Great InfoSec and Privacy Info and Resources This Week On Twitter

I got my week’s issue of Time magazine in the mail today, and lo-and-behold the cover and feature story was about Twitter!

I must admit that I thought for a long time that Twitter was just a useless time-sucking addictive Web 2.0 tool. Then I tried Twitter ( in February and discovered it was a great source for breaking news, pointers to papers and research papers, real-time tweets from interesting conference sessions, and a great way to meet others from all over the world with similar interests. Sure, there are DEFINITELY security and privacy dangers, but there are also information gold nuggets. You make Twitter as valuable as you want it to be; as it can be.
Even if you don’t use it, you definitely need to make sure your web 2.0 policies cover the use of Twitter! I’ve seen some VERY sensitive information tweeted. See item #4 below for some good examples of policies.
I ran across a ton of great information this week. Here are most of my tweets from the past 6-7 days for you to find some gold nuggets of useful information for yourself:

  1. RT @BreakingNews: La Russa says Twitter has agreed to pay legal fees and make a donation to his Animal Rescue Foundation after impersonat…
  2. RT @USATODAY: Unemployed receive free Botox at Va. clinic
  3. @rcalo: EFF put out an incredible Terms of Service tracker, which alerts you to changes. Congrats!
  4. Orgs, C the Web 2.0 policies 4 gud exmpls =>RT @marlinex: Microblogging & Twitter Best Practices Docs #socmedsc #gov20
  5. Got in mail 2day + just read while running; intrstng! RT @digiphile: Reading @TIME on Twitter By @StevenBJohnson
  6. RT @BreakingNews: Prosecutors tell BNO News: Former high ranking U.S. officials charged with espionage for Cuba.
  7. RT @Reuters: FLASH: Former U.S. State Dept. official, wife arrested for spying for Cuba for nearly 30 years -Justice Dept.
  8. Demonstrates importance of good policy writing @sectorprivate …” , not the office in which the computer was being used.”
  9. Intrstng! @sectorprivate “…any policy regarding computer monitoring involved monitoring the computer system itself…”
  10. @sectorprivate I noticed that; but it’s an important question that those in the case should consider.
  11. Ive been looking 4 great backup storage;a possibility SanDisk Ultra Backup 64GB w/encryption Anyone use/recommend/warn?
  12. Blog “NOT Providing Training and Awareness Is The Dumbest Idea For Information Security”
  13. #insiderthreat in UK PRT @privacyint: Government staffers caught looking up details of celebrities on…ID register.
  14. RT @privacyint: Bermuda is closely following the UK on DNA policy, noting that the UK has not yet changed policy sinc…
  15. RT @VBalasubramani: EPIC: “Congress Approves Bill Limiting TSA’s Use of Whole-Body Imaging” (RT @SusanLyon @txitua)
  16. Intrstng! Were policies in place? RT @sectorprivate: Hidden Camera Case Turns on Expectation of #Privacy in Workplace
  17. RT @clarinette02: …Let’s care about our planet today 5th June…
  18. Need privacy/infosec ed in K-12 RT @PrivacyCampDC: Kids, the Internet, and the End of Privacy: The Greatest Generati…
  19. #medicalidentitytheft RT @DrJosephKim: Fake Health Insurance Scams
  20. @marlinex Highly skeptical w/security reportd N Jan that was putonit; given Presidential Records Act probly nothng intrstng evn if they did!
  21. Would make a good case study “How Safe Are Your Medical Records?”
  22. Likely stunt! Strng enrypt hard 2 crack RT @WebSecurityNews: Hackers Decode Obama’s Blackberry Messages for Public Sharing
  23. Remove data + be green with disposal “Decommission PCs”
  24. Higher ed has big challenges RT @sectorprivate: #privacy Colleges Give Themselves C+ for Network Security
  25. Interesting! RT @sectorprivate: #privacy 10 most dangerous web search terms revealed
  26. Good to see such communications RT @DrInfoSec: CalPERS’ issues scam alert on Phishing, Vishing, and Smishing
  27. RT @bnatechlaw: Store Payment Info In Your Online Store? Watch Out For Patent Infringement Lawsuits
  28. RT @sciam: Is there such a thing as “cell phone elbow”?: CNN and others are reporting an increasing number of ce..
  29. Hopefully sane judgment will prevail RT @stejules: La Russa sues Twitter over false page #twitter #sued
  30. @BurgessCT til then orgs must perform strong due diligence + include security requirements details in contracts
  31. @BurgessCT HITECH Act addresses third party responsibilities under HIPAA; see Need reg that’s not industry dependent
  32. RT @DrInfoSec: Drive-By Attacks vs. Social Engineering There’s limit to what security software can do to protect
  33. Sadly not surprising many do 4 many reasons RT @jmlsCITPL: Study finds IT security pros cheat on audits
  34. Better education would reduce # of these incidents RT @jmlsCITPL: Peer-to-peer identity thief sentenced to 51 months
  35. @clarinette02 I’m giving my class (updating this tomorrow) twice in that time-frame DM me for more details
  36. RT @SCMagazine: DHS appoints new director of National Cybersecurity Center: The U.S. Department of Homeland Secu..
  37. …so glad this WH gets it! “”The general public needs to be well informed to use the technology safely.” Many more good quotes within.
  38. Education naysayers read this! “White House cybersecurity review pushes awareness training”
  39. RT @ITCompliance: “Top compliance issues for $FNM: Privacy & President’s initiative/accounting for TARP money”-@retheauditors | #cw2009
  40. RT @danphilpott: NIST released a new draft of SP 800-53 Rev 3 Recommended Security Controls…:
  41. @BurgessCT I have same questions! “accident” = “lack of controls” “lack of training” “mistake” “all the above” ???
  42. Indeed! RT @BrettTrout: Swoopo – “about as close to pure, distilled evil in a business plan as I’ve ever seen”
  43. #insiderthreat RT @idexperts: Data Breach- U.S. Releases Secret List Of Nuclear Sites Accidentally
  44. Definitely gimmick! RT @DrInfoSec @securls: StrongWebMail: ‘Hack into our CEO’s email, win $10k’ [gimmick?]
  45. Blog post “Rights for Privacy Breach Victims”
  46. 16 CC#’s copied; 1yr credit monitoring provided RT @idexperts: Sony notifies 5k customer of credit card breach
  47. Oh, my RT @bbcnews: Consumers consider broadband internet as essential a utility as water or electricity, ..
  48. Nice notes! Much privacy+infosec still 2 discuss, eh? RT @Canuckflack: I’ve posted some comments on #cfp09 today –
  49. Indeed! RT @LegalGRC: The SEC has been emphasizing that firms need to create a culture of compliance for many years:
  50. RT @InfoSecJobsUK: NHS Scotland loses patients’ medical history data
  51. ! RT @WSJ: Oracle May Build Netbooks
  52. RT @idexperts: MSNBC: Why Phishers Love Facebook
  53. Thoughtful article RT @rcalo: Peter Swire on the gov’s use of Web 2.0.
  54. RT @marianmerritt: Blog entry: How Much Do you know about Cyberbullying? Take the quiz:
  55. @infoseccynic Many things! Enforcement, sanctions, accountability, customer demands, + 1 comprehensive law instead of 100s wud B good start
  56. RT @stejules: Man Gets Robbed After Tweeting That He is on Vacation:
  57. U know if it’s online? RT @clarinette02: ‘Privacy paradox’ survey study presented by PhD student of Carnegie Melon Uni #cfp09
  58. @infoseccynic 2 many “privacy policies” as written R actually NON-privacy policies! Wordy confusing + doubletalk 2 create image of privacy
  59. @infoseccynic Orgs must understand what their privacy policies actually say(most don’t) and then impl procs to support them.
  60. Without controls, oversight + accountability fraud will occur! RT @Reuters: FBI targets fraud in TARP, stimulus fund
  61. Most privacy policies are poorly written! RT @publicfunction: Privacy study shows Google’s eyes are everywhere
  62. RT @clarinette02: Man Twitters and is attacked by tree – CNET News:
  63. U knew this was coming! RT @BrianHonan @domdingelom @chiefmonkey @ddrager CISP Auditor sued for credit card data breach
  64. RT @abcnews: China blocks Twitter before Tiananmen anniversary
  65. #HIPAA doesn’t cover burial info RT @AHIMAResources: “Nebraska to release burial records”:
  66. New free ebook from Norwich MSIA grad Roger Bouchard “Securing Fibre Channel Fabrics” SAN Security
  67. RT @clarinette02: Intel fined record $1.45 billion by European Commission for abusing its dominant position in computer micro processors.
  68. Seems a fine line to #FCRA noncompliance! RT @idexperts: New blog post: Mysterious Prepaid Debit Card Appears in Mail
  69. 16:31 min RT @StopHCommerce: New YouTube video from the White House: The President speaks on Cyber Security:
  70. RT @ekistics22: Blogging ‘Victims’ Perspectives: The 2008 ITRC Annual Identity Theft Survey’
  71. PII “may have been acquired” btwn Dec 30 ’06 – Feb 24 ’09 “Hundreds of Aviva customers notified of data breach”
  72. RT @TechnologyGeek: Digg – Texas Blogger Jailed After Failing to Turn PC Over to Judge
  73. #privacy #classification “European Union: Proposed Amendments to Right of Information Law”
  74. RT @BreakingNews: Microsoft Corp. says it is also adding Twitter and to it’s Xbox Live services.
  75. #trademark #law “China: Judicial Interpretation on Well-Known Trademarks”
  76. RT @sectorprivate: IAPP Can. Receives Grant 2 Expand Networking Programs 4 Canadian Privacy Professionals
  77. Blog “Common InfoSec & Privacy Training Mistakes”
  78. Traveling? Take your passport! “New U.S. border rules take effect for land and sea entry”
  80. @streetsec Will this be available online after your event?
  81. RT @streetsec: My Ottawa keynote: Social Networking Security – Manage risks of staff using Facebook and Linked In.
  82. Nice work gentlemen! RT @agent0x0: Issue 21 (IN)SECURE Magazine w/article by myself + @DidierStevens pgs 8 + 100
  83. RT @nggauthier: Electronic Discovery and Electronic Decisions Highlight Privacy Issues in Litigation
  84. Winners were from 1903 + 1953 “Oldest Data Loss Incident – Contest Winners” #privacy
  85. US should do similar! RT @caparsons: OPC Awards $454,000 for privacy research and awareness #privacy #Canada
  86. In MN “Romanian Immigrant Gets Eight-and-a-Half-Year Prison Sentence For phishing over 7,000 people in seven years”
  87. Aetna announces data breach of 65,000 employees through job application site + phishing scam
  88. In US “More states try to halt cell phone use by teen drivers”
  89. 1 area where we’ve come a long way baby! Women’s sports “Photos show early women’s PE at U of I”
  90. Vry odd 4 MN sheriff’s deputy 2 spy on IA group yah! RT @sectorprivate: Spying on Iowa group raises privacy issues
  91. By using VPNs + remote working RT @PrivacySecurity: Protecting Image Files Not Only to Address HIPAA, But Save Money
  92. #Infosec + #privacy consulting sales folks; don’t make clients promises that are impossible for your consultants to fulfill!
  93. Contained SSNs + health info “Resident finds school records in Chicago alley”
  94. RT @SecurityMatters: Identity thieves getting more clever: Identity Theft Resource Center (SFGATE)
  95. @retheauditors Love the Cranberries! U may also like 1 of Dolores O’Riordan’s latest; eg Ordinary Day
  96. Impacts of lost/stolen PII continue for years “Real Fraud: Dumpster Diving and Other ID Theft Nightmares” #privacy
  97. #HIPAA “State Tells Eyewitness News It Plans to Get Involved With Dumped Medical Records”
  98. Could B very damaging 2 those falsely accued RT @caparsons: Police can share records even if charge dropped: court
  99. Surveilling the surveillant! “Search for Google car a Twitter triumph”
  100. RT @PrivacyCampDC: Sen. Feinstein has introduced the Robocall Privacy Act – 2009 – S.1077 #robos #TopProg #TCOT #Privacy
  101. In Australia, Good info; add audio to be fab! 🙂 RT @PrivacyNow: Synergies btw privacy and record keeping
  102. RT @marciahofmann: Google’s Andrew McLaughlin is joining the Obama administration as deputy chief technology officer.
  103. @BurgessCT We should create list of statements we’d like 2 see orgs make following breach; that are truthful + actually sincerely apologetic
  104. @BurgessCT yes!”we apologize for our blunder, and we’ll continue to watch for evidence…and will help you do the same…”
  105. @s_crawford Yes; they must be told the risks, but too many are not and go on false assumptions that create false security

Tags: , , , , , , , , ,

Leave a Reply