December 25, 2024 / by 

 

Wednesday Morning: Quelle couleur est-ce?

I think vestigially there’s a synesthete in me, but not like a real one who immediately knows what colour Wednesday is. — A. S. Byatt

A lot of people will ask what day it is today, but few will ask what color.

Ed Walker put up a great post late last evening, one that deserves more oxygen. Do check it out.

Hospital held hostage for millions by ransomware
Hey Hollywood! A hospital in your backyard has been “infected” with ransomware, their enterprise system tied up until administration coughs up $3.6 million.* Didn’t see that coming, huh? Law enforcement is involved, though if they haven’t managed to resolve other smaller ransomware attacks, they won’t solve this before it critically affects patients’ care.

This is a pretty good (if unfortunate) example of business continuity crisis. Remember Y2K and all the hullaballoo about drills and testing for enterprise failure? We still need that kind of effort on a regular basis; how do you run your biz if all electronics go dark, for any reason?

(* US articles say $3.6M; CAN article linked says $5M. Currency difference, or an increase in the demand?)

Google found critical vulnerability in GNU C Library
CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow” Huh? What? If you read Google’s blog post about this yesterday, you were probably scratching your head. Some Googlers struggle with writing in plain English. Here’s what tech news outlets interpreted from that google-degook:

Ars Technica: “Extremely severe bug leaves dizzying number of software and devices vulnerable
BBC: “Glibc: Mega bug may hit thousands of devices
Threatpost: “Critical glibc Vulnerability Puts All Linux Machines at Risk

In a nutshell, if you’re running Linux, patch your systems, stat.

Petroleum’s still a problem

  • Iran’s not going along with Saudi-Russia-OPEC agreement on oil production limits. Iran wants to return to pre-sanction production levels before it makes any concessions.
  • Oil glut and tanked prices creates secondary challenges. Saudi’s youth now have entirely different prospects for employment now that oil cannot guarantee national wealth or careers with good pay. Will this cause political volatility in RSA? Wonder what will happen in smaller oil-producing countries like Venezuela and Ecuador?
  • Weird outliers buck trend: Indian oil producer Chennai had a strong Q3, and First American Bank more than doubled its stake in oil development firm Anadarko. Neither of these stories make sense when oil prices have and are plummeting and show no solid sign of improvement in the next year-plus.

TBTF is still too TBTF
Neel Kashkari, Minneapolis Fed Reserve president, called for the breakup of Too-Big-to-Fail banks yesterday, as they are still a risk to the economy. Didn’t see that coming from a fed president, especially Kashkari.

Biggest tech story today: Judge ordered Apple to help hack San Bernadino gunman’s phone
Apple’s been fighting government pressure on backdoors to its products. The fight intensified after federal judge Sheri Pym ordered Apple to cooperate with the FBI to unlock encryption on a county-owned phone used by San Bernadino gunman Syed Farook. Begs the question why any government agency — local, state, or federal — would ever issue a phone with encryption the government could not crack in the first place. Seems like one answer is a government- and/or business-specific encryption patch to iOS: [IF phone = government-issued, THEN unlock with government-issued key]. Same for business-issued phones. Your own personal phone, not issued by a government agency or business? No key, period.

Phew. That’s enough for a Wednesday. Hope we can coast downhill from here.

Copyright © 2024 emptywheel. All rights reserved.
Originally Posted @ https://emptywheel.net/tag/encryption/page/2/