Delving Into Google Health’s Privacy Concerns
Posted by: kaizenlog in Computer, tags: Delving Into Google Health's Privacy Concerns+—————————–
| Delving Into Google Health’s Privacy Concerns |
| from the you-can-trust-us dept. |
| posted by Soulskill on Friday May 23, @08:13 (Medicine) |
| http://science.slashdot.org/article.pl?sid=08/05/23/0520223 |
+——————————————————————–+
[0]SecureThroughObscure writes “Security researcher Robert ‘RSnake’
Hansen discusses [1]numerous concerns with Google’s new Google Health
application, which aims to integrate user’s medical records online. We
discussed Google Health’s [2]opening to the public earlier this week.
RSnake mentions that Google has found a loophole allowing them to provide
this service without having to follow HIPAA regulations, which, combined
with Google’s track record of having numerous flaws leading to private
information disclosure, draws serious concern. Security researcher Nate
McFeters of ZDNet’s Zero-Day Security Blog also [3]commented on the
article, mentioning several past vulnerabilities: [4]ownership of
[5]content issues, [6]Google [7]Docs theft, [8]a cross-domain hole,
[9]Google XSS, and a Google Picasa protocol handler issue leading to the
[10]theft of user images. He and fellow researcher Billy Rios disclosed
these issues to Google, including the ability to steal GMail contact list
information. McFeters says it’s likely that similar unpatched bugs would
allow an attacker to view medical records if a user was also using Google
Health. Both McFeters and Hansen tend to agree that Google’s
vulnerability disclosure/notification is non-existent and really needs to
be improved. Currently, Google does not report vulnerabilities it has
fixed to its user base, for the obvious reason of trying to hide the fact
that user data could have been stolen.”
Discuss this story at:
http://science.slashdot.org/comments.pl?sid=08/05/23/0520223
Links:
0. mailto:sec.through.obsc [Email address: sec.through.obsc #AT# gmail.cm - replace #AT# with @ ]
1. http://ha.ckers.org/blog/20080521/google-health/
2. http://tech.slashdot.org/article.pl?sid=08/05/20/1841243&tid=217
3. http://blogs.zdnet.com/security/?p=1166
4. http://blogs.zdnet.com/security/?p=1005
5. http://blogs.zdnet.com/security/?p=1027
6. http://xs-sniper.com/blog/2007/09/26/google-docs-puts-google-users-at-risk/
7. http://xs-sniper.com/blog/2007/09/28/all-your-google-docs-are-belong-to-us/
8. http://xs-sniper.com/blog/Google-Docs-Cross-Domain-Hole/
9. http://xs-sniper.com/blog/2008/04/14/google-xss/
10. http://xs-sniper.com/blog/2007/09/
Popularity: 1% [?]
Welcome to Kaizenlog.com If you're new here, you may want to subscribe to my RSS feed , Twitter You can contact us by using the contact form or submitting a comment. You can also share this post with your friends by clicking on the 'ShareThis' button above. Thanks for visiting!
Print This Post
Entries (RSS)