The Apple iPhone unlock story is getting all the press , overshadowing another important story:
Hollywood Presbyterian Medical Center, a hospital in Los Angeles, is the victim of what officials describe as an ongoing cyberattack. A hospital spokesperson told Ars in a prepared statement that “patient care has not been affected” by the intrusion. And an executive of the hospital told reporters that the attack was “random” and not targeted at patient records.
However, local news organizations have reported that some emergency patients were diverted to other hospitals—and that some of the hospital’s systems have been locked down by ransomware. The hospital has reverted to paper patient registration and medical records, according to NBC 4 in Los Angeles, and the hospital’s network has been shut down for over a week.
Ransomware is an attack where hackers who have infiltrated computer systems and encrypted files provide the decryption key for a price. In the case of Hollywood Presbyterian, the price was 40 bitcoin, which is about $17K.
The scary thing about these kinds of attacks is that hospitals, the power grid, and other high-value, high-impact targets can be attached by offshore hackers whether or not our border security is airtight. But instead of talking about this, the current yahoos in the Republican race focus on physical attacks, which are both difficult to launch and pretty rare.
By the way, the latest Apple news is that there was a way to get data off the phone, but the FBI or someone else on the case screwed up.
A Ghost To Most
price was 40 bitcoin, not 4
Emma
By the way, the latest Apple news is that there was a way to get data off the phone, but the FBI or someone else on the case screwed up
Why am I not surprised?
Schlemazel (parmesan rancor)
They are being a little less than truthful when they say patient care has not been affected. They have had to go to all paper records & note keeping and in addition to diverting some patients have delayed some procedures. Those are just things that they have admitted, having been through similar things with clients I bet you there is a great deal of pain they are not admitting to.
Schlemazel (parmesan rancor)
@A Ghost To Most:
not bad though since the original ransom demanded was 3000 bitcoins. We really do need a nation-wide effort on IT security. There is more than enough brain power what we lack most is the will power and a unified movement. It is painfully cliche but a ‘moon shot’ effort would go a long way to ending about 99% of this crap.
Doctor Science
I don’t understand why the hospital wasn’t able to immediately (next day) go to a backup. Shouldn’t they have several sets, created at least daily?
mistermix
@A Ghost To Most: Thanks
@Doctor Science: Lax security and lax backups go together like a horse and carriage.
Alex
It was a county IT employee, trying to use the tools available to them to reset the password on their company owned phone. So they reset the password on the Apple ID which was associated with the company’s email address.
PhoenixRising
@Alex: probably trying to lock down county data from the media, who were at that moment trooping through the killers’ home at will. Doxxed the MIL. Not inherently stupid to use the override to protect the data. Just…that data is protected.
rikyrah
Biden says Democrats are making “a big mistake” by campaigning on the idea that the country could be doing better.
Napoleon
We had this happen at work 3 or 4 months ago. Me and someone else were in the office real early (a law firm) and we both started having issues with access so called the off site IT guy to solve the problem and he managed to block the program in mid encryption. It took a couple of days to replace the effected files from backup, but we didn’t need to pay the ransom.
MattF
Note that a ransomware exploit would be much tougher and much less safe for the exploiters if it wasn’t for the cryptographically protected and decentralized bitcoin blockchain. Managers of critical institutions like hospitals and electrical power infrastructure need to understand that crypto is not necessarily benign and that it’s already very much out there.
Tracy Ratcliff
@Doctor Science: I’ve only seen this sort of thing on a home-user’s machine, but on that sort of system the malware encrypts everything on every hard disk or network share that the computer has permissions on, including backup sets. Then if the computer has some sort of Internet backup, the backup software just sees the files have been modified, and helpfully overwrites the good files with encrypted ones. Then the user is down to what files were back up on drives not connected to the computer when the malware hit, for most users, “none.”
Tripod
Restore from backup is how competent IT shops are dealing with cryptolockers. That they didn’t have a good backup is pretty damning.
There has been a rapid ramp up of IT use in healthcare, and many providers are still run the old school way where IT was phones and the billing system. Some clueless “Director” could mostly keep things afloat.
