Tag Archives: could

For Sale – 6 x 4TB & 12 x 2TB HDD’s

I’m also quite interested in a couple drives – could you update the thread with what you have left?

Cheers

Go to Original Article
Author:

For Sale – 6 x 4TB & 12 x 2TB HDD’s

I’m also quite interested in a couple drives – could you update the thread with what you have left?

Cheers

Go to Original Article
Author:

Wanted – HP microserver

I have a HP Gen 8 Microserver which I could part with:

I’ve had since new, originally had the Intel Celreon G1610T processor, which I still have but I then upgraded to a i3 3220t (stock air cooled) – still have this processor too.

Currently the machine has a Xeon E3-1270 v2 which is water cooled with rad mounted onto of the case. RAM upgraded to 8gb.

Let me know if it’s of any interest

Go to Original Article
Author:

Healthcare 2020 trends emphasize virtual, holistic patient care

Lowering the price of healthcare will be top of mind in 2020. For healthcare CIOs, that could mean investing in telehealth tools and analytics platforms that are geared toward making healthcare more accessible, less expensive and more personal.

Two reports on healthcare 2020 predictions lay out potential trends facing healthcare organizations in the new year. Forrester Research’s report focuses on healthcare reform efforts as well as the rise in telehealth. Frost & Sullivan’s report highlights the role social determinants of health data analytics platforms will play in 2020 and predicts a backlash against AI in healthcare.

The detailed healthcare 2020 reports have been pared down here for healthcare CIOs, highlighting tech trends like telehealth and data analytics platforms.

Telehealth visits will increase

Forrester believes virtual care will grow substantially, predicting that providers will conduct millions of new virtual visits in 2020.

Jeff Becker, an analyst at Forrester and one of the authors of the “Predictions 2020: Healthcare” report, called telehealth “the fastest growing place of service across all care delivery touchpoints” where “everybody is rushing in to claim a stake.”

Jeff BeckerJeff Becker

One of the drivers behind the growth in virtual visits is the desire to control patient inflow to brick-and-mortar care delivery systems, Becker said.

Engaging patients in the home, workplace or other convenient locations first and helping them make a decision on the right place to seek medical care can reduce what Becker called the “drastic overuse of an emergency room.”

Historical outpatient claims data suggests that about 43% of outpatient visits could be addressed through a virtual care visit, according to Forrester, pointing to telehealth as one option healthcare CIOs should look at to reduce costs associated with care delivery.

Social determinants of health in 2020

Another healthcare 2020 prediction is that social determinants of health data will play a big role in how payers and health systems improve patient outcomes, and healthcare CIOs will need to key in on tools like analytics platforms to make use of that data, according to Frost & Sullivan.

Frost & Sullivan analysts predict that by the end of 2020, 40% of U.S. health systems and insurance companies will use social determinants of health data, such as income and housing status, to make risk assessments or business decisions, as well as conduct patient outreach.

Kamaljit BeheraKamaljit Behera

Factors driving its growth include an understanding that most of a patient’s health outcomes are attributable to factors beyond direct medical care, according to Kamaljit Behera, an analyst at Frost & Sullivan.

We believe proactively engaging the right patients based on their social determinant of health can improve health outcomes.
Kamaljit BeheraAnalyst, Frost & Sullivan

“57% [of patients] have a moderate to high risk for financial insecurity, isolation, housing insecurity, transportation and food insecurity, among others,” Behera said during a webinar on healthcare 2020 predictions. “We believe proactively engaging the right patients based on their social determinant of health can improve health outcomes and help healthcare organizations meet quality standards.”

Frost & Sullivan believes that within the next five years, social determinants of health data will become critical for improving patients’ quality of care, as well as optimizing the cost of care. In lockstep, health IT products such as population health management platforms that track and analyze patient outcomes will also gain prominence.

AI growth, challenges

The AI in medical imaging market will cross the $400 million mark in 2020, but Behera said that AI companies have a tough road ahead. He believes they will need to rethink how they use data, train algorithms and implement AI to convince the healthcare community of no-harm use.

