Paper problems

A timely reminder that good information security practices don’t necessarily have anything to do with computers:

The health insurer Aetna is facing criticism for revealing the HIV status of potentially thousands of customers after it sent out a mailer in which information about ordering prescription HIV drugs was clearly visible through the envelope’s clear window.

For example, in a letter sent to a customer in Brooklyn, the window revealed considerably more than the address. It also showed the beginning of a letter advising the customer about options “when filing prescriptions for HIV Medic … .”

It’s funny; usually those envelope letter windows are considered best practice because it lowers the risk of address/letter screw ups. In this case, though.. Database Made Public

Troy Hunt, the guy that runs the extremely useful, has released his working password database in the form of SHA-1 hashes.

What this is: an extremely useful tool for people working in security as they can hash passwords in use and see if it’s in this existing list, and thus, probably in a dictionary file somewhere and vulnerable to a dictionary attack.

What this is not: a usable password list useful for crackers, because everything is in SHA-1 hash form.

Troy deserves all the credit in the world for doing a public service for free, and props to Cloudflare for offering to host a 6GB file (also for free).