Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Undisclosed breach at major US facility

from [kaiser scapegoat] Network Security [Permanent Link]
Subject: [Full-disclosure] Undisclosed breach at major US facility
Date: Wed, 26 Jul 2006 14:32:53 -0700 
Hi -

I only joined this list because I read about the "how to disclose a breach" issue in Wired. I read through the posts, and it didn't look like anyone brought up my case. I'm the person who proved the press and government agencies prefer to portray the whistleblower as a hacker even if the info has been on a public web site for five years.

Here's a timeline of my situation: http://corphq.livejournal.com/60599.html

I keep a blog on this issue here: http://corphq.livejournal.com

What was surprising about my case was not that Kaiser attempted to frame me - they've always been slime. What's upsetting is the way the press and the State of California enabled them by portraying me off the bat as a hacker. This made it impossible for me to get timely legal help. Even more upsetting is that even after the CA Dept. of Managed Health Care realized their mistake, they did nothing to fix the problem they had caused me. They didn't publicly apologize for their press release, and they left the Order against me on their web site. They pressured me into signing a "settlement" just to cover their own ass, and then they broke their side of it. The actions of the DMHC were illegal to begin with since they have no jurisdiction over private citizens.

It seems that it's okay with all of society that the State can take illegal actions against me and I can be left to the HMO legal team wolves just because I'm a nobody and it apparently appeases public anxieties to punish the person who symbolizes the danger of medical records being posted on the Internet.

In the end, though, this is shooting the messenger, and that just assures that people in the future will be afraid to report this kind of security leak.

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code, Moritz Muehlenhoff
Next by Date:  Re: [Full-disclosure] F-Secure to release XSS "potential dangers", c0ntex
Previous by Thread:  Re: [Full-disclosure] Undisclosed breach at major US facility, Andrew A
Next by Thread:  Re: [Full-disclosure] Undisclosed breach at major US facility, evilrabbi
Indexes:  [Date] [Thread] [Top] [All Lists]