Medical lab allegedly exposed customer info on P2P, claims it was the victim

Security company Tiversa uncovered confidential health care information by scanning P2P networks.

A medical testing laboratory called LabMD has been accused of exposing the personal information of about 10,000 customers on a peer-to-peer file sharing network.

The company has been fighting the claims, saying a security firm that uncovered the breach victimized LabMD by downloading a large spreadsheet containing sensitive customer information.

The US Federal Trade Commission today said it filed a complaint which "alleges that LabMD billing information for over 9,000 consumers was found on a peer-to-peer (P2P) file-sharing network and then, in 2012, LabMD documents containing sensitive personal information of at least 500 consumers were found in the hands of identity thieves."

Read 15 remaining paragraphs | Comments


Rendering bug crashes OS X, iOS apps with string of Arabic characters (Updated)

This nonsensical string of Arabic characters renders fine in Firefox, but it crashes any iOS or OS X browser that uses Apple's CoreText API.
Andrew Cunningham

There's a new bug in town, and it's here to crash your Mac and iPhone applications. Posters in a HackerNews thread from late yesterday have discovered that it's possible to crash Web browsers and other apps running on current versions of iOS and OS X by making them render a specific, nonsensical string of Arabic characters. The title of the HackerNews thread implies that the issue is with the WebKit browser engine, but it actually affects any browser or application that uses Apple's CoreText API to render text. Ars Microsoft Editor Peter Bright has taken great pleasure in sending the text string to his co-workers, which has crashed the Limechat IRC client and Adium chat client, among other programs.

Safari crashes in both OS X 10.8.4 and iOS 6.1.3 when it attempts to read the text string, and rendering the string in the current stable release of Chrome prompts the browser's typical "Aw snap!" error page (though Chrome's sandboxing implementation keeps the bug from bringing the whole browser down). Firefox, which uses its own font rendering engine, can display the text just fine. This supports the idea that it's a CoreText issue and not a problem with any particular application.

Some Mac and iOS device users on Twitter were only half joking when labeling the string the "unicode of death." Text messages that display the characters caused some people's iMessage apps to spiral into an extended crash loop, since the string would be displayed each time the user loads previously sent messages. Many e-mail programs were also felled by the text. It can even be triggered by including the text in the network name of a wireless access point, creating problems for vulnerable devices that encounter the name when a user looks for available connections. Tweets and other social networking dispatches were enough to cause browsers to crash, so within a few hours of the bug becoming public, Facebook was already preventing the characters from being posted to user walls and timelines by displaying the message below.

Read 4 remaining paragraphs | Comments


Your tax dollars at work: Inside the United States’ $52.6B “black budget”

The United States’ “black budget” for fiscal 2013 amounts to $52.6 billion (or $167 per American), and it details what The Washington Post calls a “bureaucratic and operational landscape that has never been subject to public scrutiny.”

According to a new front-page story on Thursday, the Post says that it now has the entire 178-page classified budget summary as supplied by former National Security Agency (NSA) contractor Edward Snowden. This entire budget comprises the annual expenditures for the NSA, the CIA, the National Reconnaissance Office (NRO), and other spy and military agencies.

With respect to the tech-focused highlights, the Post notes that the CIA and NSA “have launched aggressive new efforts to hack into foreign computer networks to steal information or sabotage enemy systems, embracing what the budget refers to as ‘offensive cyber operations.’”

Read 9 remaining paragraphs | Comments


Tor usage doubles in under a week, and no one knows why


This week on the Tor e-mail list, Roger Dingledine, the project leader for the well-known online anonymity tool, pointed out that the “number of Tor clients running appears to have doubled since August 19.”

The above graph shows that in less than one week, the number of Tor users has shot up to about 1.2 million from 600,000.

“And it's not just a fluke in the metrics data—it appears that there really are twice as many Tor clients running as before,” Dingledine wrote on Tuesday. “There's a slight increase (worsening) in the performance measurements, but it's hard to say if that's a real difference. So while there are a bunch of new Tor clients running, it would seem they're not doing much. Anybody know details? It's easy to speculate (Pirate Browser publicity gone overboard? People finally reading about the NSA thing? Botnet?), but some good solid facts would sure be useful.”

Read 2 remaining paragraphs | Comments