Tag Archives: covid19

Friday Squid Blogging: Squid Proteins for a Better Face Mask

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/07/friday_squid_bl_739.html

Researchers are synthesizing squid proteins to create a face mask that better survives cleaning. (And you thought there was no connection between squid and COVID-19.) The military thinks this might have applications for self-healing robots.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

The Security Value of Inefficiency

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/07/the_security_va.html

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that’s a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that’s all profitable. Inefficiency, on the other hand, is waste. Extra inventory is inefficient. Overcapacity is inefficient. Using many small suppliers is inefficient. Inefficiency is unprofitable.

But inefficiency is essential security, as the COVID-19 pandemic is teaching us. All of the overcapacity that has been squeezed out of our healthcare system; we now wish we had it. All of the redundancy in our food production that has been consolidated away; we want that, too. We need our old, local supply chains — not the single global ones that are so fragile in this crisis. And we want our local restaurants and businesses to survive, not just the national chains.

We have lost much inefficiency to the market in the past few decades. Investors have become very good at noticing any fat in every system and swooping down to monetize those redundant assets. The winner-take-all mentality that has permeated so many industries squeezes any inefficiencies out of the system.

This drive for efficiency leads to brittle systems that function properly when everything is normal but break under stress. And when they break, everyone suffers. The less fortunate suffer and die. The more fortunate are merely hurt, and perhaps lose their freedoms or their future. But even the extremely fortunate suffer — maybe not in the short term, but in the long term from the constriction of the rest of society.

Efficient systems have limited ability to deal with system-wide economic shocks. Those shocks are coming with increased frequency. They’re caused by global pandemics, yes, but also by climate change, by financial crises, by political crises. If we want to be secure against these crises and more, we need to add inefficiency back into our systems.

I don’t simply mean that we need to make our food production, or healthcare system, or supply chains sloppy and wasteful. We need a certain kind of inefficiency, and it depends on the system in question. Sometimes we need redundancy. Sometimes we need diversity. Sometimes we need overcapacity.

The market isn’t going to supply any of these things, least of all in a strategic capacity that will result in resilience. What’s necessary to make any of this work is regulation.

First, we need to enforce antitrust laws. Our meat supply chain is brittle because there are limited numbers of massive meatpacking plants — now disease factories — rather than lots of smaller slaughterhouses. Our retail supply chain is brittle because a few national companies and websites dominate. We need multiple companies offering alternatives to a single product or service. We need more competition, more niche players. We need more local companies, more domestic corporate players, and diversity in our international suppliers. Competition provides all of that, while monopolies suck that out of the system.

The second thing we need is specific regulations that require certain inefficiencies. This isn’t anything new. Every safety system we have is, to some extent, an inefficiency. This is true for fire escapes on buildings, lifeboats on cruise ships, and multiple ways to deploy the landing gear on aircraft. Not having any of those things would make the underlying systems more efficient, but also less safe. It’s also true for the internet itself, originally designed with extensive redundancy as a Cold War security measure.

With those two things in place, the market can work its magic to provide for these strategic inefficiencies as cheaply and as effectively as possible. As long as there are competitors who are vying with each other, and there aren’t competitors who can reduce the inefficiencies and undercut the competition, these inefficiencies just become part of the price of whatever we’re buying.

The government is the entity that steps in and enforces a level playing field instead of a race to the bottom. Smart regulation addresses the long-term need for security, and ensures it’s not continuously sacrificed to short-term considerations.

We have largely been content to ignore the long term and let Wall Street run our economy as efficiently as it can. That’s no longer sustainable. We need inefficiency — the right kind in the right way — to ensure our security. No, it’s not free. But it’s worth the cost.

This essay previously appeared in Quartz.

COVID-19 Risks of Flying

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/06/covid_risks_of_.html

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It’s been 105 days since I’ve been on an airplane — longer than any other time in my adult life — and I have no future flights scheduled. This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying.

We know a lot more about how COVID-19 spreads than we did in March. The “less than six feet, more than ten minutes” model has given way to a much more sophisticated model involving airflow, the level of virus in the room, and the viral load in the person who might be infected.

Regarding airplanes specifically: on the whole, they seem safer than many other group activities. Of all the research about contact tracing results I have read, I have seen no stories of a sick person on an airplane infecting other passengers. There are no superspreader events involving airplanes. (That did happen with SARS.) It seems that the airflow inside the cabin really helps.

Airlines are trying to make things better: blocking middle seats, serving less food and drink, trying to get people to wear masks. (This video is worth watching.) I’ve started to see airlines requiring masks and banning those who won’t, and not just strongly encouraging them. (If mask wearing is treated the same as the seat belt wearing, it will make a huge difference.) Finally, there are a lot of dumb things that airlines are doing.

