Burp Suite Professional’s session file is not in a useful format to extract data from. This post introduces a python script that converts this session file to a XML document. →
Follow Us!
HIE’s – Now That the Funding is Complete, What Will the Operational Environment Look Like?
Last week the Department of Health and Human Services (HHS) announced an additional round of $162M in funding for Healthcare Information Exchanges. Combined with the state grants announced in February, this brings total funding to $547M. This means that all the states and state designated entities are on a path towards implementing the vision of the Office of the National Coordinator for Health Information Technology (ONC) laid out in their strategic plan. The next step in the process calls for … →
Skipfish, Google Enters the Web Scanner Fray
This morning the office was buzzing with Google hysteria. Google, releasing great security tools like RATproxy, has released a web application scanner similar to Nikto (and to a lesser extent Nessus web Checks) called Skipfish. Now, we understand that not everyone is a Goog-Fanboy, but we love testing new apps. We wrote a cursory install for a testbed machine here. Notice Skipfish has very low overhead in the dependencies area, which is great. At first we tested Skipfish against a … →
Installing Google Skipfish on Ubuntu/Debian
check out jason’s post for an in-depth review. http://bit.ly/9LAnbt here’s the simple commands necessary to get hacking with Google’s new web application scanner Skipfish: wget http://skipfish.googlecode.com/files/skipfish-1.01b.tgz tar zxvf skipfish-1.01b.tgz sudo apt-get install libidn11-dev cd skipfish make cp dictionaries/default.wl skipfish.wl ./skipfish -o output_folder http://www.example.com you’ll want to less README to understand all the options. more to come shortly with our opinions, tips and lab results. currently we’re getting 600+ requests/second for internet sites, 4000+ requests/second for local tests. enjoy, db
Healthcare IT Security Developments
Earlier this week the Office of the National Coordinator for Health Information Technology (ONC) released an initial draft of its healthcare IT framework and strategic plan. This is a high level outline of the themes, principles, strategies and objectives that the ONC will address and reflects an update to the Federal Health IT Strategic Plan published in June 2008. One of the four major strategic themes is privacy and security. As one might expect in the strategies and objectives associated … →
Threats, Lies and Videotape – a Few Days at the RSA Conference
I spent the last few days at the RSA conference in San Francisco. I’ve been attending for many years now and there seems to be a growing discontinuity between what’s being presented in the sessions (and the discussions following) and the stories pitched on the expo floor. One theme that echoed throughout many vendor booths was “we’ve got the latest technology to stop APT threats in their tracks”. Not only is that redundant, but by definition you can’t make a … →
FTC slams ControlScan
I wrote about this a while back, but it seems like others are taking note: “The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest firms issuing “Verified Secure Breach Protection” seals doesn’t really verify much at all. The practical impact of the ruling for E-Commerce sites is unclear, both because the FTC has little authority to enforce its rulings and because consumers have typically … →
Identity Theft Check Up: Electronic Medical Records are the New Credit Cards
As credit card fraud prevention measures have made it tougher on identity thieves, identity thieves have found a new target, healthcare identities. And healthcare information systems are nowhere near ready to withstand the onslaught. A recent survey by Chicago-based HIMSS (Healthcare Information and Management Systems Society) found that most hospitals spend less than 3% of their IT budget on security, a level Lisa Gallagher, senior director for privacy and security at HIMSS, calls inadequate. According to the New York Times, … →