cloud that" isn't inherently good/bad, right/wrong. It just depends on the environment. A small organization will often find it more efficient to shift a lot of these functions to a cloud service instead of trying to staff the whole set of skills to
configure and maintain all that infrastructure.
Up 0 (0 / 0) Down
6331 posts | reg. Jan 12, 2010
OllieJonesSmack-Fu Master, in traininget Subscriptor reply8 minutes ago report ignore user
The cloud email providers now offer robust multifactor authentication and security, and have for a while. The makers of software provide upgrade paths and automatic updates to patch vulnerabilities.

But, do governments use that security? Do campaigns and politicians use it? Nooooo.
Too much trouble. They're too busy to be bothered. They're too important to take the time. Security isn't mission critical. All that stuff.

Even the CIA director had his email (aol email) hacked by a teenager. Some sensitive information was compromised. They prosecuted the teenager, but not the CIA director.

If we could trust the bond-rating agencies (a big IF) we could ask them to downgrade the bond ratings of public institutions unless they get routine security audits / penetration tests / white-hat-hacker work. In fact, the inability to provide services
due to various DOS attacks (like ransomware) is a problem that deserves lower bond ratings.

In the private business where I work, our customers demand to see the results of our security audits. Why shouldn't citizens demand to see the security audits of their governments?

There has to be a way to get government people to change.

Or, we should just let hostile state actors and other cybercreeps pwn our governments, and grin and bear it.

It's really sad that Baltimore, a city that's struggled for decades, has to be the victim of this stuff. It the victim were Greenwich CT or Palo Alto CA, we'd see some action.
Last edited by OllieJones on Mon May 20, 2019 2:39 pm

Up 0 (0 / 0) Down
68 posts | reg. Oct 11, 2014
SplatMan_DKArs Praefectuset Subscriptor reply5 minutes ago report ignore user Ishkabibbel wrote:
show nested quotes
























Fair enough, but I still don't necessarily agree that not paying and pulling your life back together by the boostraps is a slam dunk decision. In essence you're risking money (potentially a lot) that they will unlock your files, versus the 0% chance that
they'll unlock your files if you don't pay. In the case of the city of Baltimore, I'd argue $70,000 isn't much to risk.

As mentioned in post above: The transaction you propose does not exist in a vacuum. There are moral implications to consider, because the money will have a massive effect "somewhere on the planet", and I can pretty much guarantee you it's not going to be
a philanthropic endeavor.

Or, in the words of an unnamed Gunnery Chief in Mass Effect 2: "you're ruining someone's day somewhere and sometime"1. ;-)
show embeds | Up +1 (+1 / 0) Down
3883 posts | reg. Sep 5, 2007
Auguste_FivazSmack-Fu Master, in traininget Subscriptor reply3 minutes ago report ignore user
Where I worked, we had 400+ employees and about 30 IT people who managed some contracted services (email, servers, networks) and it worked pretty well. I was on the IT side.
There was one woman assigned to disaster preparedness and she was good but the business treated her poorly, considered her an intruder in discussions and discounted her "doomsday" scenarios as fiction.
So, we IT folks worked with her, helped her flesh out the plans, and we pretty much went about it without the business' input. Not optimal but it seems DP is always the pariah for those who haven't the time or inclination to think practically. Even after
a major outage, the memory seems to vanish before the next round of budgeting. Humans ... can't live with 'em ...
Up 0 (0 / 0) Down
94 posts | reg. May 2, 2012
Puke FlyswatterArs Legatus Legionis replyless than a minute ago report ignore user
Auguste_Fivaz wrote:
Where I worked, we had 400+ employees and about 30 IT people who managed some contracted services (email, servers, networks) and it worked pretty well. I was on the IT side.
There was one woman assigned to disaster preparedness and she was good but the business treated her poorly, considered her an intruder in discussions and discounted her "doomsday" scenarios as fiction.
So, we IT folks worked with her, helped her flesh out the plans, and we pretty much went about it without the business' input. Not optimal but it seems DP is always the pariah for those who haven't the time or inclination to think practically. Even after
a major outage, the memory seems to vanish before the next round of budgeting. Humans ... can't live with 'em ...


I'm helping stand up a DR site with about 150 PC's for a, well, ginormous financial company.

$1.2M for marble from ceiling to floor of the trade room? Go for it!

$600k for DR hardware? *wrings hands*
Up 0 (0 / 0) Down
12907 posts | reg. Oct 14, 1999
plateshutoverlockArs Centurion editless than a minute ago
Seraphiel wrote:
Puke Flyswatter wrote:
And there IS a guarantee that every time we pay the fucking ransom, it ensure more ransom demands will be made, because if fucking works.

I'd rather flush a billion dollars down a toilet, than give it to ransomers, scammers, and their ilk.

For a billion dollars you could probably fund a well-qualified squad of assassins to solve the problem and keep it solved.

This would be an amusing movie plot; it could even educate people that the jerk scam-calling them is essentially just a call-center employee desperate for work, not necessarily the brains behind the operation.


Or stick the little wimps in an American maximum security prison. Bubba and his gang will be using their bodies as cheap replacements for expensive paper towels and mops.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)