This article interviewed 511 epidemiologists, and the general consensus was that flying is riskier than getting a haircut but less risky than eating in a restaurant. I think that most of the risk is pre-flight, in the airport: crowds at the security checkpoints, gates, and so on. And that those are manageable with mask wearing and situational awareness. So while I am not flying yet, I might be willing to soon. (It doesn’t help that I get a -1 on my COVID saving throw for type A blood, and another -1 for male pattern baldness. On the other hand, I think I get a +3 Constitution bonus. Maybe, instead of sky marshals we can have high-level clerics on the planes.)

And everyone: wear a mask, and wash your hands.

EDITED TO ADD (6/27): Airlines are starting to crowd their flights again.

Thermal Imaging as Security Theater

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/05/thermal_imaging.html

Seems like thermal imaging is the security theater technology of today.

These features are so tempting that thermal cameras are being installed at an increasing pace. They’re used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen employees and by businesses to screen customers, and even used in health care facilities to screen patients. Despite their prevalence, thermal cameras have many fatal limitations when used to screen for the coronavirus.

  • They are not intended for medical purposes.
  • Their accuracy can be reduced by their distance from the people being inspected.
  • They are “an imprecise method for scanning crowds” now put into a context where precision is critical.
  • They will create false positives, leaving people stigmatized, harassed, unfairly quarantined, and denied rightful opportunities to work, travel, shop, or seek medical help.
  • They will create false negatives, which, perhaps most significantly for public health purposes, “could miss many of the up to one-quarter or more people infected with the virus who do not exhibit symptoms,” as the New York Times recently put it. Thus they will abjectly fail at the core task of slowing or preventing the further spread of the virus.

Criminals and the Normalization of Masks

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/05/criminals_and_t.html

I was wondering about this:

Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus.

“Criminals, they’re smart and this is a perfect opportunity for them to conceal themselves and blend right in,” said Richard Bell, police chief in the tiny Pennsylvania community of Frackville. He said he knows of seven recent armed robberies in the region where every suspect wore a mask.


Just how many criminals are taking advantage of the pandemic to commit crimes is impossible to estimate, but law enforcement officials have no doubt the numbers are climbing. Reports are starting to pop up across the United States and in other parts of the world of crimes pulled off in no small part because so many of us are now wearing masks.

In March, two men walked into Aqueduct Racetrack in New York wearing the same kind of surgical masks as many racing fans there and, at gunpoint, robbed three workers of a quarter-million dollars they were moving from gaming machines to a safe. Other robberies involving suspects wearing surgical masks have occurred in North Carolina, and Washington, D.C, and elsewhere in recent weeks.

The article is all anecdote and no real data. But this is probably a trend.

Friday Squid Blogging: Cocaine Smuggled in Squid

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/05/friday_squid_bl_727.html

Makes sense; there’s room inside a squid’s body cavity:

Latin American drug lords have sent bumper shipments of cocaine to Europe in recent weeks, including one in a cargo of squid, even though the coronavirus epidemic has stifled legitimate transatlantic trade, senior anti-narcotics officials say.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Me on COVID-19 Contact Tracing Apps

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html

I was quoted in BuzzFeed:

“My problem with contact tracing apps is that they have absolutely no value,” Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. “I’m not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? … This is just something governments want to do for the hell of it. To me, it’s just techies doing techie things because they don’t know what else to do.”

I haven’t blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.

This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.

  • False positives: Any app will have a precise definition of a contact: let’s say it’s less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don’t result in transmissions. This will be because of several reasons. One, the app’s location and proximity systems — based on GPS and Bluetooth — just aren’t accurate enough to capture every contact. Two, the app won’t be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that’s less than 100% (and I don’t know what that is).
  • False negatives: This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app’s location and proximity systems. Two, transmissions that occur from people who don’t have the app (even Singapore didn’t get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact — the virus sometimes travels further.

Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It’s not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can’t confirm the app’s diagnosis. So the alert is useless.

Similarly, assume you take the app out grocery shopping and it doesn’t alert you of any contact. Are you in the clear? No, you’re not. You actually have no idea if you’ve been infected.

The end result is an app that doesn’t work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.

It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.

EDITED TO ADD: This Brookings essay makes much the same point.

Automatic Instacart Bots

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/automatic_insta.html

Instacart is taking legal action against bots that automatically place orders:

Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip amount, and whether they prefer the first available delivery slot or are more flexible. The tool then checked that their login credentials were correct, logged in, and refreshed the checkout page over and over again until a new delivery window appeared. It then placed the order, Koch explained.

