Wait, Now USB Devices May Be Unsafe Too?


Thumb drives, keyboards, and mice, oh my! That's right, these USB devices now may be the latest "lions, tigers, and bears" to fear in our high-tech world.

According to a recent Reuters article, such USB devices possibly can be compromised to hack into personal computers in a previously unknown form of attack that supposedly can side-step current security precautions.

As reported by Reuters, Karsten Nohl, a chief scientist at SR Labs in Berlin, has stated that hackers potentially can load software onto very small and inexpensive chips that control the functions of USB devices, but which presently do not have "built-in shields" that would prevent tampering with the devices' operative code.

[Read More]
 
 
 
 

Do Snapchat Messages Really Vanish? Ask the FTC


People frequently use Snapchat to send messages back and forth with the understanding that those messages will disappear after a designated expiration time.

However, the Federal Trade Commission (FTC) launched an investigation and asserted charges that Snapchat messages actually do not vanish as promised. In the wake of those charges, Snapchat and the FTC have settled, according to a recent FTC press release.

So, what is the scoop? Read on.

[Read More]
 
 
 
 

Reminder: Update Internet Explorer to Fix Security Flaw


By now, we all have heard of potential security problems and risks on the Internet. And most recently, we must worry about which Web browser we use.

Indeed, the U.S. Department of Homeland Security cautioned Americans last week to refrain from using Internet Explorer because of a significant security flaw.

This flaw apparently enables hackers to circumvent the Windows operating system's security protections. Once that happens, there can be "infection" caused when a compromised website is visited.

[Read More]
 
 
 
 

mHealth App Use: Is Data Truly Protected?


One of the reasons why consumers, healthcare providers, investors, the government and others have been slow to adopt mobile health applications and software (apps), are concerns about the privacy and security of data collected through the apps.  For instance, Appthority, a service provider that offers an app risk management solution, recently reported that the iPharmacy Drug Guide and Pill ID app “is playing fast and loose with your personal info.” www.appthority.com/news/mobile-threat-monday-android-app-leaks-your-medical-info-online.  iPharmacy is a free app that allows consumers to maintain a personal health record on their prescription drugs, look up information on a drug, provide reminders, and maintain pharmacy discount cards. Appthority found that while the app description states that it encrypts personal information, it only uses a common encoding scheme and does not protect user info when the consumer searches for information about a drug through the app.  Appthority also claims that the app sends personal information to advertising networks.  Another example of a legitimate privacy and security concern relates to cloud storage.  Many mHealth apps collect physiological data through sensors affixed to the body, store the data in the cloud, and provide the data to a physician or other provider.  If the cloud storage vendor does not provide adequate security protections, the provider could be implicated as a party to the app’s use.  mHealth apps offer tremendous opportunities to advance a more sophisticated and connected healthcare environment – but the modes of connection need to be solid from a data protection perspective.  Good risk management is key.   

 

 
 
 
 

Proposed White House Cybersecurity Incentives Could Pay Off


Cyber threats are real and they're on the rise. In this climate, the White House is considering certain incentives for companies that follow government recommended cybersecurity measures.

While the Cyber Intelligence Sharing and Protection Act (CISPA) passed the House in April, the Obama administration's cybersecurity program is only just taking shape, and its tentative concepts were recently unveiled.

[Read More]
 
 
 
 

Cybersecurity Bill Passes The House, But What's Next?


The House has approved the Cyber Intelligence Sharing and Protection Act (CISPA, H.R. 624). CISPA allows private companies and the federal government to exchange information relating to cybersecurity threats.

The bill was passed in the face of some concerns that it might provide private consumer information to the government. According to Reuters, President Obama has threatened to veto the bill on the basis that it supposedly does not mandate that companies take the greatest efforts to remove personal information before providing it to the government.

[Read More]
 
 
 
 

Google Transparency Reveals FBI's Use Of National Security Letters


Google has posted a “Transparency Report” that provides a range of how many National Security Letters (NSLs) it has received and a range of how many users/accounts were specified in these NSLs each year since 2009. Of course, your first question may be: What is an NSL?

An NSL is a special search vehicle by which the FBI has the authority to demand the disclosure of customer records maintained by banks, Internet Service Providers, telephone companies and other entities. When this happens, these entities are prohibited from revealing to others their receipt of an NSL. There have been reports that the issuance of NSLs has expanded significantly since the Patriot Act increased the FBI’s power to issue them.

[Read More]
 
 
 
 

Is Cyberwarfare Already Happening?


Are international governments already engaging in cyberwarfare by hacking into each other’s computer systems? According to recent Reuters articles, at a minimum, a war of words is brewing suggesting that this already is the case.

