Great InfoSec and Privacy Info and Resources This Week On Twitter

I got my week’s issue of Time magazine in the mail today, and lo-and-behold the cover and feature story was about Twitter!


I must admit that I thought for a long time that Twitter was just a useless time-sucking addictive Web 2.0 tool. Then I tried Twitter (http://twitter.com/privacyprof) in February and discovered it was a great source for breaking news, pointers to papers and research papers, real-time tweets from interesting conference sessions, and a great way to meet others from all over the world with similar interests. Sure, there are DEFINITELY security and privacy dangers, but there are also information gold nuggets. You make Twitter as valuable as you want it to be; as it can be.
Even if you don’t use it, you definitely need to make sure your web 2.0 policies cover the use of Twitter! I’ve seen some VERY sensitive information tweeted. See item #4 below for some good examples of policies.
I ran across a ton of great information this week. Here are most of my tweets from the past 6-7 days for you to find some gold nuggets of useful information for yourself:

  1. RT @BreakingNews: La Russa says Twitter has agreed to pay legal fees and make a donation to his Animal Rescue Foundation after impersonat…
  2. RT @USATODAY: Unemployed receive free Botox at Va. clinic http://tinyurl.com/o34bd5
  3. @rcalo: EFF put out an incredible Terms of Service tracker, which alerts you to changes. Congrats! http://tinyurl.com/o2yc32
  4. Orgs, C the Web 2.0 policies 4 gud exmpls =>RT @marlinex: Microblogging & Twitter Best Practices Docs http://bit.ly/tVZsi #socmedsc #gov20
  5. Got in mail 2day + just read while running; intrstng! RT @digiphile: Reading @TIME on Twitter http://bit.ly/uVgE2 By @StevenBJohnson
  6. RT @BreakingNews: Prosecutors tell BNO News: Former high ranking U.S. officials charged with espionage for Cuba. http://adjix.com/84fe
  7. RT @Reuters: FLASH: Former U.S. State Dept. official, wife arrested for spying for Cuba for nearly 30 years -Justice Dept.
  8. Demonstrates importance of good policy writing @sectorprivate …” , not the office in which the computer was being used.”
  9. Intrstng! @sectorprivate “…any policy regarding computer monitoring involved monitoring the computer system itself…”
  10. @sectorprivate I noticed that; but it’s an important question that those in the case should consider.
  11. Ive been looking 4 great backup storage;a possibility SanDisk Ultra Backup 64GB w/encryption Anyone use/recommend/warn? http://bit.ly/qlXVT
  12. Blog “NOT Providing Training and Awareness Is The Dumbest Idea For Information Security” http://bit.ly/aRzPs
  13. #insiderthreat in UK PRT @privacyint: Government staffers caught looking up details of celebrities on…ID register. http://bit.ly/RUWVQ
  14. RT @privacyint: Bermuda is closely following the UK on DNA policy, noting that the UK has not yet changed policy sinc… http://bit.ly/XvLJ3
  15. RT @VBalasubramani: EPIC: “Congress Approves Bill Limiting TSA’s Use of Whole-Body Imaging” http://bit.ly/3EUgAq (RT @SusanLyon @txitua)
  16. Intrstng! Were policies in place? RT @sectorprivate: Hidden Camera Case Turns on Expectation of #Privacy in Workplace http://bit.ly/16E3cc
  17. RT @clarinette02: …Let’s care about our planet today 5th June http://www.youtube.com/home…
  18. Need privacy/infosec ed in K-12 RT @PrivacyCampDC: Kids, the Internet, and the End of Privacy: The Greatest Generati… http://ow.ly/bifG
  19. #medicalidentitytheft RT @DrJosephKim: Fake Health Insurance Scams http://bit.ly/cXMl0
  20. @marlinex Highly skeptical w/security reportd N Jan that was putonit; given Presidential Records Act probly nothng intrstng evn if they did!
