|
infernal machines posted:did you see the part where the article says Potato, potato.
|
#
?
Dec 18, 2019 23:02
|
|
|
|
| # ? Apr 27, 2024 14:46 |
|
|
James Baud posted:Potato, potato.  probably, otoh there's some good reasons to want specifics on the breach so firing off a few FOIAs isn't unreasonable
|
|
#
?
Dec 18, 2019 23:06
|
|
|
James Baud posted:Non-technical CEO asked technical question and doesn't know answer is just miles up there. You are being incredibly obtuse and short-sighted here. LifeLabs opted to pay a ransom to "retrieve" the data back, meaning that they had no mechanism to know what was exfiltrated and no mechanism to restore the data. Any sensible organization that deals with sensitive customer data which includes medical records and PII would have had this data regularly backed up and had those backups tested. It is quite apparent in this case that their backups were never tested and they had no methods to determine what was actually leaked out. As a result, the only avenue they had left was to pay the ransom to get a decryption key. Adding to this, 85,000 medical records were found to have been leaked as well which is to me evidence that at best they may have partial encryption of their data. This is something the CEO should know especially since we're dealing the loss of 15 million records belonging to those in BC, Ontario, and Yukon, but he stumbled and it speaks to either it being not the case or him never being briefed. These questions were coming up on Twitter yesterday and if they weren't making it to the CEO for an interview with the media for the next day, they have terrible crisis management skills or they again do not want to openly state that they don't do anything with the data at rest. LifeLabs' response to the matter is just as problematic: https://customernotice.lifelabs.com Ignoring the fact that the content isn't dated to begin with, this paragraph is the problem: quote:I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations. For the 85,000 Ontario residents who have had their records exposed, this is complete nonsense that the risk is "low". They had to force a password reset to all users and if you're unsure of what was actually exposed, here's what I see as soon as I log in:  Look at that, it's my personal health number, age, full name, phone number, and my physician. This is the information that was readily available that LifeLabs is unable to report whether or not it was actually encrypted. If you're confident about your PHN being worthless to everyone on these forums, please do share it just to prove it, but I am obfuscating all of that for a good reason. And let's go back to that password reset: I logged in on December 13th to see my results from my test the day before, and there was no indication of a problem, meaning that I successfully logged in under the same password that was in my password manager for however long. However, after news of this broke, I went to see if I could still log in and low and behold it demanded that I reset my password. So I did. However, today, I noticed something:  This message on the bottom was not there yesterday when the news hit and would you know it they haven't bothered to link to their notice, meaning that they're again downplaying how big of a risk this breach was. If the matter wasn't so concerning, why did they force a password reset? Why are they offering information protection? And why did they take from October 28th until December 17th to inform the public and force a password reset? While I don't like commenting on Glassdoor reviews because they're not reliable, there's this: https://www.glassdoor.com/Reviews/LifeLabs-Reviews-E340429.htm quote:Lack of accountability across the entire organization, no alignment or collaboration, silo'd in every way possible, resources used incorrectly (i.e. people and roles), zero transparency and almost zero processes, lack of engagement and responsiveness from staff, That is probably the problem they have: nobody knows what they're doing and they're probably too afraid to tell the CEO. The CEO should have heard at least once in the 51 days between the breach and the radio interview he gave with the CBC this morning (one that I heard myself) something along the lines of "the data was encrypted". I guess in a roundabout way it was at one point because it was obviously ransomed. So yeah. To you, this is overblown, but there are some of us who actually care about patient data and as a result I am FOI'n the health authorities to know more since LifeLabs isn't coming forward on the problem.
|
|
#
?
Dec 18, 2019 23:20
|
|
|
yes our data was encrypted securely at probably all times, even a bit too securely for a minute there, ha ha ha! no further questions
|
|
#
?
Dec 18, 2019 23:21
|
|
|
Grace Baiting posted:yes our data was encrypted securely at probably all times, even a bit too securely for a minute there, ha ha ha! no further questions During the attack, all of our data was encrypted.
|
|
#
?
Dec 18, 2019 23:32
|
|
|
graph posted:speaking of, plexpass is on sale for the next two days for 90 bucks what do you do with this if you’re not connecting it to an internet crime depot
|
|
#
?
Dec 19, 2019 00:15
|
|
|
Partycat posted:what do you do with this if you’re not connecting it to an internet crime depot You get access to the LiveTV and DVR features via an HDHomeRun device (OTA or cable card device). You can also use the remote access features to access your library from anywhere.
|
|
#
?
Dec 19, 2019 00:36
|
|
|
remote access is free, downloading to the mobile app is payed though
|
|
#
?
Dec 19, 2019 00:41
|
|
|
Partycat posted:internet crime depot mods please rename the bitcoin thread to this
|
|
#
?
Dec 19, 2019 01:31
|
|
|
Hollow Talk posted:During the attack, all of our data was encrypted. loving perfect.
|
|
#
?
