* Posts by T 7

6 posts • joined 7 Sep 2018

A cautionary, Thames Watery tale on how not to look phishy: 'Click here to re-register!'

T 7

Phishy fishy FISH

I get regular emails to my nhs.uk account asking me to open the attached encrypted html file. They are genuine, from ESR, the electronic staff record people. The thing is, no matter how hard they scratch their heads, peeps cannot work out how wannacry got into the system and why people felt safe to click such emails.

If the good guys continue to engage in bad guy practice, the end user won't know which emails to trust and which not to. And I have reported at least 2 unsavoury emails to Trust IT departments that were truly bad.

That was some of the best flying I've seen to date, right up to the part where you got hacked

T 7

God forbid the pilot was female. "Basically, we're trying to give the pilot the information about what's happening internally on his aircraft in real time,"

Hacking these medical pumps is as easy as copying a booby-trapped file over the network

T 7

Re: Connectivity ?

Maybe so on a general ward, but a very different picture on intensive care. There is a lot of data collected into ICU electronic records and I have no problem with that being done electronically. But the system should be designed from the perspective of a bad actor, not left wide open for updates over the network.

Alarm / alert fatigue is a massive issue in hospitals. One case I am aware of involved 27 people clicking through an alert about a critical missing medication.

Central notification is not all bad. ICU nursing is 1 nurse: 1 patient. But sometimes they need to help each other out with rolling patients or dealing with a deteriorating patient or checking drugs. Having alarms centrally monitored as well gives a degree of redundancy that is entirely appropriate.

It is 2018 and the NHS is still counting the cost of WannaCry. Carry the 2, + aftermath... um... £92m

T 7

Ah yes. NHS IT. Every April I get sent a 'secure message' from an external email address that asks me to open the html attachment to read the message. The thing is, it's genuine. So our IT department says - sure go ahead. Then we wonder why people open html attachments and spread malware.

<facepalm />

I want to buy a coffee with an app – how hard can it be?

T 7

I really hope you never have to use NHS IT. I mean, it's not like lives depend on it.

HTTPS crypto-shame: TV Licensing website pulled offline

T 7

The same happened with my flat managing company (Warwick Estates since you weren't asking). They were using zendesk chat and had hardcoded "http://" meaning all chat was unencrypted. They had no idea what I was talking about and it was only when I went to zendesk and got them to confirm it, they actually changed it.

Similarly, NHS jobs, until 2 weeks ago, was doing passwords and logins in the clear.

Last year I found the same with credit card details for bookatable. Again, hardcoded 'http://' on a 'back' button.

I am not even an IT professional. This kind of stuff is everywhere.

Naturalky no one has ever thanked me. But I'm not in this for the praise.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019