I had given up on Blogspot ever having a makeover in favor of the nice themes at
wordpress, but man, the new CEO at google is really shaking some stuff here.
Check out the nice features for customizing the themes at Blogspot
Tag: how to
Denial of Service Attacks against Hospitals and Emergency Rooms
One of the most frightening possibilities of cyber warfare is to use remotely deployed , or timed intrusion malware to disturb, distort, deny health care services.
A doctor in an Emergency Room depends on critical information that may save lives if it is electronic and comes on time. However this electronic information can be distorted (which is more severe than deleting it)
The electronic system of a Hospital can also be overwhelmed. If there can be built Stuxnet worms on nuclear centrifuge systems (like those by Siemens), then the widespread availability of health care systems means these can be reverse engineered for particularly vicious cyber worms.
An example of prime area for targeting is Veterans Administration for veterans of armed forces, but also cyber attacks against electronic health records.
Consider the following data points-
http://threatpost.com/en_us/blogs/dhs-warns-about-threat-mobile-devices-healthcare-051612
May 16, 2012, 9:03AM
DHS’s National Cybersecurity and Communications Integration Center (NCCIC) issued the unclassfied bulletin, “Attack Surface: Healthcare and Public Health Sector” on May 4. In it, DHS warns of a wide range of security risks, including that could expose patient data to malicious attackers, or make hospital networks and first responders subject to disruptive cyber attack
http://publicintelligence.net/nccic-medical-device-cyberattacks/
National Cybersecurity and Communications Integration Center Bulletin
The Healthcare and Public Health (HPH) sector is a multi-trillion dollar industry employing over 13 million personnel, including approximately five million first-responders with at least some emergency medical training, three million registered nurses, and more than 800,000 physicians.
(U) A significant portion of products used in patient care and management including diagnosis and treatment are Medical Devices (MD). These MDs are designed to monitor changes to a patient’s health and may be implanted or external. The Food and Drug Administration (FDA) regulates devices from design to sale and some aspects of the relationship between manufacturers and the MDs after sale. However, the FDA cannot regulate MD use or users, which includes how they are linked to or configured within networks. Typically, modern MDs are not designed to be accessed remotely; instead they are intended to be networked at their point of use. However, the flexibility and scalability of wireless networking makes wireless access a convenient option for organizations deploying MDs within their facilities. This robust sector has led the way with medical based technology options for both patient care and data handling.
(U) The expanded use of wireless technology on the enterprise network of medical facilities and the wireless utilization of MDs opens up both new opportunities and new vulnerabilities to patients and medical facilities. Since wireless MDs are now connected to Medical information technology (IT) networks, IT networks are now remotely accessible through the MD. This may be a desirable development, but the communications security of MDs to protect against theft of medical information and malicious intrusion is now becoming a major concern. In addition, many HPH organizations are leveraging mobile technologies to enhance operations. The storage capacity, fast computing speeds, ease of use, and portability render mobile devices an optimal solution.
(U) This Bulletin highlights how the portability and remote connectivity of MDs introduce additional risk into Medical IT networks and failure to implement a robust security program will impact the organization’s ability to protect patients and their medical information from intentional and unintentional loss or damage.
…
(U) According to Health and Human Services (HHS), a major concern to the Healthcare and Public Health (HPH) Sector is exploitation of potential vulnerabilities of medical devices on Medical IT networks (public, private and domestic). These vulnerabilities may result in possible risks to patient safety and theft or loss of medical information due to the inadequate incorporation of IT products, patient management products and medical devices onto Medical IT Networks. Misconfigured networks or poor security practices may increase the risk of compromised medical devices. HHS states there are four factors which further complicate security resilience within a medical organization.
1. (U) There are legacy medical devices deployed prior to enactment of the Medical Device Law in 1976, that are still in use today.
2. (U) Many newer devices have undergone rigorous FDA testing procedures and come equipped with design features which facilitate their safe incorporation onto Medical IT networks. However, these secure design features may not be implemented during the deployment phase due to complexity of the technology or the lack of knowledge about the capabilities. Because the technology is so new, there may not be an authoritative understanding of how to properly secure it, leaving open the possibilities for exploitation through zero-day vulnerabilities or insecure deployment configurations. In addition, new or robust features, such as custom applications, may also mean an increased amount of third party code development which may create vulnerabilities, if not evaluated properly. Prior to enactment of the law, the FDA required minimal testing before placing on the market. It is challenging to localize and mitigate threats within this group of legacy equipment.
3. (U) In an era of budgetary restraints, healthcare facilities frequently prioritize more traditional programs and operational considerations over network security.
4. (U) Because these medical devices may contain sensitive or privacy information, system owners may be reluctant to allow manufactures access for upgrades or updates. Failure to install updates lays a foundation for increasingly ineffective threat mitigation as time passes.
…
(U) Implantable Medical Devices (IMD): Some medical computing devices are designed to be implanted within the body to collect, store, analyze and then act on large amounts of information. These IMDs have incorporated network communications capabilities to increase their usefulness. Legacy implanted medical devices still in use today were manufactured when security was not yet a priority. Some of these devices have older proprietary operating systems that are not vulnerable to common malware and so are not supported by newer antivirus software. However, many are vulnerable to cyber attacks by a malicious actor who can take advantage of routine software update capabilities to gain access and, thereafter, manipulate the implant.
(U) During an August 2011 Black Hat conference, a security researcher demonstrated how an outside actor can shut off or alter the settings of an insulin pump without the user’s knowledge. The demonstration was given to show the audience that the pump’s cyber vulnerabilities could lead to severe consequences. The researcher that provided the demonstration is a diabetic and personally aware of the implications of this activity. The researcher also found that a malicious actor can eavesdrop on a continuous glucose monitor’s (CGM) transmission by using an oscilloscope, but device settings could not be reprogrammed. The researcher acknowledged that he was not able to completely assume remote control or modify the programming of the CGM, but he was able to disrupt and jam the device.
http://www.healthreformwatch.com/category/electronic-medical-records/
February 7, 2012
Since the data breach notification regulations by HHS went into effect in September 2009, 385 incidents affecting 500 or more individuals have been reported to HHS, according to its website.
February 16 2011
One high-profile healthcare system that regularly experiences such attacks is the Veterans Administration (VA). For two years, the VA has been fighting a cyber battle against illegal and unwanted intrusions into their medical devices
http://www.mobiledia.com/news/120863.html
DEC 16, 2011
Malware in a Georgia hospital’s computer system forced it to turn away patients, highlighting the problems and vulnerabilities of computerized systems.
The computer infection started to cause problems at the Gwinnett Medical Center last Wednesday and continued to spread, until the hospital was forced to send all non-emergency admissions to other hospitals.
More doctors and nurses than ever are using mobile devices in healthcare, and hospitals are making patient records computerized for easier, convenient access over piles of paperwork.
http://www.doctorsofusc.com/uscdocs/locations/lac-usc-medical-center
As one of the busiest public hospitals in the western United States, LAC+USC Medical Center records nearly 39,000 inpatient discharges, 150,000 emergency department visits, and 1 million ambulatory care visits each year.
http://www.healthreformwatch.com/category/electronic-medical-records/
If one jumbo jet crashed in the US each day for a week, we’d expect the FAA to shut down the industry until the problem was figured out. But in our health care system, roughly 250 people die each day due to preventable error
http://www.pcworld.com/article/142926/are_healthcare_organizations_under_cyberattack.html
Feb 28, 2008
“There is definitely an uptick in attacks,” says Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area. “Privacy is the foundation of everything we do. We don’t want to be the TJX of healthcare.” TJX is the Framingham, Mass-based retailer which last year disclosed a massive data breach involving customer records.
Dr. Halamka, who this week announced a project in electronic health records as an online service to the 300 doctors in the Beth Israel Deaconess Physicians Organization,
Use R for Business- Competition worth $ 20,000 #rstats
All you contest junkies, R lovers and general change the world people, here’s a new contest to use R in a business application
REVOLUTION ANALYTICS LAUNCHES “APPLICATIONS OF R IN BUSINESS” CONTEST
$20,000 in Prizes for Users Solving Business Problems with R
PALO ALTO, Calif. – September 1, 2011 – Revolution Analytics, the leading commercial provider of R software, services and support, today announced the launch of its “Applications of R in Business” contest to demonstrate real-world uses of applying R to business problems. The competition is open to all R users worldwide and submissions will be accepted through October 31. The Grand Prize winner for the best application using R or Revolution R will receive $10,000.
