Monthly Archives: August 2010

Service driven innovation in healthcare

Posted on August 31, 2010 by John Reno in Main | Leave a comment

This month’s edition of Harvard Business Review features an article on service driven innovation at Kaiser Permanente. Kaiser is well known in the healthcare industry as a leader in applying IT to improve quality of care and producing better business results. The organization routinely outspends its peers on IT as a percent of revenue and has always rejected the fee for service model that is often blamed for excessive healthcare costs across the industry. What struck me as interesting about …

Patient Consent Policy Guidelines to Support Meaningful Use of Stage 1 Data Exchange

Posted on August 27, 2010 by John Reno in Main | Leave a comment

Last week the ONC privacy and security tiger team for the healthcare IT committee provided guidance on patient consent policy. Summary slides of their recommendations can be found here and the full documentation can be found here. These guidelines are important because the recommendations apply to electronic exchange of patient identifiable health information among known entities to meet Stage I of meaningful use — the requirements by which health care providers and hospitals will be eligible for financial incentives for …

How Social Media Can Compromise Your Company’s Security Posture

Posted on August 24, 2010 by Jenn Miller in Main | Leave a comment

The unbridled use of social media in the workplace represents a growing area of risk to an organization’s information security posture. Social media networks present two distinct attack vectors: information leakage and false trust. Hackers, red teams and experienced penetration testers have used OSINT (open source intelligence style information gathering) for years. But now that social media use has reached critical mass, it is relatively simple to garner information about your company’s employees, your organization and even your IT infrastructure. …

Thoughts on Intel’s Acquisition of McAfee

Posted on August 20, 2010 by John Reno in Main | Leave a comment

Yesterday Intel took most of the security industry by surprise by announcing a $7.68 billion acquisition of McAfee. The party line justification from Intel was that security will become the third major element of differentiation in Intel’s processor franchise, along with energy-efficient performance and connectivity. The near term beneficiaries seem to be McAfee shareholders as the market reacted by driving McAfee up some 60%. I think the most significant implication of this deal is that it another example of the …

Defcon: Advanced Format String Attacks

Posted on August 9, 2010 by The Shell Shakespear Leave a comment

Format string attacks remain difficult in both software and hackademic exercises as the techniques have not improved since their discovery. This session demonstrates advanced format string attack techniques designed to automate the process from creation to compromise as well as incorporate those techniques into the Metasploit framework. The audience is encouraged to bring a basic understanding of format string attacks in order to leave the presentation with the tools necessary to never write one again.