I think I am writing a new book about hacking in general, and want to discuss this. First, does this count as a hack? I feel like it is, since it’s a way to subvert the Instacart ordering system.

When asked if this tool may give people an unfair advantage over those who don’t use the tool, Koch said, “at this point, it’s a matter of awareness, not technical ability, since people who can use Instacart can use Cartdash.” When pushed on how, realistically, not every user of Instacart is going to know about Cartdash, even after it may receive more attention, and the people using Cartdash will still have an advantage over people who aren’t using automated tools, Koch again said, “it’s a matter of awareness, not technical ability.”

Second, should Instacart take action against this? On the one hand, it isn’t “fair” in that Cartdash users get an advantage in finding a delivery slot. But it’s not really any different than programs that “snipe” on eBay and other bidding platforms.

Third, does Instacart even stand a chance in the long run. As various AI technologies give us more agents and bots, this is going to increasingly become the new normal. I think we need to figure out a fair allocation mechanism that doesn’t rely on the precise timing of submissions.

Global Surveillance in the Wake of COVID-19

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/global_surveill.html

OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19:

The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time. For instance, in early March, the Iranian government released an app that it pitched as a self-diagnostic tool. While the tool’s efficacy was likely low, given reports of asymptomatic carriers of the virus, the app saved location data of millions of Iranians, according to a Vice report.

One of the most alarming measures being implemented is in Argentina, where those who are caught breaking quarantine are being forced to download an app that tracks their location. In Hong Kong, those arriving in the airport are given electronic tracking bracelets that must be synced to their home location through their smartphone’s GPS signal.

Chinese COVID-19 Disinformation Campaign

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/chinese_covid-1.html

The New York Times is reporting on state-sponsored disinformation campaigns coming out of China:

Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters. The amplification techniques are alarming to officials because the disinformation showed up as texts on many Americans’ cellphones, a tactic that several of the officials said they had not seen before.

California Needlessly Reduces Privacy During COVID-19 Pandemic

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/california_need.html

This one isn’t even related to contact tracing:

On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal information through telehealth mediums.

Lots of details at the link.

Contact Tracing COVID-19 Infections via Smartphone Apps

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/contact_tracing.html

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It’s similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It’s nice seeing the privacy protections; they’re well thought out.

I was going to write a long essay about the security and privacy concerns, but Ross Anderson beat me to it. (Note that some of his comments are UK-specific.)

First, it isn’t anonymous. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you’ve been in contact with. They then call your contacts in turn. It’s not about consent or anonymity, so much as being persuasive and having a good bedside manner.

I’m relaxed about doing all this under emergency public-health powers, since this will make it harder for intrusive systems to persist after the pandemic than if they have some privacy theater that can be used to argue that the whizzy new medi-panopticon is legal enough to be kept running.

Second, contact tracers have access to all sorts of other data such as public transport ticketing and credit-card records. This is how a contact tracer in Singapore is able to phone you and tell you that the taxi driver who took you yesterday from Orchard Road to Raffles has reported sick, so please put on a mask right now and go straight home. This must be controlled; Taiwan lets public-health staff access such material in emergencies only.

Third, you can’t wait for diagnoses. In the UK, you only get a test if you’re a VIP or if you get admitted to hospital. Even so the results take 1-3 days to come back. While the VIPs share their status on twitter or facebook, the other diagnosed patients are often too sick to operate their phones.

Fourth, the public health authorities need geographical data for purposes other than contact tracing – such as to tell the army where to build more field hospitals, and to plan shipments of scarce personal protective equipment. There are already apps that do symptom tracking but more would be better. So the UK app will ask for the first three characters of your postcode, which is about enough to locate which hospital you’d end up in.

Fifth, although the cryptographers – and now Google and Apple – are discussing more anonymous variants of the Singapore app, that’s not the problem. Anyone who’s worked on abuse will instantly realise that a voluntary app operated by anonymous actors is wide open to trolling. The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home.

I recommend reading his essay in full. Also worth reading are this EFF essay, and this ACLU white paper.

To me, the real problems aren’t around privacy and security. The efficacy of any app-based contact tracing is still unproven. A “contact” from the point of view of an app isn’t the same as an epidemiological contact. And the ratio of infections to contacts is high. We would have to deal with the false positives (being close to someone else, but separated by a partition or other barrier) and the false negatives (not being close to someone else, but contracting the disease through a mutually touched object). And without cheap, fast, and accurate testing, the information from any of these apps isn’t very useful. So I agree with Ross that this is primarily an exercise in that false syllogism: Something must be done. This is something. Therefore, we must do it. It’s techies proposing tech solutions to what is primarily a social problem.

