May 20

Google Health: Some observations

Cloud Computing, Health Care, Security 3 Comments »
Google Health interfaceImage by Vurter via Flickr

Googlelaunched Google Health yesterday, a way to store your health records in the computing cloud. I have no problems in putting my health records in the cloud. My insurance company has access to my health records already. If they can have it, I will have no problem with Google storing it on their clouds. Having made my beliefs with respect to storing my health care records on the computing cloud clear, I would like to add my initial observations of Google health. I may write a detailed review at a later stage but these are just some of my initial observations.

  • The interface is simple, like other Google products. I like it better than any flashy designs. It is your health records and I am pretty sure many people won’t have anything flashy in it. Simple interface is always good. (Thumbs Up)
  • It is not HIPAA compliant. However, Google explains why it is not necessary to be HIPAA compliant. Since Google Health is not a health care provider, they do not come under the terms of HIPAA. Google also offers a page explaining the similarities and differences between HIPAA and Google Health Policies. (Neutral)
  • Google Health uses SSL encryption but I would like to see added security. First, unlike what Microsoft did when it launched Health Vault, Google health is not forcing the users to set up a strong password on their account. Second, Google Health is connected to Google accounts and hence to other Google services. Any “mishap” in one of the other services will compromise your health records. I would like to see an additional layer of protection with respect to Google Health. Well, Google suggests you to create an account just for the sake of Google Health but it is rather naive. They should add additional layer of protection for Google Health. Third, there should be an explicit warning to users every time they log into Google Health about possible security issues when accessing Google Health from public computers. Users are not all that educated about the trace of their online activities left on the computers they use. A warning should be shown before they could log into their account every time even if it is inconvenient for users. (Thumbs Down)
  • Google Health is, atleast right now, US based. For a person like me who was born in another country, I need more options to make my health records complete. (Neutral)
  • More importantly, there is no option to export my data from Google Health. It is a downer. I should be able to take my health records to any service I want. (Thumbs Down)

These are my initial observations on Google Health. I haven’t explored it deeply as yet. I understand that the service is still in beta and I hope they add more features in the future. Online health records are important. The complete control of the records should be given to the users. The security and privacy of the records should be given the utmost attention. Google has taken the necessary first step, along with Microsoft and many other startups. We have to wait and see how it is going to benefit the customer. I wouldn’t come to a conclusion about the merits of this service at such an early stage.

Related articles

Feb 21

Security with Bluetooth Phone for your Ubuntu Laptop

Open Source, Security No Comments »

If you have an Ubuntu Laptop (with bluetooth enabled), you can use any Bluetooth enabled phone to lock and unlock the software without even touching the Laptop. Blueproximity is a neat open source utility to secure Laptops running Linux. Here is a howto on setting up Blueproximity on Ubuntu.

Thanks to Lifehacker for the tip.

Jun 05

Microsoft’s IIS serves most malware than any other webserver

Security No Comments »

I am quoting the stats from the Google Online Security Team

We examined about 70,000 domains that over the past month have been either distributing malware or have been responsible for hosting browser exploits leading to drive-by-downloads. The breakdown by server software is depicted below.

Compared to our sample of servers across the Internet, Microsoft IIS features twice as often (49% vs. 23%) as a malware distributing server.

May 30

Important Warning: Vulnerability in third party firefox addons

Security No Comments »

Security researcher Christopher Soghoian points out to a major vulnerability in the third party firefox addons.

A vulnerability exists in the upgrade mechanism used by a number of high profile Firefox extensions. These include Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others, mainly commercial extensions.

He talks about a scenario where such a compromise can occur

Users are vulnerable and are at risk of an attacker silently installing malicious software on their computers. This possibility exists whenever the user cannot trust their domain name server (DNS) or network connection. Examples of this include public wireless networks, and users connected to compromised home routers.

However, he emphasizes that the open source/hobbyist extensions hosted on Mozilla servers are safe.

The vast majority of the open source/hobbyist made Firefox extensions - those that are hosted at https://addons.mozilla.org - are not vulnerable to this attack. Users of popular Firefox extensions such as NoScript, Greasemonkey, and AdBlock Plus have nothing to worry about.

Till the vendors fix this issue, you are advised to remove all addons from third party sites. Download it from a safe and secure location. Also, avoid any updates in places like wireless cafe, public libraries, etc. Please take this warning seriously and spread the word about the possible vulnerability. It is better to err on the side of caution when it comes to software vulnerabilities.

Twitter tip by Mashable

May 22

Low Threat: First Open Office worm emerges

Open Source, Security No Comments »

APC Magazine informs us that the first Open Office worm has been spotted. It could affect Windows, Mac and Linux machines.

The OpenOffice worm uses the inbuilt StarBasic scripting language in the office suite to save scripts to disk in several other languages.

But it is considered to be a low threat and it has not been discovered in the wild.

It runs on Windows, Mac and Linux computers, but anti-malware vendor Sophos admits it poses a low threat, especially as it’s only a proof-of-concept that hasn’t actually been discovered ‘in the wild’.

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in