The bonus-prize winner for the best application using features unique to Revolution R Enterprise – such as itsbig-data analytics capabilities or its Web Services API for R – will receive $5,000. A panel of independent judges drawn from the R and business community will select the grand and bonus prize winners. Revolution Analytics will present five honorable mention prize winners each with $1,000.
“We’ve designed this contest to highlight the most interesting use cases of applying R and Revolution R to solving key business problems, such as Big Data,” said Jeff Erhardt, COO of Revolution Analytics. “The ability to process higher-volume datasets will continue to be a critical need and we encourage the submission of applications using large datasets. Our goal is to grow the collection of online materials describing how to use R for business applications so our customers can better leverage Big Analytics to meet their analytical and organizational needs.”
To enter Revolution Analytics’ “Applications of R in Business” competition Continue reading “Use R for Business- Competition worth $ 20,000 #rstats”
Google Plus API- statistical text mining anyone
For the past year and two I have noticed a lot of statistical analysis using #rstats /R on unstructured text generated in real time by the social network Twitter. From an analytic point of view , Google Plus is an interesting social network , as it is a social network that is new and arrived after the analytic tools are relatively refined. It is thus an interesting use case for evolution of people behavior measured globally AFTER analytic tools in text mining are evolved and we can thus measure how people behave and that behavior varies as the social network and its user interface evolves.
And it would also be a nice benchmark to do sentiment analysis across multiple social networks.
Some interesting use cases of using Twitter that have been used in R.
- Using R to search Twitter for analysis
- Text Data Mining With Twitter And R
- TWITTER FROM R… SURE, WHY NOT!
- A package called TwitteR
- slides from my R tutorial on Twitter text mining #rstats
- Generating graphs of retweets and @-messages on Twitter using R and Gephi
But with Google Plus API now active
The Console lets you see and manage the following project information:
- Activated APIs – Activate one or more APIs to enable traffic monitoring, filtering, and billing, and API-specific pages for your project. Read more about activating APIs here.
- Traffic information – The Console reports traffic information for each activated API. Additionally, you can cap or filter usage by API. Read more about traffic reporting and request filtering here.
- Billing information – When you activate billing, your activated APIs can exceed the courtesy usage quota. Usage fees are billed to the Google Checkout account that you specify. Read more about billing here.
- Project keys – Each project is identified by either an API key or an OAuth 2.0 token. Use this key/token in your API requests to identify the project, in order to record usage data, enforce your filtering restrictions, and bill usage to the proper project. You can use the Console to generate or revoke API keys or OAuth 2.0 certificates to use in your application. Read more about keys here.
- Team members – You can specify additional members with read, write, or ownership access to this project’s Console page. Read more about team members here.
| Google+ API | Courtesy limit: 1,000 queries/day |
|---|
Effective limits:
| API | Per-User Limit | Used | Courtesy Limit | |
|---|---|---|---|---|
| Google+ API | 5.0 requests/second/user | 0% | 1,000 queries/day |
API Calls
GET https://www.googleapis.com/plus/v1/people/userId
Common Parameters
Different API methods require parameters to be passed either as part of the URL path or as query parameters. Additionally, there are a few parameters that are common to all API endpoints. These are all passed as optional query parameters.
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Data Formats
Resources in the Google+ API are represented using JSON data formats. For example, retrieving a user’s profile may result in a response like:
{
"kind": "plus#person",
"id": "118051310819094153327",
"displayName": "Chirag Shah",
"url": "https://plus.google.com/118051310819094153327",
"image": {
"url": "https://lh5.googleusercontent.com/-XnZDEoiF09Y/AAAAAAAAAAI/AAAAAAAAYCI/7fow4a2UTMU/photo.jpg"
}
}
Common Properties
While each type of resource will have its own unique representation, there are a number of common properties that are found in almost all resource representations.
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
Pagination
In requests that can respond with potentially large collections, such as Activities list, each response contains a limited number of items, set by maxResults(default: 20). Each response also contains a nextPageToken property. To obtain the next page of items, you pass this value of nextPageToken to the pageTokenproperty of the next request. Repeat this process to page through the full collection.
