|
ate all the Oreos posted:why does a dildo have a webserver pseudorandom name posted:how else are you going to get the images from the camera? flakeloaf posted:std card lol nice
|
# ? Apr 3, 2017 15:36 |
|
|
# ? May 18, 2024 05:25 |
|
ugh, this is going to be me next friday, my sister's clinic did an arguably good thing by allowing new clients to fill out the new patient questionnaire online (instead of having 15 minute bottlenecks at the office) but it's on a plain http wordpress site so it's sketching out people i think i'm just going to suggest they replace that with a bunch of forms available as pdfs or something so people can fill stuff out at home, but then i'm sure people will start emailing the forms in and that's it's own issue i guess i could add 10mb of bloat to make them un-emailable
|
# ? Apr 3, 2017 16:07 |
|
what your sister's clinic did is a hipaa violation and should be disabled immediately
|
# ? Apr 3, 2017 16:23 |
|
Yeah, PDF with no real fields so they have to print it out and write on it seems like the best bet
|
# ? Apr 3, 2017 16:53 |
|
or just setup your EHR's user portal properly and have them handle the forms there. or just have them come 15 minutes early for their first appointment.
|
# ? Apr 3, 2017 17:05 |
|
its funny reading this because i literally just had to re-up my hipaa training for the feds 10 minutes ago
|
# ? Apr 3, 2017 17:10 |
|
is that for cms? did you sign the cms cyber pledge for security??
|
# ? Apr 3, 2017 17:11 |
|
Shaggar posted:the cms cyber pledge for security?? why does this sound like a thing five puppets do at the beginning of a kids tv show
|
# ? Apr 3, 2017 17:23 |
|
because cms is litterrall clown town
|
# ? Apr 3, 2017 17:32 |
|
Shaggar posted:is that for cms? did you sign the cms cyber pledge for security?? nah, it was for another agency. i had to do fisma as well, which had a different pledge. i love how all the agencies have different requirements for this poo poo, and also their own set of NIST modifications which almost universally make things less secure
|
# ? Apr 3, 2017 17:33 |
|
minivanmegafun posted:learning is for nerds
|
# ? Apr 3, 2017 18:40 |
|
ate all the Oreos posted:why does a dildo have a webserver has anyone said distributed denial of sex? (aka what feminazis do to gamergaters)
|
# ? Apr 3, 2017 19:07 |
|
Pikavangelist posted:Security Fuckup Megathread v13.4 - why does a dildo have a webserver Security Fuckup Megathread v13.4 - At that point, it was game over for the smart camera dildo.
|
# ? Apr 3, 2017 19:33 |
|
Volmarias posted:Security Fuckup Megathread v13.4 - At that point, it was game over for the smart camera dildo.
|
# ? Apr 3, 2017 19:38 |
|
Ur Getting Fatter posted:has anyone said distributed denial of sex? PoC with Lysistrata for millennia
|
# ? Apr 3, 2017 20:28 |
|
a literal sec gently caress up also I cannot stop reading that brand name as "slime eye" which is a really crass name for a cervix
|
# ? Apr 3, 2017 20:28 |
|
Volmarias posted:Security Fuckup Megathread v13.4 - At that point, it was game over for the smart camera dildo.
|
# ? Apr 3, 2017 21:03 |
|
Pikavangelist posted:Security Fuckup Megathread v13.4 - why does a dildo have a webserver I like this one a little better but either way
|
# ? Apr 3, 2017 21:04 |
|
Shaggar posted:what your sister's clinic did is a hipaa violation and should be disabled immediately yup, done as soon as i caught wind of it although i think it's a pipeda violation, i'm not even sure we have a hipaa-like equivalent in this province re: having people show up 15 minutes in advance, yeah that never works, so having people show up with their stuff ready to go is really the best possible workflow they'll eventually spring for a proper forward facing system to have people fill in their info, but for now i'm pretty sure that having a link to a 26mb pdf in the welcome email is a ghetto as all hell but compliant solution
|
# ? Apr 3, 2017 22:00 |
|
Storysmith posted:also I cannot stop reading that brand name as "slime eye" which is a really crass name for a cervix
|
# ? Apr 3, 2017 22:23 |
|
or you could just wrap it up in ssl?
|
# ? Apr 3, 2017 22:25 |
|
Security Fuckup Megathread - v13.3 - plugins may violate privacy
|
# ? Apr 3, 2017 23:03 |
|
EMILY BLUNTS posted:Security Fuckup Megathread - v13.3 - plugins may violate privacy
|
# ? Apr 3, 2017 23:04 |
|
EMILY BLUNTS posted:Security Fuckup Megathread - v13.3 - plugins may violate privacy Security Fuckup Megathread - v13.69 - plugins may violate privacy
|
# ? Apr 3, 2017 23:10 |
|
Punkbob posted:or you could just wrap it up in ssl? per the advice i got in this thread (and really, common sense) i'm not doing security related for them, including setting up a server i'm game to throw in a recommendation here or there and help them understand concepts, but that's it 1) i'm doing this pro-bono to help my sister, but she's working in an established clinic with owners that should know better 2) lol @ the idea of taking on healthcare liability 3) i'm also a patient (gp, neurology) with a bunch of schedule ii stuff prescribed, so extra lol @ the idea of touching a network that has a computer able to issue any kind of prescriptions that said, if you guys have suggestions of stacks they should look into, i'll gladly relay them
|
# ? Apr 3, 2017 23:38 |
|
my suggestion is to never work for free.
