Posts by Doctor Syntax

Re: Credit where credit's due

"So, not only do law enforcement not know *who* did it, they don't even know *how* they did it."

That doesn't follow. They're just not telling outsiders what they know which is reasonable. This is some external analyst trying to work it out/guessing on the basis of what is public knowledge. Just like the rest of us.

"I would hazard a guess that they have changed a procedure with regards to processing so they can stop payments or withdrawals."

Why would they stop payments? Maybe they had a means of making transfers from one Tesco A/C to another so they were routing payments through one they controlled to an external bank.

elReg, promote Lee to a gold badge for that post.

Re: Enterprise Endpoint Backup

The same questions have to be answered.

Where does the data end up?

How distant is it from the system it's backing up? (A copy of the data sitting next to the server protects against a disk crash, it doesn't protect against a fire.)

How secure is it against unauthorised access?

How quickly can it be brought back to site if needed?

Above all, how often is restoration tested and with what results?

Re: Backup on 'New Technology'

"every so often"

i.e. at least daily.

Re: Let them use 7-Zip

"Just don't ask me to write it down, or it will be one-way encryption."

Me too. Almost my first action after getting my grant cheque is-it-really-that-many years ago was to walk down the Strand to a typewriter shop & spend a whole tenner on a >2nd hand portable. I still have it somewhere but I think it's got woodworm - it has a wooden cover.

Re: What to do, what to do?

"read/write access to the C drive is blocked too"

Screwdriver access.

Re: You are slightly missing the point

And do you harbour such strong feelings against [the French]?

Of course. It's a point of principle. Never heard of Brexit?

Re: You are slightly missing the point

'The college's policy is probably due to a desire for a "one-size-fits-all" approach where esoteric chemistry files are treated the same way as payroll files.'

This is the point. One size does not fit all and trying to lay down the law on the basis that it does it just plain wrong.

Another aspect of this is that if you're going to insist on running the backups for the payroll you whould be able to demonstrate to the payroll management that your claimed backups are actually viable. As I've written in other threads the main requirement of a sysadmin or DBA is paranoia. You'd think that after such an incident the KCL team should be thoroughly paranoid now, even if they weren't before. From what's reported here there's no evidence of that.

Re: You are slightly missing the point

"What about faculty who keep patient information for clinical research?"

Come to that, to what extent was KCH affected by this?

Re: You are slightly missing the point

"Hackers will steal chest X-rays of healthy people to pass screening tests that they might otherwise fail."

Darwin award candidates.

Re: This being an IT site

"Perhaps it is worth noting that we have version 50.0 on FreeBSD as well."

And given a more normal numbering scheme it would probably be somewhere around 6.8.5 on all platforms.

"Difficult to see how that happened without deliberate tampering"

Never attribute to malice that which can be attributed to stupidity.

Re: And?

" Or shut the Swedish issue down so they can kick him out to the Brits who'll then get him on jumping bail"

There may be a few others besides TPTB wanting to jump on him about bail.

Re: Doctor stories

"Bart's have an eyebrow raising selection of objects that have been inserted or otherwise ingested but the most worrisome one is a live anti aircraft munition."

If they still have it and it's still live that really is worrisome.

Re: Gordon Brown started it

The thinking at the time was that it was something the IR had been trying to get through for years. They finally found a Chancellor and/or Paymaster General* daft enough to fall for it. The sad thing is their successors are still falling for it.

*Don't deny Red Dawn her share of blame.

Re: OMFG, usage of the 'singular "they"' - ew

Bollocks. It's a perfectly acceptable and long established usage. It was nuppits who tried to rewrite English grammatical rules based on those of a different language who introduced the idea that it isn't. If thou thinkest it wrong then please explain why the plural version of second person pronoun and verb is now almost invariably used for the singular.

Re: Hmmm

"and they are still coming in but not as quickly now..."

That's probably just the system bogging down and the servers melt and go offline.

Re: Disable Reply to All

It's the sort of situation that requires ritual humiliation.

Back in the days of character terminals we had MOTD set to remind users to log out. Inevitably there were those who didn't so the message got amended with "This includes you, xxxxxx", edited each time we caught an un-logged out user's name. It was effective in a remarkably short space of time although we were eventually asked to remove the last offender's name.

Maybe this is a case for an article in a newsletter explaining how it went wrong initially and then was made many times worse by the following people sending a reply to all....

And no, they can't complain about data protection. They outed themselves themselves.

Re: It's really not rocket science

"As an ex-IT professional I worked on the principle that there are no stupid users, only poor computer systems that don't protect users from their own stupidity."

This is the theory that systems should be made idotproof. Nature abhors an idiotproof system and responds by producing a new, improved idiot.

Re: Leaving security to the end user = no security

"Good luck getting that change approved though!"

Given the increasing levels of damaged being caused I think the pressure for "something must be done" is growing fast. We just need that something to be sufficiently effective. Vendors' stock confiscated. Whole containers of goods held up at the docks or sent back to China because customs discovered a shipment of non-compliant product inside. Complaisant ISPs* not getting routed onto the net. It could all be over in a very short time.

*And countries if necessary.

Re: Leaving security to the end user = no security

"This is difficult and you can't really leave security to the manufacturer either, especially the hundreds of small Chinese outfits that work on thin margins and don't give a toss."

But you can enforce it in the marketplace, UL in the US and CE in Europe, whatever applies elsewhere.

You need to understand that thin margins apply because they're trying to undercut each other because price is a factor in what gets sold. But if they can't get to sell the product without complying with the appropriate regulations then it doesn't matter how cheap they are. If it does cost more to build in some level of security then it's still a level playing field between them - they just compete on thin margins at a slightly higher price.