Breach

Alere did not specify when the theft occurred but said a company-owned laptop was stolen from the locked car of an Alere employee.

The laptop contained patients’ electronic health records, which include data such as:

Names; Addresses; Dates of birth; Social Security numbers; and Diagnostic codes.

Alere did not indicate whether the information was encrypted or if the laptop was password-protected (Conn, Modern Healthcare, 11/21). However, the company said it has no reason to believe that patient information has been accessed or used inappropriately (Alere release, 11/20).

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Forget Disclosure — Hackers Should Keep Security Holes to Themselves

http://www.wired.com/opinion/2012/11/hacking-choice-and-disclosure/

By Andrew Auernheimer Opinion Wired.com 11.29.12

Editor’s Note: The author of this opinion piece, aka “weev,” was found guilty last week of computer intrusion for obtaining the unprotected e-mail addresses of more than 100,000 iPad owners from AT&T’s website, and passing them to a journalist. His sentencing is set for February 25, 2013.

Right now there’s a hacker out there somewhere producing a zero-day attack. When he’s done, his “exploit” will enable whatever parties possess it to access thousands — even millions — of computer systems.

But the critical moment isn’t production — it’s distribution. What will the hacker do with his exploit? Here’s what could happen next:

The hacker decides to sell it to a third party. The hacker could sell the exploit to unscrupulous information-security vendors running a protection racket, offering their product as the “protection.” Or the hacker could sell the exploit to repressive governments who can use it to spy on activists protesting their authority. (It’s not unheard of for governments, including that of the U.S., to use exploits to gather both foreign and domestic intelligence.)

The hacker notifies the vendor, who may — or may not — patch. The vendor may patch mission-critical customers (read: those paying more money) before other users. Or, the vendor may decide not to release a patch because a cost/benefit analysis conducted by an in-house MBA determines that it’s cheaper to simply do … nothing.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Thailand cybersecurity state in ‘crisis’

http://www.zdnet.com/th/thailand-cybersecurity-state-in-crisis-7000008126/

By Ellyne Phneah ZDNet News November 30, 2012

Thailand is ramping up efforts to improve its cybersecurity, as risk of the public sector being attacked is growing due to the wide use of social media and inadequate security systems.

The increasing number of social media users was a concern among cybersecurity experts, noted Bunjerd Tientongdee, deputy director at the Ministry of Defence’s (MoD) department of Defence Information and Space Technology, in a Bangkok Post report. He was speaking at a cybersecurity conference on Thursday.

Bunjerd referred to the role of social media in the Arab Springs uprising last year, noting such a scenario would also be possible in Thailand if social media was used for political purposes.

There are already several cases of government servers being threatened, Bunjerd noted but declined to publicly disclose any names.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Samsung Printers Have Hidden Security Risk

http://www.informationweek.com/security/vulnerabilities/samsung-printers-have-hidden-security-ri/240142715

By Mathew J. Schwartz InformationWeek November 28, 2012

Some Samsung printers and Dell-branded printers manufactured by Samsung are vulnerable to being taken over remotely by an attacker.

That warning was made Monday by the U.S. Computer Emergency Readiness Team (CERT), which said that the affected printers “contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility.” In other words, the printers have a hardcoded account in their firmware that can’t be disabled by users. SNMP, or simple network management protocol, is a TCP/IP-based network protocol used to manage and monitor network device configuration.

As a result of the vulnerability, “a remote, unauthenticated attacker could access an affected device with administrative privileges,” according to the CERT information security advisory. “Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information — e.g. device and network information, credentials, and information passed to the printer — and the ability to leverage further attacks through arbitrary code execution.” That means that after accessing the administrator account, attackers could theoretically transform the printer into a malware-spewing attack platform that’s able to target any other network-connected device located inside the same network segment or firewall.

Samsung has acknowledged the vulnerability and promised to release a patch within days. “Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP,” said Samsung spokesman Reuben Staines via email. “We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1.2 or use the secure SNMPv3 mode until the firmware updates are made.”

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

gang busted over credit card crime

http://www.smh.com.au/it-pro/security-it/australias-biggest-ever-data-theft-gang-busted-over-credit-card-crime-20121129-2agzy.html

SMH.co.au November 29, 2012

Police have smashed a Romanian organised crime gang that allegedly hacked into the computer systems of small businesses, with credit card details of 30,000 Australians used in $30 million worth of illegal transactions around the world.

An Australian Federal Police and Romanian National Police investigation led to the arrest of 16 gang members this week, and seven people in Romania have been charged.

It is said to be the biggest data theft investigation in Australia’s history.

Computer hackers allegedly got access to the systems of up to 100 Australian small businesses, where the credit card details of about 500,000 people were stored. Advertisement

Police said they had confirmed 30,000 of those details had allegedly been used for $30 million worth of illegal transactions.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Arkansas breach due to terminated resident

http://www.clinical-innovation.com/topics/privacy-security/arkansas-breach-due-terminated-resident

By Beth Walsh Clinical Innovation + Technology Nov 27, 2012

The University of Arkansas for Medical Sciences (UAMS) is notifying approximately 1,500 patients of a medical records breach involving a resident physician who was terminated in 2010.

UAMS in Little Rock, Ark., recently discovered that a former resident kept some patient lists and notes regarding patients in violation of UAMS’ policy after leaving facility on June 3, 2010. The documents the resident kept were from January 2010 to June 2010 and contained patient names, partial addresses, medical record numbers, dates of birth, ages, locations of care, dates of service, diagnoses, medications, surgical and other procedure names, as well as lab results, according to a release. No social security, bank account or credit card numbers were included with this information.

UAMS said its HIPAA Office became aware of this incident Oct. 9 when the resident produced the documents during her lawsuit against UAMS regarding her termination from the residency program. On Nov. 7, UAMS became aware that additional documents the resident kept had been provided to UAMS attorneys June 25. The records are now protected by a court order, which prevents them from becoming a public record and will prevent anyone from further using or disclosing the documents.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail