8 Things You Didn’t Know About Security Regulations (#4 is Crazy!)

1. The HHS has a “Wall of Shame”.

In the US, the Health Insurance Portability and Accountability Act (HIPAA) requires hospitals, insurers, and other “covered entities” to take a few steps after a breach of protected health information (PHI). Many are familiar with the rule that you have to directly notify the patient when there’s been exposure of unprotected PHI.

Continue Reading

what you may have missed

What You May Have Missed

1. On Wednesday, the FTC published changes to COPPA guidelines for developers of kids apps. The changes focus on how developers and app stores can ensure that parents are aware of how their kids are using them.  The new rules allow developers to verify parental consent with a credit/debit card, even if the app is…

Continue Reading

5-things-privacy-wearables

5 Things Privacy Experts Want You to Know About Wearables

There’s been a lot of news lately in the health and fitness wearables space. Apple just announced they’re releasing an app, called “Health,” as well as a cloud-based platform “Health Kit”. Somewhat related, Nike recently pulled the plug on its activity tracking Fuelband. The conventional wisdom is that fitness trackers are on the decline, while…

Continue Reading

4 Things You Need to Know About the Future of File Sharing

Have you been in this movie? You’ve been working for two months on a big project to analyze widgets — sales, marketing effectiveness, whatever. The first real deliverable is a presentation. A few versions are in your team’s shared folder, a few copies have been sent via email, one is in your home folder, your designer…

Continue Reading

NTLM warning

A Closer Look at Pass the Hash, Part III: How NTLM will get you hacked (and what you should do about it)

I was about ready to wrap up this series of posts (part 1, part 2 ) on PtH and make my larger point, which is that you should assume hackers will break into your system. And then I learned new information about credential stealing that amplifies this warning by a factor of 10. The most…

Continue Reading

what you may have missed

What You May Have Missed

1. Last month, a Senate subcommittee held a hearing to consider S. 2171, the Location Privacy Protection Act. Introduced by Senators Franken (D-MN) and Flake (R-AZ), the draft legislation would put limits on the commercial collection of location data from mobile devices and would also ban stalking apps. The bill requires consumers to opt in…

Continue Reading

rename domain active directory

Risks of Renaming Your Domain in Active Directory

As a sysadmin, there might be moments where you’ll find the need to change, merge, or rename your domain. There are many reasons why you might need to do this, for instance: an organizational restructuring, merger, buyout or expansion. Keep in mind that a rename is not designed to accommodate forest mergers or the movement…

Continue Reading

3721789588_878be272e4_z

3 Deadly File Permissions Mistakes

Scarily, in most organizations people have access to much more information than they need in order to do their jobs.  With file permissions, it’s easy to mess things up and hard to find and fix problems, especially in large environments.  One tiny mistake can cause a ripple effect across terabytes of data, opening up a…

Continue Reading

What you may have missed

What You May Have Missed

1. British Airways can now track your happiness level while you’re on board.  Fiber optics are woven into the blanket to measure electrical fluctuations in the brain. When your blanket turns red, it means you’re feeling anxious and when the blanket turns blue, it means you’re relaxed and happy.  And green means you’d like a…

Continue Reading

monkeys

The Security Chaos Monkey

Jon Oltsik wrote a great article in Network World recently championing the importance of end user involvement in a company’s IT security strategy.  He acknowledges that employees are often a company’s own worst enemy, frequently scorned by their IT overlords. But Olstik argues that CISOs should instead directly enlist them to help build a security-minded…

Continue Reading