Connect with us
[bsa_pro_ad_space id=12]


Medical pot company plugs web security flaw but privacy concerns persist



If you like this, share it!

  • TORONTO — A prominent Canadian medical marijuana company took weeks to fix a website security weakness that could have allowed hackers to access a patient’s sensitive information.

    In an interview this week, the chief technology officer of Namaste Technologies said the changes were made late last month ahead of plans to roll out a complete reworking of the flawed application, which had been put in place in January.

    The vulnerability allowed anyone to confirm whether a particular email address was registered with Namaste. More significantly, the website allowed an unlimited number of password attempts instead of locking a user out after three failed log-ins as is usually done.

    “We’ve basically removed the ability to perform brute force attacks — made it more difficult, really,” Chad Agate, the chief technology officer of the Toronto-based company, said. “We do work to resolve those technical issues.”

    Medical marijuana websites typically request personal information that goes well beyond name, address, age and a copy of photo ID. Some require physical information such as height and weight, along with answers to questions such as whether the applicant has suffered from schizophrenia and what medications they take. 

    The patched Namaste program, which now returns a “obfuscated” generic message in terms of user names and locks out a user after three failed log-ins, was implemented weeks after a user alerted the company to the problem and The Canadian Press began asking questions about the issue.

    Kurtis Cicalo, an Ottawa-based website developer and consultant, said a sophisticated hacker could have accessed a Namaste user’s account in seconds.

    While there is no evidence intruders did in fact obtain or misuse users’ medical data, Cicalo said the security flaw was not unique to Namaste, which among other things bills itself as operator of the largest global cannabis e-commerce platform.

    “My worry is that these sites have been active for months and although I’d like to believe I’m the first person to notice such obvious security flaws, I have to think I’m not, Cicalo said. “This one was super easy to find. Anyone could have found it. It’s so basic, it should never have happened.”

    Cicalo also said he was able to access the site even using a computer address that appeared to originate from abroad.

    “If somebody is accessing medical cannabis records from China, it should be a red flag,” said Cicalo, who wondered whether companies cut security corners in their rush to jump on the money-making cannabis bandwagon. “There’s a very basic lack of security on pretty much every company site.”

    Cicalo said the officer of the federal privacy commissioner suggested he contact the companies involved and only file a personal complaint as a last resort.

    Eugene Ocapalla, a lawyer who teaches drug policy at the University of Ottawa, said users, sellers and those in between have to be more aware of privacy concerns related to pot. Buying marijuana for medical purposes, he said, carries a potential double whammy.

    “If somebody’s information gets taken from a website, you’re learning something about the person’s health condition which for one thing is generally considered very sensitive information,” Ocapalla said. “On top of that, you’re talking about a drug that is still much maligned in many circles, including by some foreign jurisdictions, most notably the United States.”

    Part of the problem facing web developers is the need to balance ease of use against security concerns. As a rule, the more secure a site, the harder it is for the ordinary user to navigate.

    “On password complexity, we had a lot of customers pushing back,” Agate said. “We try to find the best balance.”

    Cicalo said he understood the user-friendly vs. security debate, but said he was pleased Namaste, which says it has more than 30 websites in more than 20 countries under various brands, had finally fixed a “major vulnerability.”

    Colin Perkel, The Canadian Press

    If you like this, share it!


    Forces encouraging more sex-assault reports but not helping victims, AG says



    If you like this, share it!

  • OTTAWA — The federal auditor general is taking the military to task for not supporting victims of sexual misconduct.

    Michael Ferguson says that failure threatens to undermine attempts to curb inappropriate and criminal sexual behaviour in the ranks.

    The assessment is contained in a new report that also blasts long delays in resolving cases and the poor training that service members are receiving on the issue.

    Eradicating sexual misconduct is a priority for military commanders after a series of devastating reports in recent years, and Ferguson says awareness is certainly up.

    But Ferguson says his review found that many victims are not being properly supported when they do speak up, which makes it difficult to prosecute cases and undermines confidence in the system.

    The auditor general also says a legal requirement that all service members report inappropriate behaviour actually discourages some victims who don’t want to proceed with a formal complaint from coming forward.

    The Canadian Press

    If you like this, share it!
    Continue Reading


    Inmates kept in prison too long for lack of halfway houses: auditor



    If you like this, share it!

  • OTTAWA — Canada’s auditor general says hundreds of federal prisoners are having their parole delayed only because the Correctional Service of Canada doesn’t have halfway houses for them to live in.

    In a new report Tuesday, Michael Ferguson says staying in prison, sometimes for months longer than they’re supposed to, hurts offenders’ rehabilitation and prospects for success when they’re released.

    He says the backlog of prisoners waiting more than two months for parole increased tenfold over the last three years, from 25 to almost 260.

    And the shortage of spaces means parolees are increasingly sent to communities where they have no family or supports, and no intention of staying.

    The audit says parole officers often do not get important information about the parolees they are supposed to monitor and help, such as details about health conditions that could affect their ability to live and work on the outside.

    A spot check of 50 cases found that nearly half of the time, parole officers didn’t see their parolees on the right schedule or didn’t check to make sure they were following special parole conditions.

    The Canadian Press

    If you like this, share it!
    Continue Reading

    november, 2018

    thu11oct - 29novoct 115:45 pmnov 29Wellness Recovery Action Planning (WRAP) - CMHA(october 11) 5:45 pm - (november 29) 8:15 pm

    wed21nov5:30 pm- 11:00 pmFestival of Trees Preview Dinner5:30 pm - 11:00 pm

    thu22nov11:30 am- 1:30 pmFestival of Trees Business LunchFestival of Trees11:30 am - 1:30 pm

    thu22nov6:00 pm- 9:00 pmFestival of Trees Taste of Red DeerFestival of Trees6:00 pm - 9:00 pm

    fri23nov10:30 am- 1:30 pmFestival of Trees Fashion BrunchFashion Brunch10:30 am - 1:30 pm

    sat24nov10:00 am- 4:00 pmParkland Garden Centre Craft and Market Sale10:00 am - 4:00 pm

    sat24nov6:00 pm- 11:00 pmMistletoe MagicFestival of Trees6:00 pm - 11:00 pm

    sun25nov9:00 am- 12:00 pmBreakfast with SantaFestival of Trees9:00 am - 12:00 pm

    fri30nov - 1decnov 303:00 pmdec 1- 4:00 pmWesterner Park Christmas Artisan Market3:00 pm - (december 1) 4:00 pm