Medical imaging, or radiology, is one of the most mature areas for AI and clinical use cases, Behera said. Yet even in radiology, the use of AI will be checked in 2020.

“AI in the recent past has advanced tremendously. Its ability for diagnosing and detecting disease is climbing higher and higher, but the very important question still remains, what happens if something goes wrong,” Behera said.

The safest way for physicians to use AI is to confirm a diagnosis rather than improve care with new insights, Behera said. Due to this caution, health IT vendors will continue to make non-clinical applications of AI such as workflow automation the priority. Additionally, Behera said roughly 75% of AI companies in medical imaging will continue to focus on image analysis as the main AI use case.

“Things look promising in AI more from an operational and workstream optimization [standpoint], but we still have quite a way to go before getting into real support in the clinical decision-making process leveraged by AI solutions,” Behera said.

On healthcare reform

Healthcare’s big price tag will take center stage next year as voters hear from presidential candidates and prepare to cast their votes.

U.S. Democratic presidential candidates Elizabeth Warren and Bernie Sanders have championed a “Medicare for All” plan or option, which would expand a federal health insurance program historically geared at those 65 and older or managing certain disabilities to everyone.

The full Medicare for All plan would introduce a federally funded public insurance plan to U.S. citizens and eliminate private health insurance, eliminating 900 health insurers and 507,000 employees, according to the Forrester healthcare 2020 report.

“When I dug into the numbers, it didn’t surprise me that I came to the conclusion that Medicare for All in its current definition would fail,” Forrester’s Becker said. “What did surprise me is how much uptick there is in support of a public option and how much legislative movement there is for, not a single payer system, but a secondary public option.”

According to the Forrester healthcare 2020 report, voter support in the U.S. is low for a Medicare for All plan, but 70% of voters would support a public plan option that preserves the option of private insurance. 

The report noted that providers have mixed feelings about a public insurance option. While more coverage means less uncompensated care, Medicare patients generate lower reimbursement rates than patients covered under private insurance contracts.

Go to Original Article
Author:

Session cookie mishap exposed HackerOne private reports

A researcher discovered a session cookie risk that could have exposed private bugs on HackerOne, and questions remain about if data may have been taken.

The risk for vulnerability coordination and bug bounty site HackerOne stemmed from a HackerOne security analyst accidentally including a valid session cookie in a communication with community member haxta4ok00. According to the HackerOne incident report attached to the original bug report, which was first reported by Ars Technica, the session cookie was disclosed due to human error and revoked exactly two hours and three minutes after the company learned of the issue.

“Session cookies are tied to a particular application, in this case hackerone.com. The application won’t block access when a session cookie gets reused in another location. This was a known risk. As many of HackerOne’s users work from mobile connections and through proxies, blocking access would degrade the user experience for those users,” HackerOne wrote in the incident report. “A short-term mitigation of this vulnerability is to bind the user’s session to the IP address used at initial sign-in. If an attempt is made to utilize the session from a different IP address, the session is terminated.”

HackerOne added that longer-term mitigations will include detecting session cookies and authentication tokens in user comments and blocking submission, binding sessions to devices rather than IP addresses, improving employee education, and overhauling the permission model for HackerOne security analysts.

Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team, told SearchSecurity, “The first rule of session cookies is don’t share your session cookies.”

“That being said, accidents and oversights can happen. The general idea here is to bind the session cookies with some other identifying attribute of the expected client. This is commonly done by associating session cookies with some additional fingerprint of the authorized user,” Young said. “This can be as simple as restricting session cookies based on IP address or region. More sophisticated methods might involve client-side scripting to fingerprint a specific client browser.”

After seeing “the amount of sensitive information that could have been accessed” as a result of the session cookie account takeover, HackerOne decided the submission was a critical vulnerability and awarded a $20,000 bug bounty.

Data access still in question

Haxta4ok00 wrote in the report that they had “HackerOneStaff Access” and could “read all reports” and edit private programs. However, they asserted multiple times that all actions were in the spirit of white hat hacking.

