Jon Whitehurst

Paying the Ransomware

September 21, 2016 by Jon Whitehurst Leave a Comment

Paying the Ransomware

I learned today where one bitcoin equals 600 US dollars as of 21-Sep-16. When a ransomware Incident occurs, one of the first few question does come up what will it take to get back into operation? The first I would think is how did it happen? Depending on the impact of the Ransom it was in the case of the Hollywood Presbyterian it was cheaper to pay the 29 bitcoins(in today’s bitcoin value equals 17K in USD) to get back up and running faster. The cost of trying to fix it on your own could have been higher in man and machine hours. In this case patient information was involved and systems were down so it me it made business sense to resolved the incident. The question what can be done to prevent the next Ransomware incident from occurring?

http://www.securitymagazine.com/articles/87431-the-ransomware-dilemma-is-paying-up-a-good-idea

http://hollywoodpresbyterian.com/default/assets/File/20160217%20Memo%20from%20the%20CEO%20v2.pdf

Finally an indicator that you’re on an unsecure site

September 12, 2016 by Jon Whitehurst 5 Comments

Finally an indicator that you’re on an unsecure site.

I was looking for an article that would provide me the most secure browser in today’s market. In my research, I came across this article about warning users that you are not on a secure site and I thought I wished this was implemented a few years ago. This article caught my where chrome will be notifying you that the site you are on is not secure. I ran into a situation a few years ago where I had purchased tickets on a website (small local business) and it was only using http for its logon and purchasing the tickets. It was only after the purchase I had realized that that the site was not secure and had become blind looking at the trusted security certificates. I called the business and it took a few people to get me to the right person and me threating that I would report them to the best business bureau if nothing was done. I took a few days but they were able to provide https and a valid certificate to the site. I only hope this idea catches on with other browsers moving forward.

http://money.cnn.com/2016/09/08/technology/google-chrome-flag-non-secure-sites/

To Antivirus or not to Antivirus

September 5, 2016 by Jon Whitehurst 9 Comments

During the week 1 lecture Professor Mackey made the comment that and I am hoping I am quoting correct, “I do not run antivirus on any of my computers at home”. I am not a fan of antivirus or encryption software because it takes system resources away from the user experience however, this statement caught my attention. No matter what the operating system may be, it can still catch a virus. Granted that the virus has to be tailored to the OS that the user is using which will greatly reduce by the OS that you are using, Microsoft vs. Ubuntu as an example. I have always felt that antivirus is a necessary evil for a system to exist and it’s an insurance policy that catch a certain percentage of viruses and will stop known virus signatures. What I found interesting was that the industry standard is saying that traditional antivirus is dead however it’s still remains useful to a security approach. I would agree from a business and consumer of computer products perspective having antivirus will save hours of headaches. I like Professor Mackey’s home setup where running everything in a VM is a safer approach so not using an antivirus a bonus and we are starting to build this environment for this and other classes. The computer industry has been trending in that direction where we will have dumb terminals to access the internet, maybe I should redesign my home network?

http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/

http://www.networkworld.com/article/2919111/security/traditional-anti-virus-is-dead-long-live-the-new-and-improved-av.html