Archive for April, 2014

Heartbleed Facts and Fictions

Friday, April 25th, 2014

Heartbleed has certainly been the security and privacy mistake/incident of April, if not of 2014.  There has been a lot written about it, much good and much bad. I’ve gotten dozens of questions about it and provided an explanation in layman’s terms on the Great Day morning news show. Here are the most common questions, and associated answers, that I’ve received from several of my small- to midsized clients about Heartbleed that have involved the most confusion; let’s clear up that misunderstanding! (more…)

Would a Proprietary OpenSSL Have Been More Secure than Open Source?

Wednesday, April 16th, 2014

The OpenSSL Heartbleed vulnerability has resurrected the age-old debate of whether or not open source code is more or less secure than proprietary code. Before putting on your open source or proprietary jerseys and launching into this (frankly not-very-productive) fight, first consider a few things. (more…)

Rx for Incorrect Compliance Claims and XP

Thursday, April 10th, 2014

In the past couple of weeks I’ve gotten a couple dozen questions from my clients that are small to midsized covered entities (CEs) or business associates (BAs) under HIPAA, in addition to several small to midsized start-ups that provide services in other industries.  And, while some of these concerns are arising out completely erroneous advice, regrettably, some of the questions resulted from my own mea culpa of writing a confusing sentence in my last blog post, for which I’ve since provided a clarification within. (Lesson: I need to spend more time double-checking/editing text prior to posting after doing edits to cut the length.) I apologize for any confusion or alarm that may have arisen as a result.

However, this does provide a good opportunity to examine in more depth the compliance issues related to Windows XP use, and the related questions I’ve received.  The following are the most common questions I’ve answered in the past several days. (more…)