Become a fan of Slashdot on Facebook


Forgot your password?

+ - Insurer denies healthcare breach claim citing lack of minimum required practices->

Submitted by chicksdaddy
chicksdaddy writes: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data.

In a complaint filed in U.S. District Court in California, Columbia alleges that the breach occurred because Cottage and a third party vendor, INSYNC Computer Solution, Inc. failed to follow “minimum required practices,” as spelled out in the policy. Among other things, Cottage “stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who ‘surfed’ the Internet,” the complaint alleges.

Disputes like this may become more common, as insurers anxious to get into a cyber insurance market that's growing by about 40% annually use liberally written exclusions to hedge against 'known unknowns' like lax IT practices, pre-existing conditions (like compromises) and so on. (

Link to Original Source

+ - Code Injection: A New Low for ISPs

Submitted by snydeq
snydeq writes: Beyond underhanded, Comcast and other carriers are inserting their own ads and notifications into their customers’ data streams, writes The Deep End's Paul Venezia. 'Comcast and other ISPs “experimenting” with data caps inject JavaScript code into their customers’ data streams in order to display overlays on Web pages that inform them of data cap thresholds. They’ll even display notices that your cable modem may be eligible for replacement. And you can't opt out,' Venezia writes. 'Think about it for a second: Your cable provider is monitoring your traffic and injecting its own code wherever it likes. This is not only obtrusive, but can cause significant problems with normal Web application function. It’s abhorrent on its face, but that hasn’t stopped companies from developing and deploying code to do it.'

+ - Ways to travel faster than light without violating relativity

Submitted by StartsWithABang
StartsWithABang writes: It’s one of the cardinal laws of physics and the underlying principle of Einstein’s relativity itself: the fact that there’s a universal speed limit to the motion of anything through space and time, the speed of light, or c. Light itself will always move at this speed (as well as certain other phenomena, like the force of gravity), while anything with mass — like all known particles of matter and antimatter — will always move slower than that. But if you want something to travel faster-than-light, you aren’t, as you might think, relegated to the realm of science fiction. There are real, physical phenomena that do exactly this, and yet are perfectly consistent with relativity.

+ - Can Bad Scientific Practice Be Fixed? 3

Submitted by writes: Richard Horton writes in that a recent symposium on the reproducibility and reliability of biomedical research discussed one of the most sensitive issues in science today: the idea that something has gone fundamentally wrong with science (PDF), one of our greatest human creations. The case against science is straightforward: much of the scientific literature, perhaps half, may simply be untrue. Afflicted by studies with small sample sizes, tiny effects, invalid exploratory analyses, and flagrant conflicts of interest, together with an obsession for pursuing fashionable trends of dubious importance, science has taken a turn towards darkness. According to Horton, editor-in-chief of The Lancet, a United Kingdom-based medical journal, the apparent endemicity of bad research behaviour is alarming. In their quest for telling a compelling story, scientists too often sculpt data to fit their preferred theory of the world or retrofit hypotheses to fit their data.

Can bad scientific practices be fixed? Part of the problem is that no-one is incentivized to be right. Instead, scientists are incentivized to be productive and innovative. Tony Weidberg says that the particle physics community now invests great effort into intensive checking and rechecking of data prior to publication following several high-profile errors,. By filtering results through independent working groups, physicists are encouraged to criticize. Good criticism is rewarded. The goal is a reliable result, and the incentives for scientists are aligned around this goal. "The good news is that science is beginning to take some of its worst failings very seriously," says Horton. "The bad news is that nobody is ready to take the first step to clean up the system."

Comment: InfoSec implications of AI (Score 1) 408

by sinij (#49765849) Attached to: What AI Experts Think About the Existential Risk of AI
I am Information Security practitioner and not an expert in this field, because nobody is. My experiences is that nobody knows what they are doing, most information systems are not secure in mistaken belief that nobody would bother breaking them, others are just secure enough to deter low-knowledge attacks. Almost everyone practices what is known proportional value deterrent, but treat high-value systems as truly isolated when so many side-channels exist.

If malicious AI ever shows up, we are screwed. We have zero hope of securing any information system from it. The only hope is that it won't end us because there is a good chance that a lot of hardware that AI might need will go dark.

Comment: Isowhat? (Score 4, Informative) 94

I had to read TFA to figure out what isostatic is.

"Bizarrely enough, if we wanted to reach the Earth’s mantle, our best bet would be to dive down to the ocean floor and dig there; we’d “only” have to go through maybe 3 km of crust, as opposed to upwards of 25 km atop the Himalayas. This concept is known as isostatic compensation, and was actually uncovered by the famed British astronomer George Airy."

Comment: Sate business (Score 2, Informative) 288

In Russia, there is no such thing as independent large corporation, there are only nominally privately owned, and formally state owned corporations. While Kaspersky does some good work, they should be treated the same way as NIST is in USA, with a primary mission to protect and advance state interest.

Comment: Re:You're dying off (Score 3, Insightful) 284

by sinij (#49717413) Attached to: The Auto Industry May Mimic the 1980s PC Industry
Both views are simplifications. What you should be asking is as following, as people under 25 as they get older, still care about pointless shiny in their cars?

When I was under 25 I made some very questionable stylistic and functional choices for my auto, now as I got older I grew out of it.

Comment: Primary purpose is to drive (Score 1) 284

by sinij (#49717379) Attached to: The Auto Industry May Mimic the 1980s PC Industry
I still remember how awful early consumer operating systems were. They crashed, they had ridiculous requirements, and bad design. While all of this was unfortunate, the improvements were to the primary purpose of these systems.

For cars, the awfulness of digital platform is for secondary purposes - these systems do not improve how the car drives, yet implications for your safety when something goes wrong are much higher.

Money doesn't talk, it swears. -- Bob Dylan