Contrary to Mayhew’s hookers and blow schtick, a lot of the consolidation in the industry is being driven by IT spend. The EMR requirements, and networking of imaging devices, are capital intensive and require seriously skilled IT staffs.
MattF
@Tracy Ratcliff: Which is why my main backup disk is turned off after I make a complete backup. People managing networked backups have a significantly harder problem than home users.
Ultraviolet Thunder
A hilarious episode in Charles Stross’s book Rule 34 has hackers take over a victim’s 3D printer. They cause it to make nothing but multicolored dicks with a URL on them until he pays the ransom.
There’s also a ransomware subplot in Neal Stephenson’s book Reamde.
Gex
@Schlemazel (parmesan rancor): Wouldn’t it be nice if our national security apparatus were more concerned with securing our IT from attackers than with making sure it was faulty so they can spy on us?
Brachiator
@Schlemazel (parmesan rancor):
The 99% figure is probably too high.
Much of this hacking occurs because people are lazy and stupid, and create vulnerabilities because security would be inconvenient.
We are also finding out that businesses are vulnerable because they often just do not think in terms of tight cyber security, and hire weasels who do not really know what they are doing. The attacks against Target and other merchandisers and banks succeeded because, oddly enough, many people have learned to take basic steps to make their smartphones and computers more secure (and more security is built into smartphones). Bad guys go where the picking is easier.
Also, I think I heard that Hollywood Presbyterian was not a specific target. Either way, what adds to the complexity and potential tragedy here is that the hackers did not give a rat’s ass that patients might be endangered.
There are some people in the tech community who look at hackers as neutral, and do not separate those who are malicious from those who claim that they hack just to see if they can.
rikyrah
From DON over at TOD:
rikyrah
Wisconsin blocks federal funds from reaching Planned Parenthood
(Reuters) – Wisconsin Republican Governor Scott Walker signed two bills into law on Thursday that block federal funding from Planned Parenthood and could cost the local organization millions of dollars.
Planned Parenthood of Wisconsin could lose about $7.5 million a year because of the measures, an organization spokeswoman said.
One of the new Wisconsin rules requires the state to apply for federal “Title X” family planning grant money and to give those monies to “less controversial public entities” such as state, county and local health departments and clinics, a statement from Walker’s office said.
Planned Parenthood is currently the only entity in Wisconsin receiving this federal money and the funds will not be sent to the organization, the statement said…
Planned Parenthood of Wisconsin could lose roughly $4 million a year as a result of this measure, depending on patient volume and the type of birth control patients choose, organization spokeswoman Iris Riis said.
The legislation singles out Planned Parenthood and is an attempt to stop the organization from providing essential healthcare, the group said.
…Planned Parenthood of Wisconsin has 22 health centers in the state, three of which offer abortion services, according to its website.
Earlier this month, Ohio legislators approved a bill blocking state and federal funds for groups that perform or promote abortions, which cut $1.3 million annually used by Planned Parenthood clinics for HIV testing, pre-natal care and other programs…
randy khan
@Tracy Ratcliff:
And this is one of the reasons I have two physical backups for both computers in our house, only one of which is attached at any given time. (The other reason is that the second backup is kept at my office so that we can recover our data if something really bad happens to our house or if thieves come in and clean out all of the electronics.)
These days, it’s really cheap, too – I just bought a new backup drive for something like $80.
different-church-lady
Well, that’s what Big Hospital™ gets for running Windows and answering the phone from callers they don’t recognize.
[nods]
WereBear
I had to hire a security firm to keep my cat site protected. The domain would get hijacked and users told it was a malware site.
The first time it happened my host company was incompetent about it so I just fired them and put my backup on the new hosting company servers. Got a company to protect it the second time, and I’ve been okay since.
Just another expense I didn’t expect. But it is incumbent on me to do what I can. I am shocked hospitals are so slipshod about it. There’s certainly enough talent and ability out there to make things run right.
But they don’t want to pay for it. They don’t want to spend money on someone having a job.
