topic Re: No good deed goes unpunished in Tech Talk

No good deed goes unpunished

dcontesti — Tue, 03 Mar 2020 19:52:44 GMT

https://www.cbc.ca/news/canada/hamilton/jackson-square-dental-hacking-1.5471071?fbclid=IwAR0Y3tH_n-DosPr8EPIibVF5BdecrZY5YJTTqH_IEy-lB9AEswRIo4WMQCI

So he says he was only trying to help.......

Thoughts?

Re: No good deed goes unpunished

rslade — Tue, 03 Mar 2020 20:15:53 GMT

> dcontesti (Community Champion) posted a new topic in Tech Talk on 03-03-2020

> https://www.cbc.ca/news/canada/hamilton/jackson-square-dental-hacking-1.5471071?
> fbclid=IwAR0Y3tH_n-DosPr8EPIibVF5BdecrZY5YJTTqH_IEy-lB9AEswRIo4WMQCI So he
> says he was only trying to help....... Thoughts? d

Notes for those not wanting to be called hackers:

- don't wait for all staff to exit the room and then intract with the device without
permission

- if you find out where the password field is, just point it out to the staff and don't
ask them for the password

- if you *do* enter the password, don't do any searches, even for your own name

- best not to touch the device at all, just make some suggestions (if you've already
asked if the staff want help) (Actually, I've found this last to be a cardinal rule for
assisting people use their systems or training. It may take a while, but just doing it
yourself usually leaves out some important part of the process.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Dance like nobody's watching. Love like you've never been hurt.
Develop software like the end user has your home address.
http://twitter.com/#!/RobertFischer/status/69117740622950400
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Re: No good deed goes unpunished

Caute_cautim — Wed, 04 Mar 2020 23:16:52 GMT

@dcontesti The golden rule: Never touch the keyboard unless you want to own the situation, keep a forensic log with date/time of actions and have been given formal permission to carry the required tasks.

Plus make sure you ask the requestor, whether they want to make a criminal investigation or charge, should the results of the review indicate there is sufficient evidence. Make sure you get a written confirmation of their decision, do not depend on a verbal one, which can be rescinded.

If you are not a court recognised forensic investigator, walk away, do not touch the keyboard and tell the requester to seek a recognised qualified forensic investigator, who can take the case to court, if they wish.

People, get fed up with this attitude, but it saves one a whole heap of trouble.

Regards

Caute_cautim

Re: No good deed goes unpunished

denbesten — Fri, 06 Mar 2020 01:12:56 GMT

Kinda did it to himself. By contacting the office, he created a formal record requiring a formal "management" response and a resultant change in demeanor from everyone in the office.

In the US, medical privacy laws by default prohibit my dentist from even confirming that my spouse or adult child is a patient, despite the fact that we often arrive together. Even allowing the patient to see search results for their last name risks a privacy violation.

Not surprised the office is separating themselves as far as possible from the situation. After all, in addition to patient-privacy, there probably were also some disciplinary actions that can neither be confirmed nor denied.