February 2008 Archives

The Cold, Hard Facts about Encryption

By Stephen Pieraldi on February 25, 2008 6:19 PM | | Comments (0) | TrackBacks (0)

The New York Times, MSNBC and others have reported that researchers at Princeton University have found a disarmingly simple way to steal encrypted data from a hard disk. Just like yours.

Wazzat?

Yessir. All it takes a a blast of cold air directed at your computer's DRAM memory, a reboot, some special software, and voila! no more secrets. While this can't be done remotely, a stolen computer - or one being scrutinized during an investigation, for that matter - can have its hard drive contents cracked like an egg by someone using no more than a can of anti-dust spray.

While the group's explanation is pretty technical, the discovery's application is not. Which makes publishing this for all to see a mixed blessing, since now those lost and stolen government computers containing millions of confidential records will be that much easier to hack. Not to mention yours, should you have the misfortune to have it disappear from your desk or suitcase.

So, once again, we can only say that if you want guaranteed lifetime protection for your sensitive information, iForem's the only game in town.

No matter how cold it gets.

Storing your health records online? Better get a second opinion.

By Stephen Pieraldi on February 20, 2008 11:39 PM | | Comments (0) | TrackBacks (0)

Seems like a good idea, right? All of your personal health info consolidated on a nice, tidy site that's easy to update and maintain. Maybe it's even free.

Not so fast, Sparky.

In Health data storage sites might not be secure, On SFGate.com, Deborah Gage writes that the World Privacy Forum, a non-profit group based in San Diego, California, "is warning consumers about the potential pitfalls of using newly popular services that consolidate personal health records - especially when they're kept by companies that are not subject to current federal regulations on privacy and security."

You mean, like, accessible by anyone?

OMG!

Here's the skinny:

Physicians, hospitals, insurance companies - in general, all firms that, one way or another, bill for medical services - have to comply with federal privacy and security standards regulation set out in the Health Insurance Portability and Accountability Act, or HIPAA.

The bad news is that when it comes to other companies that want you to store your sensitive medical information online, it's like the Old West. There are no guarantees that your data won't be shared, marketed or otherwise exploited - even if the company claims to be "HIPAA-compliant"!

But wait - there's more!!!

Remember the old standby of doctor-patient confidentiality? Gone with the wind - and apparently, nobody at these firms has a legal obligation to give a damn as long as there's a loophole in their corporate privacy policies.

And, like some folks on MySpace and other social networking sites have discovered, there's one unavoidable risk when online data is stored with anything less that vault-like security and guaranteed privacy: Once you upload it, it's there for the world to see. This means that even if you update those files, the previous data can still be found with a simple Web search.

Bottom line? Be afraid...be very afraid.

Unless you rely on iForem.

 

« January 2008 | Main Index | Archives | March 2008 »

About this Archive

This page is an archive of entries from February 2008 listed from newest to oldest.

January 2008 is the previous archive.

March 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Subscribe to feed Subscribe to this blog's feed