Now that is what is sick.
different-church-lady
@rikyrah: It’s sad seeing Sanders talk in language that makes it sound like black voters are less legitimate.
It’s also sad to see Clinton’s camp talk as though black votes are the ones that will really matter in the end. Just not as sad as the first thing.
(Apologizes for enabling the hijacking of the thread)
rikyrah
Just dust in my eyes.
This photo of Obama and a little visitor at a Black History Month celebration is remarkable
By Janell Ross
February 20 at 8:00 AM
For 3-year-old Clark Reynolds, Thursday began like most others.
Morning preparations gave way to hours at school and then a visit to his mother’s office to change into a suit and tie. Clark’s mother, Nichole Francis Reynolds is a former congressional staffer who now works in the private sector. Friends had secured an invitation for Reynolds and her son to the White House’s Black History Month celebration, the final gathering of its kind while the first black president remains in office. But Francis Reynolds had only told Clark that he had earned a special treat. He is, after all, only 3.
What Clark does know is the president’s name, his face when he sees Obama on TV and the sound of President Obama’s voice when it comes through the satellite radio in his dad’s car. Then, there’s Clark favorite book, the one that Clark almost always picks when it’s reading time. Clark has been through the “The White House Pop-Up Book” by Chuck Fischer so many times that, almost as soon as Clark and his mother walked onto the White House grounds Thursday, Clark knew where they were.
He was excited. And once inside, he was in open awe. This, as Clark put it, is where the president lives. He met Rep. John Lewis (D-Ga.). Someone snapped a photo of Clark and the First Lady. Somehow, Clark made his way to the front of the a rope line as President Obama worked his way across the room. Then, Obama noticed Clark too, touched Clark’s cheek and bent down to exchange words while he straightened Clark’s tie.
different-church-lady
@WereBear:
The problem is there’s also enough hackery and incompetence out there to make finding the talent and ability a difficult proposition.
My catch phase is, “Remember: IT is the first and last letters in IDIOT.”
Gin & Tonic
@MattF: The old saw: “good backup is cheap, it’s lousy backup that’s expensive.”
Multiple generations of backup, on multiple media, on- and off-site. That’s the only way to fly.
different-church-lady
@Gin & Tonic:
If I wrote for the Onion:
NSA TO BUILD DUPLICATE OF MULTI-BILLION DOLLAR UTAH DATA-HOARDING WAREHOUSE
? Martin
Other reporting states that Apple identified 4 possible ways to retrieve the data for the FBI without requiring creating a backdoor and all 4 failed. I find that remarkable. Apple worked with the FBI quietly until such point that the FBI demanded of a judge the very thing that the FBI has been publicly asking Congress to mandate, at which point they made this public, going so far as to call this a marketing stunt by Apple.
I’m not normally one to ascribe malicious motives to our government but that is entirely too coincidental. Apple engineers are not hacks. They are among the best in industry and I find it very hard to believe that they fucked up 4 approaches to getting the FBIs data. And contrary to the reporting, Apple didn’t unlock 70 other phones for the FBI, but they did employ one of these other techniques to 70 other phones to successfully retrieve data for the FBI.
Schlemazel (parmesan rancor)
@Doctor Science:
The problem is that if they don’t know how they got pwned they could simply end up having the restored systems encrypted and a pissed off kidnapper still inside their network now willing to torch the place
Brachiator
@randy khan:
And I guess that having a backup in the cloud or something similar is recommended for critical data and programs.
A tax preparer I know had a backup at home to augment the drive at his office. But both were damaged in a rainstorm and flood that went through his town. But he was able to buy a new computer and pull down a backup from a cloud service and get back to work with minimal loss of time.
a hip hop artist from Idaho (fka Bella Q)
@rikyrah: My eyes have a little leak it seems. I can’t get to the photo because WaPo has a paywall. But what a wonderful story. Thanks for showing us.
I found the image on teh google!
ruemara
@different-church-lady: except that black turnout is what has mattered. Black female voting has kept the Dems fighting.
And she’s hardly been taking about the black vote as all that matters, she’s just the only one running who’s saying it matters as much as the others.
Failure to backup is so consistent, it’s why I use network backups at home. I love my little redundant nas.
Sitting here waiting to buy SDCC tix. Freaking out, quietly. Not drinking, cos I don’t want to have to go to the loo.
Glaukopis
@ruemara: I know. Preview night just sold out.
Schlemazel (parmesan rancor)
True story of IT security from a previous engagement.
We discovered a compromised system communicating with an external system, sending encrypted messages. Since it was a virtual machine we could simply make a copy of it and run that copy in a controlled environment. We figured out what files were infected and cleaned up. After a few hours the system rebuilt access for our attacker using a differnt set of system files. We cleaned that up and watched while it did it again using an entirely different set of system files. Each compromise was different and used different communication avenues.
This particular attack was the work of a government but the process is not unusual. The first thing I want to do once I am inside is to make sure I can come back when i want even if they do find me the first time.
rk
@Brachiator:
They hire people who don’t know what they’re doing because they don’t want to pay highly competent people. Business model these days is get your work done as cheaply as possible. Doesn’t work like that for things that matter. You need experienced competent people and you need to pay them well. It’s pretty much pennywise pound foolish.
FlyingToaster
I’m geniunely surprised that the hospital doesn’t have a) a big-ass firewall and b) 7-day rotating tape backups of every damn thing. Granted that living next to MIT and down the road from EMC means that MassGeneral and Brigham’s do this automatically, but even the little hospitals around here have “hourly-to-drive, daily-to-tape” backup routines*.
But if the target wasn’t specifically the hospital, it has to be some vuln in a essential piece of software, rather than a social-engineering or man-in-the-middle attack. Which Hollywood Presbyterian should be shouting to the rooftops about.
* I know people who work in IT at [redacted] and [redacted] hospitals and one of EMC’s salesmen and a staffer at one of the secure offsite storage facilities on 495. It became best-practice with the influx of new patients after Romneycare started. EMC made a fucking mint.
gwangung
@ruemara: I think it’s telling Sanders still has this problem with the black community, a segment that would normally be all over progressive programs. In contrast, I think Obams worked pretty quickly to mend fences and reach out.
I have two off site back ups to go along with my at-home backup. Not sure about a cloud based service, but I think about it.
gwangung
@rk: Reoublican policies in a nutshell.
different-church-lady
@gwangung: Actually, Republican policies are to spend as much money as possible on incompetent people, as long as those people are their friends.
Shakezula
I actually think this is an improvement on the more common scenario which involves people taking the information for resale on the black market. That sort of thing can go undetected for months.
Feathers
@different-church-lady: A large part of the problem is the degree to which far too many people are actually a bit proud that they don’t understand math and science. That it proves they are a creative, intuitive person.
Math and science teaching need to be completely rethought, especially at the university level. Having an intro class in each discipline which is essentially designed to weed out students who won’t be able to hack it in the major (AKA potential PhD students) doesn’t meet the needs of the educated people of the US.
This is what allows the grifters and fakers of the IT world to take hold.
Brachiator
@rk:
It’s not just a matter of not being willing to pay highly competent people. It’s hard to separate the competent from the charlatans.
A company I do business with pays a good chunk of money to an IT group that doesn’t understand the needs of its customers and has boilerplate solutions to everything. In some ways they have become more vulnerable to cyber attacks.
Glaukopis
Yay. Got comic con tickets!
Joel
1) Where are these attacks originating, typically?
2) Is there any way to arrest and/or punish these hackers?
3) Are enemy/frenemy states sponsoring this kind of stuff?
? Martin
@MattF: I would strongly recommend two backups. One being a local continuous backup, like Apple’s TimeMachine or the equivalent for Windows. These are basically one-time costs, with replacements every 5-10 years. We have a small NAS in our house that all of our computers continuously back up to.