  21. Would make a good case study “How Safe Are Your Medical Records?” http://bit.ly/tBKtl
  22. Likely stunt! Strng enrypt hard 2 crack RT @WebSecurityNews: Hackers Decode Obama’s Blackberry Messages for Public Sharing http://ow.ly/bcgh
  23. Remove data + be green with disposal “Decommission PCs” http://bit.ly/e70r5
  24. Higher ed has big challenges RT @sectorprivate: #privacy Colleges Give Themselves C+ for Network Security http://tinyurl.com/q2vo5k
  25. Interesting! RT @sectorprivate: #privacy 10 most dangerous web search terms revealed http://tinyurl.com/qaub2t
  26. Good to see such communications RT @DrInfoSec: CalPERS’ issues scam alert on Phishing, Vishing, and Smishing http://tinyurl.com/q2b3cm
  27. RT @bnatechlaw: Store Payment Info In Your Online Store? Watch Out For Patent Infringement Lawsuits http://viigo.im/NlK
  28. RT @sciam: Is there such a thing as “cell phone elbow”?: CNN and others are reporting an increasing number of ce.. http://tinyurl.com/qwcma6
  29. Hopefully sane judgment will prevail RT @stejules: La Russa sues Twitter over false page http://tinyurl.com/pvm9qr #twitter #sued
  30. @BurgessCT til then orgs must perform strong due diligence + include security requirements details in contracts
  31. @BurgessCT HITECH Act addresses third party responsibilities under HIPAA; see http://bit.ly/lakcs Need reg that’s not industry dependent
  32. RT @DrInfoSec: Drive-By Attacks vs. Social Engineering There’s limit to what security software can do to protect http://tinyurl.com/qgnrks
  33. Sadly not surprising many do 4 many reasons RT @jmlsCITPL: Study finds IT security pros cheat on audits http://bit.ly/GFIBw
  34. Better education would reduce # of these incidents RT @jmlsCITPL: Peer-to-peer identity thief sentenced to 51 months http://bit.ly/rnFlN
  35. @clarinette02 I’m giving my class (updating this tomorrow) twice in that time-frame http://bit.ly/pTNSa DM me for more details
  36. RT @SCMagazine: DHS appoints new director of National Cybersecurity Center: The U.S. Department of Homeland Secu.. http://tinyurl.com/obbvvx
  37. …so glad this WH gets it! “”The general public needs to be well informed to use the technology safely.” Many more good quotes within.
  38. Education naysayers read this! “White House cybersecurity review pushes awareness training” http://bit.ly/Bwnn8
  39. RT @ITCompliance: “Top compliance issues for $FNM: Privacy & President’s initiative/accounting for TARP money”-@retheauditors | #cw2009
  40. RT @danphilpott: NIST released a new draft of SP 800-53 Rev 3 Recommended Security Controls…: http://is.gd/Nj8n
  41. @BurgessCT I have same questions! “accident” = “lack of controls” “lack of training” “mistake” “all the above” ???
  42. Indeed! RT @BrettTrout: Swoopo – “about as close to pure, distilled evil in a business plan as I’ve ever seen” http://is.gd/NgHh
  43. #insiderthreat RT @idexperts: Data Breach- U.S. Releases Secret List Of Nuclear Sites Accidentally http://bit.ly/ltMUM
  44. Definitely gimmick! RT @DrInfoSec @securls: StrongWebMail: ‘Hack into our CEO’s email, win $10k’ http://tinyurl.com/psovvy [gimmick?]
  45. Blog post “Rights for Privacy Breach Victims” http://bit.ly/9Hj9s
  46. 16 CC#’s copied; 1yr credit monitoring provided RT @idexperts: Sony notifies 5k customer of credit card breach http://bit.ly/15aJ6t
  47. Oh, my RT @bbcnews: Consumers consider broadband internet as essential a utility as water or electricity, .. http://tinyurl.com/od6c6f
  48. Nice notes! Much privacy+infosec still 2 discuss, eh? RT @Canuckflack: I’ve posted some comments on #cfp09 today – http://bit.ly/SViFd
  49. Indeed! RT @LegalGRC: The SEC has been emphasizing that firms need to create a culture of compliance for many years: http://short.to/cey2
  50. RT @InfoSecJobsUK: NHS Scotland loses patients’ medical history data http://bit.ly/FTIxS
  51. ! RT @WSJ: Oracle May Build Netbooks http://bit.ly/13PoJV
  52. RT @idexperts: MSNBC: Why Phishers Love Facebook http://bit.ly/172Pje
  53. Thoughtful article RT @rcalo: Peter Swire on the gov’s use of Web 2.0. http://tinyurl.com/2e2od
  54. RT @marianmerritt: Blog entry: How Much Do you know about Cyberbullying? Take the quiz: http://bit.ly/JDFfY
  55. @infoseccynic Many things! Enforcement, sanctions, accountability, customer demands, + 1 comprehensive law instead of 100s wud B good start
  56. RT @stejules: Man Gets Robbed After Tweeting That He is on Vacation: http://digg.com/d1smNv?t
  57. U know if it’s online? RT @clarinette02: ‘Privacy paradox’ survey study presented by PhD student of Carnegie Melon Uni #cfp09
  58. @infoseccynic 2 many “privacy policies” as written R actually NON-privacy policies! Wordy confusing + doubletalk 2 create image of privacy
  59. @infoseccynic Orgs must understand what their privacy policies actually say(most don’t) and then impl procs to support them.
  60. Without controls, oversight + accountability fraud will occur! RT @Reuters: FBI targets fraud in TARP, stimulus fund http://bit.ly/vZsaj
  61. Most privacy policies are poorly written! RT @publicfunction: Privacy study shows Google’s eyes are everywhere http://bit.ly/15I5AL
  62. RT @clarinette02: Man Twitters and is attacked by tree – CNET News: http://bit.ly/meNQk
  63. U knew this was coming! RT @BrianHonan @domdingelom @chiefmonkey @ddrager CISP Auditor sued for credit card data breach http://bit.ly/X5iR5
  64. RT @abcnews: China blocks Twitter before Tiananmen anniversary http://bit.ly/nNOtt
  65. #HIPAA doesn’t cover burial info RT @AHIMAResources: “Nebraska to release burial records”: http://tinyurl.com/nwxtpv
  66. New free ebook from Norwich MSIA grad Roger Bouchard “Securing Fibre Channel Fabrics” SAN Security http://bit.ly/3Rvov
  67. RT @clarinette02: Intel fined record $1.45 billion by European Commission for abusing its dominant position in computer micro processors.
  68. Seems a fine line to #FCRA noncompliance! RT @idexperts: New blog post: Mysterious Prepaid Debit Card Appears in Mail http://bit.ly/1bh0rb
  69. 16:31 min RT @StopHCommerce: New YouTube video from the White House: The President speaks on Cyber Security: http://bit.ly/zyctO
  70. RT @ekistics22: Blogging ‘Victims’ Perspectives: The 2008 ITRC Annual Identity Theft Survey’ http://bit.ly/cK6MN
  71. PII “may have been acquired” btwn Dec 30 ’06 – Feb 24 ’09 “Hundreds of Aviva customers notified of data breach” http://bit.ly/27ZzR
  72. RT @TechnologyGeek: Digg – Texas Blogger Jailed After Failing to Turn PC Over to Judge http://bit.ly/NwVP8
  73. #privacy #classification “European Union: Proposed Amendments to Right of Information Law” http://bit.ly/s1IYm
  74. RT @BreakingNews: Microsoft Corp. says it is also adding Twitter and Last.fm to it’s Xbox Live services.
  75. #trademark #law “China: Judicial Interpretation on Well-Known Trademarks” http://bit.ly/xzmc7
  76. RT @sectorprivate: IAPP Can. Receives Grant 2 Expand Networking Programs 4 Canadian Privacy Professionals http://bit.ly/Btj5E
  77. Blog “Common InfoSec & Privacy Training Mistakes” http://bit.ly/i6IHx
  78. Traveling? Take your passport! “New U.S. border rules take effect for land and sea entry” http://bit.ly/LZLUO
  79. #Insiderthreat #HIPAA Stronger safeguards needed RT @HCCA_News HOSPITAL EMPLOYEE INDICTED FOR STEALING PATIENT RECORDS http://bit.ly/gibLF
  80. @streetsec Will this be available online after your event?
