SecurityRatty: tag: cms

CMS HIPAA Compliance Review Checklist

2008-02-26 13:25:35 by Editor in Adventures in Security

CMS (Centers for Medicare and Meicaid Services) has posted a PDF document that lists the potential interviewees and the artifacts to be examined during a HIPAA compliance review. It's a good heads-up for those of us providing security in the health care industry

Tags: hipaa compliance review, health care industry, cms, meicaid services, pdf document, potential interviewees, lists, artifacts, centers

Blue River's stance on Sava security stands out

2008-05-23 20:02:00 by Russ McRee in HolisticInfoSec.org

...CMS from the Blue River Interactive Group At 9:29pm May 19th, I sent a note to Blue River pointing out an XSS vulnerability. I received a reply from Malcolm at 9:46pm (yes, 17 minutes later), stating that the issue would be addressed immediately and asking if I had questions or suggestions Wow! Really The lonely life of security dork/vuln...

Tags: sava, blue river, blue river team, sava cms, blue river interactive, sava fits, issue, sava users, sqli issue

HIPAA Growing Teeth, Round II?

2008-01-22 13:44:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...CMS to check hospitals for HIPAA security compliance " paper claims that " The Centers for Medicare and Medicaid Services (CMS) will begin on-site reviews of hospitals compliance with security rules mandated by the Health Insurance Portability and Accountability Act of 1996 Can these guys kick (eeeeh, "bite," not "kick," since we are talking...

Tags: hipaa, round, hipaa security compliance, teeth, kick, health insurance portability, round deux, insecure healthcare ass, guys kick

We can't write secure code

2008-05-16 07:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

...CMS vendor RedDot. An SQL Injection vulnerability in an enterprise level CMS system - what were they playing at with their quality control?! So, here's the thing. We can't write secure code. It's true. Can you show me any decent commercial, consumer focused product (that people actually want to use - not just techies who haven't seen daylight...

Tags: code, secure, code secure, secure code, secure software, security, security holes, security requirements, security patches

Sikhs Can Carry Knives on Airplanes in India

2008-06-10 06:27:16 by schneier in Schneier on Security

...CMs (9 inches) and the length of the blade should not exceed 15.24 CMs. (6 inches). It is being reiterated that these instructions should be fully implemented by concerned security personnel so that religious sentiments of the Sikh passengers are not hurt How airport security is supposed to recognize a Sikh passenger is not explained

Tags: sikh passengers, kirpan, board domestic flights, length, carry kirpan, total length, religious sentiments, inches, cms

TRICARE breach affects 4,700 households

2007-12-20 12:15:59 by Evan Francen in The Breach Blog

...CMS application has since been taken off-line. EDS has completed the forensics analysis of the server and is performing a by-line code review to ensure there are no further critical vulnerabilities present in the code Evan] Should EDS be the ones conducting the vulnerability assessment and code review? If it were me, I would feel more...

Tags: tricare, information, personal information, code review, by-line code review, information security, tricare beneficiaries, beneficiaries, breach

Links for 2008-01-22 [del.icio.us]

2008-01-23 00:00:00 by Editor in Anton Chuvakin Blog -

...CMS to check hospitals for HIPAA security compliance One year later: Five takeaways from the TJX breach Riskbloggers - Security Wisdom ahead of the curve Q1 Labs Signs OEM Agreement with Juniper Networks ArcSight plans to raise about $52M in IPO - Silicon Valley / San Jose Business Journal: In an amended filing with the Securities and...

Tags: arcsight plans, arcsight, shares, hipaa security compliance, plans, million shares, security wisdom ahead, juniper networks, security metrics

Defending the Caveman - Are blogs newsworthy?

2008-02-29 15:18:25 by HASH0x8b81934 in StillSecure, After All These Years

...cms.php?story id=2707&popup delayed=1 Every day, millions of online diarists, or bloggers, share their opinions with a global audience. Drawing upon the content of the international media and the World Wide Web, they weave together an elaborate network with agenda-setting power on issues ranging from human rights in China to the U.S....

Tags: blogs, newsworthy, frankly blogs, media, media forum, newsworthy nuzwr, valid news sources, international media, comment yesterday

ColdFusion: Hack Me or Help Me

2008-08-28 10:13:00 by Russ McRee in HolisticInfoSec.org

...CMS. The error reporting was so verbose it included the base path, data source name, database username, and yes, the database password I've cleaned it up for the protection of all involved, but here's a screen shot of only 1/4 of the details this site coughed up when I tweaked the input to a calendar date variable When I reached out to the...

Tags: coldfusion, coldfusion paths, coldfusion fans, coldfusion security issues, error, database, database username, error messages, coldfusion feature

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo