Email Error (Humour)

October 31, 2008 — 585

While not strictly an article for this site, the humor value of this is too much to pass up.

Email Error

 

When officials asked for the Welsh translation of a road sign, they thought the reply was what they needed.

Unfortunately, the e-mail response to Swansea council said in Welsh: “I am not in the office at the moment. Please send any work to be translated”.

So that was what went up under the English version which barred lorries from a road near a supermarket.

“When they’re proofing signs, they should really use someone who speaks Welsh,” said journalist Dylan Iorwerth.

Source

Tags:
Posted in Uncategorized. No Comments »

October 12, 2008 — 585

Posted in Uncategorized. No Comments »

Medical Records to be passed to private firms

September 23, 2008 — 585

Telegraphy: 20th September 2008

 

The Government is considering giving firms access to a massive computer database which will contain the records of almost every man, woman and child in England.

The information is a goldmine for private companies, who could use it for medical research or for helping them to sell products to the NHS.

But privacy campaigners say they are “horrified” by the proposals which could see patients’ postcodes, medical conditions and treatments – and in some circumstances, their names – passed on to third parties without their consent.

The database, part of a long-delayed scheme to give NHS staff access to computerised medical records, will hold details of almost all visits by patients to hospitals and GPs.

The plans have been dogged by controversy. Last week. ministers gave in to pressure from privacy campaigners and agreed that medics will have to gain the consent of patients before opening their computer records. Yet patients will have almost no control over the same information being passed on to companies and other bodies outside the NHS.

The Department of Health says most records passed onto third parties would be made anonymous, but admits that identifiable data – which could include patient names – could also be handed on if it was deemed to be more useful.

 

Full Article

 

Posted in Uncategorized. Tags: . No Comments »

Sears Bank – ID Theft

September 13, 2008 — 585

In Septmeber 2008, a fraud prevention expert who worked for Sears National Bank was sentanced to 6.5 years in prison for stealing another persons identity.

Nora Elena Escobar, 38, pleaded guilty to one count of theft, after using her knowledge, skills, and position to steal the identity of a customer and then set up a credit card in the victims name.

Source

 

Posted in Uncategorized. No Comments »

Behead those Crazy TV Producers

September 13, 2008 — 585

While the UK and the US appeared to applaud the Saudi Government for arresting “terrorist” web site creators.

Will they handle the latest news to come out of Arabian peninsula the same way?

The most senior judge in Saudi Arabia, Sheikh Salih Ibn al-Luhaydan,  has said it is acceptable to kill the the owners of satellite TV channels which broadcast immoral programmes.

Sheikh Salih Ibn al-Luhaydan said that “It is legitimate to kill those who call for corruption if their evil can not be stopped by other penalties.”

With web sites and TV being banned by Saudi Arabia (and these are our allies), how worried should we be? In the UK, probably not at all, but what about those who travel. Would visitors to Saudi Arabia, have their Internet access monitored? Could they be prosecuted in the future, in the same way as people who trade in alcohol are?

BBC

Posted in Uncategorized. No Comments »

Once Bitten Twice Shy?

September 9, 2008 — 585

Data theft occurs all over the world, it is unfortunately a matter of life.

However we should distinguish between “data loss”, when somebody loses/misplaces/gives away the “data theft” and when somebody deliberately defeats systems and takes it.  Its the difference between throwing your money out of your window and being burgled.

We should never do the former and try to prevent the latter.

In the UK the government seems to have a very different approach. Don’t do anything about the former and ignore the latter.

In the rest of the world its a very different issue:

In Finland the Government did not provide enough protection of data and as a result worked to make changes, but despite this were still found guilty in the ECHR, and so even more changes are afoot.

The UK is appears to be losing data more often than any other government in the world at the moment.

In Korea when data was stolen the police are immediately called and appear to take action. In the US data theft cases have high profile results and fines handed down, which must have a deterrent effect. In Germany the government conducts investigations to try and find out how much personal data is out there, and then tries to clamp down on the issues.

In the UK data is lost all the time, from the Home Office, the Ministry of Justice, the Ministry of Defense, the NHS, and most famously the HMRC.

Yet, despite all of this, no effective measures have been put in place to deal with this.

The ICO has been pushing for tougher sentences, and for people dealing with data illegally, and Section 55 of the DPA creates a criminal offence of stealing data or being reckless in its loss.

Despite this the government is still losing data all the time, there is a trade in personal data   and nobody is getting prosecuted, with the exception of a couple of low level accountants.

How many times do the UK Government need to lose data, fail to protect it, or allow the trade to go unpunished before action is taken?

Certainly more than twice!

 

 

 

 

 

 

 

Posted in Uncategorized. Tags: , , , , . No Comments »

S. and Michael Marper v. The United Kingdom (DNA Retention)

September 5, 2008 — 585

This site, Where is My Data?, again contacted the ECHR today in relation to the date the court expects a ruling on the case of S. and Michael Marper v. The United Kingdom

Unfortunately the ECHR are now stating that the case is due to receive a ruling “sometime this year

Full Case

Posted in Uncategorized. Tags: . No Comments »

Disk Encryption Cracked?

September 2, 2008 — 585

Apparently disk encryption for several well known products has been cracked, including BitLock (TPM), TrueCrypt, and HP.

According to MeriNews an Indian information security start up has, allegedly, discovered a new vulnerability, which allows attackers to steal computer boot passwords and bypass the security of disk encryption.

iViZ, the company which discovered this vulnerability has more detailed articles on its website

Jonathan Brossard, iViZ’s lead security researcher said that “”Surprisingly, this vulnerability has been existing for 25 years….Programmers unaware of this have coded boot password feature such that user password is not flushed properly leading to inadvertent text leakage and theft from memory. Even hard-drive encryption does not help here”.

