Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 56

Thread: Baltimore City Government Computers Taken Over by Ransomware Hackers

  1. Top | #11
    Veteran Member
    Join Date
    Oct 2018
    Location
    Colorado
    Posts
    1,040
    Rep Power
    4
    Quote Originally Posted by lpetrich View Post
    I don't see why [being presented with mysterious links] has to be a security hole. I think that good security involves a lot of idiot-proofing.
    ... and that is the problem... that people think this. Do you get in your car, close your eyes, and then jam your foot down on the peddle to find out later where your car took you? If you kill a dozen people doing that, is it "bad car security"? People need to take responsibility for their own actions... like even a little fucking bit.

    Do you know what the "spam email" success rate is (success = they clicked the link you sent them)? It's 1:12. For every 12 people you send ANY email to, one will blindly follow along. You know why there is a spam problem? Because of that 12th person... who, it seems, is this friggin guy.

    Do me a favor, would ya... stop being the sole cause of the biggest problem with computing today by, you know, not being a fucking moron. pretty please with sugar on top (there, I was nice about it).

    Otherwise, the government will need to start regulating computers like guns... you know... they are either perfectly safe to use in any imaginable way, or completely banned.

  2. Top | #12
    the baby-eater
    Join Date
    May 2011
    Location
    Straya
    Posts
    3,662
    Archived
    1,750
    Total Posts
    5,412
    Rep Power
    36
    Quote Originally Posted by Gun Nut View Post
    Quote Originally Posted by lpetrich View Post
    I don't see why [being presented with mysterious links] has to be a security hole. I think that good security involves a lot of idiot-proofing.
    ... and that is the problem... that people think this. Do you get in your car, close your eyes, and then jam your foot down on the peddle to find out later where your car took you? If you kill a dozen people doing that, is it "bad car security"? People need to take responsibility for their own actions... like even a little fucking bit.
    Yes, it is "bad car security". Humans are incurably prone to making mistakes. Fortunately engineers have found a solution--autonomous vehicles--and are in the process of making them.

    Quote Originally Posted by Gun Nut View Post
    Do you know what the "spam email" success rate is (success = they clicked the link you sent them)? It's 1:12. For every 12 people you send ANY email to, one will blindly follow along. You know why there is a spam problem? Because of that 12th person... who, it seems, is this friggin guy.

    Do me a favor, would ya... stop being the sole cause of the biggest problem with computing today by, you know, not being a fucking moron. pretty please with sugar on top (there, I was nice about it).
    Designers and engineers need to make better systems.

    Users are often expected to take on a very large amount of knowledge just to safety use a computer. That's fine if the user base is limited to IT professionals, because computers are their speciality, but it's just plain old stupid to expect everyone else to safely use insecure computers.

    Calling people morons because they make mistakes on badly-designed IT systems. That's moronic.

    Quote Originally Posted by bilby View Post
    The long term answer is decent security - which is still a rarity. Bizarrely, people STILL click links in unsolicited emails. People still tell their passwords to others, once convinced that they are in authority. People still use simple passwords, and re-use them on multiple systems (something that is exacerbated by the counterproductive implementation of short password life, and overly simplistic rules for complexity).

    Governments and NGOs should mandate the use of password managers, rather than requiring staff to remember complex passwords for multiple systems. And staff need to be aware that divulging their passwords to anyone - including the boss, or the IT department, or the state password inspector - is grounds for instant dismissal.
    Username and password authentication is easy for engineers to build, but totally unsuitable for users who aren't up to the task of managing their credentials over the long term and across multiple services.

    Businesses will always have people who will click links in unsolicited emails, because that is just the kind of mistake humans make. It's up to designers and engineers to come up with systems that are better suited to humans.

    Rather than fixing glaring design problems, the IT industry has shifted the burden to users. That's just lazy design for the sake of expediency.

  3. Top | #13
    Veteran Member
    Join Date
    Oct 2018
    Location
    Colorado
    Posts
    1,040
    Rep Power
    4
    Quote Originally Posted by bigfield View Post

    Yes, it is "bad car security". Humans are incurably prone to making mistakes. Fortunately engineers have found a solution--autonomous vehicles--and are in the process of making them.
    So if I run a red light and get someone killed, I can sue the car manufacturer for not having a security system in place on the vehicle to automatically stop it at red lights... ok, got it.

    Quote Originally Posted by Gun Nut View Post
    Do you know what the "spam email" success rate is (success = they clicked the link you sent them)? It's 1:12. For every 12 people you send ANY email to, one will blindly follow along. You know why there is a spam problem? Because of that 12th person... who, it seems, is this friggin guy.