Dec 19, 2019 02:30
|
|
|
Hollow Talk posted:During the attack, all of our data was encrypted. thread title?
|
|
#
?
Dec 19, 2019 04:33
|
|
|
lol https://www.theguardian.com/world/2019/dec/17/vladimir-putin-still-uses-obsolete-windows-xp-despite-hacking-risk > Putin, 67, appears to have the obsolete Microsoft Windows XP operating system installed on computers in his office at the Kremlin and at his official Novo-Ogaryovo residence near Moscow, according to images released by his press service.
|
|
#
?
Dec 19, 2019 05:09
|
|
|
infernal machines posted:piracy dads hell yeah. my dad told me a story about one of the local tv networks did over-the-air pay tv, which was on maybe NBC or whatever network. essentially you needed a special antenna they rented to you for a fee, and after a certain time in the evening, you could watch some special broadcast that would be scrambled for others. on launch day him and his friends tore the back of the tv off my grandparents set, attached an oscilloscope, and figured out the simple phase shift required, and the next day was selling boxes at his high school to pirate it. actually now that i type that out this explains a lot
|
|
#
?
Dec 19, 2019 08:17
|
|
|
daaaaaank
|
|
#
?
Dec 19, 2019 08:20
|
|
|
pseudorandom name posted:open source backup program Duplicity supports round-robining your data across the following backends: missing docker hub they dont give a gently caress just upload whatever you want, at any size, against infinite image tags
|
|
#
?
Dec 19, 2019 08:44
|
|
|
Hollow Talk posted:During the attack, all of our data was encrypted.  lol
|
|
#
?
Dec 19, 2019 09:07
|
|
|
James Baud posted:Even if the data was encrypted, any non-automated breach is typically going to also include scoring the means to decrypt it. while that is indeed often technically feasible, the bar is higher as it may require access to more systems and/or at a higher privilege level than is necessary just to exfil data. it’s dumb not to lock your door even though burglars can still get into your house.
|
|
#
?
Dec 19, 2019 09:25
|
|
|
Hollow Talk posted:During the attack, all of our data was encrypted. 
|
|
#
?
Dec 19, 2019 10:22
|
|
|
Partycat posted:internet crime depot what a beautiful phrase
|
|
#
?
Dec 19, 2019 10:35
|
|
|
https://twitter.com/a_greenberg/status/1207340911463669760
|
|
#
?
Dec 19, 2019 12:22
|
|
|
Hollow Talk posted:During the attack, all of our data was encrypted. man imagine if that holds up in court somehow "oh it was encrypted at rest in the specific window of time this court case is dealing with"
|
|
#
?
Dec 19, 2019 16:28
|
|
|
Lain Iwakura posted:I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations. i love this look we haven't seen it so it's not a problem, and we hired the best blind people available to look too!
|
|
#
?
Dec 19, 2019 16:29
|
|
|
Shame Boy posted:man imagine if that holds up in court somehow oh my god
|
|
#
?
Dec 19, 2019 16:41
|
|
|
graph posted:speaking of, plexpass is on sale for the next two days for 90 bucks Does this require a coupon or something? I'm not seeing it
|
|
#
?
Dec 19, 2019 16:53
|
|
|
Shame Boy posted:man imagine if that holds up in court somehow hopefully someone can explain how keys work to the court, but I'm not super confident about that
|
|
#
?
Dec 19, 2019 16:54
|
|
|
Jenny Agutter posted:Does this require a coupon or something? I'm not seeing it e: yeah oops guess the link was in the email i got vvv graph fucked around with this message at 17:25 on Dec 19, 2019 |
|
#
?
Dec 19, 2019 17:18
|
|
|
https://www.plex.tv/plex-pass/gift/
|
|
#
?
Dec 19, 2019 17:20
|
|
|
ewiley posted:hopefully someone can explain how keys work to the court, but I'm not super confident about that I don't think that's too hard to make into plain English. "When spies talk to each other, they send each other secret messages. The receiver needs to know the special code to make the message readable. For example, say in our special code A is 1, B is 2, C is 3 and so forth. Now imagine if I took this document, turned it into numbers, but added 1 to each number. A is 2, B is 3, and so forth. There's no letter after Z so when 26 becomes 27 we then turn it back into a 1. Adding by 1 here is called the encryption key, because it's the key we use to make the message encrypted, or scrambled, even if you know how to turn the numbers back to letters. If you know to subtract 1 then turn the numbers back to letters, that's called the decryption key, and the person who you want to read the message needs that to decrypt it, or make readable, the message and understand it. If you just tried to turn the numbers back to letters without this key, the word 'Hello' would come out as 'Icmmp' and so forth. Computers use a special kind of math to encrypt their messages, called public key cryptography. This is so called because the encryption key, which you use to scramble the message, can be sent to anyone you want to send you a message. Unlike the simple example before, the way messages can be scrambled for public key cryptography make it nearly impossible for someone to decrypt, or unscramble, the message without the decryption key. That decryption key is called the private key, because you want to keep it private. Anyone who wants to make sense of the message needs that key, or they can't understand the message. This is how computers talk to each other on the internet when you go to a secure website; they send each other the public keys, which is safe to do, and then use their private key to read the messages sent to them so that no one else can understand them. In this case, instead of encrypting messages, the hackers encrypted the files. It's the same process with the same result. The hacker uses their public key to scramble all of the files, and then holds the private key for ransom. If there are no backups, or extra copies, of the files somewhere else, there is no way to unscramble the files." Etc etc Volmarias fucked around with this message at 18:46 on Dec 19, 2019 |
|
#
?
Dec 19, 2019 18:44
|
|
|
one of our customers got pen-tested recently and failed hard, the testers got domain admin within a couple hours. as usual the culprit was a fuckin "scheduled task service account" which is a theme i've seen all over. it was a member of domain admins and the password was something like "scheduledtask" but with some symbols/numbers/upper-case substitutions. a shameful display
|
|
#
?
Dec 19, 2019 19:03
|
|
|
Pile Of Garbage posted:one of our customers got pen-tested recently and failed hard, the testers got domain admin within a couple hours. as usual the culprit was a fuckin "scheduled task service account" which is a theme i've seen all over. it was a member of domain admins and the password was something like "scheduledtask" but with some symbols/numbers/upper-case substitutions. name of their sec tape
|
|
#
?
Dec 19, 2019 19:20
|
|
|
Volmarias posted:I don't think that's too hard to make into plain English. Hi I'm an average judge or jury foreman, let me just take a look at the first line of this *immediate loud snoring while dreaming about the payoff I might get for siding with the company*
|
|
#
?
Dec 19, 2019 19:36
|
|
|
Volmarias posted:"When spies talk to each other "what? spies in my computer? healthcare espionage? and they can do this because of encryption? that's scary! encryption is now illegal" - judge dipshit q. lawmaker
|
|
#
?
Dec 19, 2019 19:56
|
|
|
a question from ignorance, in the case of PIPEDA and related data governance requirements, do they qualify the nature of the encryption used for data at rest? everything i've seen seems to suggest something like bitlocker/fde technically meets the requirement even though it's absolutely useless in the case of a breach of a live system.
|
|
#
?
Dec 19, 2019 20:08
|
|
|
Volmarias posted:I don't think that's too hard to make into plain English. wait are you saying spies did this?? obviously this company is innocent and we should be punishing these spies and their evil spy codes!
|
|
#
?
Dec 19, 2019 20:29
|
|
|
stoll owns and you owe it to yourself to get one of his klein bottle mugs, mine is 20 years old and still great. the paperwork he includes in the box is hilarious.
|
|
#
?
Dec 19, 2019 21:06
|
|
|
infernal machines posted:a question from ignorance, in the case of PIPEDA and related data governance requirements, do they qualify the nature of the encryption used for data at rest? everything i've seen seems to suggest something like bitlocker/fde technically meets the requirement even though it's absolutely useless in the case of a breach of a live system. i don't work in the public sector but there's this https://www.priv.gc.ca/en/privacy-t...s/p_safeguards/ quote:Protect personal information in a way that is appropriate to how sensitive it is. the real question then becomes was lifelabs getting audited and sending reports to the government? i'd imagine so but how they were conducted who knows
|
|
#
?
Dec 19, 2019 21:14
|
|
|
Has ARM pulled an Intel about a speculative execution bug after ERET? Because from a recent fix in FreeBSD, I found that it was (EDIT: quietly) fixed in Linux almost a year ago and this POC seems recently new.
BlankSystemDaemon fucked around with this message at 21:22 on Dec 19, 2019 |
|
#
?
Dec 19, 2019 21:19
|
|
|
D. Ebdrup posted:Has ARM pulled an Intel about a speculative execution bug after ERET? Because from a recent fix in FreeBSD, I found that it was (EDIT: quietly) fixed in Linux almost a year ago and this POC seems recently new. I think this is Spectre variant 4, which is documented in https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/download-the-whitepaper and nobody cares about FreeBSD.
|
|
#
?
Dec 19, 2019 21:46
|
|
|
Midjack posted:stoll owns and you owe it to yourself to get one of his klein bottle mugs, mine is 20 years old and still great. the paperwork he includes in the box is hilarious. and read his book. speaking of books + andy greenberg, has anyone read sandworm? patrick gray mentioned it on risky biz some time ago, but i don't know if it's dumbed down
|
|
#
?
Dec 19, 2019 21:50
|
|
|
|
| # ? Apr 27, 2024 14:46 |
|
|
Clifford Stoll is the reason why I am in infosec.
|
|
#
?
Dec 19, 2019 22:23
|
|