Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass
 
  • Post
  • Reply
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

ming-the-mazdaless posted:

A year ago, I did a Proof of Concept for insider threat detection in a hospital group.
By creating a user behaviour index, I was able to identify a few misuse events, that pointed to a potential auth issue.

After playing around a bit, I found the following:
billing system
patient management for ICU, Pre/post natal, Surgical and Ward
Dispensary
Practitioner management

I was able to add myself as a medical practitioner, prescribe medication, assign patients to my roster, order a transfer and ultimately kidnap children from their hospitals by co-opting their ambulance service.

None of the above had any form of authentication in place.
All of the above are hosted in a lovely server farm in a consumer isp.


As of yesterday, nothing had been done to resolve this clusterfuck. What is everyone's opinion on the matter? Full public disclosure?

Have you informed the hospital? If they've had a year to sort their poo poo out and still failed to do anything then i'd talk to a lawyer and disclose it.

As a doctor i'd be super interested in seeing that though. Hospital IT is insanely bad. At my hospital no one can connect to the staff wifi so all the consultants connect their laptops to the open guest wifi to send emails about patients to one another.

* # ¿ Mar 4, 2016 16:56
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 23, 2024 15:54
  • Quote
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

 I think open whisper systems have too much to lose to very publicly promote a version of their code that had been backdoored

* # ¿ Apr 17, 2016 19:16
  • Quote
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

spog posted:

PGP on phones has been defeated:

http://www.theguardian.com/uk-news/2016/apr/21/gang-found-guilty-of-uks-largest-known-gun-smuggling-operation


I thought the maths behind PGP was pretty solid, so weaknesses in the software?

I think it Its that messages were encrypted with a key blackberry controlled and that's been compromised

* # ¿ Apr 21, 2016 13:15
  • Quote
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

OSI bean dip posted:

Curious: how do you think the NSA has tampered with them?

I'm sure I saw (maybe it was on numberphile) that the seed they'd suggested allowed them to potentially decrypt things used by it.

* # ¿ Apr 25, 2016 07:03
  • Quote
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

 Anyone used codebook? it's come up as an alternative to 1 password which i was about to spring for in order to have something less DIY then keypass

* # ¿ Jul 27, 2016 18:39
  • Quote
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

Boris Galerkin posted:

What do you guys think about the CIA leaks?

https://www.theregister.co.uk/2017/03/08/cia_exploit_list_in_full/

Quite funny. Especially people going "the intelligence community aren't disclosing every zero day they find :qq:"

* # ¿ Mar 9, 2017 09:05
  • Quote
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

Kassad posted:






I laughed.

lol


also a border guard would 100% just make them enter the password to erase the disk because that's the kind of people they are if you try and obstruct them in any way

* # ¿ Mar 14, 2017 13:29
  • Quote
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

Avenging_Mikon posted:

We don't give out local admin, so the non-techies wouldn't be able to enable it.

Could you install 7zip?

* # ¿ Jun 8, 2017 17:03
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 23, 2024 15:54
  • Quote
Loving Africa Chaps
Dec 3, 2007


We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

apropos man posted:

What does this mean, which is the advice given by WhatsApp when backing up to Google Drive:

"Important: Media and messages you back up are not protected by WhatsApp end-to-end encryption while in Google Drive."

Also found on this page:
https://faq.whatsapp.com/en/android/28000019

Does it mean that WhatsApp are simply no longer in control of the encrypted message archive that Google now holds, or does it mean that Google now has an archive of the messages in plaintext?

EDIT:
---

Messages are backed up in plain text iirc

* # ¿ Jul 1, 2017 11:23
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass