|
Did the spine data actually get hit or was it just individual machines?
|
# ? May 12, 2017 20:59 |
|
|
# ? May 19, 2024 17:45 |
|
kecske posted:When Stuxnet was a thing it made its way onto secure systems by a flash drive, since the first thing a lot of people will do when they find a USB stick is to plug it into the nearest computer to see what's on it. The evidence of how people approach data, IT security, and frankly just about anything shows that the highest consideration, the greatest thing people want, is convenience. Everyone has the same password everywhere because remembering a bunch of bullshit numbers is bad enough, doing it for 14 different logins is out of the question. People happily give Facebook all their info because FB is a great way to stay in touch and communicate and make plans and so on. Digital piracy wasn't stopped in its tracks by DRM, it was stopped by the fact that Netflix/Hulu/Steam/Spotify make it far easier to do it legally than illegally. Convenience is above all.
|
# ? May 12, 2017 21:02 |
|
kingturnip posted:I'm fully expecting to go into work on Monday and not be able to access my resources or use my laptop to check/take notes, which will make for an... interesting day. You think that's bad, my hospital currently has no way to access old x-rays/scans/blood test results/patient letters. That makes it pretty difficult to treat anyone. If someone needs even a chest x-ray you need to go down to the department with them and view it immediately after it's been done on the one computer they've isolated from the network. I'm not even sure they can save the resulting scan, since there's no network to save it to.
|
# ? May 12, 2017 21:02 |
|
Seaside Loafer posted:Did the spine data actually get hit or was it just individual machines? Local networks presumably, otherwise it would be so much worse.
|
# ? May 12, 2017 21:05 |
|
baka kaba posted:hmmmmm but that doesn't seem to have a patch for 2001's hottest OS, Windows XP? Not sure if there's a lurking there but according to what's said in the conversation here MS17-010 doesn't work against XP. Enjoyed this read: A. C. Grayling: ‘Brexit is starting to look a lot like a coup’ . Some nice stuff about Brexit, it's lack of a mandate and how those manipulating us into it wont suffer it's fallout, and a great opinion on Farage to finish. A.C.Grayling, Re.Farage posted:I think he’s a bounder. He’s a cad. He’s an embarrassment. I cringe at the thought of how he behaved like a football hooligan and a lager lout in the European Parliament. What an advertisement for the best of the English character. I have no time for him at all. I think he is an embarrassment and a waste of space.
|
# ? May 12, 2017 21:06 |
|
Mister Adequate posted:The evidence of how people approach data, IT security, and frankly just about anything shows that the highest consideration, the greatest thing people want, is convenience. Everyone has the same password everywhere because remembering a bunch of bullshit numbers is bad enough, doing it for 14 different logins is out of the question. People happily give Facebook all their info because FB is a great way to stay in touch and communicate and make plans and so on. Digital piracy wasn't stopped in its tracks by DRM, it was stopped by the fact that Netflix/Hulu/Steam/Spotify make it far easier to do it legally than illegally. Convenience is above all. I want to murder the oval office who decided that a password must be alphanumeric, with upper and lower case and punctuation. Rather than, say, 4 random words.
|
# ? May 12, 2017 21:07 |
|
jabby posted:You think that's bad, my hospital currently has no way to access old x-rays/scans/blood test results/patient letters. That makes it pretty difficult to treat anyone. If someone needs even a chest x-ray you need to go down to the department with them and view it immediately after it's been done on the one computer they've isolated from the network. I'm not even sure they can save the resulting scan, since there's no network to save it to. I would have thought electronic data collation would be one of the most valuable modern tools for medicine across all disciplines...