A more detailed reading of the technical paper shows the decryption is not simple, may not always be possible, and the “attacker” would have access to the files  anyway:

For example the Truecrypt technical paper states that:

Truecrypt’s pre-boot authentication routines use the BIOS API to read user input via the keyboard. The BIOS internally copies the keystrokes in a RAM structure called the BIOS Keyboard buffer inside the BIOS Data Area. This buffer is not flushed after use, resulting in potential plain text password leakage once the OS is fully booted, assuming the attacker can read the password at physical memory location 0×40:0×1e. It is also possible for a root user to reboot the computer by instrumenting the BIOS keyboard buffer in spite of the full disk encryption.

In short this means that an attacker has to be sitting at the computer, when its been decrypted, and then, in theory get the password, assuming it still the  buffer, which is unlikely. This is not a realistic or practical attack; if your attacker is in  front of the decrypted computer they can just read or copy off the files they need, no need for a convoluted “attack”.

Disk Encryption Cracked?     Not yet.

However, the current disk encryption will be beaten, one day. All encryption ,with the exception of the one time pad and quantum encryption, can be beaten, in theory.  However this is not a reason to ditch encryption, because of a theoretical weakness.

Security measures should be designed with “your enemy in mind”, if your a CEO trying to protect files, disk encryption will suffice. If your the prime minster storing the nuclear launch codes on your laptop is not a good idea, as other governments can put colossal resources into defeating the encryption

Posted in Uncategorized. Tags: , , , . No Comments »

UK police uncover global online paedophile network

August 31, 2008 — 585

Police today [8th August] revealed that an international paedophile network has been infiltrated by law enforcement officers and dozens of suspects arrested.

The operation was run jointly by the Child Exploitation and Online Protection (CEOP) Centre, Cleveland Police and the Metropolitan Police Service (MPS).

The investigation involved the largest ever coordinated deployment of undercover officers in the UK within a child protection investigation.

The announcement came as a 27 year old Teesside man was sentenced to an indeterminate public protection sentence for his part in the network, which has so far identified over 360 suspects worldwide. More than 130 of these suspects are in the UK, resulting in over 50 arrests to date.

15 children have been safeguarded in the UK as a result of this ongoing investigation.

Philip Anthony Thompson, unemployed and from the Stockton-on-Tees area of Cleveland, was charged with 27 counts in total including causing or inciting a child under 13 to engage in sexual activity, taking indecent photographs of a child and making and distributing child abuse images.  Approximately a quarter of a million child abuse images, still and moving and ranging from levels 1-5*, were discovered in Thompson’s possession.

Source and Full Story

Posted in Uncategorized. Tags: . No Comments »

Decision of Finish County Administrative Board (20th October 1997)

August 30, 2008 — 585

Prior to the case of “I” v Finland, the applicant (“I”) had started her complaints procedure with local Country Administrative Board.

 In its decision of 20 October 1997 the County Administrative Board held that:

Section 12 of the Patient’s Status and Rights Act (laki potilaan asemasta ja oikeuksista, lag om patientens ställning och rättigheter) provides that the health authorities and staff have to comply with the regulations issued by the Ministry for Social Affairs and Health (sosiaali- ja terveysministeriö, social- och hälsovårdsministeriet, “the Ministry”) when preparing and processing patient records. Pursuant to this section the Ministry has issued, on 25 February 1993, Regulation no. 16/02/93.

In the said Regulation it is noted that patients records must be prepared having due regard to the secrecy regulations and the protection obligation and the duty to take care pursuant to the Personal Files Act (henkilörekisterilaki, personregisterlagen; Act no. 471/1987). According to the duty to take care, precaution and good registering practices must be observed when gathering, depositing, using and delivering data and these must be done in a manner so as not to infringe unnecessarily the right to privacy of the registered person or his or her benefits and rights. The protection obligation means that data in patient records must be duly protected against unauthorised processing, use, destruction, amendment and theft (sections 3 and 26 of the Personal Files Act).

In the said Regulation it is also noted that the patient records must form an entity to ensure that outsiders cannot gain unauthorised access to them and that, in addition to the said obligations, in accordance with the Personal Files Act, the purpose of use of the said data can be taken into account. This way it can be made sure that requisite patient data are only given to the personnel participating in the treatment of the patient.

[The applicant] has in her representations alleged that [X], who is working for [the hospital] has ordered up the case history of [the applicant’s ex-husband] and that someone else has ordered up her file or visited the archives and read her file and/or that of [her son] and that the data have been transmitted to [Y] and other staff mentioned in [the applicant’s] representations.

[X] has contested having proceeded erroneously. The other persons mentioned in [the applicant’s] representations have contested having had knowledge of the data mentioned therein concerning [the applicant] and her family.

According to the director in charge of [the hospital’s] archives it is not possible to retroactively clarify the use of patient records. The data system reveals only the five most recent consultations (by working unit and not by person) but this information is deleted once the file has been returned to the archives.

Therefore, the County Administrative Board cannot further rule on whether information contained in the patient records has been used by or given to an outsider.

Having regard to the foregoing, the County Administrative Board however finds that the system should record any consultation of patient files as a safeguard of privacy in order to ensure that the responsibility for a possible leak of information can be individualised. For the future, the County Administrative Board draws the hospital’s attention to the protection obligation and the duty to take care provided by the Personal Files Act, and further, to the need to ensure that privacy protection is not put at risk when processing medical data within the hospital. …”

Posted in Uncategorized. Tags: . No Comments »
« Older posts
Newer posts »