The second should be a cloud-based backup like BackBlaze. Cloud backups encrypt locally and good ones like BackBlaze have the capacity for retrieving files via web browser in the event you have no physical access to one of your machines. This is a bit more expensive – $4/mo per computer but protects you against more local problems – theft, fire, etc.
Far more important for people to do first, though is to get your passwords in order. Get 1Password, get all of your passwords, bank account info, SS#s, security questions and all that jazz in there. Find weak and duplicate passwords that 1Password can manage and change them to nice 30 character secure passwords. For the ones that 1Password can’t manage (like the password into 1Password) come up with a secure one that you will remember. I use a lyric from a song that would have punctuation a number, capitalization, etc.
Use it religiously, sync it with your phone, etc. Sync it through a reliable cloud service like Dropbox.
One of the benefits of this setup is that in a disaster, if you’ve lost everything, you can work your way to some family members house or whatever, use any old computer, and get access to all of your accounts, all of your backups. If you set it up properly, you can leave your master password with your next of kin so they can unwind your life if anything happens to you.
I do this with my dad, who is single but travels a lot. Everything important in his life is in there. Everything from his passport information, the medications he’s taken, his financial information, the names of the people he would want me to contact if anything happens to him. Should that happen, I can pay his bills, inform his friends, provide information to a hospital, etc. and it’s all accessible from my phone wherever I may be. $5/mo for a family of 5.
Security is there for the people with the money to do these services, but you need to take advantage of them. It takes a bit of time to set up and develop the habits, but it really does give some peace of mind. We’ve never had an account hacked or information stolen.
Starfish
There was also some school attacked by ransomware that paid $8500 to get their stuff back. Horry County in South Carolina.
ruemara
@Glaukopis: so jealous. Still in waiting room. Been here since 7:30.
RSA
@Brachiator:
At least, that’s my view. Another part of it, as you mention later, is on the IT side (e.g., with ridiculously complex password requirements). Not to mention attitude issues: Is there any other service profession that holds its customer base in such contempt as IT does with non-technical computer users?
different-church-lady
@Feathers: Our society needs left-brainers and right-brainers, in roughly equal amounts. It would be nice if (a) our society would recognize this simple fact and (b) the various-brainers could keep which thing they’re good at straight.
But the problem I cited is not a result of right-brainers, or right-brainers trying to do left-brain jobs. It’s a result of left-brainers who are simply bad at what they do, yet convince others they know what they’re doing because they appear left-brainy.
I'mNotSureWhoIWantToBeYet
@RSA: Um, banking?
Go see “The Big Short” if you haven’t already. ;-)
Cheers,
Scott.
? Martin
@Brachiator:
It’s also difficult to overcome cultural obstacles within enterprises. Good security requires retraining all of the staff, getting them to change their habits, and enforcing when those habits aren’t followed. Companies need to back that effort up, and most don’t.
As an example, I have a family member that was CIO for a large health insurer. They had a policy of no personal photos, etc. going through work accounts. When one of the senior VPs broke that policy, my relative insisted they frog march him out of the building the same way as if it were a clerk doing it. A lot of companies wouldn’t do that, and once you start making ‘practical exceptions’ to your security policies, you might as well not have them at all and the quality of your security team become pointless.
RSA
@I’mNotSureWhoIWantToBeYet: Oh, good one. I’d only thought about doctors and lawyers and such.
? Martin
@RSA:
Use a good password utility like 1Password, and that will go away. My credit union thankfully has a mobile app that uses TouchID, so I can just use my fingerprint on my iPhone and iPad.
Starfish
@? Martin: Isn’t LastPass getting hacked all the time?
ruemara
Dammit. fucking SDCC.
MattF
@? Martin: As a matter of fact, I have Time Machine working on a nice big desktop hard disk (in addiiton to a second bootable backup drive), so there’s that. Unfortunately, securing my financial accounts is not so easy– I have financial software that retrieves information from my various accounts into a single ledger– but setting that up requires using a fixed, saved password for each account. The different accounts all have different ‘not too bad’ passwords, but it’s not optimal. I wish I could get 1password to work with the financial software, but I’ve got no idea how to do that.
RSA
@? Martin:
Sure. My complaint isn’t for myself (I’m technically competent in the areas I work in) but with some IT organizations.
Botsplainer, Cryptofascist Tool of the Oppressor Class
Could be that critical system (internal patient records and continuous monitoring) need to be on an intranet and physically not connected to the Web. HR functions and utility systems need to be the same.
Some things really don’t require integration with the web.
Making it easy for all your employees to bid on eBay, shop on Amazon, pay their bills and check their Facebook is not really an employer requirement.
Keith P.
@Doctor Science: Pretty amazing that ransomware is a thing in 2016 (for businesses, at least), given how long backup tech has been around. Even though it is probably not legal for a hospital to store that data in the cloud, older on-premises, or even legal off-premises backup is pretty ubiquitious.
My previous employer got hit by ransomware (for some reason, they stored all their blueprint files as physical files instead of in a database). But it was discovered within 15 minutes of striking, and we lost maybe 4 hours worth of data since we had daily backups.
different-church-lady
@Botsplainer, Cryptofascist Tool of the Oppressor Class:
I thought we had moved from a world where employees took advantage of their employers’ computers to do all that to a world where employers forced employees to “bring their own devices” to take advantage of 24/7 access to the employees without having to pay for it.
? Martin
@Starfish: Sort of. I don’t like LastPass because the encryption is happening over the wire (which has it’s own encryption). 1Password does the encryption locally.
LastPass had their account information hacked, but not your credentials, so hackers could learn you had an account, but not access that account. I think it would be extraordinarily difficult for someone to hack the LastPass vaults, but that’s not entirely clear because the security on the far end is a bit opaque.
For this I like the local encryption. I also find the 1Password app and syncing services to be better. Being able to use TouchID on my phone to unlock my passwords is incredibly convenient and makes it far easier for me to keep shoving information into my vault. How easy the habit is to maintain is important.
BillinGlendaleCA
@? Martin: 1Password is really good. I looked at it last year and is really Fruity computer device centric, which works well for you. The best I found for Windows/Android was Roboform, though I’m looking at one from Intel right now and may move in that direction.
I saw this report about Hollywood Pres on the local new last week(being that it’s a local hospital). I’ve only been there once, 56 years ago last month.
? Martin
@srv: There’s KeePass, but I don’t know if it’s really secure or anything about it.
? Martin
@BillinGlendaleCA: 1Password has Windows/Android versions now. I don’t know how good they are, but they are expanding support.
retiredeng
@Schlemazel (parmesan rancor): Government (Federal and State) is woefully backwards with IT. We see it all the time. By the way, so is the health insurance and provider industry. Big business and government is pretty much helplessly tied to Microsoft “technology.”
BillinGlendaleCA
@? Martin: I know, they were really awful last year when I looked.
boatboy_srq
@Emma: Chances are some genius changed the iCloud pw so the dastardly Daesh terrrrrrists couldn’t access the content anymore, and didn’t realize s/he was fvcking the FBI’s ability to read the phone. Typical all-systems-are-disconnected thinking. This is one more reason why I’m with Apple here: the content the investigators want should have already been accessible via the cloud, so hacking the phone security shouldn’t be necessary (let alone appropriate). No business should be in the business of fixing federal fvckvps, especially if the consequence is significantly broken product/service overall.
boatboy_srq
@retiredeng: Government and IT (rather like healthcare and IT) are uncertain friends because IT doesn’t directly contribute to the bottom line. Spending on IT counts as “overhead” for most public sector entities, and thus lands on the chopping block relatively early.
In addition, there are (or used to be) so many purchasing contracts that stipulated specific technologies – technologies that in the private sector quickly became obsolete – that providing the exact product allowed became difficult. Tthere’s an urban legend about the FBI being required to purchase 486 machines with 16 MB of RAM and 500MB hard drives, long after the Pentium II had arrived, Windows XP was the desktop standard elsewhere and disks were measured in tens of gigabytes: serving that purchase requirement became a cottage industry which had the feds paying multiples of the cost for newer equipment simply because nobody writing the requirements had added “or greater” to the purchasing language.