|
# ? May 12, 2017 21:09 |
|
Firos posted:I want to murder the oval office who decided that a password must be alphanumeric, with upper and lower case and punctuation. Rather than, say, 4 random words. Problem is that normal word passwords are only strong when they're rare enough that crackers don't use dictionary attacks as a start. If you know a system uses normal words then it's a hell of a lot easier. If you're poo poo with passwords and have a fixed seating area I've always thought a letter-number square is a reasonable compromise: randomly write out a 10x10 square of letters and numbers and each time you need a password pick a spot in the grid and go up, down, across or diagonal 8 or 9 letters. It's not obvious to anyone else where you're starting but you've got a written reminder in front of you. namesake fucked around with this message at 21:16 on May 12, 2017 |
# ? May 12, 2017 21:13 |
|
namesake posted:Problem is that normal word passwords are only strong when they're rare enough that crackers don't use dictionary attacks as a start. If you know a system uses normal words then it's a hell of a lot easier. Yeah, but on the other hand, how the gently caress am I meant to remember it if it's not a word? I mean I remember my ATM PIN but that's 4 numbers. I don't remember my NI number though.
|
# ? May 12, 2017 21:14 |
|
namesake posted:Problem is that normal word passwords are only strong when they're rare enough that crackers don't use dictionary attacks as a start. If you know a system uses normal words then it's a hell of a lot easier. Actually, this is a pretty common misconception, and wrong. A passphrase made of 4 common lowercase words is extremely hard to crack (and by "extremely" I mean it would take all the world's computing power until the heat death of the universe), muuuuuuch harder to crack than "s0m3__TH!ng" really, even with a dictionary approach. It has to be an actual passphrase, make it 4 words and you're fine.
|
# ? May 12, 2017 21:19 |
|
A popular and easy to use method is to have a sentence you remember as the core and stick something on the end or the beginning. 'When I was 5 I went to Brighton' becomes 'WIw5IwtB' and you could stick last month exclamation mark on the end '04!' and you have 'WIw5IwtB04!'. Thats fairly solid. Depending on the policy at your place you may need to make it more different from the previous one each month but you get the point.
|
# ? May 12, 2017 21:20 |
forkboy84 posted:Yeah, but on the other hand, how the gently caress am I meant to remember it if it's not a word? 1941ZaRodinu! 1956WhoseCanalIsItAnyway? 1979TheNationalFrontIsANaziFront. 3 to get you started ^^
|
|
# ? May 12, 2017 21:20 |
|
namesake posted:Problem is that normal word passwords are only strong when they're rare enough that crackers don't use dictionary attacks as a start. If you know a system uses normal words then it's a hell of a lot easier. forkboy84 posted:Yeah, but on the other hand, how the gently caress am I meant to remember it if it's not a word? I mean I remember my ATM PIN but that's 4 numbers. I don't remember my NI number though.
|
# ? May 12, 2017 21:23 |
|
Pochoclo posted:Actually, this is a pretty common misconception, and wrong. A passphrase made of 4 common lowercase words is extremely hard to crack (and by "extremely" I mean it would take all the world's computing power until the heat death of the universe), muuuuuuch harder to crack than "s0m3__TH!ng" really, even with a dictionary approach. Mm, you have a 4 character password except the number of potential characters is whatever the normal lexicon is.
|
# ? May 12, 2017 21:24 |
|
jBrereton posted:Use any number of anticolonial slogans plus the year, duh How secure is this, because I am geniunely tempted to learn a few?
|
# ? May 12, 2017 21:25 |
|
If the average user isnt going to engage with your security method its not going to end up securing much. Most people arent naturally good at remembering the multiple random character strings theyd need for useful password security, particularly for e.g. the old/young, people with learning disabilities etc.
Surprise Giraffe fucked around with this message at 21:53 on May 12, 2017 |
# ? May 12, 2017 21:26 |
|
OwlFancier posted:Mm, you have a 4 character password except the number of potential characters is whatever the normal lexicon is. There's 150000 words in English alone (a lot more with conjugations and plurals and whatnot, I think), that's e20 by itself, which is better than 11 character passwords using symbols and upper/lowercase. If you use a made-up word, e.g. "borcha" then it's even better. If you use uppercase on a word it's even better. If you use a symbol at the end it's even better. Passphrases are immensely superior.
|
# ? May 12, 2017 21:27 |
|
I could do with a good recommendation for a piece of password vault software at my place if anyone knows a good one. I've got them mostly sorted in their user and network security now but the all admin passwords are still living in one not terribly well hidden file on the IT manager's (I use the word manager loosely there) computer.
