Oct 282017
 
 October 28, 2017  Posted by  Non-U.S.

Kevin Murphy writes:

Two Dutch geo-gTLDs are refusing to provide public access to Whois records in what could be a sign of things to come for the whole industry under new European privacy law.

Both .amsterdam and .frl appear to be automatically applying privacy to registrant data and say they will only provide full Whois access to vetted individuals such as law enforcement officials.

ICANN has evidently slapped a breach notice on both registries, which are now complaining that the Whois provisions in their Registry Agreements are “null and void” under Dutch and European Union law.

Read more on DomainIncite.

Oct 272017
 
 October 27, 2017  Posted by  Breaches, Business, Featured News

Felix Krause has a concerning proof of concept on his blog:

Facts

Once you grant an app access to your camera, it can

  • access both the front and the back camera
  • record you at any time the app is in the foreground
  • take pictures and videos without telling you
  • upload the pictures/videos it takes immediately
  • run real-time face recognition to detect facial features or expressions

Have you ever used a social media app while using the bathroom? 🚽

All without indicating that your phone is recording you and your surrounding, no LEDs, no light or any other kind of indication.

Disclaimer

This project is a proof of concept and should not be used in production. The goal is to highlight a privacy loophole that can be abused by iOS apps.

Read more on KrauseFX.com.

 

Oct 272017
 
 October 27, 2017  Posted by  Breaches, Healthcare, Non-U.S., Online

A medic who was accused of harassing his woman patient, sister of two-time Oscar winner, Sharmeen Obaid Chinoy was sacked by Aga Khan University Hospital on Friday.

The medic allegedly sent Facebook friend request to his patient after she saw him for a checkup which was branded harassment by Chinoy in social media posts.

Read more on Dunya News.

Oct 242017
 
 October 24, 2017  Posted by  Breaches, Healthcare

Chris Cooke reports:

Three pharmacists in Indiana have been reprimanded by regulators for trying to access Prince’s medical records in the days after his untimely death in April 2016.

The Indiana Board Of Pharmacy recently issue the reprimands against each of the three individuals, who separately tried to access information about Prince on the state’s Inspect database, which doctors and pharmacists use to check the prescription histories of patients.

None of the pharmacists who have been reprimanded had ever treated the musician, who lived in Minneapolis, Minnesota.

Read more on CompleteMusicUpdate.

So those are three who were caught due to logs and auditing. How many others may have tried to snoop in other states but weren’t detected because of inadequate logs or warnings? It would make for an interesting study/audit of the nationwide system if all accesses or attempted accesses to this one individual’s records were examined for even a one-week window of time. How many breaches is the system generally failing to detect?