Archive for September, 2008

new Massachusetts personal info requirements

Thursday, September 25th, 2008

Networks Unlimited just sent out a note (thanks!) about the Mass Office of Consumer Affairs’ new
Standards for The Protection of Personal Information of Residents of the Commonwealth, aka 201 CMR 17.00: M.G.L. c. 93H. It outlines the responsibilities of anyone who gathers personal information on Mass residents. At a glance, they look pretty reasonable. From the intro:

Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information.

It’ll be interesting to sit down with this & see how our policies & procedures match up.

Posted in Massachusetts, Tech Stuff | Comments Off

Whoops — my rails app was open to a common vulnerability

Tuesday, September 23rd, 2008

Thanks to Hacker News for bringing this common problem with Rails apps to my attention. Nobody seems to have taken advantage of it on my app, but still, it’s a drag having insecure applications, and a little disappointing that there aren’t more heads-up about this, or a more secure default as Merb apparently has.

Posted in Code | Comments Off