Seaside Loafer fucked around with this message at 21:31 on May 12, 2017 |
# ? May 12, 2017 21:27 |
|
The solution to most password problems is to use a password manager. Then every password can be 20 random characters and, more importantly, they can all be unique. Password managers have their own potential vulnerabilities of course, but that's nothing compared with the current situation of most people using one or at most a couple of weak passwords to protect their entire online lives.
|
# ? May 12, 2017 21:27 |
|
Surprise Giraffe posted:If the average user isnt going to engage with your security method its not going to end up securing much. Most people arent naturally good at remembering the multiple random character strings theyd need for useful password security, particularly for e.g. the old/young, peoplw with learning disabilities etc. Unfortunately surely the only secure alternatives are bio-metric? gently caress that.
|
# ? May 12, 2017 21:28 |
|
OwlFancier posted:Mm, you have a 4 character password except the number of potential characters is whatever the normal lexicon is. If you take the average adult vocabulary at 5000 words, then 5000^4 = 625000000000000. Seems pretty good to me
|
# ? May 12, 2017 21:28 |
namesake posted:How secure is this, because I am geniunely tempted to learn a few? SinkTheBelgrano!1982, HardradaWouldHaveWon1066., that kind of thing.
|
|
# ? May 12, 2017 21:28 |
|
I am always tempted to recommend people use lyrics of the least popular song they personally like, not starting from the beginning of the line.Pochoclo posted:There's 150000 words in English alone (a lot more with conjugations and plurals and whatnot, I think), that's e20 by itself, which is better than 11 character passwords using symbols and upper/lowercase. Well yeah the dictionary has a lot of words in it but most people don't know very much of it. I am pretty sure all the figures I've heard for the actual number of words most people will use is a few thousand at most. It's still quite a lot. OwlFancier fucked around with this message at 21:31 on May 12, 2017 |
# ? May 12, 2017 21:28 |
|
jBrereton posted:Use any number of anticolonial slogans plus the year, duh This is better than the usual method I use, where I look around me when I need a password & just use some numbers & then some item which is around me at the time. The flaw in this is when what you pick is a Rockstar energy drink can, which you later put in the bin and eventually when you need to use the account with that password, I'm hosed. So I guess my new password will be 1922ShyliapnikovWorkersOppositon4lyfe (it won't be this but actually quite like the basic idea)
|
# ? May 12, 2017 21:29 |
|
Seaside Loafer posted:I could do with a good recommendation for a piece of password vault software at my place if anyone knows a good one. I've got them mostly sorted in their user and network security now but the all admin passwords are still living in one not terribly well hidden file on the IT manager's (I use the word manager loosely there) computer. I liked LastPass but they've had a number of security holes found of late (by a Google security researcher, and they were all patched promptly, but still). Other popular managers that I have not used and which may also have security holes, but at least they haven't been made public yet, are Keepass and 1password. I believe both differ from LastPass in that you store the vault yourself, rather than them doing it on their server. This is potentially more secure but if you gently caress up then you're hosed. Dropbox is a popular option for storing your vault to make it accessible across devices and probably recoverable if you accidentally delete it.
|
# ? May 12, 2017 21:32 |
|
If you want to be really depressed and realise that hope is a lie, do a search on Twitter for "saliha masterchef". How dare the British child of Pakistani immigrants go on TV and cook things that may have lots of delicious spices in and also win
|
# ? May 12, 2017 21:35 |
|
big scary monsters posted:I liked LastPass but they've had a number of security holes found of late (by a Google security researcher, and they were all patched promptly, but still). Other popular managers that I have not used and which may also have security holes, but at least they haven't been made public yet, are Keepass and 1password. I believe both differ from LastPass in that you store the vault yourself, rather than them doing it on their server. This is potentially more secure but if you gently caress up then you're hosed. Dropbox is a popular option for storing your vault to make it accessible across devices and probably recoverable if you accidentally delete it.