|
# ? Apr 3, 2017 23:39 |
|
surebet posted:yup, done as soon as i caught wind of it oh idk how things work in non-America but here most providers have EHRs that provide portals for patients to do secure communication w/ the provider. you can do things like get ur medical records order rx refils securely message the doc or manage forms!! not all providers fully utilize their EHRs tho and an even smaller fraction have their patient portals configured and an even yet more tinier fraction use them effectively. its totally possible to do it effectively w/out resorting to pdfs at all.
|
# ? Apr 3, 2017 23:39 |
|
Shaggar posted:Unicode was a mistake. can someone explain to my why unicode is bad from a secfuck point of view?
|
# ? Apr 3, 2017 23:40 |
|
i should mention that previous recommendations included "do you really need off brand philips hue rgb lightbulbs in the kitchen" and "why oh god why are you straight up giving wifi network credentials to randoms in the waiting room"
|
# ? Apr 3, 2017 23:41 |
|
vodkat posted:can someone explain to my why unicode is bad from a secfuck point of view? xn--e77hhaecegybmf7bpt0a.com because i can register that domain
|
# ? Apr 3, 2017 23:43 |
|
vodkat posted:can someone explain to my why unicode is bad from a secfuck point of view?
|
# ? Apr 3, 2017 23:44 |
|
vodkat posted:can someone explain to my why unicode is bad from a secfuck point of view? well that was mostly a joke but in this case there are control codes in Unicode that lots of UIs dont show either because they are litterrally control codes and are doing some kind of formatting themselves or because they don't mean anything to the user. The problem is they do mean something to the system so the result is you can do things like in that example where you have 3 files, 2 with Unicode control characters at the end. the result is the user sees 3 identically named files since the control characters are ignored. I guess the fix would be that if the control code has no meaning in the current language always show them. then let the user decide if they actually want them. if the language does support them then I guess the text should display differently based on the codes? idk. tl;dr: Unicode is complex and that makes things hard where ascii is ez as gently caress
|
# ? Apr 3, 2017 23:50 |
|
anthonypants posted:you quoted a post, but did you see which post it was replying to? but it seems like these fuckups would be fairly easy to head off by limiting the set of unicode characters you can use for system applications etc? or is there a more fundamental flaw in unicode itself, thats what I was really wondering
|
# ? Apr 3, 2017 23:52 |
|
some of those characters are required for the display of certain non-English languages. that makes them worthless characters that shouldn't exist for sure, but apparently foreigners like to pretend they don't all just speak English
|
# ? Apr 3, 2017 23:55 |
|
OSI bean dip posted:xn--e77hhaecegybmf7bpt0a.com lol god drat it good luck getting someone to type that, but i can see the risk in clickable link form not sure what the crossover of "people who click on links in weird emails" and "people who have a font stack capable of rendering obscure unicode" is
|
# ? Apr 3, 2017 23:58 |
|
well I think the url would be presented as Unicode in the client so it wouldn't look fishy except for the font differences. but then you could probably find a similar font and make it all fit.
|
# ? Apr 4, 2017 00:02 |
|
vodkat posted:but it seems like these fuckups would be fairly easy to head off by limiting the set of unicode characters you can use for system applications etc? or is there a more fundamental flaw in unicode itself, thats what I was really wondering For example, unicode contains things like a variety of different widths of whitespace characters. I recently discovered that if you send a message containing normal spaces via Skype for Business, it will convert them to some sort of unicode space. Someone sends you a powershell snippet or a hosts file line, lol, have fun running in circles for a while until you realise what happened. Having characters that are indistinguishable from each other is a recipe for gently caress ups, security or otherwise.
|
# ? Apr 4, 2017 00:08 |
|
vodkat posted:but it seems like these fuckups would be fairly easy to head off by limiting the set of unicode characters you can use for system applications etc? or is there a more fundamental flaw in unicode itself, thats what I was really wondering
|
# ? Apr 4, 2017 00:08 |
|
Chalks posted:Having characters that are indistinguishable from each other is a recipe for gently caress ups, security or otherwise. had to research a bug a few months back where a user was entering a records into our system and it was making GBS threads the bed. turns out "Foo(Bar)" is not the same as "Foo❲Bar❳" and VB6 is awful
|
# ? Apr 4, 2017 00:13 |
|
|
# ? May 18, 2024 05:25 |
|
surebet posted:not sure what the crossover of "people who click on links in weird emails" and "people who have a font stack capable of rendering obscure unicode" is uh, all you need is like windows vista and newer or os x 10.5 and newer by current stats that's like, 90% of internet users. 92% if toss in linux users who will also have that.
|
# ? Apr 4, 2017 00:16 |