Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:As someone who has to deal with HIPAA Requireme (Score 1) 130

by jforr (#43612845) Attached to: IBM Researchers Open Source Homomorphic Crypto Library

Thank you. I was aware that they were in technical compliance, but I was not aware that Azure had started offering the business associate agreement. The link below seems to indicate that AWS is still "looking into" the matter, but I haven't found anything conclusive that says they will offer it. Needless to say, I'm starting a project immediately to begin an Azure deployment for my organization.

Comment: As someone who has to deal with HIPAA Requirements (Score 4, Informative) 130

by jforr (#43612577) Attached to: IBM Researchers Open Source Homomorphic Crypto Library

This will be revolutionary for the healthcare industry.

Let me explain for those of you who have never dealt with HIPAA. HIPAA requires that an entity possessing protected healthcare information(PHI) keep that data safe and secure. Additionally, any outside entity coming in contact with PHI must sign a business associates agreement also agreeing to keep any PHI in their possession safe. None of the major cloud players will sign such agreements, which means any PHI can't go into the cloud. This means any practical deployment of say a hadoop cluster to reduce the process time of a large ETL job isn't feasible.

Now there is a tiny loophole in that encrypted PHI isn't treated as PHI at all. This means we can pass data through cloud services to backup for example, but doing any manipulating of the data is impossible due to the fact that as soon as you decrypt it, it's PHI and that's a big no-no. And this is where we lead back to homomorphic cryptography being revolutionary for the world of healthcare data.

Comment: Should have looked further (Score 5, Informative) 112

by jforr (#40914591) Attached to: 'Wall of Shame' Exposes 21M Medical Record Breaches

"Among the largest breaches reported was TRICARE Management Activity, the Department of Defense's health care program, which reported 4.9 million records lost when backup tapes went missing."

Submitter should have dug a little bit further. TRICARE was the agency where the records originated, but SAIC was the "business associate" that actually lost the records belonging to TRICARE.

Comment: Re:It's not an exploit, it's a feature! (Score 2) 271

by jforr (#40236913) Attached to: LinkedIn Password Hashes Leaked Online

I applied for a job earlier this year, and the pool company rejected my 'text format' resume, insisting on a resume submitted via Linked In. The last thing I wanted to do was have to join some social network just to get a job. I lived 10 minutes away from the of the job and offered to meet to interview and hand them a hard copy resume. No dice, it had to be done by this Linked In.
        Now, after reading this news, I know it was the right decision.
This internet sure has gotten wacky.

I've noticed this as a growing trend. Generally the reasoning behind such things is people are far less likely to outright lie on a linkedin profile where former co-workers and classmates will also see it than on a resume that is only read by a hiring manager and HR.


Ask Slashdot: My Host Gave a Stranger Access To My Cloud Server, What Can I Do? 176

Posted by samzenpus
from the was-that-the-wrong-thing-to-do? dept.
zzzreyes writes "I got an email from my cloud server to reset the admin password, first dismissed it as phishing, but a few emails later I found one from an admin telling me that they had given a person full access to my server and revoked it, but not before 2 domains were moved from my account. I logged into my account to review the activity and found the form the perpetrator had submitted for appointment of new primary contact and it infuriated me, given the grave omissions. I wrote a letter to the company hoping for them to rectify the harm and they offered me half month of hosting, in a sign of good faith. For weeks I've been struggling with this and figure that the best thing to do is to ask my community for advice and help, so my dear slashdotters please share with me if you have any experience with this or know of anyone that has gone through this. What can I do?"

I do not fear computers. I fear the lack of them. -- Isaac Asimov