[Read More]
 
 
 
 

HHS (Finally) Issues HIPAA/HITECH Amendments


On January 17, 2013 the federal Department of Health & Human Services (“HHS”) announced a final omnibus rule that details amendments to the privacy, security, data breach and enforcement rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  The 2013 HIPAA Amendments (which, with commentary from HHS, weighs in at 563 pages) are closely based on statutory changes under the HITECH Act of 2009, and were previewed in proposed and interim rules issued by HHS several years ago. They involve a number of sweeping expansions to the existing HIPAA Rules including: (1) a broader definition of “business associates” (“BAs”) to include downstream subcontractors that handle protected health information (“PHI”) on behalf of BAs; (2) increased penalties for noncompliance, with a maximum penalty of $1.5 million per violation; (3) expanded individual rights, including the right to request electronic medical records; and (4) new limitations on the use of PHI for marketing and fundraising, or the sale of PHI; among other broad changes.   Read the full text here.  Duane Morris is preparing a fuller description of the 2013 HIPAA Amendments that will be distributed shortly. Please do not hesitate to contact Lisa Clark, lwclark@duanemorris.com, Neville Bilimoria, NMBilimoria@duanemorris.com, or your contact at Duane Morris for more information.  Thanks to Elinor Hart, EHart@duanemorris.com, for her prompt assistance with this breaking development.  

 
 
 
 

Cyberspace Is The New Battlefield


We usually think of the Internet as a place where we can obtain information, communicate with others, and engage in various business and personal activities.

However, is it also a new battlefield?

Yes, according to Defense Secretary Leon Panetta. Indeed, as reported by Reuters, he maintains that while hackers have already attacked financial institutions, they also have the capability to strike mission-critical domestic power grids and government systems.

[Read More]
 
 
 
 

Hackers Increasingly Target Colleges, Universities


All sorts of businesses and organizations are potentially vulnerable to hackers. Educational institutions are no exception, as highlighted by a recent example involving Northwest Florida State College.

One or more hackers accessed a folder on the school's main server from May through September, according to a memo from the College's President to all employees. The folder contained multiple files.

By working between the files, the hacker(s) apparently managed to assemble sufficient information to steal the identities of 50 employees, CNET reports. Names, social security numbers, dates of birth and direct deposit account numbers were accessed. Apparently, data relating to addresses, phone numbers, and college email addresses also was compromised.

[Read More]
 
 
 
 

The London Olympics: A High-Tech Success


The London 2012 Olympics games were successful, and indeed spectacular, on many levels.

Of course, there were incredible performances by phenomenal athletes, including veterans like Michael Phelps and Usain Bolt, as well as new breakout stars such as Missy Franklin and Gabby Douglas.

Great Britain also served up wonderful musical acts for entertainment purposes. Not only were we regaled by Paul McCartney, Annie Lennox, George Michael, and bits and pieces from Queen and Pink Floyd, but we also witnessed the reunion of the Spice Girls (oh my).

It was also a technologically advanced event.

[Read More]
 
 
 
 

FTC Imposes a Record $22.5 Million Civil Penalty on Google for Privacy Misrepresentations


On August 9, 2012, the FTC announced that Google agreed to pay a record $22.5 million civil penalty to settle charges that it made misrepresentations to users of the Safari Internet browser when Google represented that it would not place cookies or serve targeted ads to those users.  In doing so, Google violated an earlier privacy settlement it had with the FTC.

FTC Chairman Jon Leibowitz said “[t]he record setting penalty in this matter sends a clear message to all companies under an FTC privacy order. . . “[n]o matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”

The FTC's aggressive enforcement is expected to continue and it is important that businesses review their privacy policies to ensure that the policies have not become dated and no longer represent the current data collection and maintenance practices of the business.

The FTC press release can be viewed at http://ftc.gov/opa/2012/08/google.shtm

 
 
 
 

Lawyers Must Do More To Protect Cybersecurity


Lawyers should know how to protect information belonging to their firms and their clients, right? Well, perhaps they can do a better job, according to The Wall Street Journal. Indeed, it's now more important than ever for lawyers' cybersecurity skills to get up to speed.

According to the article, hackers intent on insider trading may target attorneys who handle merger and acquisition transactions. They could put links in text messages that, when clicked on smartphones, activate malware that could log keystrokes and record phone conversations.

As a result, lawyers who rely on mobile devices (practically all lawyers these days) need to take precautions such as encrypting messages and not using Wi-Fi connections, which can be vulnerable to information compromises.

[Read More]
 
 
 
 

Trouble In Password Paradise


Many people use the same password for all of their accounts. Why? Because it is easy to remember just one password across all accounts.

But is that a good idea? Nope. If that password were to fall into the wrong hands, it potentially could be used more pervasively to the disadvantage of the true password holder.

And this is not a hypothetical concern. Indeed, recent press reports are rife with disclosures of major password hacks/leaks.

[Read More]
 
 
 
 
 

Duane Morris TechLaw

Duane Morris lawyers share their insights on developing legal issues which impact technology and business. Topics include e-commerce, cloud computing, outsourcing, security, privacy, social media, software, telecommunications and more.

« August 2014
SunMonTueWedThuFriSat
     
1
2
3
4
6
7
8
9
10
11
12
14
15
16
17
18
20
21
22
23
24
25
27
28
29
30
31
      
Today
 
© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.
The opinions expressed on this blog are those of the author and are not to be construed as legal advice.