|
# ? May 12, 2017 21:36 |
|
forkboy84 posted:Yeah, but on the other hand, how the gently caress am I meant to remember it if it's not a word? I mean I remember my ATM PIN but that's 4 numbers. I don't remember my NI number though. i know both my debit and credit card numbers
|
# ? May 12, 2017 21:39 |
|
big scary monsters posted:I liked LastPass but they've had a number of security holes found of late (by a Google security researcher, and they were all patched promptly, but still). Other popular managers that I have not used and which may also have security holes, but at least they haven't been made public yet, are Keepass and 1password. I believe both differ from LastPass in that you store the vault yourself, rather than them doing it on their server. This is potentially more secure but if you gently caress up then you're hosed. Dropbox is a popular option for storing your vault to make it accessible across devices and probably recoverable if you accidentally delete it. Keepass at least is pretty good. It's a bit no-frills compared to other options but it works well.
|
# ? May 12, 2017 21:39 |
|
The main issue these days isn't specifically with password strength (although it's important to have a good-sized password), but with password re-use. Random lovely website than has terrible developers that store your password in plain text / an easily breakable format leads to that password getting dumped online, which subsequently buggers you for any other website with that password. I'd suggest that you make sure you use a unique password for every site and store them in a pw manager. Also -- Enable 2-factor authentication on your e-mail account if nothing else (but if it's available, consider using it anywhere it is). Remember - if someone has access to your e-mail account, they can reset your password on pretty much any website. https://www.google.com/landing/2step/ https://support.microsoft.com/en-gb/help/12408/microsoft-account-about-two-step-verification AstuteCat fucked around with this message at 21:43 on May 12, 2017 |
# ? May 12, 2017 21:41 |
|
Chrome stores saved passwords in plain text lol
|
# ? May 12, 2017 21:43 |
|
Two hyperacute stroke units have had to shut their doors because they can't operate without IT. The NHS is incredibly hosed and the brave face the communications staff are putting on it is ridiculous.
|
# ? May 12, 2017 21:44 |
|
So question for people in the know: say this event is a major push towards a completely nationalised NHS with a completely isolated network for critical systems to protect patient data from this sort of thing. How difficult would it be to build such a national network (very, obviously, but how much work would be involved) and would there be any way of incorporating wireless transmission, or is that inherently unsecure?
|
# ? May 12, 2017 21:53 |
|
This just goes to show that nationalisation of health services doesn't work and can never work
|
# ? May 12, 2017 21:57 |
|
Agreed. This would never happen to an OS created by a very efficient private company operating in a free market.
|
# ? May 12, 2017 21:59 |
|
Surely it will be used to further denigrate the service. Overcentralised Group Think Security Must Be Diversified Through Private Contractors
|
# ? May 12, 2017 21:59 |
|
So has May announced yet who'll be replacing Jeremy Hunt after his resignation following this appalling mismanagement of patient data on his watch?
|
# ? May 12, 2017 22:01 |
|
big scary monsters posted:So has May announced yet who'll be replacing Jeremy Hunt after his resignation following this appalling mismanagement of patient data on his watch? Good luck getting her to say anything other than Strong & Stable for the next month.
|
# ? May 12, 2017 22:03 |
|
big scary monsters posted:So has May announced yet who'll be replacing Jeremy Hunt after his resignation following this appalling mismanagement of patient data on his watch? Don't worry, cowed reporter, none of the data was compromised it was just irretrievably lost! Strong and Stable all the way!
|
# ? May 12, 2017 22:05 |
|
|
# ? May 19, 2024 17:45 |
|
OwlFancier posted:Well yeah the dictionary has a lot of words in it but most people don't know very much of it. I am pretty sure all the figures I've heard for the actual number of words most people will use is a few thousand at most. It's still quite a lot. IIRC from studying linguistics a decade ago most people rarely use more than ~2k common words. Maybe some nerds are gonna stick in hard words but those people weren't choosing lovely passwords to begin with. I remember reading a fascinating article a couple of years ago about how crackers were using hacked password databases to produce Markov chain probabilistic models for helping to brute force hashed passwords. But based on the passwords family members have shared with me for various reasons it doesn't matter how much good advice you give people they'll still choose lovely passwords for convenience.
|
# ? May 12, 2017 22:34 |