Log in

No account? Create an account

Previous Entry | Next Entry

Open source will save us all!

Or, err, perhaps not.

Consider the case of www.freehipaa.net, a Web site that advertises free, open-source HIPAA-cmpliant medical software. HIPAA is the US law that protects the privacy and security of patient medical records; it has, among other things, provisions specifying security standards for remote storage, use, and retrieval of sensitive patient information.

HIPAA compliance is a big deal; those who violate the standards can find themselves neck-deep in legal trouble, and anyone who is responsible for maintaining patient medical information is obligated to take security very seriously indeed.

Which is why it's all the more amusing that I received a fake PayPal scam email in my mailbox today directing suckers to a phony Web page, where the hackers could steal their PayPal information. The hackers responsible for these scams first find vulnerable Web servers with outdated content management or ecommerce software, then hack these Web sites ad put up their phony phishing pages, and finally send out spam email directing the unwary to the hacked Web site for fleecing.

Today's cracked Web site du jour? None other than http://www.freehipaa.net/icons/us/webscr.htm -- yep, that's right. The creators of HIPAA-complaint medical billing software can't even secure their own Web server.

Hmm. I wonder if their software is any better...


( 6 comments — Leave a comment )
Dec. 11th, 2007 07:06 pm (UTC)
Ouch. sux to be freehipaa.net!
Dec. 11th, 2007 10:13 pm (UTC)
To they, in fact, run their own webserver?
Dec. 11th, 2007 10:30 pm (UTC)
Whois and DiG show that they're hosted by serverpronto.com, a dedicated server and colo fcility. So yeah, I'd say they own and maintain their own server, and are responsible for the security thereof.

Phish is still up, too, four hours after it was reported to them. Very bad...
Dec. 11th, 2007 11:01 pm (UTC)
Dec. 30th, 2007 08:23 am (UTC)
Hi tacit--

Found your profile on OKC & decided to friend you here -- hope that's ok by you. If not, let me know.

aka mystic_savage
or mysticsavage
Dec. 31st, 2007 04:23 pm (UTC)
Howdy! Welcome aboard!
( 6 comments — Leave a comment )