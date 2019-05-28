Audiocasts/Shows: 45 Minutes With Linus Torvalds, Lenovo Thinkpad X1 Extreme Laptop (Running Linux) and SMLR's Latest
All of the current versions of Docker have a vulnerability that can allow an attacker to get read-write access to any path on the host server. The weakness is the result of a race condition in the Docker software and while there’s a fix in the works, it has not yet been integrated.
Openwashing, Sharing and FOSS in Healthcare
St. Jude Children's Research Hospital is updating its cloud-based repository of pediatric whole-genome sequencing data to include prospective clinical data, the Memphis, Tenn.-based treatment and research facility announced May 28.
Like other such databases, the St. Jude Cloud initially comprised genomics data collected retrospectively and released after corresponding research had been published. Now, however, it will be updated monthly with whole-genome, exome and transcriptome data from consenting subjects, making St. Jude the first institution to release real-time clinical genomics data.
A group of experts conducting research in an aspect of lung disease associated with respiratory diseases such as emphysema is forming an Open Source Imaging Consortium to aid diagnosis through digital imaging and machine learning.
A consortium of cancer care institutions released details on a prototype system designed to link electronic health record (EHR) systems to provide a source of real-world patient information to guide research and improve cancer treatment.
Minimal Common Oncology Data Elements (mCODE) is an open source system allowing for the interflow of common clinical data amassed on patients within institutional EHR systems. mCODE collects data on 6 core domains: patient characteristics and demographics; lab tests and vital signs; specific details regarding the cancer; genomics such as molecular characteristics; treatments including surgical, radiation, drug and other treatments; and outcomes, such as current cancer status and survival. These elements of the patient journey are subdivided into 27 types of profiles and encompass 73 distinct data elements that can provide critical information for clinical inquiry.
The initial set of standards and specifications for mCODE was released at the 2019 American Society of Clinical Oncology Annual Meeting by a collaboration including ASCO, its nonprofit subsidiary CancerLinQ, the MITRE Corporation, and the Alliance for Clinical Trials in Oncology Foundation...
The lack of interoperability and inability to share information among EHR systems smoothly has long been a concern among oncologists and an impediment to large-scale research efforts that depend on agglomerations of data that, when mined, filtered, and analyzed, yield insights into drug performance and patient experiences under treatment.
Security: Firmware, 2FA, Microsoft Partners, FUD and KeePassXC 2.4.2
I gave a talk recently at GoTo Chicago on Why open source firmware is important and I thought it would be nice to also write a blog post with my findings. This post will focus on why open source firmware is important for security.
How much is good online security worth to you? How about $100,000? [iophk: "except that 2FA is used to lock people into Google's proprietary mail clients, as they do not support 2FA on IMAP and probably never will since it is an open protocol which allows free choice of mail clients, not just Google's"
Google’s research indicates that spear phishing emails impersonating family members, colleagues, government officials, or even Google itself, are the main ways to break into accounts. Attacks can persist for several weeks, and involve sophisticated man-in-the-middle techniques that prompt users to enter not just their password, but also authentication codes sent by SMS or from devices running software like Google Authenticator. Because of this weakness – and those deriving from the SIM swap attack – Google recommends that “high-risk users” enrol in its Advanced Protection Program, which requires the use of hardware 2FA keys.
The cost of these is very low now – typically around $25. Of course, the downside with such hardware keys is that they require setting up, carrying around and using. Whether the undoubted extra security is worth the extra effort will depend on individual circumstances. For those who manage to minimise how much about their personal lives appears online, it may be enough to use weaker forms of 2FA. But given the central importance of email accounts in our digital lives, and how gaining control of them makes taking over other online services much easier, it is certainly something that people should seriously consider. Buying hardware keys could prove one of the best investments they ever make. Just ask someone who didn’t, and paid the price. In the case of Sean Coonce, that price turned out to be $100,000.
On the sixth stop of a multi-city tour, ISMG and Sonatype visited San Francisco for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses the relevance and value of this application security conversation.
The reason why this topic resonates so well across sectors and regions? "Because software is the last path for differentiation in every industry," Howard says, "and whether you know it or not, every business in the world today is largely a software company."
WordPress Slick Popup plugin could leave backdoor open to hackers [Ed: This is a really sloppy case of programming or intentional malice caught thanks to the source being available. "The login credentials for the administrative accounts are the same for all of the sites."]
We are happy to announce KeePassXC 2.4.2, the second maintenance release of the 2.4 series!
This release fixes several bugs and introduces a memory wiping feature that will reduce the risk of secrets remaining in memory after a database is locked or being swapped to disk. Combined with the existing restrictions on memory access by non-administrators, this feature increases the security of KeePassXC.
Other notable changes are fixes to entry editing, prevention of infinite save loops, ability to open non-http url’s, and preventing data loss when opening a database with duplicated attachment binaries.
This article is about some of the little tricks that I use in Vim. None of them are deep dives, and I encourage you to learn more about whatever’s interesting. They also aren’t connected to each other. But that’s fine. In total, they’re more than enough to help a lot.