For example, calling Activities list returns a response with nextPageToken:
{
"kind": "plus#activityFeed",
"title": "Plus Public Activities Feed",
"nextPageToken": "CKaEL",
"items": [
{
"kind": "plus#activity",
"id": "123456789",
...
},
...
]
...
}
To get the next page of activities, pass the value of this token in with your next Activities list request:
https://www.googleapis.com/plus/v1/people/me/activities/public?pageToken=CKaEL
As before, the response to this request includes nextPageToken, which you can pass in to get the next page of results. You can continue this cycle to get new pages — for the last page, “nextPageToken” will be absent.
it would be interesting the first wave of analysis on this new social network and see if it is any different from others, if at all.
Using Google Fusion Tables from #rstats
But after all that- I was quite happy to see Google Fusion Tables within Google Docs. Databases as a service ? Not quite but still quite good, and lets see how it goes.
https://www.google.com/fusiontables/DataSource?dsrcid=implicit&hl=en_US&pli=1
http://googlesystem.blogspot.com/2011/09/fusion-tables-new-google-docs-app.html
But what interests me more is
http://code.google.com/apis/fusiontables/docs/developers_guide.html
The Google Fusion Tables API is a set of statements that you can use to search for and retrieve Google Fusion Tables data, insert new data, update existing data, and delete data. The API statements are sent to the Google Fusion Tables server using HTTP GET requests (for queries) and POST requests (for inserts, updates, and deletes) from a Web client application. The API is language agnostic: you can write your program in any language you prefer, as long as it provides some way to embed the API calls in HTTP requests.
The Google Fusion Tables API does not provide the mechanism for submitting the GET and POST requests. Typically, you will use an existing code library that provides such functionality; for example, the code libraries that have been developed for the Google GData API. You can also write your own code to implement GET and POST requests.
Also see http://code.google.com/apis/fusiontables/docs/sample_code.html
Google Fusion Tables API Sample Code
Libraries
SQL API
| Language | Library | Public repository | Samples |
|---|---|---|---|
| Python | Fusion Tables Python Client Library | fusion-tables-client-python/ | Samples |
| PHP | Fusion Tables PHP Client Library | fusion-tables-client-php/ | Samples |
Featured Samples
An easy way to learn how to use an API can be to look at sample code. The table above provides links to some basic samples for each of the languages shown. This section highlights particularly interesting samples for the Fusion Tables API.
SQL API
| Language | Featured samples | API version |
|---|---|---|
| cURL |
|
SQL API |
| Google Apps Script |
|
SQL API |
| Java |
|
SQL API |
| Python |
|
Docs List API |
| Android (Java) |
|
SQL API |
| JavaScript – FusionTablesLayer | Using the FusionTablesLayer, you can display data on a Google Map
Also check out FusionTablesLayer Builder, which generates all the code necessary to include a Google Map with a Fusion Table Layer on your own website. |
FusionTablesLayer, Google Maps API |
| JavaScript – Google Chart Tools | Using the Google Chart Tools, you can request data from Fusion Tables to use in visualizations or to display directly in an HTML page. Note: responses are limited to 500 rows of data. | Google Chart Tools |
External Resources
Google Fusion Tables is dedicated to providing code examples that illustrate typical uses, best practices, and really cool tricks. If you do something with the Google Fusion Tables API that you think would be interesting to others, please contact us at googletables-feedback@google.com about adding your code to our Examples page.
- Shape EscapeA tool for uploading shape files to Fusion Tables.
- GDALOGR Simple Feature Library has incorporated Fusion Tables as a supported format.
- Arc2CloudArc2Earth has included support for upload to Fusion Tables via Arc2Cloud.
- Java and Google App EngineODK Aggregate is an AppEngine application by the Open Data Kit team, uses Google Fusion Tables to store survey data that is collected through input forms on Android mobile phones. Notable code:
- Create a Fusion Table – FusionTableServlet.java
- Insert data into a Fusion Table – SubmissionFusionTable.java
- R packageAndrei Lopatenko has written an R interface to Fusion Tables so Fusion Tables can be used as the data store for R.
- RubySimon Tokumine has written a Ruby gem for access to Fusion Tables from Ruby.
