Monday, November 23, 2015

Do the Amazon 2-Step... Now!

   It's not a new song or a new dance...  Amazon has just announced 2-step, aka 2-factor or multi-factor, authentication for online logins!  It's overdue but I'm glad it's here.

   We've talked about 2-factor authentication in the past so I won't go deeply into it in this post.  The important take-away is that Amazon now offers this service and you should use it!

   Here's an overview article and here's a great step-by-step with screen shots.  I set this up for my account and it was really easy using my phone and Google Authenticator.  You can also use text messaging, or setup text messaging as a backup method.

   The main reason that 2-factor is good and important is that it prevents an attacker, who has stolen your userid and password, from logging in as you.  This is because they would need to have your smartphone in addition to the userid and password! (yes, there are other methods as well).

Tuesday, November 10, 2015

Hospital Held Hostage

  A number of people alerted me that a recent episode of CSI:Cyber, which aired on 11/1/15, had as its theme a cyber attack on a hospital.  The episode was entitled "hack E.R." (see what they did there??? :-) )

   The episode begins with an ominous image showing up on computer screens and all systems in a fictional hospital being under the control of an online attacker.  They threaten to kill a victim every four hours if not paid a ransom.  They then kill a victim by causing an infusion pump to deliver a fatal dose of morphine while preventing the patient's heart monitor from alarming.

   We then follow the CSI:Cyber team and the hospital staff as they try to solve the mystery and track down and stop the attacker.  I won't give a full synopsis nor a review.  You can find some of that here and here (spoiler alert - these linked articles do give away the ending).

   Let's review what was potentially real and some of the deficiencies of the episode.  First the realistic.