Connect with us
[bsa_pro_ad_space id=12]

National

Medical pot company plugs web security flaw but privacy concerns persist

Published

on

If you like this, share it!




  • TORONTO — A prominent Canadian medical marijuana company took weeks to fix a website security weakness that could have allowed hackers to access a patient’s sensitive information.

    In an interview this week, the chief technology officer of Namaste Technologies said the changes were made late last month ahead of plans to roll out a complete reworking of the flawed application, which had been put in place in January.

    The vulnerability allowed anyone to confirm whether a particular email address was registered with Namaste. More significantly, the website allowed an unlimited number of password attempts instead of locking a user out after three failed log-ins as is usually done.

    “We’ve basically removed the ability to perform brute force attacks — made it more difficult, really,” Chad Agate, the chief technology officer of the Toronto-based company, said. “We do work to resolve those technical issues.”

    Medical marijuana websites typically request personal information that goes well beyond name, address, age and a copy of photo ID. Some require physical information such as height and weight, along with answers to questions such as whether the applicant has suffered from schizophrenia and what medications they take. 

    The patched Namaste program, which now returns a “obfuscated” generic message in terms of user names and locks out a user after three failed log-ins, was implemented weeks after a user alerted the company to the problem and The Canadian Press began asking questions about the issue.

    Kurtis Cicalo, an Ottawa-based website developer and consultant, said a sophisticated hacker could have accessed a Namaste user’s account in seconds.

    While there is no evidence intruders did in fact obtain or misuse users’ medical data, Cicalo said the security flaw was not unique to Namaste, which among other things bills itself as operator of the largest global cannabis e-commerce platform.

    “My worry is that these sites have been active for months and although I’d like to believe I’m the first person to notice such obvious security flaws, I have to think I’m not, Cicalo said. “This one was super easy to find. Anyone could have found it. It’s so basic, it should never have happened.”

    Cicalo also said he was able to access the site even using a computer address that appeared to originate from abroad.

    “If somebody is accessing medical cannabis records from China, it should be a red flag,” said Cicalo, who wondered whether companies cut security corners in their rush to jump on the money-making cannabis bandwagon. “There’s a very basic lack of security on pretty much every company site.”

    Cicalo said the officer of the federal privacy commissioner suggested he contact the companies involved and only file a personal complaint as a last resort.

    Eugene Ocapalla, a lawyer who teaches drug policy at the University of Ottawa, said users, sellers and those in between have to be more aware of privacy concerns related to pot. Buying marijuana for medical purposes, he said, carries a potential double whammy.

    “If somebody’s information gets taken from a website, you’re learning something about the person’s health condition which for one thing is generally considered very sensitive information,” Ocapalla said. “On top of that, you’re talking about a drug that is still much maligned in many circles, including by some foreign jurisdictions, most notably the United States.”

    Part of the problem facing web developers is the need to balance ease of use against security concerns. As a rule, the more secure a site, the harder it is for the ordinary user to navigate.

    “On password complexity, we had a lot of customers pushing back,” Agate said. “We try to find the best balance.”

    Cicalo said he understood the user-friendly vs. security debate, but said he was pleased Namaste, which says it has more than 30 websites in more than 20 countries under various brands, had finally fixed a “major vulnerability.”

    Colin Perkel, The Canadian Press


    If you like this, share it!

    National

    Feds poised to bolster RCMP accountability

    Published

    on

    If you like this, share it!




  • OTTAWA — The federal government is poised to try to improve RCMP accountability by placing some external eyes on the national police force.

    Public Safety Minister Ralph Goodale and RCMP Commissioner Brenda Lucki are expected to announce the plans at a news conference in Ottawa on Wednesday.

    The long-anticipated move is the latest attempt at rebuilding the force following years of sagging morale over internal bullying and harassment.

    Insiders say the measures to be announced Wednesday are the beginning of a process that involves several steps to ensure the force benefits from independent advice and scrutiny.

    The announcement will represent the Liberal government’s response to two critical 2017 reports.

    In the first, the Civilian Review and Complaints Commission for the RCMP said the force lacked both the will and the capacity to address the challenges that afflict its workplaces.

    The commission urged the government to usher in civilian governance or oversight for the paramilitary-style police force.

    The second report, a review by former auditor general Sheila Fraser of four harassment lawsuits from female members, also called for substantial reforms.

    At the time, Goodale said both reports described “similar serious and long-standing concerns” and would “inform further action” to ensure that the RCMP is a healthy and respectful employer.

    Lucki became the RCMP’s first permanent female boss last year when she took over the commissioner’s post from Bob Paulson.

    Before he left, Paulson delivered an apology to hundreds of current and former female officers and employees who were subjected to discrimination and harassment dating back as far as four decades.

    The words of regret came as the Mounties settled class-action lawsuits stemming from allegations that cast a dark pall over the force.

    The Trudeau government has directed Lucki to modernize and reform the RCMP’s culture, protect employees from harassment and workplace violence, and foster reconciliation with Indigenous Peoples.

    Goodale’s mandate letter to Lucki, issued last year, also asked her to make the force representative of Canada’s diverse population by embracing gender parity and ensuring that women, Indigenous members and minority groups are better reflected in positions of leadership.

    Another priority is implementing measures to improve health and wellness after an auditor’s report found the force was failing to meet the mental-health needs of its members due to a lack of resources, poor monitoring and meagre support from supervisors.

    Jim Bronskill, The Canadian Press


    If you like this, share it!
    Continue Reading

    National

    Google wants court to decide whether search curbs would infringe charter rights

    Published

    on

    If you like this, share it!




  • OTTAWA — Google wants the Federal Court to decide whether limiting search-engine results in the name of privacy would infringe Canadians’ constitutional guarantee of free expression.

    The leading internet search engine advocates broadening an upcoming court hearing to squarely address the question.

    Privacy commissioner Daniel Therrien has asked the Federal Court to clarify if Google’s popular search tool is covered by the law governing how companies handle personal information.

    A man who says a Google search reveals outdated and highly personal information about him will be the test case that helps a judge decide whether the search engine must remove the links from its results.

    Therrien argues the federal law on private-sector use of personal information includes such a right to de-indexing.

    In documents filed with the court, Google says the privacy commissioner’s reference application is illogical and inefficient because it is too narrow and therefore won’t fully explore the relevant constitutional questions.

    The Canadian Press


    If you like this, share it!
    Continue Reading

    january, 2019

    mon14jan - 31jan 1410:00 amjan 31Kindergarten Registration Begins at Red Deer Public SchoolsRegister your child for Kindergarten10:00 am - 3:00 pm (31)

    wed16jan12:30 pm- 1:00 pmBusiness Professionals Video Lecture LunchThis course explains high-level business concepts in simple ways. 12:30 pm - 1:00 pm

    wed16jan7:00 pm- 9:00 pmPerfectionism or Healthy Striving? An Emotional Intelligence WorkshopAre you curious? 7:00 pm - 9:00 pm

    thu17jan - 26jan 177:30 pmjan 26Ignition Theatre Presents: GRUESOME PLAYGROUND INJURIESPulitzer prize finalist Rajiv Joseph’s Gruesome Playground Injuries7:30 pm - 11:00 pm (26)

    sat19jan10:00 am- 5:00 pm2019 Healthy Living ExpoHelping Albertans live healthy, sustainable lives10:00 am - 5:00 pm

    sat19jan11:00 am- 2:00 pmCentral Alberta Refugee Effort and Catholic Social Services Annual Client and Volunteer Partyshare culture through food and music11:00 am - 2:00 pm

    sat19jan1:00 pm- 4:00 pmMAGSaturday @ the MuseumMAGnificent Saturdays welcomes all ages and abilities to participate in a fun art project every week! 1:00 pm - 4:00 pm

    wed23jan12:30 pm- 1:00 pmBusiness Professionals Video Lecture LunchThis course explains high-level business concepts in simple ways. 12:30 pm - 1:00 pm

    sat26jan9:00 am- 5:00 pmChildhood Anxiety: Understanding & Helping Children Heal Workshop9:00 am - 5:00 pm

    sat26jan1:00 pm- 4:00 pmMAGSaturday @ the MuseumMAGnificent Saturdays welcomes all ages and abilities to participate in a fun art project every week! 1:00 pm - 4:00 pm

    sat26jan8:00 pm- 10:30 pmRobbie Burns Night8:00 pm - 10:30 pm

    mon28jan11:30 am- 1:30 pmLending Cupboard Presents Jann Arden in 1st annual Winter LuncheonJann Arden \"Winter Luncheon\"11:30 am - 1:30 pm

    tue29jan5:00 pm- 7:00 pmRed Deer and District Chamber of Commerce presents: January Business After Hoursnetworking event 5:00 pm - 7:00 pm

    tue29jan7:00 pm- 11:30 pmLive Country Music @ Bo's Bar and GrillAaron Pritchett w/ Guest Kira Isabella and David James7:00 pm - 11:30 pm

    tue29jan7:00 pm- 12:00 amPaul BrandtThe Journey Tour 20197:00 pm - 12:00 am

    wed30jan12:30 pm- 1:00 pmBusiness Professionals Video Lecture LunchThis course explains high-level business concepts in simple ways. 12:30 pm - 1:00 pm

    Trending

    X