In the discussion about the issue in the bug report, Reed Loden, director of security at HackerOne, asked haxta4ok00 to “delete all screenshots, exports, etc.” and confirm they had “no other copies of vulnerability data” captured as part of the report submission. While haxta4ok00 claimed they only took screenshots, they admitted they didn’t understand how to prove such data was deleted. Even so, Loden thanked the member “for confirming your removal of all screenshots and other data you may have downloaded as part of your report submission.” 

Following this exchange, Jobert Abma, co-founder of HackerOne, joined the conversation to ask why haxta4ok00 had “opened all the reports and pages in order to validate you had access to the account,” noting the HackerOne team found the extent of the member’s actions unnecessary.

Again, the member claimed they meant no harm and that answer seemed to be accepted by HackerOne staff. The member went on to claim they had previously reported the session cookie risk and nothing was done.

Katie Moussouris, founder and CEO of Luta Security, pointed out on Twitter that the discussion between haxta4ok00 and HackerOne staff raised more questions.

Loden told SearchSecurity that “asking the reporting hacker to validate what we are seeing on our end is one of many steps in our investigation process.”

“HackerOne always conducts comprehensive investigations for all vulnerabilities reported to our own bug bounty program. In this case HackerOne’s bug bounty program operated exactly as intended, it gave us a way to identify an unknown risk fast so we could safely eliminate it,” he wrote via email. “Less than 5% of programs were impacted by this issue, the risk was eliminated within two hours of receipt and long-term fixes were pushed within days.”

Loden also clarified why action was not taken on the first report about session cookie issues.

“HackerOne’s bug bounty program is focused on identifying real-world vulnerabilities impacting the Platform, and we require hackers to provide a valid proof of concept with submissions,” Loden said. “The report in question from three years ago was a purely theoretical scenario focused on older browsers that were not, and are still not, supported by the HackerOne Platform.”

Go to Original Article
Author:

For Trade – or Sale: AMD build PC

Interested in the PC. I’m in West Wales so couldn’t collect. In theory, I suppose I could meet halfway

Not bothered about the monitor. But the rest is fine and I can redeploy into other PCs.

I want to stick a 1070GTX in there – is there enough room and is there a spare 8-pin power connector?

The cooler I’m not sure about – do you think it would be OK to run without? Are worried about it becoming dislodged in transit?

Go to Original Article
Author:

Wanted – DDR4 , Cheap SSD , possibly RGB fans or case

¿ If it’s ok with welshpcman could I show interest in the case blackmesa, how much delivered please ?
Thanks
Glen

Go to Original Article
Author:

For Sale – 3D Gaming PC

3D Gaming PC

i7-950 3.06 GHz CPU fan could do with replacing, I had to reapply new thermal paste to the CPU and I broke some of the pins when putting the fan back on, is held in place for now though.

Gigabyte X-58 USB motherboard

24GB Crucial Ballistix 6x4gb DDR3

Msi Nvidia 970 4gb Gaming Edition

2x1TB HDDs

Windows 10 home

Asus 3D 24” 1080p monitor with 3D Vision Glasses and receiver, monitor has a thunder bug under the screen from the summer, looks like dead pixels but it’s not, had a few of them under the screen crawling about one day, switched the monitor off but one passed away under there, was thinking maybe a blast of air might dislodge it?

Novatech case with a blue ray drive and DVD burner, I bought the PC from new about 7 years from Novatech, a few years ago I upgraded the GPU to the 970 and upgraded the RAM.

Was playing The Division on highest settings and also could handle the Division 2, not into it myself but I’m sure it would run Fortnight or the like, would run PUBG fine.

No keyboard or mouse as I am using them with my new PC.

Not sure if I have priced it right or not, if so please let me know.

Looking for £350 collected from Gloucester area.

Go to Original Article
Author:

Sinkholed Magecart domains resurrected for advertising schemes

Sinkholed Magecart domains previously used for payment card skimmers could pose new threats such as ad fraud and malvertising.

RiskIQ, a San Francisco-based threat intelligence vendor, discovered a handful of sinkholed domains formerly used by Magecart cybercriminals have been subtly purchased and re-registered by unknown groups. Instead of using these old Magecart domains for payment card skimming, the threat actors are using them as traffic sources for advertising schemes.

In a blog post, Yonathan Klijnsma, head of threat research at RiskIQ, explained that registrars often put domains up for sale again after they have been taken down due to malicious activity.

“Here’s the catch: when these domains come back online, they retain their call-outs to malicious domains placed on breached websites by attackers, which means they also retain their value to threat actors,” Klijnsma wrote in the blog post.

A “secondary market” has emerged around Magecart domains where other threat actors use the domains, which are still receiving significant traffic after being taken down, to run advertisements. Klijnsma told SearchSecurity it’s common for a formerly malicious domain with an attractive or common name to be purchased by domain name speculators for advertising purposes.

“They buy it up and the main domain gets a parking page and the parking page will have ads,” he said. “And that’s their way of monetizing it in a white hat sort of way.”

But the purchasers of these Magecart domains went a step further, Klijnsma said. The threat actors took advantage of the malicious JavaScript the Magecart cybercriminals previously used to call out to their skimmers, though instead of downloading skimmers the JavaScript now injects ads. In addition, the revised JavaScript contains another remote script that counts traffic to the domains.

Klijnsma said the new threat actors can’t “play the ignorance card”; they wouldn’t use the exact same file path as the Magecart skimmers and then log the traffic to the domains unless they knew what the domains had been used for previously and were aware of how to monetize them, he said.

“They have some knowledge of what’s going on, which is curious and illegitimate in our eyes,” Klijnsma said.

Potential threats on old domains

Klijnsma said he found the secondary market for Magecart domains accidentally. He discovered RiskIQ’s platform had flagged a handful of the old domains by crawling the pages, but it hadn’t flagged any skimmer activity, which prompted him to take a closer look at one of the domains that had been sinkholed — cdnanalytics.net.

“I noticed the injection of ads in the page, which is definitely not a skimmer,” he said. “After that, looking at the actual domain, I noticed it was re-registered.”

The re-registering of the domain was done in a “very subtle way” where the new threat actors used the same registrar as the Magecart cybercriminals; the only change in the WhoIs data for the domain was the name server. Klijnsma said it’s unclear why the new owners used the same registrars for all of the Magecart domains but he said he believes it was “purposeful.”

Klijnsma also said he noticed the advertising script contained another domain — cleverjump.org — and an analysis of host pairs between the cleverjump.org script revealed “several hundred domains” for 2019 alone, including several old Magecart domains.

“If you look at those other domains, you’ll find a lot of attractive, nicely-made domain names,” he said. “I think they just keep buying this stuff up to deliver ads and get whatever traffic they can get.”

Klijnsma said the Magecart domains present a legal and ethical gray area. While the new threat actors are using malicious Magecart code and monetizing illegitimate traffic for ad fraud, there are currently no signs of malvertising or other direct threats to users on the sites. The ads being served on the domains are thus far legitimate and are being served from several ad networks, which RiskIQ declined to name.

While RiskIQ flagged the Magecart domains, the company won’t blacklist them again unless it detects skimmers, malware or other malicious activity on them. However, Klijnsma urged caution in his blog post.

“While ads themselves aren’t malicious, they are exploiting the vulnerabilities in websites while the site owners don’t benefit,” he wrote. “Moreover, in the future, threat actors may also engage in other schemes and threat activity far more malicious than advertising.”

Go to Original Article
Author:

Nextlink Internet and Microsoft closing broadband gap in central US – Stories

The agreement could bring broadband access to benefit more than 9 million people, including approximately 1 million in unserved rural areas

REDMOND, Wash. — Sept. 18, 2019 — On Wednesday, Nextlink Internet and Microsoft Corp. announced a partnership that will help close the broadband gap in Iowa, Illinois, Kansas, Nebraska, Oklahoma and Texas, bringing high-speed internet to hundreds of rural communities. The agreement will further enable Nextlink to substantially expand their coverage areas and is part of the Microsoft Airband Initiative, which is focused on addressing this national crisis, with the goal of extending broadband access to over 3 million unserved people in rural America by July 2022.

Lack of broadband connectivity is a pervasive national issue, and particularly acute in rural areas of the country. The Federal Communications Commission (FCC) reports that more than 21 million Americans lack broadband access, the vast majority of whom live in rural areas that continue to lag the national rate of broadband usage. The problem is almost certainly larger than that, though, as other studies and data sources, including Microsoft data, have found that 162 million people across the United States are not using the internet at broadband speeds, including approximately 29 million people across Iowa, Illinois, Kansas, Nebraska, Oklahoma and Texas.

“It’s time to deliver on the connectivity promises that have been made to people across the country, and this partnership will help do that for many who have been left behind and unserved in the heartland of America,” said Shelley McKinley, vice president, Technology and Corporate Responsibility at Microsoft. “In the past two years with our Airband Initiative, we’ve seen that progress is possible — particularly when the public and private sectors come together. Partnerships with regional ISPs like Nextlink that have the desire and wherewithal to provide internet connectivity are a critical part of closing the broadband gap and helping families, children, farmers, businesses and whole communities to not only survive, but thrive in the 21st century.”

Nextlink will deploy a variety of broadband connectivity technologies to bring these areas under coverage, including wireless technologies leveraging TV white spaces (e.g., unused TV frequencies) in select markets. Nextlink will continue its deployments in Texas and Oklahoma and immediately begin deployment efforts in Kansas, Nebraska, Iowa and Illinois, with rollouts planned through 2024.

Nextlink CEO Bill Baker noted, “Nextlink is tremendously excited about the opportunity to join forces with Microsoft. This agreement will accelerate the rollout of high-speed broadband access to underserved areas that are desperate for this critical service. This in turn will make those areas more attractive for employers who require high-speed broadband to operate. By itself, this project is going to generate hundreds of full-time, long-term jobs in rural communities as Nextlink builds out and services the required networks. The overall impact to rural communities in terms of job creation and increased viability for all employers is tremendous.”

“This partnership will enable the coming of precision agriculture, IoT, digital healthcare, access to higher education and overall economic growth,” said Ted Osborn, Nextlink SVP of Strategy & Regulatory Affairs. “Our experience tells us that advanced broadband access and community support can make these promises a reality in relatively short order.”

Improved connectivity will bolster economic, educational and telehealth opportunities for everyone in the region, and could be particularly impactful for farmers. Together, the states covered in part by this deal — Iowa, Illinois, Kansas, Nebraska, Oklahoma and Texas — account for more than $120 billion in annual agricultural value, or 29% of the agricultural output of the United States, according to the U.S. Department of Agriculture (USDA). With broadband access, farmers can gain better access to markets and take advantage of advancements in precision agriculture, enabling them to better monitor crops and increase their yields, which can translate into significant economic returns. The USDA estimates widespread use of connected technologies for agricultural production has the potential to unlock over $47 billion in annual gross benefit for the United States.

The partnership builds on Microsoft and Nextlink’s efforts to close the digital divide. Nextlink is familiar with the needs of rural communities and was awarded federal Connect America Fund funding to expand broadband access to unserved rural communities. The companies will also work together to ensure that, once connectivity is available in these regions, people will receive the digital skills training to help them take advantage of the economic and social benefits that come with broadband access.

About Nextlink Internet  

Nextlink Internet, LLC is a residential and commercial internet access and phone services provider based in Hudson Oaks, Texas. The company is a leading provider of broadband services to rural school districts and municipalities. Since 2013, the company has organically attracted over 36,000 broadband subscribers using solely private capital and has managed industry-leading operating metrics. Nextlink optimizes its IP-based optical-fiber and fixed wireless network with an unrelenting commitment to customer service to achieve high customer satisfaction.

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

For more information, press only:

Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, [email protected]

Dale Curtis for Nextlink Internet, [email protected], (202) 246-5659

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.

 

Go to Original Article
Author: Microsoft News Center