Why is Apple successful? Design. I don’t mean they make great looking hardware. I also don’t mean they make great looking software. Design is much more than looks. Donald Norman’s The Design of Everyday Things goes into detail about how good design is more about usability than looks. In good design, everything just works. Why is most software awful? Let me give you an example: I’m trying to write a document in my editor. I want to make a hyperlink. … →
The top complaint I hear about healthcare IT systems when talking with clients is lack of interoperability. Once you pick one vendor for one system, you pretty much have to stick with them for everything. If you want information from one department or system to work with another department or system, everything has to come from the same vendor. The Wall Street Journal recently had a great interview with Eric Schmidt, former Chairman/CEO of Google. In it he touches on … →
It seems all too often my friends are having their accounts hacked. I get emails from them trying to hawk iPads or Facebook messages about Lady Gaga. There are three problems I see here: 1. Users choose poor passwords. This was shown in the recent Gawker hacks and pretty much every other username/password database breach in computer history. Common fix: require complex passwords. Problem with the fix: Password1! Another problem is that users choose the same password for many sites. … →
Information Security policies without technical controls are not effective. Consider traffic laws such as speed limits. The ‘policy’ on the 101 freeway right by our office is that cars should go no faster than 65 miles/hour and trucks should go no faster than 55 miles/hour. Many people choose to drive at speeds over 80 miles/hour. The only technical control in this situation is the California Highway Patrol (CHP) who are in charge of enforcing the policy. They are out there, … →
I’m often amazed how often the IT security industry claims “more security” lowers their risk. “More security” does not always mean more secure. Yet, the industry often doesn’t realize how several supposedly harmless aspects of security can unexpectedly raise risk. Let me explain with these examples. DLP: First, let’s examine Data Loss Prevention (DLP) software and how it could raise your risk. DLP software markets itself as a technology that will stop any sensitive information from leaving your network or … →
SoftPerfect makes a great simple and light network scanner that can be used to scan for open shares on your network. The product page is here and the program can be downloaded here. After downloading netscan.exe, double click it to run the program. (No need to install anything.) First, you’ll need to change the account Network Scanner uses. From the Options menu, select Program Options. Then click the Shares tab and at the bottom of the window select Use specific … →
For those of you who are struggling to find a way to convert PDF files into TXT files, here is a quick bash script. There are many alternatives out there, but none were reliable for me. You’ll need to have acroread and ghostscript installed for this to work. #!/bin/bash mkdir ps txt FILES=”*.pdf” for f in $FILES do echo “Processing $f” acroread -toPostScript $f ps/ g=`basename $f .pdf` ps2txt ps/$g.ps > txt/$g.txt done You can also change the second to … →
check out jason’s post for an in-depth review. http://bit.ly/9LAnbt here’s the simple commands necessary to get hacking with Google’s new web application scanner Skipfish: wget http://skipfish.googlecode.com/files/skipfish-1.01b.tgz tar zxvf skipfish-1.01b.tgz sudo apt-get install libidn11-dev cd skipfish make cp dictionaries/default.wl skipfish.wl ./skipfish -o output_folder http://www.example.com you’ll want to less README to understand all the options. more to come shortly with our opinions, tips and lab results. currently we’re getting 600+ requests/second for internet sites, 4000+ requests/second for local tests. enjoy, db
As credit card fraud prevention measures have made it tougher on identity thieves, identity thieves have found a new target, healthcare identities. And healthcare information systems are nowhere near ready to withstand the onslaught. A recent survey by Chicago-based HIMSS (Healthcare Information and Management Systems Society) found that most hospitals spend less than 3% of their IT budget on security, a level Lisa Gallagher, senior director for privacy and security at HIMSS, calls inadequate. According to the New York Times, … →
