1. 25
  1.  

  2. 7

    I randomly generate text in the same way I do for passwords when I need to fill in a security question

    1. 2

      Pretty much this, I haven’t put a real answer into a security question in years. I use random actual words though, from a passphrase generator, because I’ve seen companies that want you to verbally verify the security question answers to do certain things. Yeah, I know, pretty WTF, but what can you do?

    2. 6

      Glad to see the SFMTA had functioning backups they could restore from. There is an IT hero in there somewhere, maintaining good practices in what I can only imagine is a pretty rough environment for a sysadmin.

      1. 2

        But the hacker didn’t get access to the decryption keys, too bad, now that would have been newsworthy.

        Interesting that the ransomware spreader was targeting a specific weblogic vuln, and specifically looking for enterprise-y software (Oracle Linux). I wonder if this is intentional in order to hit organizations with money, or if it’s a lucky fluke in that they found a reliable exploit and ran with it.