Connect with us
[bsa_pro_ad_space id=12]


Medical pot company plugs web security flaw but privacy concerns persist



If you like this, share it!

  • TORONTO — A prominent Canadian medical marijuana company took weeks to fix a website security weakness that could have allowed hackers to access a patient’s sensitive information.

    In an interview this week, the chief technology officer of Namaste Technologies said the changes were made late last month ahead of plans to roll out a complete reworking of the flawed application, which had been put in place in January.

    The vulnerability allowed anyone to confirm whether a particular email address was registered with Namaste. More significantly, the website allowed an unlimited number of password attempts instead of locking a user out after three failed log-ins as is usually done.

    “We’ve basically removed the ability to perform brute force attacks — made it more difficult, really,” Chad Agate, the chief technology officer of the Toronto-based company, said. “We do work to resolve those technical issues.”

    Medical marijuana websites typically request personal information that goes well beyond name, address, age and a copy of photo ID. Some require physical information such as height and weight, along with answers to questions such as whether the applicant has suffered from schizophrenia and what medications they take. 

    The patched Namaste program, which now returns a “obfuscated” generic message in terms of user names and locks out a user after three failed log-ins, was implemented weeks after a user alerted the company to the problem and The Canadian Press began asking questions about the issue.

    Kurtis Cicalo, an Ottawa-based website developer and consultant, said a sophisticated hacker could have accessed a Namaste user’s account in seconds.

    While there is no evidence intruders did in fact obtain or misuse users’ medical data, Cicalo said the security flaw was not unique to Namaste, which among other things bills itself as operator of the largest global cannabis e-commerce platform.

    “My worry is that these sites have been active for months and although I’d like to believe I’m the first person to notice such obvious security flaws, I have to think I’m not, Cicalo said. “This one was super easy to find. Anyone could have found it. It’s so basic, it should never have happened.”

    Cicalo also said he was able to access the site even using a computer address that appeared to originate from abroad.

    “If somebody is accessing medical cannabis records from China, it should be a red flag,” said Cicalo, who wondered whether companies cut security corners in their rush to jump on the money-making cannabis bandwagon. “There’s a very basic lack of security on pretty much every company site.”

    Cicalo said the officer of the federal privacy commissioner suggested he contact the companies involved and only file a personal complaint as a last resort.

    Eugene Ocapalla, a lawyer who teaches drug policy at the University of Ottawa, said users, sellers and those in between have to be more aware of privacy concerns related to pot. Buying marijuana for medical purposes, he said, carries a potential double whammy.

    “If somebody’s information gets taken from a website, you’re learning something about the person’s health condition which for one thing is generally considered very sensitive information,” Ocapalla said. “On top of that, you’re talking about a drug that is still much maligned in many circles, including by some foreign jurisdictions, most notably the United States.”

    Part of the problem facing web developers is the need to balance ease of use against security concerns. As a rule, the more secure a site, the harder it is for the ordinary user to navigate.

    “On password complexity, we had a lot of customers pushing back,” Agate said. “We try to find the best balance.”

    Cicalo said he understood the user-friendly vs. security debate, but said he was pleased Namaste, which says it has more than 30 websites in more than 20 countries under various brands, had finally fixed a “major vulnerability.”

    Colin Perkel, The Canadian Press

    If you like this, share it!


    MPs continue voting marathon as Tories protest shutdown of Wilson-Raybould motion



    If you like this, share it!

  • OTTAWA — Members of Parliament are continuing their marathon voting session as opposition parties protest the Trudeau government’s efforts to shut down any further investigation into the SNC-Lavalin affair.

    The Liberal majority shot down a Conservative motion calling on Prime Minister Justin Trudeau to let former attorney general Jody Wilson-Raybould testify more fully about her allegation that she was improperly pressured to drop a criminal prosecution of the Montreal-based engineering giant.

    The motion was defeated by a vote of 161-134.

    That set the stage for a Conservative-sponsored filibuster Wednesday night, requiring 257 separate votes on items in the government’s spending estimates.

    Former Treasury Board president Jane Philpott is adding more fuel to the fire in an interview with Maclean’s magazine.

    She says in the interview that there’s “much more to the story that should be told.”

    Philpott resigned from cabinet over the government’s handling of the SNC-Lavalin controversy earlier this month.

    Since any vote involving government spending is automatically considered a confidence vote, Liberals were required to be out in force to avoid potential defeat of the government.

    The voting could theoretically last 36 hours, but the Conservatives have only to keep it going until just after 10 a.m. today to scrub the remainder of the parliamentary day.


    The Canadian Press

    If you like this, share it!
    Continue Reading


    ‘It has to send a message:’ Broncos families await sentencing for truck driver



    If you like this, share it!

  • Kevin Matechuk says he will never, never forgive the semi driver who caused the deadly Humboldt Broncos bus crash.

    Matechuk’s 19-year-old son Layne of Colonsay, Sask., is still coping with a brain injury he suffered in the collision last April. The young man’s recovery is expected to be a long one.

    The trucker who blew through a stop sign and caused the crash, Jaskirat Singh Sidhu of Calgary, is to be sentenced in Melfort, Sask., on Friday.

    “I know he purposely didn’t go out to kill all those people but he did … run that stop sign,” Matechuk said recently from the family’s temporary home in Saskatoon.

    “It was his fault.”

    Sixteen people were killed and 13 were injured when the transport truck drove into the path of the junior hockey team’s bus at a rural Saskatchewan intersection.

    Court heard that Sidhu went by four signs warning about the upcoming intersection before he came up to an oversized stop sign with a flashing light. His lawyer told court Sidhu was an inexperienced driver distracted by a flapping tarp on the back of his load.

    Sidhu, 30, pleaded guilty to 29 counts of dangerous driving and apologized in court. The Crown has asked that he serve 10 years in prison. The defence did not propose a specific sentence but said other cases point to between 1 1/2 to 4 1/2 years.

    Family members submitted 90 victim impact statements during an emotional sentencing hearing in January. Some said they forgive Sidhu, while others said they are too angry.

    “It’s funny how the wide range of different people feel and everyone’s entitled to their own opinion,” said Matechuk.

    Melanie Smith of Leduc, Alta., whose 20-year-old son Tyler was also injured, said she’ll be glad to have the court case over with.

    “We’re content about how it turned out with him pleading guilty to all 29 counts and the emotion he showed,” she said.

    “We don’t really have any thoughts either way on what he ends up getting sentenced. The problem is you either have to forgive or you somehow have to get past whose fault it was. It was his fault. And as a family we’re content.”

    Former NHL player Chris Joseph of St. Albert, Alta., lost his 20-year-old son Jaxon in the crash.

    He said forgiveness won’t bring his son back. And he’s going to be disappointed in whatever sentence Sidhu gets.

    “I don’t know if there’s any number that would make me happy,” he said.

    “He did the crime. He needs to do the time. And we would like the legal system to show that it doesn’t matter that you feel bad. It’s nice that you feel bad. It doesn’t matter though.”

    Michelle Straschnitzki’s 19-year-old son, Ryan, from Airdrie, Alta., was paralyzed from the chest down. She said she has days when she would like to think forgiveness is possible.

    But her anger overwhelms those feelings.

    “There are days that it’s no — no matter what. Nothing’s going to be OK again and 16 people are gone and the lives of 13 children are still in flux.”

    She wants the judge to give Sidhu a harsh sentence.

    “It has to be more than a slap on the wrist. It has to send a message,” she said.

    “Unfortunately it won’t really change anything, but it has to make a difference and change people’s minds.”

    — Follow @BillGraveland on Twitter

    Bill Graveland, The Canadian Press

    If you like this, share it!
    Continue Reading

    march, 2019

    fri8mar - 30aprmar 85:30 pmapr 30Real Estate Dinner Theatre5:30 pm - (april 30) 10:00 pm

    sat23mar10:00 am- 4:00 pmLet Them Be Little Market10:00 am - 4:00 pm

    sat23mar1:00 pm- 4:00 pmMAGSaturday @ the MuseumMAGnificent Saturdays welcomes all ages and abilities to participate in a fun art project every week! 1:00 pm - 4:00 pm

    sat23mar8:00 pm- 10:30 pmA Night at the Movies8:00 pm - 10:30 pm

    sat23mar8:00 pm- 8:00 pmA Night at the Movies8:00 pm - 8:00 pm

    sat30mar - 31mar 3010:00 ammar 319th Annual Central Alberta Family Expo10:00 am - 5:00 pm (31)

    sat30mar1:00 pm- 4:00 pmMAGSaturday @ the MuseumMAGnificent Saturdays welcomes all ages and abilities to participate in a fun art project every week! 1:00 pm - 4:00 pm