    Do me a favor, would ya... stop being the sole cause of the biggest problem with computing today by, you know, not being a fucking moron. pretty please with sugar on top (there, I was nice about it).
    Designers and engineers need to make better systems.
    yea, that's what they do for a living. mission accomplished. Apparently, though, users do not need to do a "better job" using products... everything must be idiot proof (Because they stopped making better idiots, right)?
    Users are often expected to take on a very large amount of knowledge just to safety use a computer. That's fine if the user base is limited to IT professionals, because computers are their speciality, but it's just plain old stupid to expect everyone else to safely use insecure computers.

    Calling people morons because they make mistakes on badly-designed IT systems. That's moronic.
    I am afraid for your family. Because if someone in a ski mask shows up at your door at 3:00 AM, and you ask who it is, and they say "girlscout cookies", apparently you would just open the door. because door security is there.... it shouldn't open when you tell it to when you "made a mistake" by beleiving the man in the ski mask holding a bloody ax wanted to sell you girlscout cookies... I mean, it's not like you are an expert crime detective! how could you possibly know he was lying. Your family should be made safe by the door manufacturer.

    There are not that many types of cons in spam.. and they are in no way any different at all than they were when they were invented hundreds of years ago...

    The advanced payment scam - Look, knock on the door, letter in the mail, email, text... whatever the communication method, the fact of the matter is that you DID NOT WIN THE FIRST PRIZE IN THE CONTEST YOU DIDN'T ENTER!!!!!! for fucks sake! He is NOT A PRINCE WITH A MILLION DOLLARS FOR YOU.
    That "girl" that "found you on facebook" a) does not want to marry you - they just want your money for that plane ticket they are never buying and b) IT'S NOT A GIRL and HE IS JUST NOT THAT INTO YOU - just your money.
    Lastly, the IRS, Social Security Office, or any other government agency DOES NOT SEND EMAILS ABOUT "SUING YOU"...

    There, those four otherwise totally mysterious pieces of information will now save you from 99% of those oh-so-too-technical problems to solve. Thank god no one showed up in a ski mask at your house before today.

    I have been an investigator into crime for many years... #1 reason that someone clicks a link from an unsolicited email is, "I wanted to see what would happen".
    not, "I really thought there was a million dollars in it for me" Not, "I thought it was the right thing to do"...

    The perception is that they should simply not be help accountable for their actions... "It let me" is all they think about.... and that is the problem, because no technology in the world is going to stop you from going to your bank and wiring money to someone that convinced you to because they ran into you on the street; mailed a letter; made a phone call, texted you, IMed you, messaged you in facebook, or sent an email.

  4. Top | #14
    Veteran Member
    Join Date
    Oct 2018
    Location
    Colorado
    Posts
    1,040
    Rep Power
    4
    Hi BigField. Great talking to you... here are some references about what we were talking about: http://bfy.tw/GCf1 Let me know what you think...

  5. Top | #15
    the baby-eater
    Join Date
    May 2011
    Location
    Straya
    Posts
    3,662
    Archived
    1,750
    Total Posts
    5,412
    Rep Power
    36
    Quote Originally Posted by Gun Nut View Post
    [a bunch of braindead non-sequiturs
    Yeah nah.

  6. Top | #16
    Veteran Member
    Join Date
    Oct 2018
    Location
    Colorado
    Posts
    1,040
    Rep Power
    4
    It's your choice to continue funding terrorism, human trafficking, and money laundering... be that way if you want to... its a free world, even for evil people.

  7. Top | #17
    Administrator lpetrich's Avatar
    Join Date
    Jul 2000
    Location
    Lebanon, OR
    Posts
    5,245
    Archived
    16,829
    Total Posts
    22,074
    Rep Power
    76
    Quote Originally Posted by Gun Nut View Post
    Quote Originally Posted by lpetrich View Post
    I don't see why [being presented with mysterious links] has to be a security hole. I think that good security involves a lot of idiot-proofing.
    ... and that is the problem... that people think this. Do you get in your car, close your eyes, and then jam your foot down on the peddle to find out later where your car took you? If you kill a dozen people doing that, is it "bad car security"? People need to take responsibility for their own actions... like even a little fucking bit.
    An absurd extreme. I'd recommend watching out for phishing and requests for installation of software and other such things, but letting clicking on links be a security hole is a dangerous strategy. Seems to me that Windows has some bad designs in it. OSX is much better. I've set my home computer to its most permissive installation settings, and that amounts to warning me that I'd downloaded something from the Internet and giving me a chance to back out.

    Are safety features evil because they protect people from the consequences of their actions? That's like someone who claimed that lightning rods are bad because they keep God from punishing people for their sins.

    Should roads lack guardrails so that bad drivers can be appropriately punished for their bad driving?

