Saturday, June 30, 2012

CSS Uncovers SCEP Vulnerability For Mobile Devices In The Enterprise - MarketWatch


The problem is not caused by an implementation error in a single product, or by an issue with the SCEP protocol itself, but rather by a combination of features, configurations, and use cases that, together, open up a previously unforeseen avenue of attack. Mobile Device Management (MDM) systems that leverage SCEP to issue certificates for authentication into enterprise systems such as Wi-Fi, VPN, or ActiveSync are among the most critically affected scenarios.


DHS struggles with mobile device management -- Federal Computer Week

The Homeland Security Department is struggling with managing all its mobile devices, and faces challenges in leveraging smart phones, tablets and laptop to increase workforce productivity, according to an inspector general.

The IG's audit found DHS had implemented some policies, procedures and training to better govern, track, categorize and secure portable devices. For example, the Federal Emergency Management Agency and the Transportation Security Administration have developed specific mobile device strategies and procedures. Both agencies also educate its workforce on the acceptable use of mobile devices.

But these efforts need to be complemented by policies and procedures to govern the use and accountability of mobile devices, the IG said, and DHS as a whole needs to adopt a stronger security posture to protect mobile devices and the sensitive data stored on them.


How to launch a mobile device management plan - The Globe and Mail

Wednesday, June 27, 2012

Not spam. Couldn't be...

Subject: ***PayPal Notice:                                             PSOXMJGNVL

Dear Costumer,

Yeah, sure. I wear clothes, so I guess I am a costumer. 

Monday, June 25, 2012

Fine in Marketing-Related Breach - HealthcareInfoSecurity

A radiologist formerly affiliated with a Connecticut hospital has agreed to pay a $20,000 civil fine as part of a settlement with the state's medical examining board for inappropriately accessing patient information to use in marketing his services (see: Breach Motivated by Marketing).

Gerald Micalizzi of Bridgeport, Conn., formerly affiliated with Griffin Hospital in Derby, Conn, agreed to pay the penalty and have his license put on probation for six months, during which time he needs to "successfully complete coursework in physician ethics, patient confidentiality and HIPAA compliance," according to the June 19 consent order issued by the state of Connecticut Dept. of Public Health.


Thursday, June 21, 2012

ONC announces plan to help providers secure mobile devices

The Office of the National Coordinator for Health IT will help small providers learn how to secure their smartphones and other mobile devices.

Research shows that about 81 percent of physicians use smartphones or tablet devices. The small size of these devices make them easy to lose on subways and airplanes and susceptible to theft. Yet few people safeguard them, such as by using encryption, making it easy for unauthorized users to access information.

The ONC has conducted research on mobile endpoint security, taking devices from local electronics stores and applying manual configuration, said Will Phelps, an IT security specialist in the ONC's Office of the Chief Privacy Officer.


Wednesday, June 20, 2012

Mobile security can't ignore device, say panelists

 Good security can't ignore the entire mobile stack, including device hardware and firmware, said Ron Ross, a senior computer scientist and information security researcher at the National Institute of Standards and Technology.

"You can't divorce yourself from the actual device itself, because that's where the controls are deployed," he said after the panel discussion.


Tuesday, June 19, 2012

National Cybersecurity Center of Excellence (NCCoE)

Workshop - June 26, 2012

On June 26, the National Cybersecurity Center of Excellence (NCCoE) will host a workshop to introduce the Center, a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The Center will bring together experts from industry, government and academia to address present-day cybersecurity challenges, test emerging technologies, and deliver quick and cost-effective solutions. The Center is hosted by NIST in collaboration with the State of Maryland Department of Economic Development and Montgomery County, Maryland. The workshop will address start operations as well as engage and solicit feedback from user communities and sectors (health, financial, utility, etc.), government agencies, academia, and other organizations.

Monday, June 18, 2012

Off-the-shelf smartphones meet few HIPAA, MU security requirements | mobihealthnews

Most mobile phones on the market today meet no more than 40 percent of security requirements — such as those called for by HIPAA or proposed "meaningful use" Stage 2 standards — in the out-of-the-box configurations, according to theOffice of the National Coordinator for Health Information Technology.

And even after being manually configured, only iPhone and BlackBerry smartphones typically achieve about 60 percent of standards. Other brands do not fare as well, Will Phelps, an IT security specialist in ONC's Office of the Chief Privacy Officer, said, according to a report in Government Health IT.


Saturday, June 16, 2012

MESSAGE: “Make a Service Connection”, “Program Info is Running Low”, “Program Info Has Run Out” - TiVo

Unmanned Air Force space plane lands in Calif.

Unmanned Air Force space plane lands in Calif.

thumbnailLOS ANGELES (AP) - An unmanned Air Force space plane steered itself to a landing early Saturday at a California military base, capping a 15-month clandestine mission. The spacecraft, which was launched from Cape Canaveral Air Force Station in Florida in March 2011, conducted in-orbit experiments during the mission, officials said. It was the second such autonomous landing at the Vandenberg Air For...

Read Full Story

Thursday, June 14, 2012

ONC takes on mobile device security | Healthcare IT News

The Office of the National Coordinator for Health IT (ONC) will help small providers who use smart phones and other mobile devices learn how to easily secure them using simple steps explained in plain language.

Research shows that about 81 percent of physicians use smart phones or tablet devices. The small size of these devices make them easy to lose on subways and airplanes or stolen. Yet very few safeguard them, such as using encryption, making it easy for unauthorized users to access information.