Villago Delenda Est
@rk: The MBA mentality, in a nutshell. Fucking bean counters.
Shakezula
@RSA: And in health care anything that slows people down is considered bad.
Another problem was the attempt to sell doctors on things like encryption when the technology was really not lay-person friendly. Now people hear the E word and walk away. And there’s also the eternal fight over what doctors can do with their own devices and how secure those have to be…
Feathers
@different-church-lady: The other problem is that the whole left-brain/right-brain concept is bullshit. The research it was based on was done on people with damaged brains. It turns out that high level performance in either logical/analytic or expressive/creative thinking requires activation of both brain hemispheres and communication between them. The current pathology of I’m one or the other, and my lack of ability in the other realm proves my superiority in my favored field.
It creates the sort of just let somebody else deal with it attitude that creates these IT policy issues.
Feathers
@boatboy_srq: Yeah, my brother is in the middle of a kerfuffle where his department is being ordered to put a contract out for competitive bidding. But we bought a Motorola phone system, five years ago, that means we need to buy Motorola phones to go with it or have a round of tests where we can make sure any phones we buy are interoperable with the current system. Nope. Open bidding with the department that will be stuck with the phones for the next decade having no input.
Schlemazel (parmesan rancor)
@? Martin:
When I was dping internal pen testing I always focused oon the executive suite. If we could tip the ceo’s pc the odds were we had access to everything. I had one case where he didn’t even have a password because that was just too much bother for someone important as he was. Good for those guys that treat everyone the same
Feathers
One Bruce Schneier truism is that you can’t get people to buy in on a security system that makes it impossible for people to do their jobs.
At an engineering firm where I worked we called it “design by vice president,” where specs were created based on the workflow as imagined by the senior people at a company. When implemented, the widget was completely unable to even approximate completion of the task at hand.
Mike G
People who can’t (or pretend they can’t) accept basic scientific theories like evolution or climate change can hardly be expected to understand IT security. Government by ideologues who combine willful ignorance with arrogant certainty of their infallibility is predictably disastrous.
Cookie monster
? Martin: that’s not quite accurate. Last pass encrypts all payloads locally (AES256) before sending the data over the wire.
Pogonip
The hospital story was on Atlantic.com a week ago, that’s where I saw it. At first the hackers wanted something like a billion dollars in Bitcoin.
Baud/Jane 2016. Because It’s A Jungle Out There. And Because Thurston Won t Stop Barking Until They’re Elected.
Brachiator
@? Martin:
Yep. But the trick is to make security part of the culture of the enterprise, not impose it with an iron fist. Fortunately, I’ve worked for companies where privacy and security were already part of the company mission, so cyber security was just icing on the cake.
BTW, for personal use, Lastpass works for me. I ran across it before I ran across 1Password and don’t want to bother with switching to another service for now.
The Ancient Randonneur
This is one that should get some attention as well. A Skeleton Key of Unknown Strength:
Germy
And we’re supposed to have online voting?
RSA
@Feathers:
Does that still happen today? Wow.
VFX Lurker
@ruemara:
Argh. Getting SDCC tickets is like trying to catch a unicorn these days.
I’ll be going to WonderCon this March and Anime Expo this July. Those conventions haven’t outgrown their venues just yet.
Ivan X
@? Martin:
Everything recommended here is rock solid advice. I second. Personally I like CrashPlan more than BackBlaze but please just use something. Big fan of 1Password.
ruemara
@VFX Lurker: I think my friends may attend either of those. I may go then. but Fuck SDCC.
Raven Onthill
I blame the NSA. Part of their job is securing civilian systems and instead they have systematically weakened that security, to the point where it’s only cranks, spies, and oldpharts like me who pay attention to it.
As a for-instance: passwords are at best medium security; we ought to have stopped using passwords alone for security 15 years ago. If the NSA got on that, we could have standardized secure access technologies and been using them all along.
dantanna
@? Martin: So what happens when 1Password is hacked?