  81. RT @streetsec: My Ottawa keynote: Social Networking Security – Manage risks of staff using Facebook and Linked In. http://bit.ly/13XGxg
  82. Nice work gentlemen! RT @agent0x0: Issue 21 (IN)SECURE Magazine w/article by myself + @DidierStevens http://tinyurl.com/27e55x pgs 8 + 100
  83. RT @nggauthier: Electronic Discovery and Electronic Decisions Highlight Privacy Issues in Litigation http://tinyurl.com/ng6alx
  84. Winners were from 1903 + 1953 “Oldest Data Loss Incident – Contest Winners” http://bit.ly/v9yhN #privacy
  85. US should do similar! RT @caparsons: OPC Awards $454,000 for privacy research and awareness http://tinyurl.com/lgyu3d #privacy #Canada
  86. In MN “Romanian Immigrant Gets Eight-and-a-Half-Year Prison Sentence For phishing over 7,000 people in seven years” http://bit.ly/1273qe
  87. Aetna announces data breach of 65,000 employees through job application site + phishing scam http://bit.ly/xrNxa
  88. In US “More states try to halt cell phone use by teen drivers” http://bit.ly/y3XnZ
  89. 1 area where we’ve come a long way baby! Women’s sports “Photos show early women’s PE at U of I” http://bit.ly/g7A8f
  90. Vry odd 4 MN sheriff’s deputy 2 spy on IA group yah! RT @sectorprivate: Spying on Iowa group raises privacy issues http://tinyurl.com/nbkm62
  91. By using VPNs + remote working RT @PrivacySecurity: Protecting Image Files Not Only to Address HIPAA, But Save Money http://ow.ly/acZl
  92. #Infosec + #privacy consulting sales folks; don’t make clients promises that are impossible for your consultants to fulfill!
  93. Contained SSNs + health info “Resident finds school records in Chicago alley” http://bit.ly/18CtST
  94. RT @SecurityMatters: Identity thieves getting more clever: Identity Theft Resource Center http://bit.ly/11Wkm0 (SFGATE)
  95. @retheauditors Love the Cranberries! U may also like 1 of Dolores O’Riordan’s latest; eg Ordinary Day http://bit.ly/SBMoM
  96. Impacts of lost/stolen PII continue for years “Real Fraud: Dumpster Diving and Other ID Theft Nightmares” http://bit.ly/X2gfw #privacy
  97. #HIPAA “State Tells Eyewitness News It Plans to Get Involved With Dumped Medical Records” http://bit.ly/rJl7Y
  98. Could B very damaging 2 those falsely accued RT @caparsons: Police can share records even if charge dropped: court http://tinyurl.com/kpxquf
  99. Surveilling the surveillant! “Search for Google car a Twitter triumph” http://bit.ly/QtCmr
  100. RT @PrivacyCampDC: Sen. Feinstein has introduced the Robocall Privacy Act – 2009 – S.1077 http://ow.ly/9YGJ #robos #TopProg #TCOT #Privacy
  101. In Australia, Good info; add audio to be fab! 🙂 RT @PrivacyNow: Synergies btw privacy and record keeping http://bit.ly/WkRHp
  102. RT @marciahofmann: Google’s Andrew McLaughlin is joining the Obama administration as deputy chief technology officer. http://bit.ly/YvlTF
  103. @BurgessCT We should create list of statements we’d like 2 see orgs make following breach; that are truthful + actually sincerely apologetic
  104. @BurgessCT yes!”we apologize for our blunder, and we’ll continue to watch for evidence…and will help you do the same…”
  105. @s_crawford Yes; they must be told the risks, but too many are not and go on false assumptions that create false security

Tags: , , , , , , , , ,

Leave a Reply