Updated-You can use Google Fusion Tables from within R from http://andrei.lopatenko.com/rstat/fusion-tables.R
ft.connect <- function(username, password) {
url = "https://www.google.com/accounts/ClientLogin";
params = list(Email = username, Passwd = password, accountType="GOOGLE", service= "fusiontables", source = "R_client_API")
connection = postForm(uri = url, .params = params)
if (length(grep("error", connection, ignore.case = TRUE))) {
stop("The wrong username or password")
return ("")
}
authn = strsplit(connection, "\nAuth=")[[c(1,2)]]
auth = strsplit(authn, "\n")[[c(1,1)]]
return (auth)
}
ft.disconnect <- function(connection) {
}
ft.executestatement <- function(auth, statement) {
url = "http://tables.googlelabs.com/api/query"
params = list( sql = statement)
connection.string = paste("GoogleLogin auth=", auth, sep="")
opts = list( httpheader = c("Authorization" = connection.string))
result = postForm(uri = url, .params = params, .opts = opts)
if (length(grep("<HTML>\n<HEAD>\n<TITLE>Parse error", result, ignore.case = TRUE))) {
stop(paste("incorrect sql statement:", statement))
}
return (result)
}
ft.showtables <- function(auth) {
url = "http://tables.googlelabs.com/api/query"
params = list( sql = "SHOW TABLES")
connection.string = paste("GoogleLogin auth=", auth, sep="")
opts = list( httpheader = c("Authorization" = connection.string))
result = getForm(uri = url, .params = params, .opts = opts)
tables = strsplit(result, "\n")
tableid = c()
tablename = c()
for (i in 2:length(tables[[1]])) {
str = tables[[c(1,i)]]
tnames = strsplit(str,",")
tableid[i-1] = tnames[[c(1,1)]]
tablename[i-1] = tnames[[c(1,2)]]
}
tables = data.frame( ids = tableid, names = tablename)
return (tables)
}
ft.describetablebyid <- function(auth, tid) {
url = "http://tables.googlelabs.com/api/query"
params = list( sql = paste("DESCRIBE", tid))
connection.string = paste("GoogleLogin auth=", auth, sep="")
opts = list( httpheader = c("Authorization" = connection.string))
result = getForm(uri = url, .params = params, .opts = opts)
columns = strsplit(result,"\n")
colid = c()
colname = c()
coltype = c()
for (i in 2:length(columns[[1]])) {
str = columns[[c(1,i)]]
cnames = strsplit(str,",")
colid[i-1] = cnames[[c(1,1)]]
colname[i-1] = cnames[[c(1,2)]]
coltype[i-1] = cnames[[c(1,3)]]
}
cols = data.frame(ids = colid, names = colname, types = coltype)
return (cols)
}
ft.describetable <- function (auth, table_name) {
table_id = ft.idfromtablename(auth, table_name)
result = ft.describetablebyid(auth, table_id)
return (result)
}
ft.idfromtablename <- function(auth, table_name) {
tables = ft.showtables(auth)
tableid = tables$ids[tables$names == table_name]
return (tableid)
}
ft.importdata <- function(auth, table_name) {
tableid = ft.idfromtablename(auth, table_name)
columns = ft.describetablebyid(auth, tableid)
column_spec = ""
for (i in 1:length(columns)) {
column_spec = paste(column_spec, columns[i, 2])
if (i < length(columns)) {
column_spec = paste(column_spec, ",", sep="")
}
}
mdata = matrix(columns$names,
nrow = 1, ncol = length(columns),
dimnames(list(c("dummy"), columns$names)), byrow=TRUE)
select = paste("SELECT", column_spec)
select = paste(select, "FROM")
select = paste(select, tableid)
result = ft.executestatement(auth, select)
numcols = length(columns)
rows = strsplit(result, "\n")
for (i in 3:length(rows[[1]])) {
row = strsplit(rows[[c(1,i)]], ",")
mdata = rbind(mdata, row[[1]])
}
output.frame = data.frame(mdata[2:length(mdata[,1]), 1])
for (i in 2:ncol(mdata)) {
output.frame = cbind(output.frame, mdata[2:length(mdata[,i]),i])
}
colnames(output.frame) = columns$names
return (output.frame)
}
quote_value <- function(value, to_quote = FALSE, quote = "'") {
ret_value = ""
if (to_quote) {
ret_value = paste(quote, paste(value, quote, sep=""), sep="")
} else {
ret_value = value
}
return (ret_value)
}
converttostring <- function(arr, separator = ", ", column_types) {
con_string = ""
for (i in 1:(length(arr) - 1)) {
value = quote_value(arr[i], column_types[i] != "number")
con_string = paste(con_string, value)
con_string = paste(con_string, separator, sep="")
}
if (length(arr) >= 1) {
value = quote_value(arr[length(arr)], column_types[length(arr)] != "NUMBER")
con_string = paste(con_string, value)
}
}
ft.exportdata <- function(auth, input_frame, table_name, create_table) {
if (create_table) {
create.table = "CREATE TABLE "
create.table = paste(create.table, table_name)
create.table = paste(create.table, "(")
cnames = colnames(input_frame)
for (columnname in cnames) {
create.table = paste(create.table, columnname)
create.table = paste(create.table, ":string", sep="")
if (columnname != cnames[length(cnames)]){
create.table = paste(create.table, ",", sep="")
}
}
create.table = paste(create.table, ")")
result = ft.executestatement(auth, create.table)
}
if (length(input_frame[,1]) > 0) {
tableid = ft.idfromtablename(auth, table_name)
columns = ft.describetablebyid(auth, tableid)
column_spec = ""
for (i in 1:length(columns$names)) {
column_spec = paste(column_spec, columns[i, 2])
if (i < length(columns$names)) {
column_spec = paste(column_spec, ",", sep="")
}
}
insert_prefix = "INSERT INTO "
insert_prefix = paste(insert_prefix, tableid)
insert_prefix = paste(insert_prefix, "(")
insert_prefix = paste(insert_prefix, column_spec)
insert_prefix = paste(insert_prefix, ") values (")
insert_suffix = ");"
insert_sql_big = ""
for (i in 1:length(input_frame[,1])) {
data = unlist(input_frame[i,])
values = converttostring(data, column_types = columns$types)
insert_sql = paste(insert_prefix, values)
insert_sql = paste(insert_sql, insert_suffix) ;
insert_sql_big = paste(insert_sql_big, insert_sql)
if (i %% 500 == 0) {
ft.executestatement(auth, insert_sql_big)
insert_sql_big = ""
}
}
ft.executestatement(auth, insert_sql_big)
}
}
How to get an invite to Social Network Lift
- Go to http://lift.do/
- Enter Email
- Wait for sometime
This is the new social network by the same guys who brought you Blogger and Twitter.
Also see-
http://www.readwriteweb.com/archives/what_twitters_co-founders_appear_to_be_building_ne.php
How to surf anonymously on the mobile- Use Orbot
This is an interesting use case of anonymous surfing through mobile by using Tor Project on the Android Mobile OS.
Source- https://guardianproject.info/apps/orbot/
Orbot requires different configuration depending on the Android operating system version it is used on.
For standard Android 1.x devices (G1, MyTouch3G, Hero, Droid Eris, Cliq, Moment)
- WEB BROWSING: You can use the Orweb Privacy Browser which we offer, which only works via Orbot and Tor.
- For Instant Messsaging, please try Gibberbot which provides integrated, optional support for Orbot and Tor.
For Android 2.x devices: Droid, Nexus, Evo, Galaxy
- WEB BROWSING: Non-rooted devices should use Firefox for Android with our ProxyMob Add-On to browse via the Tor network. Rooted devices can take advantage of transparent proxying (see below) and do not need an additional app installed.
- Transparent Proxying: You must root your device in order for Orbot to work transparently for all web and DNS traffic. If you root your device, whether it is 1.x or 2.x based, Orbot will automatically, transparently proxy all web traffic on port 80 and 443 and all DNS requests. This includes the built-in Browser, Gmail, YouTube, Maps and any other application that uses standard web traffic.
- For Instant Messsaging, please try Gibberbot which provides integrated, optional support for Orbot and Tor.
Developers
- Source code is available via SVN: svn co https://svn.torproject.org/svn/projects/android/ and Git: git clone https://gitweb.torproject.org/orbot.git
DECISION STATS 