Or, err, perhaps not.
Consider the case of www.freehipaa.net, a Web site that advertises free, open-source HIPAA-cmpliant medical software. HIPAA is the US law that protects the privacy and security of patient medical records; it has, among other things, provisions specifying security standards for remote storage, use, and retrieval of sensitive patient information.
HIPAA compliance is a big deal; those who violate the standards can find themselves neck-deep in legal trouble, and anyone who is responsible for maintaining patient medical information is obligated to take security very seriously indeed.
Which is why it’s all the more amusing that I received a fake PayPal scam email in my mailbox today directing suckers to a phony Web page, where the hackers could steal their PayPal information. The hackers responsible for these scams first find vulnerable Web servers with outdated content management or ecommerce software, then hack these Web sites ad put up their phony phishing pages, and finally send out spam email directing the unwary to the hacked Web site for fleecing.
Today’s cracked Web site du jour? None other than http://www.freehipaa.net/icons/us/webscr.htm — yep, that’s right. The creators of HIPAA-complaint medical billing software can’t even secure their own Web server.
Hmm. I wonder if their software is any better…
Ouch. sux to be freehipaa.net!
Ouch. sux to be freehipaa.net!
To they, in fact, run their own webserver?
Whois and DiG show that they’re hosted by serverpronto.com, a dedicated server and colo fcility. So yeah, I’d say they own and maintain their own server, and are responsible for the security thereof.
Phish is still up, too, four hours after it was reported to them. Very bad…
To they, in fact, run their own webserver?
Whois and DiG show that they’re hosted by serverpronto.com, a dedicated server and colo fcility. So yeah, I’d say they own and maintain their own server, and are responsible for the security thereof.
Phish is still up, too, four hours after it was reported to them. Very bad…
Yikes.
Yikes.
Hi tacit–
Found your profile on OKC & decided to friend you here — hope that’s ok by you. If not, let me know.
Virginia
aka mystic_savage
or mysticsavage
Howdy! Welcome aboard!
Hi tacit–
Found your profile on OKC & decided to friend you here — hope that’s ok by you. If not, let me know.
Virginia
aka mystic_savage
or mysticsavage
Howdy! Welcome aboard!