jfruh writes: Point-of-sale systems aren’t cheap, so it’s not unusual for smaller merchants to buy used terminals second-hand. An HP security researcher bought one such unit on eBay to see what a used POS system will get you, and what he found was disturbing: default passwords, a security flaw, and names, addresses, and social security numbers of employees of the terminal’s previous owner. Read more of this story at Slashdot.
Original post:
Point-of-Sale System Bought On eBay Yields Treasure Trove of Private Data
alphadogg (971356) writes “Microsoft has been forced to start using its global stock of IPv4 addresses to keep its Azure cloud service afloat in the U.S., highlighting the growing importance of making the shift to IP version 6. The newer version of the Internet Protocol adds an almost inexhaustible number of addresses thanks to a 128-bit long address field, compared to the 32 bits used by version 4. The IPv4 address space has been fully assigned in the U.S., meaning there are no additional addresses available, Microsoft said in a blog post earlier this week. This requires the company to use the IPv4 address space available to it globally for new services, it said.” Read more of this story at Slashdot. 
Hugh Pickens DOT Com (2995471) writes “Jaikumar Vijayan reports at Computerworld that a physician at Columbia University Medical Center (CU) attempted to “deactivate” a personally owned computer from a hospital network segment that contained sensitive patient health information, creating an inadvertent data leak that is going to cost the hospital $4.8 million to settle with the U.S. Department of Health and Human Services (HHS). The error left patient status, vital signs, laboratory results, medication information, and other sensitive data on about 6, 800 individuals accessible to all via the Web. The breach was discovered after the hospital received a complaint from an individual who discovered personal health information about his deceased partner on the Web. An investigation by the HHS Office for Civil Rights (OCR) found that neither Columbia University nor New York Presbyterian Hospital, who operated the network jointly, had implemented adequate security protections, or undertook a risk analysis or audit to identify the location of sensitive patient health information on the joint network. “For more than three years, we have been cooperating with HHS by voluntarily providing information about the incident in question, ” say the hospitals. “We also have continually strengthened our safeguards to enhance our information systems and processes, and will continue to do so under the terms of the agreement with HHS.” HHS has also extracted settlements from several other healthcare entities over the past two years as it beefs up the effort to crack down on HIPAA violations. In April, it reached a $2 million settlement with with Concentra Health Services and QCA Health Plan. Both organizations reported losing laptops containing unencrypted patient data.” Read more of this story at Slashdot. 
Hugh Pickens DOT Com (2995471) writes “Sean Gallagher writes that the government built facilities for the Minuteman missiles in the 1960s and 1970s and although the missiles have been upgraded numerous times to make them safer and more reliable, the bases themselves haven’t changed much and there isn’t a lot of incentive to upgrade them. ICBM forces commander Maj. Gen. Jack Weinstein told Leslie Stahl from “60 Minutes” that the bases have extremely tight IT and cyber security, because they’re not Internet-connected and they use such old hardware and software. “A few years ago we did a complete analysis of our entire network, ” says Weinstein. “Cyber engineers found out that the system is extremely safe and extremely secure in the way it’s developed.” While on the base, missileers showed Stahl the 8-inch floppy disks, marked “Top Secret, ” which is used with the computer that handles what was once called the Strategic Air Command Digital Network (SACDIN), a communication system that delivers launch commands to US missile forces. Later, in an interview with Weinstein, Stahl described the disk she was shown as “gigantic, ” and said she had never seen one that big. Weinstein explained, “Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.”” Read more of this story at Slashdot.