月別アーカイブ: 2018年4月

A Japanese Health Insurance Society Web Site Kosmo Communication Web Vulnerable to POODLE

Every Japanese company has its own health insurance society for employees and some IT vendors provide cloud services that naturally contains employee’s sensitive personal information, such as when you are prescribed medicine in which pharmacy.

One of such self service health insurance web portals is still vulnerable to POODLE attack found four years ago. The web portal, called Kosmo Communication Web, is provided by Daiwa Institute of Research Business Innovation, affiliate of Daiwa Securities.

Why I found this web site is vulnerable? That’s because I’m a user of this sevice. I’m working for the company, listed on Tokyo Stock Exchange first section, which is using this cloud service.

The English promotion page of Kosmo Communication Web doesn’t provide useful information while Japaneses page says more than four hundreds Japanese companies uses this cloud service to manage their employees medical history.

When you search the keywords “Kosmo web”, you will find several Japanese large companies use this cloud sevice.

This service doesn’t provide option of two factor authentication for employees to protect their sensitive data. However, the data processor Daiwa Institute of Research Business Innovation is certified with ISO27001 and provides several services concerning securities, banking and asset management.

My company doesn’t allow employees to stop processing their sensitive data on this service and didn’t request employees consents before implementing this cloud service.

This is one example of processing personal sensitive data in Japanese large companies.

When Your Android Phone App Doesn’t Work, Just Install GApps Again

If you unlock your Android phone and install custom ROM and some basic Google apps don’t work properly, just reinstall GApps in recovery mode.

The Open GApps Project

In my case Google standard phone app can make a call but cannot hang up because the calling mode screen doesn’t appear, so the only choice is restarting phone. In addition, it cannot answer any call because the screen doesn’t switch to answering mode.

So I reboot to TWRP recovery, wipe nothing and just reinstall GApps stock version. After rebooting, everything OK. No need to set up Google account or other Android settings.