Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Cloud based Medical Marijuana Patient/Inventory/Sales system MJFreeway hacked

t0qer writes: Hello /. Been a few years since a submission.

I'm the IT director at a MMJ dispensary. The point of sales system we were using last week was hacked. Here is The Boston Globes Coverage on it.

This system was built on Drupal in 2010. I'm guessing the more they modified the drupal core, the more bugfixed versions behind they fell behind (not to mention the rest of the LAMP stack). They've lost all customer data, meaning there was no airgapped, off the net backups. What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot" potentially floating out there on the net. I guess because we're "Medicinal" it's no better than someone knowing a person takes Xanax for their nerves.

I feel like this company is playing on the ignorance of the general public when it comes to these types of IT security issues. I don't think people get how serious this is.What should I do? Do we still have lawyers on this site? (oldcountrylawyer?)

Comment Re:Hmm (Score 1) 389

I was establishing a comparison between the two. If you KNOWINGLY had something on your computer you know you shouldn't have and send it to repair, you're incurring in the same risks. I can't imagine someone as a surgeon not having even the slightest hint that such a thing might happen if he had something to hide.

Comment Re:Hmm (Score 1) 389

If you give your keys to a contractor for him to perform some work in your house, don't you have the common sense to predict that if he's there alone, he might be doing more than just the work he was supposed to like browsing through your stuff including your garbage?

Comment Re:Hmm (Score 1) 389

or just someone who downloaded some file expecting it to be something else and deleted it immediately... hence it being in the trash.
Stories of people downloading stuff, either by direct download or P2P and ending up with something different aren't all that rare.

Which is why if you do accidentally download something like that, you must clear your cache, empty the recycle bin and repeatedly overwrite all the free space on your disk.

Yes, because everyone knows how to do that. And of course, the commands to perform those actions are so easily available...

would a person smart enough to be a surgeon be dumb enough to send the computer for repair with a third party knowing it had child pornography inside?

Emphatically YES! Smarts in one narrow field doesn't guarantee smarts in every field: John Podesta is a Smart Guy, but he was stupid enough to fall for a phishing attack.

It's not a "field", it's common sense. He doesn't need to be an IT expert to know that he's taking chances if he sends a knowingly tainted computer for repair. It's just pure common sense, nothing else.

Comment Re: No shit Sherlock (Score 1) 389

Nobody has the right, but that doesn't mean they won't do it. No one has the right to pick your pocket or break into your house, but... you know where this is going.

Even I don't have any illegal stuff of any kind in my computers and, a few months ago, when I sent a laptop to repair the keyboard (single key replacement), something that absolutely needs no software interaction by the technicians, I wiped my drive completely. More than the fear of anything illegal being found, I was afraid for my own personal data, the probability of identity theft, my work falling into the wrong hands and the like.

Comment Re:Hmm (Score 1) 389

Yes, he might be paedophile, or just someone who downloaded some file expecting it to be something else and deleted it immediately... hence it being in the trash.
Stories of people downloading stuff, either by direct download or P2P and ending up with something different aren't all that rare.
Even a few months ago there was a story of someone downloading what they believed to be Ubuntu ISOs (IIRC), only to find out they were pretty nasty hardcore porn.
And like the article says, would a person smart enough to be a surgeon be dumb enough to send the computer for repair with a third party knowing it had child pornography inside?

Comment Re:Had my first order cancelled by Amazon last mon (Score 1) 68

I live in Toronto, Canada, their warehouse is in a sister city. I don't think this is how it works out here, maybe amazon.ca has different operating guidelines compared to amazon.com. I always choose free shipping and the order is at my door the very next day. I am not a Prime member.

Comment Re: Great way to take the family on Summer vacatio (Score 1) 250

I just prefer to work for a company that offers unlimited vacation and allows me to take extended time off, more than once a year.

We usually do 3 weeks in July and I take off another 4-5 weeks of time off throughout the rest of the year.

Modern, forward-thinking companies have been moving this way as of late in order to attract and retain top talent. I'm kinda surprised it's not talked about more here on ./ considering the audience.

Comment Re:Always blaming the wrong guy (Score 2) 166

Pretty soon all those scrubs who ditched cable will discover they are having pay twice as much to get the same content they were getting from cable.

Sorry, but as someone who dropped CATV/SATV in 2008 due to the cost increases and has never looked back, I don't pay double for content; I simply don't consume anything that's non-free outside of what I choose (Netflix).

I mean, when you cut the cord you expect there will be content losses. I don't know of anyone who opts out of TV subscriptions that expects to somehow save money while keeping the same amount of content.

Comment Re:Imaginary benefits of social media advertising (Score 1) 36

I work in the marketing analytics and attribution space and can confidently speak to this topic. While Social isn't the BEST performer, it doesn't carry with it the dire statement of a "complete lack of results" as you state.

With dependencies on vertical and how the advertising is used in known conjunction with other channels, Social definitely does have an assister effect on those other channels. The problem you may be encountering is relying solely on outdated analysis methods which do not appropriately track credit for known users across the entirety of their path to purchase or you're simply just looking at in effective ad buying behavior resulting in poor ROAS.

Done right, Social is definitely valuable for relatively low cost when compared to the much larger channels (based on investment) and can absolutely jack up your return on those other channels as an assister but definitely is not going to be a 1:1 return as the only advertising channel you should leverage if you are hoping for conversion.

Comment The 2 factors that made me buy a 3d printer. (Score 1) 274

1. There's a certain number where something becomes an impulse buy. For me and 3d printers that was $200. Ultimately I decided that with inflation, I spent more on my original NES set years and years ago.

Makerbot could have killed it at that price, and still can if they can figure out how to do it at this price.

2. The only hurdle past price is having the needed skills to create things in 3d. Printing other peoples stuff off the web gets old after a while. Luckily the 3d modeling software I taught myself to use really well can output STL files.

Slashdot Top Deals

Time is an illusion perpetrated by the manufacturers of space.

Working...