When I was in college, the required textbooks for (for example) my physics classes were next to useless. On the other hand, I went ot the library and pulled out some 1950-1970 textbooks and learned a hell of a lot more. Why? It wasn't as distracting! And they didn't tone down the language to a 4th grade level!
Come now. Create a virus that releases its payload when a G-protein receptor is triggered, and that G-protein receptor is sensitive to, say, estrogen, but not THAT sensitive. People with a small amount of estrogen (i.e., men) will be subclinical. People with a large amount of estrogen (i.e., women) will result in the entire payload going off.
Recently, the British version of the American Medical Association (AMA) recommended that Doctors stop wearing ties and those spiffy white lab coats.
They said that since guys rarely wash their ties, they end up carrying around bugs, ditto for labcoats. The article I read specifically mentioned MRSA*, which is one of the 6 "scary" bugs TFA mentions.
I told this to my doctor and they said that the white lab coats is a:major: image thing and that patients respond much more favorably to it than normal clothes.
Ties definately, for just the reason you mentioned. They hang and scrape surfaces, brush against patients, and are rarely washed. As for lab coats, I also agree. The key there is to wash the things at least every couple of days.
I have been sorely tempted, as many friends have suggested, to simply start taking reservations, or call the people back and tell them the business is closed. I haven't, because the reservation part would require me to take their credit card #'s, and I'm not going there. (I can see the lawsuits from that stunt being brutal.) And the whole "We're closed of renovations" and the like just doesn't work for me.
"I'm sorry, but we're currently closed for rennovations. (insert CEO/manager/whatever's name here) overflowed the toilet again and when we came in this morning he was passed out drunk on the dining tables again, and there was a huge log floating through one of the guest rooms."
In other news, drug dealers are up in arms after a police show depicted a murder of one of their small screen counterparts on this week's episode of "24."
First off, I believe all of the examples you've listed.
Secondly, save some of the blame for hospital administration. A friend of mine works in health care MIS, and he's rapidly working on getting out of the field due to organizations in our area trying to go strictly to contractors. The people these contractors are hiring aren't qualified to fix a Z80 based PacMan machine a Chuck E Cheese let alone maintain a network that is anywhere near mission critical.. and in my unschooled (as in health care, not IT) eyes a hospital is about a mission critical as it gets. Senior techs are getting about twelve bucks an hour. System administrators fifteen to seventeen an hour. Where I come from if you can honestly put "fluent" in a sentence with "AIX" and "SQL" on a resume you're not going to work for those wages.
Oh, I agree 100% with you. Hospital administration is quite often clueless about much of anything even (surprise) medicine. The hospital I worked out with the huge, honking SQL vulnerability was more concerned about cutting costs and figuring out more ways to screw the employees and patients out of money than doing much of anything, including providing quality healthcare. One reason I'm no longer affiliated with those jackasses.
"While it may be difficult to deal with the inherent instability often present in Windows-based system..."
And just where did the parent say his medical records access was dependent on unstable Windows-based systems? Your suggestion about the firewall was a good one, but as a whole would have been better off without the Windows-bashing rhetoric.
I understand what you're saying. However, it's really implied that the hospital in question was dependent on Windows. How much adware out there runs on UNIX?
Advanced life support system may need to be on the network to send signals. But what about the EKG machine? The intravenous drip? These things should not be dependant on computers yet I know from a friend who works in a hospital that IVs have small computers on them to regulate the flow. I hope to god they are a safely restricted from internet access.
Yes and no. These things are all dependent on computers. The EKG machine and the IV pump, depending on how you're defining "dependent on computers," are legitimately dependent on them. The catch is that there is no reason whatsoever that either of these be accessible to the Internet, or to a single Windows machine. (IV pumps don't need to be accessible period. The EKG system needs to be accessible, but only to a machine that does not touch the Internet.)
To my knowledge, there is no IV pump out there which allows you to modify the flow remotely. They all require actual interaction at the panel. Now, I'm sure some fuckwit is out there trying to design this, and I hope he's shot. In the head. At point-blank range. Twice.
At the hospital I work at, there are any number of reasons why a computer might be connected to the Internet. Perhaps someone might wish to visit the site of the CDC to get up to date information on some disease or other. Maybe the hospital offers training services via a third-party web site. Of course, they don't have full-blown access to the Internet, but they are connected for various legitimate reasons.
Absolutely. I think the problem is more that the IT guys in the hospitals have very little clue about...well, anything related to IT.
For example, why does that machine have to run Windows? (And if it does, great, but keep the damned thing updated!) Would it not be just as easy, and definately cheaper, to install Linux on the thing, Gnome, Firefox, and sync the thing to an LDAP server?
At the hospital I'm currently at, the IT weenies won't allow me to connect my laptop to the Internet. Now, I don't blame them. The catch, however, is that I gave them explicit instructions on how to isolate my laptop so that it can ONLY talk to ONE machine outside, which is the office machine it's going to VPN to, and can talk to NOTHING ELSE. The instructions were so simple that a child could understand them. They didn't even read the things. I could even respect that, except for this: Call up the IT department, tell them you've lost your EMR password, and they'll reset it for you on the phone, with no identifying information required.
Considering that the various entry points need to communicate back to the central server... and there's already all this cat5 cable run for the network...
Some "genius" decides to save money (always a good plan) and use the existing cable system to enable communication between the entry points and the security computer.
You can laugh all you want, but my boss right now would take the savings and rely upon me to make sure that everything else was fully patched, anti-virused, locked down, etc.
After all, I'm salaried and hardware / cable installation costs real money.
The sad part about it is that even that isn't an excuse. What I'm about to suggest is far from perfect, but eliminates most of the attacks from dime-store techno-weenies.
You have one cable. That cable is going to run between the keycard entry system, the monitor bank, the EMR system, and Windows machines which are chilling out, vulnerable as all hell, and generally being bad citizens. So you assign 10.1.1.0/24 to the keycard system. You assign 10.1.2.0/24 to the EMR system. You assign 10.1.3.0/24 to the monitor bank. You assign 10.1.4.0/24 to the Winblows boxes. You buy a $300 machine from Best Buy, say and AMD 3200+, and install Linux on it. Run the damned thing into a switch. Have the Linux machine only route data appropriately. In other words, it is going to sectoin the subnets.
Now, you're still vulnerable to various attacks. I wouldn't suggest otherwise. Some ARP attacks come to mind. But this eliminates 99% of the attacks out there. Even if the Windows machines are infected all to hell, the Linux machine won't route 10.1.4.0/24 to 10.1.1.0/24, 10.1.2.0/24, or 10.1.3.0/24.
My experience with most doctors is if you take away WebMD and PDR.net from a doctor and you got a very insecure individual. Seriously though, if it's a large hospital with multiple campuses (or even not) the EMR will probably require internet access. Anything critical such as monitoring patient's equiptment etc is done over RF or rarely a seperate isolated network.
Agreed. But the way this should be engineered is similar to how I've engineered my home network and office network.
All the networks connect to the Internet. All of them are incoming firewalled against everything except what I explicitly want. (A deny-default model.) My router NATs to the other machines on my home network. My WiFi connection is over a VPN. Any communication between the computers that touches the Internet or WiFi is VPNed. One off site system which acts as a router to a bunch of Windows terminals, a backup system, distributed computing system, and fallback server, will not accept ANY connections, and, at most, will merely route NATed traffic to the Windows machines so that they can use the Internet.
As a result, I'm not worried about someone evesdropping on my WiFi traffic, intercepting my traffic when I connect using my laptop from offsite, or anyone getting in at all really. The only access to the network on the incoming side is by OpenVPN and one machine which is running a chrooted SMTP server. The "secure" machines are unable to initiate connections outside except what I've explicitly allowed.
So I'm not quaking in fear that someone is going to go hack my box. Incidentally, a security condition is that no Windows are on my network unless I have no choice, and if they are, they can ONLY talk to the Internet and back out; not to any of the internal machines.
Now, why do I say all this? Because I'm a doctor, not an IT guy. The IT guys look at me like I'm some twit who just fell off the turnip truck. Maybe I did, but I sure as hell didn't hit my head in the process. Passwordless fallback servers, Windows machines which if infected act as a terrific bridge between the (insecure) fallback servers, EMR system, and the Internet, etc. It makes me want to barf.
Oh, and why don't I say anything? I'll get blown off at best. At worst, I'll have some DeVry dipshit claim I "hacked the network." It's a sad, sad state of affairs.
Because all software patches must be validated through an FDA audit procedure. You can't just go patch a computer that someone's life depends on. This case makes this procedure look funny, but you can't just put any software on medical equipment. I'm sure most people are aware of the case of the Therac-25. http://courses.cs.vt.edu/~cs3604/lib/Therac_25/The rac_1.html
I'm not sure what the real solution is, but I am sure who the criminal is. If the students didn't release malicious software, that network would still be up.
Which is true, no doubt. However, we're to a certain extent talking apples and oranges here.
The FDA approval procedure applies to something like a cardiac monitoring system. These systems, incidentally, have no reason to be connected to the Internet in any form, or to any other machine that isn't explicitly part of that network. In other words, they should talk to the monitors, and the physician analysis station (usually a SUN box) which is hooked up to it.
What these twits apparently did was hook their Windows machines into the network, make it accessible to the Internet, and made vulnerable everything including their keycard access system. That is stupid in so many ways, that it boggles the mind. There should have been two separate networks, and the monitors should have been isolated. Now this is the tricky part: If it wasn't the monitors that were hosed, then I can't think of a way any sane, rational person who knows how ICUs are typically run can think that the computer failure endangered lives.
What they should have done was something like this: One network to handle the monitors. One network to handle the medical records. One network to handle day-to-day activities like browsing UpToDate or MEDLINE, or word processing -- and that could run Linux and OpenOffice firewalled out the ass, and in the darkness bind them. In other words, the network engineers should have used a bit of sense here. If you need "bridge" systems which can access the Internet and the internal hospital systems, then for God's sake don't run a notoriously insecure and highly targetted OS.
I'm a physician and have worked in around seven hospitals, six ICUs, two pediatric ICUs, and one neonatal intensive care unit, among all the wards, clinics, and other random mechanisms of healthcare delivery. I can honestly say that the IT guys are damn, fucking, scarily incompetent. Some examples:
One hospital, a major level 1 trauma center, has a medical record system that's almost entirely on computer. It actually works pretty well. The application runs under X11, and bounces off a server program which is basically a middle-end to some SQL database software. So instead of going out and buying some PCs, installing Linux or BSD on them, and running their app, they splurge and spend much more for these IBM workstations. Again, no big deal. Then, because they're worried about fires, etc., they have several fallback servers which are basically mirrored copies of the database clustered around the hospital. I was bored one night in the E.R., where one of these fallover servers is, and got sick of an AIX login prompt staring at me. "login: root" "password: " Boom. Root prompt. (And am I going to report this? HELL NO. "Hey, that doctor hacked the network! REPORT HIM TO THE STATE! AIEEEEE!")
This same place at least did something sane. They have a bunch of Winblows machines running on their major network. They subnetted the AIX machines such that they can't access the Internet, and can only access the health information systems. The problem, however, is since now they had a bunch of Windows machines around that nobody ever used, they installed some kind of X11 server, and opened the network to these machines. So the AIX machines can't talk to the Internet. However, the Windows machines -- the one which are most likely to get infected with something -- can talk to the Internet and the medical records network with impunity. Oops.
Another hospital installed a software package which was a IBM DB2 frontend of some sort, written in ncurses. It left some things to be desired, but worked okay once you got used to it. (I prefer CLIs, damn it!) For various reasons, there were mechanisms to directly access the SQL database -- free of auditing, access restriction, or anything else -- from within the CLI, provided that you had a database login and password. Normally what happened is that the client program had the DB login and password locked away somewhere, and merely "authorized" you to use it. So one day I hit the wrong button and accidentally tell it I want straight SQL access. This system used a period to indicate "Oops. No, um, take me back." So I hit a period. "Password: " Uh. Period. I GET SOMETHING SAYING MY PASSWORD HAS EXPIRED AND I MUST RESET IT! Since it won't let me out otherwise, I set it to "12345" and get the hell out.
Two years later when I left that hospital, I checked on my last day. The password still worked.
The point is that hospitals are run by the same kind of incompetent Devry dingbats that corporate America is. It's just that they don't know it. So I'm not surprised that this hospital's network setup was so bad that this kid managed to pull this off.
I also think the kid is a supreme idiot, and given exactly what he did, I'd like to beat him with a crowbar.
I've asked the same question. It's an intuitive solution. The problem is that HIV infects all cells which express the CD4 receptor, which includes glial cells in the central nervous system, among others. If this wasn't the case, you could induce aplastic anemia and use a bone marrow transplant.
I recently did some contract work for a local business conglomerate. Not a big one by any means, but it does business in the seven figure per year range. The object was to set them up with high speed DSL access, and allow them to access their files from other sites in the network I was setting up. Not too interesting as things go.
Previously, they'd been using AOL dialup and some other dialup ISP. So I go get the DSL set up, plug a Linux box in as the network router so I can easily VPN the different sites, et cetera. Then it comes time to do the file thing.
I was actually (somewhat) surprised when I sat at home, VPNed to the router (since the router now firewalls the network), ran Samba, and was able to get full, unrestricted access to every Windows machine on their network. Bank account numbers, SSNs of employees, transactions, and all sorts of confidential stuff, including some medical records. This was accessible to the net every time they connected via dialup, and had been for years.
Let's say that Joe Hacker got a job at Microsoft back in 1991, or 92, or 93... He coded up an obscure backdoor that allowed him to run arbitrary code. He inserted it into some seldom-used code, in a function that isn't legitimately used but looks legitimate. Because the function shouldn't even be there in the first place, nobody went in to repair any bugs in it, because none showed up; the function is never legitimately called. Because the entire package is seldom used and obscure, there wasn't going to be a lot of oversight over the entire thing in the first place.
So he does this, it works, it stays in, and for the last fifteen years some bozo has had the ability to do anything he wants on 90% of the computers in the world. That would undeniably make this the greatest single hack of all time.
Under clinton, we were holding a cracker who had all of his info encrypted. The FBI was incapable of decrypting it (they did not have access to other tech. via the patriot act). So they simply held him without a trial, and no access to the outside world (but did have a lawyer).
There's a huge, obvious hole in this kind of thinking by the government. Even people who are truly innocent may have reason to be able to blow data to hell if they think they're being followed, or under any kind of threat.
I know a guy who is a law-abiding, honorable U.S. citizen. This guy doesn't have so much as a traffic ticket on his record. He's engaged in some biological research that's pretty heavy along the lines of what coders would refer to as "run-time DNA modification," etc. Along with this is a bunch of HIPAA protected patient data, and all sorts of other stuff that I'm sure I don't know about. He has a bit of a paranoid streak, which was made worse after the world went to shit after 9/11.
As part of being a responsible guy, he encrypts everything. Most of us do this anyway. The passphrase decrypts a file on a USB key that he keeps on him. That file then has a number of keys on it, some of which have backups elsewhere, and some of which don't. He plugs the USB key in, types however many passphrases he needs to, decrypts the key, and then that key is used to decrypt the actual data. The idea is that he can torch the USB drive and data that he wants to be forever gone is toast. Like I said, some of the keys are backed up, but some aren't. He told us about this so that if someting happens to him, we know where to get the keys, and don't waste our time trying to find keys to the few voluems for which they no longer exist.
So here we have a situation where a guy can be scared by the surveillence of the government because they inaccurately suspect him of doing something else. He torches the key. They catch him and want the data. He can show them backup keys to some of it, but not all of it. The government then gets him for obstruction of justice, and holds him for data that he physically can't produce.
By the way, this kind of security mechanism isn't unusual in my experience among people in the biological sciences communitty, because many of them are very, very concerned about how their data could be used. I do the same kind of thing, though not quite this paranoid. I guess the government would prefer that they get bagged in a bar one night and Al Qaeda get the background research they've been doing on the next bird flu or even more virulent Ebola strain.
About three years ago, I went up to Maine for business. I had some time to kill, so I went through Kidybunkport(sp), where the compound of Bush the Elder is. "This is cool," I thought, so I snapped a few pictures. I even called someone on the phone with a "You won't believe where I am now" kind of thing.
About ten seconds into the call, the cell goes out. I call back. It takes a little longer to connect than I'm used to, but I don't think anything of it. About twenty seconds into that call, the cell goes out. I look up and there's this dude (presumably Secret Service) hanging in a window watching me like a hawk...with a parabolic dish.
Slashdot Mirror
When I was in college, the required textbooks for (for example) my physics classes were next to useless. On the other hand, I went ot the library and pulled out some 1950-1970 textbooks and learned a hell of a lot more. Why? It wasn't as distracting! And they didn't tone down the language to a 4th grade level!
Come now. Create a virus that releases its payload when a G-protein receptor is triggered, and that G-protein receptor is sensitive to, say, estrogen, but not THAT sensitive. People with a small amount of estrogen (i.e., men) will be subclinical. People with a large amount of estrogen (i.e., women) will result in the entire payload going off.
You're a day early, guys. When feminists attack, next on Slashdot.
Damn. Those boards can compile _US._
"I'm sorry, but we're currently closed for rennovations. (insert CEO/manager/whatever's name here) overflowed the toilet again and when we came in this morning he was passed out drunk on the dining tables again, and there was a huge log floating through one of the guest rooms."
In other news, drug dealers are up in arms after a police show depicted a murder of one of their small screen counterparts on this week's episode of "24."
To my knowledge, there is no IV pump out there which allows you to modify the flow remotely. They all require actual interaction at the panel. Now, I'm sure some fuckwit is out there trying to design this, and I hope he's shot. In the head. At point-blank range. Twice.
Absolutely. I think the problem is more that the IT guys in the hospitals have very little clue about...well, anything related to IT.
For example, why does that machine have to run Windows? (And if it does, great, but keep the damned thing updated!) Would it not be just as easy, and definately cheaper, to install Linux on the thing, Gnome, Firefox, and sync the thing to an LDAP server?
At the hospital I'm currently at, the IT weenies won't allow me to connect my laptop to the Internet. Now, I don't blame them. The catch, however, is that I gave them explicit instructions on how to isolate my laptop so that it can ONLY talk to ONE machine outside, which is the office machine it's going to VPN to, and can talk to NOTHING ELSE. The instructions were so simple that a child could understand them. They didn't even read the things. I could even respect that, except for this: Call up the IT department, tell them you've lost your EMR password, and they'll reset it for you on the phone, with no identifying information required.
Uh...
The sad part about it is that even that isn't an excuse. What I'm about to suggest is far from perfect, but eliminates most of the attacks from dime-store techno-weenies.
You have one cable. That cable is going to run between the keycard entry system, the monitor bank, the EMR system, and Windows machines which are chilling out, vulnerable as all hell, and generally being bad citizens. So you assign 10.1.1.0/24 to the keycard system. You assign 10.1.2.0/24 to the EMR system. You assign 10.1.3.0/24 to the monitor bank. You assign 10.1.4.0/24 to the Winblows boxes. You buy a $300 machine from Best Buy, say and AMD 3200+, and install Linux on it. Run the damned thing into a switch. Have the Linux machine only route data appropriately. In other words, it is going to sectoin the subnets.
Now, you're still vulnerable to various attacks. I wouldn't suggest otherwise. Some ARP attacks come to mind. But this eliminates 99% of the attacks out there. Even if the Windows machines are infected all to hell, the Linux machine won't route 10.1.4.0/24 to 10.1.1.0/24, 10.1.2.0/24, or 10.1.3.0/24.
Agreed. But the way this should be engineered is similar to how I've engineered my home network and office network.
All the networks connect to the Internet. All of them are incoming firewalled against everything except what I explicitly want. (A deny-default model.) My router NATs to the other machines on my home network. My WiFi connection is over a VPN. Any communication between the computers that touches the Internet or WiFi is VPNed. One off site system which acts as a router to a bunch of Windows terminals, a backup system, distributed computing system, and fallback server, will not accept ANY connections, and, at most, will merely route NATed traffic to the Windows machines so that they can use the Internet.
As a result, I'm not worried about someone evesdropping on my WiFi traffic, intercepting my traffic when I connect using my laptop from offsite, or anyone getting in at all really. The only access to the network on the incoming side is by OpenVPN and one machine which is running a chrooted SMTP server. The "secure" machines are unable to initiate connections outside except what I've explicitly allowed.
So I'm not quaking in fear that someone is going to go hack my box. Incidentally, a security condition is that no Windows are on my network unless I have no choice, and if they are, they can ONLY talk to the Internet and back out; not to any of the internal machines.
Now, why do I say all this? Because I'm a doctor, not an IT guy. The IT guys look at me like I'm some twit who just fell off the turnip truck. Maybe I did, but I sure as hell didn't hit my head in the process. Passwordless fallback servers, Windows machines which if infected act as a terrific bridge between the (insecure) fallback servers, EMR system, and the Internet, etc. It makes me want to barf.
Oh, and why don't I say anything? I'll get blown off at best. At worst, I'll have some DeVry dipshit claim I "hacked the network." It's a sad, sad state of affairs.
And yes, this thread pushed some of my buttons.
Which is true, no doubt. However, we're to a certain extent talking apples and oranges here.
The FDA approval procedure applies to something like a cardiac monitoring system. These systems, incidentally, have no reason to be connected to the Internet in any form, or to any other machine that isn't explicitly part of that network. In other words, they should talk to the monitors, and the physician analysis station (usually a SUN box) which is hooked up to it.
What these twits apparently did was hook their Windows machines into the network, make it accessible to the Internet, and made vulnerable everything including their keycard access system. That is stupid in so many ways, that it boggles the mind. There should have been two separate networks, and the monitors should have been isolated. Now this is the tricky part: If it wasn't the monitors that were hosed, then I can't think of a way any sane, rational person who knows how ICUs are typically run can think that the computer failure endangered lives.
What they should have done was something like this: One network to handle the monitors. One network to handle the medical records. One network to handle day-to-day activities like browsing UpToDate or MEDLINE, or word processing -- and that could run Linux and OpenOffice firewalled out the ass, and in the darkness bind them. In other words, the network engineers should have used a bit of sense here. If you need "bridge" systems which can access the Internet and the internal hospital systems, then for God's sake don't run a notoriously insecure and highly targetted OS.
One hospital, a major level 1 trauma center, has a medical record system that's almost entirely on computer. It actually works pretty well. The application runs under X11, and bounces off a server program which is basically a middle-end to some SQL database software. So instead of going out and buying some PCs, installing Linux or BSD on them, and running their app, they splurge and spend much more for these IBM workstations. Again, no big deal. Then, because they're worried about fires, etc., they have several fallback servers which are basically mirrored copies of the database clustered around the hospital. I was bored one night in the E.R., where one of these fallover servers is, and got sick of an AIX login prompt staring at me. "login: root" "password: " Boom. Root prompt. (And am I going to report this? HELL NO. "Hey, that doctor hacked the network! REPORT HIM TO THE STATE! AIEEEEE!")
This same place at least did something sane. They have a bunch of Winblows machines running on their major network. They subnetted the AIX machines such that they can't access the Internet, and can only access the health information systems. The problem, however, is since now they had a bunch of Windows machines around that nobody ever used, they installed some kind of X11 server, and opened the network to these machines. So the AIX machines can't talk to the Internet. However, the Windows machines -- the one which are most likely to get infected with something -- can talk to the Internet and the medical records network with impunity. Oops.
Another hospital installed a software package which was a IBM DB2 frontend of some sort, written in ncurses. It left some things to be desired, but worked okay once you got used to it. (I prefer CLIs, damn it!) For various reasons, there were mechanisms to directly access the SQL database -- free of auditing, access restriction, or anything else -- from within the CLI, provided that you had a database login and password. Normally what happened is that the client program had the DB login and password locked away somewhere, and merely "authorized" you to use it. So one day I hit the wrong button and accidentally tell it I want straight SQL access. This system used a period to indicate "Oops. No, um, take me back." So I hit a period. "Password: " Uh. Period. I GET SOMETHING SAYING MY PASSWORD HAS EXPIRED AND I MUST RESET IT! Since it won't let me out otherwise, I set it to "12345" and get the hell out.
Two years later when I left that hospital, I checked on my last day. The password still worked.
The point is that hospitals are run by the same kind of incompetent Devry dingbats that corporate America is. It's just that they don't know it. So I'm not surprised that this hospital's network setup was so bad that this kid managed to pull this off.
I also think the kid is a supreme idiot, and given exactly what he did, I'd like to beat him with a crowbar.
Of course, since Medline doesn't have a single reference on these revolutionary compounds called Ceragenins, I call bullshit on this one.
I've asked the same question. It's an intuitive solution. The problem is that HIV infects all cells which express the CD4 receptor, which includes glial cells in the central nervous system, among others. If this wasn't the case, you could induce aplastic anemia and use a bone marrow transplant.
Previously, they'd been using AOL dialup and some other dialup ISP. So I go get the DSL set up, plug a Linux box in as the network router so I can easily VPN the different sites, et cetera. Then it comes time to do the file thing.
I was actually (somewhat) surprised when I sat at home, VPNed to the router (since the router now firewalls the network), ran Samba, and was able to get full, unrestricted access to every Windows machine on their network. Bank account numbers, SSNs of employees, transactions, and all sorts of confidential stuff, including some medical records. This was accessible to the net every time they connected via dialup, and had been for years.
Welcome to Windows.
Yeah, because they copied the libraries over en masse because Microsoft wouldn't release the code.
Let's say that Joe Hacker got a job at Microsoft back in 1991, or 92, or 93... He coded up an obscure backdoor that allowed him to run arbitrary code. He inserted it into some seldom-used code, in a function that isn't legitimately used but looks legitimate. Because the function shouldn't even be there in the first place, nobody went in to repair any bugs in it, because none showed up; the function is never legitimately called. Because the entire package is seldom used and obscure, there wasn't going to be a lot of oversight over the entire thing in the first place.
So he does this, it works, it stays in, and for the last fifteen years some bozo has had the ability to do anything he wants on 90% of the computers in the world. That would undeniably make this the greatest single hack of all time.
Yay closed source!
Of course, they didn't bother to write a program to create a TrueCrypt volume under Linux, so for right now this program is utterly useless.
I know a guy who is a law-abiding, honorable U.S. citizen. This guy doesn't have so much as a traffic ticket on his record. He's engaged in some biological research that's pretty heavy along the lines of what coders would refer to as "run-time DNA modification," etc. Along with this is a bunch of HIPAA protected patient data, and all sorts of other stuff that I'm sure I don't know about. He has a bit of a paranoid streak, which was made worse after the world went to shit after 9/11.
As part of being a responsible guy, he encrypts everything. Most of us do this anyway. The passphrase decrypts a file on a USB key that he keeps on him. That file then has a number of keys on it, some of which have backups elsewhere, and some of which don't. He plugs the USB key in, types however many passphrases he needs to, decrypts the key, and then that key is used to decrypt the actual data. The idea is that he can torch the USB drive and data that he wants to be forever gone is toast. Like I said, some of the keys are backed up, but some aren't. He told us about this so that if someting happens to him, we know where to get the keys, and don't waste our time trying to find keys to the few voluems for which they no longer exist.
So here we have a situation where a guy can be scared by the surveillence of the government because they inaccurately suspect him of doing something else. He torches the key. They catch him and want the data. He can show them backup keys to some of it, but not all of it. The government then gets him for obstruction of justice, and holds him for data that he physically can't produce.
By the way, this kind of security mechanism isn't unusual in my experience among people in the biological sciences communitty, because many of them are very, very concerned about how their data could be used. I do the same kind of thing, though not quite this paranoid. I guess the government would prefer that they get bagged in a bar one night and Al Qaeda get the background research they've been doing on the next bird flu or even more virulent Ebola strain.
Viva la freedom. Go U.S.!
My God, that's the worst translation of an article providing next to no information I've ever seen.
About ten seconds into the call, the cell goes out. I call back. It takes a little longer to connect than I'm used to, but I don't think anything of it. About twenty seconds into that call, the cell goes out. I look up and there's this dude (presumably Secret Service) hanging in a window watching me like a hawk...with a parabolic dish.
Needless to say, I left. Quick.
Never underestimate peoples' paranoia.