    Preemptive multitasking and protected memory are very common features of operating systems. Are those features bad because they keep software from hogging the system or trampling on other software's memory areas?

  8. Top | #18
    Veteran Member
    Join Date
    Oct 2018
    Location
    Colorado
    Posts
    1,040
    Rep Power
    4
    Quote Originally Posted by lpetrich View Post
    Quote Originally Posted by Gun Nut View Post
    Quote Originally Posted by lpetrich View Post
    I don't see why [being presented with mysterious links] has to be a security hole. I think that good security involves a lot of idiot-proofing.
    ... and that is the problem... that people think this. Do you get in your car, close your eyes, and then jam your foot down on the peddle to find out later where your car took you? If you kill a dozen people doing that, is it "bad car security"? People need to take responsibility for their own actions... like even a little fucking bit.
    An absurd extreme. I'd recommend watching out for phishing and requests for installation of software and other such things, but letting clicking on links be a security hole is a dangerous strategy. Seems to me that Windows has some bad designs in it. OSX is much better. I've set my home computer to its most permissive installation settings, and that amounts to warning me that I'd downloaded something from the Internet and giving me a chance to back out.

    Are safety features evil because they protect people from the consequences of their actions? That's like someone who claimed that lightning rods are bad because they keep God from punishing people for their sins.

    Should roads lack guardrails so that bad drivers can be appropriately punished for their bad driving?

    Preemptive multitasking and protected memory are very common features of operating systems. Are those features bad because they keep software from hogging the system or trampling on other software's memory areas?
    There are three general categories of threat vectors... User exploitation, vulnerability exploitation, and zero-day exploitation.

    The last two are addressed by your software vendor, and as long as you patch your software and operating systems as per vendor recommendations (which usually is a matter of NOT blocking the updates, but simply allowing them by default) you have done everything you can do to be a responsible computer operator. Zero day events are rare and far between... and very impacting to many people. these are exploits of a vulnerability for which no patch or workaround exists. This is the golden gun of the hacker... the weapon with no defense. Vulnerabilities that have been fixed should never ever be exploitable, as long as the users don't stop the vendors from updating their systems with patches.

    The first category (user exploitation) is the real problem... things like phishing spam emails that offer a link that either asks for information (and the information is what they want - like your google password, or online banking password), or attempts to deploy an exploit to a vulnerability they hope you failed to patch (that is, actively stopped from patching, probably).

    bottom line is don't be a fucking idiot, because there is no fix for stupidity. Nothing on your ATM card or within your bank is going to stop someone from taking your money if you go and tell them your PIN and hand them your card. At some point you have to take personal responsibility for your own actions... like stopping at traffic lights, looking both ways before crossing streets, allowing your systems to patch, and not falling for the stupidest attempts to get your information... ANY attempts to steal your information, for that matter.

    If you didn't order a package, don't click the so-called "track your package" link (with a crazy address).
    If you didn't enter a sweepstakes, you didn't win it, so you don't have to wire money to India to collect it.
    If your friend is suddenly writing in broken English and is asking you for money from a "new email address"... maybe that's not really your friend... ya think? maybe pick up the phone and make a call.

    oh ya... and don't eat the daisies either... they are not food.

  9. Top | #19
    Fair dinkum thinkum bilby's Avatar
    Join Date
    Mar 2007
    Location
    The Sunshine State: The one with Crocs, not Gators
    Posts
    20,800
    Archived
    10,477
    Total Posts
    31,277
    Rep Power
    80

  10. Top | #20
    Administrator lpetrich's Avatar
    Join Date
    Jul 2000
    Location
    Lebanon, OR
    Posts
    5,245
    Archived
    16,829
    Total Posts
    22,074
    Rep Power
    76
    That's Social engineering (security) - ways to trick people into revealing passwords and other such info for accessing computer systems. Sometimes being rather threatening, like saying that one's target's account is about to expire or that one's target's account has been broken into and it's necessary to log into it about that.

Similar Threads

  1. New computers - old blu-ray
    By Jimmy Higgins in forum Computers and Technology
    Replies: 14
    Last Post: 07-12-2018, 04:16 PM
  2. Some of the worst thugs are the police, at least in the city of Baltimore
    By southernhybrid in forum Political Discussions
    Replies: 5
    Last Post: 02-07-2018, 08:30 PM
  3. Baltimore Mayor Does Right By Her City
    By Trausti in forum Political Discussions
    Replies: 0
    Last Post: 04-12-2017, 06:16 AM
  4. Russian hackers compromise DNC network
    By Deepak in forum Political Discussions
    Replies: 1
    Last Post: 06-15-2016, 03:36 PM
  5. computers
    By BH in forum Natural Science
    Replies: 13
    Last Post: 08-16-2014, 02:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •