lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Jul 2006 14:32:53 -0700
From: "kaiser scapegoat" <kaiser_scapegoat@...mail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Undisclosed breach at major US facility  

Hi -

I only joined this list because I read about the "how to disclose a breach" 
issue in Wired. I read through the posts, and it didn't look like anyone 
brought up my case. I'm the person who proved the press and government 
agencies prefer to portray the whistleblower as a hacker even if the info 
has been on a public web site for five years.

Here's a timeline of my situation: http://corphq.livejournal.com/60599.html

I keep a blog on this issue here: http://corphq.livejournal.com

What was surprising about my case was not that Kaiser attempted to frame me 
- they've always been slime. What's upsetting is the way the press and the 
State of California enabled them by portraying me off the bat as a hacker. 
This made it impossible for me to get timely legal help. Even more upsetting 
is that even after the CA Dept. of Managed Health Care realized their 
mistake, they did nothing to fix the problem they had caused me. They didn't 
publicly apologize for their press release, and they left the Order against 
me on their web site. They pressured me into signing a "settlement" just to 
cover their own ass, and then they broke their side of it. The actions of 
the DMHC were illegal to begin with since they have no jurisdiction over 
private citizens.

It seems that it's okay with all of society that the State can take illegal 
actions against me and I can be left to the HMO legal team wolves just 
because I'm a nobody and it apparently appeases public anxieties to punish 
the person who symbolizes the danger of medical records being posted on the 
Internet.

In the end, though, this is shooting the messenger, and that just assures 
that people in the future will be afraid to report this kind of security 
leak.

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists