Thousands of medical injury claim records exposed by ad agency

An internet advertising company specializing in helping law firms sign up potential clients has exposed close to 150,000 records from a database that was left unsecured.

The database contained submissions as part of a lead-generation effort by X Social Media, a Florida-based ad firm that largely uses Facebook to advertise various campaigns for its law firm customers. Law firms pay the ad company to set up individual websites that aim to sign up victims from specific categories of harm and injuries — from medical implants, malpractice, sexual abuse and more — who submit their information in the hope of receiving legal relief.

But the database was left unprotected and without a password, allowing anyone to look inside.

Security researchers Noam Rotem and Ran Locar found the database and reported it to the company, which pulled the database offline. The researchers also shared their discovery exclusively with TechCrunch and posted their findings on vpnMentor.

The database contained names, addresses, phone numbers, the date and time of a person’s submission and the circumstances and explanation of their accident, injury or illness. Often this included personal health information, sensitive medical information, details of procedures or the consumption of certain medications or specifics of traumatic events.

Several records seen by TechCrunch include records from campaigns targeting combat veterans who were injured on duty. Other campaigns sought to sign up those who suffered illnesses from pesticides or medications.

Other campaigns included soliciting claims for sexual abuse. We found several names, postal and email addresses and phone numbers of victims, many of which also described their sexual abuse as part of filling out the website form.

One of the records in the database. (Image: supplied)

The researchers said the exposed data could be “easily traced” back to the individuals who filled out the website forms.… Read the rest

UK government invests $194M to commercialize quantum computing

The UK government today announced a £153 million investment into efforts to commercialize quantum computing. That’s about $193 million and with additional commitments from numerous industry players, that number goes up to over $440 million. With this, the UK’s National Quantum Technologies Programme has now passed £1 billion (or about $1.27 billion) in investments since its inception in 2014.

In the US, president Trump last year signed into law a $1.2 billion investment into quantum computing and the European Union, which the UK is infamously trying to leave, also launched a similarly-sized plan. Indeed, it’s hard not to look at this announcement in the context of Brexit, which would cut the UK off from these European efforts, though it’s worth noting that the UK obviously has a long history of fundamental computer science research, something that is surely also motivating these efforts.

“This milestone shows that Quantum is no longer an experimental science for the UK,” UK Science Minister Chris Skidmore said in today’s announcement. “Investment by government and businesses is paying off, as we become one of the world’s leading nations for quantum science and technologies. Now industry is turning what was once a futuristic pipedream into life-changing products.”

Specifically, the UK program is looking into research that can grow its local quantum industry. To do so, the £153 million Industrial Strategy Challenge Fund will invest in new products and innovations through research and development competitions, but also into industry-led projects. It will also function as an investment accelerator, with the hope of encouraging venture capitalist to invest in early-stage, spin-out and startup quantum companies.

“It’s not just about creating the environment for quantum technologies to flourish. We are investing across a broad range of technologies – computing, sensing, imaging and communications –- and in the lifetime of … Read the rest

Apollo raises $22M for its GraphQL platform

Apollo, a San Francisco-based startup that provides a number of developer and operator tools and services around the GraphQL query language, today announced that it has raised a $22 million growth funding round co-led by Andreessen Horowitz and Matrix Partners. Existing investors Trinity Ventures and Webb Investment Network also participated in this round.

Today, Apollo is probably the biggest player in the GraphQL ecosystem. At its core, the company’s services allow businesses to use the Facebook -incubated GraphQL technology to shield their developers from the patchwork of legacy APIs and databases as they look to modernize their technology stacks. The team argues that while REST APIs that talked directly to other services and databases still made sense a few years ago, it doesn’t anymore now that the number of API endpoints keeps increasing rapidly.

Apollo replaces this with what it calls the Data Graph. “There is basically a missing piece where we think about how people build apps today, which is the piece that connects the billions of devices out there,” Apollo co-founder and CEO Geoff Schmidt told me. “You probably don’t just have one app anymore, you probably have three, for the web, iOS and Android . Or maybe six. And if you’re a two-sided marketplace you’ve got one for buyers, one for sellers and another for your ops team.”

Managing the interfaces between all of these apps quickly becomes complicated and means you have to write a lot of custom code for every new feature. The promise of the Data Graph is that developers can use GraphQL to query the data in the graph and move on, all without having to write the boilerplate code that typically slows them down. At the same time, the ops teams can use the Graph to enforce access policies and … Read the rest

Apple joins the open-source Cloud Native Computing Foundation

The Cloud Native Computing Foundation (CNCF), the home of open-source projects like Kubernetes, today announced that Apple is joining as a top-level Platinum End User Member. With this, Apple is joining 89 existing CNCF end-user members like Adidas, Atlassian, Box, GitHub, The New York Times, Reddit, Spotify and Walmart.

Apple, in typical fashion, isn’t commenting on the announcement, but the CNCF notes that end-user memberships are meant for organizations that are “heavy users of open source cloud native technologies” and that are looking to give back to the community. By becoming a CNCF end-user member, companies also join the Linux Foundation .

As part of its membership, Apple also gets a seat on the CNCF’s Governing Board. Tomer Doron, a senior engineering manager at Apple, will take this seat.

“Having a company with the experience and scale of Apple as an end-user member is a huge testament to the vitality of cloud native computing for the future of infrastructure and application development,” said Chris Aniszczyk, CTO of the Cloud Native Computing Foundation. “We’re thrilled to have the support of Apple, and look forward to the future contributions to the broader cloud-native project community.”

While you may not necessarily think of Apple as a major open-source company, the company has open- sourced everything from the XNU kernel that’s part of the Darwin operating system to its Swift programming language. The company has not typically participated all that much in the open-source cloud infrastructure community, though, but today’s move may signal that this is changing. Apple obviously runs its own data centers, so chances are it is indeed a heavy user of open-source infrastructure projects, though the company doesn’t typically talk about these.

Source link Read the rest

Why identity startup Auth0’s founder still codes: It makes him a better boss

If you ask Eugenio Pace to describe himself, “engineer” would be fairly high on the list.

“Being a CEO is pretty busy,” he told TechCrunch in a call last week. “But I’m an engineer in my heart — I am a problem solver,” he said.

Pace, an Argentinan immigrant to the U.S., founded identity management company Auth0 in 2013 after more than a decade at Microsoft. Auth0, pronounced “auth-zero,” has been described as like Stripe for payments or Twilio for messaging. App developers can add a few lines of code and it immediately gives their users access to the company’s identity management service.

That means the user can securely log in to the app without building a homebrew username and password system that’s invariably going to break. Any enterprise paying for Auth0 can also use its service to securely logon to the company’s internal network.

“Nobody cares about authentication, but everybody needs it,” he said.

Pace said Auth0 works to answer two simple questions. “Who are you, and what can you do?” he said.

“Those two questions are the same regardless of the device, the app, or whether if I’m an employee of somebody or if I am an individual using an app, or if I am using a device where there’s no human attached to it,” he said.

Whoever the users are, the app needs to know if the person using the app or service is allowed to, and what level of access or functionality they can get. “Can you transfer these funds?,” he said. “Can you approve these expense reports? Can you open the door of my house?” he explained.

Pace left Microsoft in 2012 and founded Auth0 during the emergence of Azure, which transformed Microsoft from a software giant into a cloud company. It was at Microsoft … Read the rest