New LMI Research Will Delve Into Mobile Device Management Platforms

McLean, Va., June 14, 2012 — LMI has launched an independently funded Mobile Device Management Platform pilot program to develop solutions to support large entities, such as the federal government, as they strategically develop and deploy emerging technologies for mobile devices. The pilot program is being supported by the LMI Research Institute, the organization's independent research and development entity.


Ouch. That's gotta sting...

 Nokia to Cut 10,000 Jobs as Elop Tries to Stanch Losses

To challenge Apple and handset makers using Google Inc.'s Android software, Elop adopted Microsoft's Windows Phone, abandoning Nokia's homegrown Symbian operating system. Nokia shipped more than 2 million Lumia smartphones running Windows Phone last quarter, while Apple sold 35.1 million iPhones.

Nokia's total handset shipments declined 24 percent in the first quarter, allowing Samsung to overtake the company as the world's biggest mobile-phone maker. Nokia's operating margin for mobile phones plunged to 3.7 percent last year from more than 20 percent before Apple introduced the iPhone in 2007.

"We don't have Nokia returning to profitability devices in the foreseeable future, not this year and not next," Peterc said.


Tuesday, June 12, 2012

Sometimes I think I might agree with him, then I realize he is just setting up for another book tour...

Gingrich: Elections rigged for the rich

Link: <>

Sunday, June 3, 2012

GOP's Austerity Chickens Come Home to Roost | ThinkProgress

State and Local Government Budget Cuts Led to Massive Layoffs

By refusing to extend sufficient aid to state and local governments, Republicans all but ensured that there would be massive layoffs at the state and local level.  And indeed there have been, with over 600,000 public sectors working losing their jobs since the president came into office, including another 13,000 just this month.

As the above chart shows, all of theprivate sector jobs lost since President Obama came into office have now been replaced. The president has now created 4.3 million private sector jobs — and at a much faster pace than did President Bush.  Under President Bush, however, the public sector expanded at a robust rate, while under President Obama it has contracted considerably.

As President Obama said this afternoon in Minnesota, "layoffs at the state and local level have been a chronic problem in our recovery."

Gartner Says Mobile Device Management Is Essential for IT Success

Egham, UK, May 9, 2012—Mobile device management (MDM) has become a crucial discipline for IT departments, given the increasing number of smartphones and media tablets used within organizations, according to Gartner, Inc.

"The era of fully supporting company-owned devices is giving way to an era of managed diversity in which tiered support for employee-owned, consumer-class devices is the norm," said Terrence Cosgrove, research director at Gartner. "With the unabated growth of consumerization, IT leaders need to implement MDM to manage corporate- and employee-owned devices, and assign responsibilities inside IT departments for the service, application and security of all these devices.

Saturday, June 2, 2012

Politifact: Walker Most Dishonest Governor in America | Uppity Wisconsin

In a ranking of governors where Politifact rated at least five statements, Walker is the #1 most dishonest governor in America.

While Oregon governor John Kitzhaber led the nation in honesty with 100% of his statements being ranked true or mostly true, Walker edged-out Texas Governor Rick Perry and Rhode Island Governor Lincoln Chaffee with only 22% of 51 statements rated true or mostly true. 

Here is the top five most dishonest governors in America, according to Politifact:

1) Scott Walker, WI    22%

2) Rick Perry, TX          25%

3) Lincoln Chafee, RI  25%

4) Chris Christie, NJ    38%

5) Bob Mcconnell         44%

mHealth: Mitigating Mobile Security Risks | HealthWorks Collective

 Article is here:

The DHS bulletin is here:

Cisco Partners: Timing Was What Killed Cius

Technically, it's not a kill-off. Cisco's O.J. Winge, senior vice president, TelePresence Technology Group, said in the company blog that Cisco would continue to support Cius customers and would offer Cius "in a limited fashion to customers with specific needs or use cases."

Umm. Ok. Sure.

Friday, June 1, 2012

The Myth of the Businessman-President -

"He said, 'I'd like to have a provision in the Constitution that in addition to the age of the president and the citizenship of the president and the birth place of the president being set by the Constitution, I'd like it also to say that the president has to spend at least three years working in business before he could become president of the United States,'" said Romney, cheerfully summarizing this rewrite of the founders' governing blueprint.

Well, there goes Teddy Roosevelt, the writer, rancher and police commissioner, not to mention his distant cousin Franklin Roosevelt, the assistant naval secretary and politician, or Dwight Eisenhower, the career soldier. Ike's résumé, which includes defeating the world's most concentrated form of evil in Nazi Germany, would not be not enough to qualify him for the presidency.

Romney has made business experience the main reason to elect him. Without his business past or his projections of business future, there is no there there. But history shows that time in the money trade is more often than not a prelude to a disastrous presidency. The less experience in business, the better the president.

Wow! I never even saw this one

R.I.P. Cisco Cius--Another Tablet Bites the Dust

Cisco is pulling the plug on its Cius tablet. Despite the fact that the Cius never really went head to head with more consumer-centric tablets, the Cisco device is nevertheless the latest victim of the iPad's dominance.


Here is the Cisco page on the device:

Be sure to watch the video.  It is sleep inducing...

Cisco really needs to study modern marketing techniques.

I am presenting at the NIST/HHS OCR Conference

Safeguarding Health Information:  Building Assurance through HIPAA Security

My briefing, titled "ONC Mobile Device Project", is at 4pm on June 6th. 
I will cover the results of our security assessment of mobile devices against the HIPAA Security requirements. 

The conference site is here:

The conference agenda is here: