Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 957,434 records. The database belongs to an Ohio-based organization that helps individuals obtain physician‑certified medical marijuana cards. The database held PII, drivers licenses, medical records, documents containing SSNs, and other internal potentially sensitive information.
Anyways, there are a LOT of little fly by night outfits that "help" you get a medical card in many states. It's a joke, and all it does is empower the same type of person who used to be a pill doctor to rent seek, and it's not at all a surprise one had poor data practices.
Those same people are the ones contracting out these systems with local governments.
What a terrible leak - med records and marijuana use, especially in some circles - could be very useful blackmail material. :/
[0] https://www.hhs.gov/hipaa/for-professionals/covered-entities...
If the dots are connected they will lose their jobs. Full stop.
(new account online, new coinbase account online, stuff new account with cash, transfer to coinbase, transfer onchain, swap to monero, wait, access all with new mac address, new wifi, new browser session, or Tor if the services allow)
daily reminder that KYC is a joke, the institutions and enforcement agencies that think it works, don’t know when its not working as long as a real id and ssn and address is used
This isn't meant to be a gotcha or a takedown, as I appreciate that you're one of the few HN users knowledgeable about crypto who isn't a shill or dismissive of crypto out of hand.
For those who aren't familiar with this industry, there are folks whose job it is to solve these problems with KYC being less effective than it ought to be. Many work in industry as devs, and many do the same as part of the Department of Justice or an affiliated agency or approved third party contractor. There are relevant working groups that bring all relevant parties together for operations. I don't want to assume that you don't know this, but you should not make it out like crime is easy, or that it pays. That said, government salaries are criminally low across the board. I can only assume the private sector of this niche pays better, as it can't very well pay much less than the public sector. Why this is the case is absurd, as it is mostly to do with pay scales and levels, and the near-impossibility of paying workers more, even when it's ready money that is already allocated.
the baked xmr funds are once again swapped into virgin addresses that all buy your memecoin, with your clean funds you sell your position into the liquidity pool of the pumped coin
it looks the same as any other launch. are they bots, are they retail degens? who knows, pay capital gains tax and move on.
you can modify this by having the virgin addresses with dirty funds launch and pump the coin too, as long as your clean address buys near the beginning and sells into liquidity
this can all be scripted and done with unlimited amounts, a “bundler” can manage many virgin addresses with a nice GUI now, specifically to be multiple buyers and sellers of a launch
you can unlink your clean funds in less (or equally) restrictive ways for other reasons and privacy, but its clean enough to pay taxes on and be free and clear
I think I wasn't clear, I wanted to know which database system people were using (i.e. Postgres, Mongo, etc). You can't even run Postgres in a container without a password these days, how could someone do a whole production deployment without a password.
And that should be treated as a massive liability, where one breach wipes out your company with lawsuits. And the wronged parties can go after the assets of executives and maybe even investors, due to willful criminal negligence.
If there's any justice, the "greed is good" techbro industry will finally be told that the sociopathic combination of systemic surveillance/stalking and gross indifference about even basic security is over.