EDITED TO ADD: Susan Landau on contact tracing apps and how they’re being oversold. And Farzad Mostashari, former coordinator for health IT at the Department of Health and Human Services, on contact tracing apps.

As long as 1) every contact does not result in an infection, and 2) a large percentage of people with the disease are asymptomatic and don’t realize they have it, I can’t see how this sort of app is valuable. If we had cheap, fast, and accurate testing for everyone on demand…maybe. But I still don’t think so.

EDITED TO ADD (4/15): More details from Apple and Google.

Cybersecurity During COVID-19

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/cybersecurity_d.html

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic.

One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Two, sensitive organizational data will likely migrate outside of the network. Employees working from home are going to save data on their own computers, where they aren’t protected by the organization’s security systems. This makes the data more likely to be hacked and stolen.

Three, employees are more likely to access their organizational networks insecurely. If the organization is lucky, they will have already set up a VPN for remote access. If not, they’re either trying to get one quickly or not bothering at all. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse.

Four, employees are being asked to use new and unfamiliar tools like Zoom to replace face-to-face meetings. Again, these hastily set-up systems are likely to be insecure.

Five, the general chaos of “doing things differently” is an opening for attack. Tricks like business email compromise, where an employee gets a fake email from a senior executive asking him to transfer money to some account, will be more successful when the employee can’t walk down the hall to confirm the email’s validity — and when everyone is distracted and so many other things are being done differently.

NASA is reporting an increase in cyberattacks. From an agency memo:

A new wave of cyber-attacks is targeting Federal Agency Personnel, required to telework from home, during the Novel Coronavirus (COVID-19) outbreak. During the past few weeks, NASA’s Security Operations Center (SOC) mitigation tools have prevented success of these attempts. Here are some examples of what’s been observed in the past few days:

  • Doubling of email phishing attempts
  • Exponential increase in malware attacks on NASA systems
  • Double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet

Here’s another article that makes basically the same points I did:

But the rapid shift to remote working will inevitably create or exacerbate gaps in security. Employees using unfamiliar software will get settings wrong and leave themselves open to breaches. Staff forced to use their own ageing laptops from home will find their data to be less secure than those using modern equipment.

That’s a big problem because the security issues are not going away. For the last couple of months coronavirus-themed malware and phishing scams have been on the rise. Business email compromise scams — where crooks impersonate a CEO or other senior staff member and then try to trick workers into sending money to their accounts — could be made easier if staff primarily rely on email to communicate while at home.

EDITED TO ADD: This post has been translated into Portuguese.

EDITED TO ADD (4/13): A three-part series about home-office cybersecurity.

Privacy vs. Surveillance in the Age of COVID-19

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/03/privacy_vs_surv.html

The trade-offs are changing:

As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder the virus ­ even as the surveillance efforts threaten to alter the precarious balance between public safety and personal privacy on a global scale.

Yet ratcheting up surveillance to combat the pandemic now could permanently open the doors to more invasive forms of snooping later.

I think the effects of COVID-19 will be more drastic than the effects of the terrorist attacks of 9/11: not only with respect to surveillance, but across many aspects of our society. And while many things that would never be acceptable during normal time are reasonable things to do right now, we need to makes sure we can ratchet them back once the current pandemic is over.

Cindy Cohn at EFF wrote:

We know that this virus requires us to take steps that would be unthinkable in normal times. Staying inside, limiting public gatherings, and cooperating with medically needed attempts to track the virus are, when approached properly, reasonable and responsible things to do. But we must be as vigilant as we are thoughtful. We must be sure that measures taken in the name of responding to COVID-19 are, in the language of international human rights law, “necessary and proportionate” to the needs of society in fighting the virus. Above all, we must make sure that these measures end and that the data collected for these purposes is not re-purposed for either governmental or commercial ends.

I worry that in our haste and fear, we will fail to do any of that.

More from EFF.

Emergency Surveillance During COVID-19 Crisis

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/03/emergency_surve.html

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With that in mind, the EFF has some good thinking on how to balance public safety with civil liberties:

Thus, any data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles:

  • Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
  • Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for improper government containment efforts driven by bias based on nationality, ethnicity, religion, and race­ — rather than facts about a particular individual’s actual likelihood of contracting the virus, such as their travel history or contact with potentially infected people. Today, we must ensure that any automated data systems used to contain COVID-19 do not erroneously identify members of specific demographic groups as particularly susceptible to infection.

  • Expiration. As in other major emergencies in the past, there is a hazard that the data surveillance infrastructure we build to contain COVID-19 may long outlive the crisis it was intended to address. The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.

  • Transparency. Any government use of “big data” to track virus spread must be clearly and quickly explained to the public. This includes publication of detailed information about the information being gathered, the retention period for the information, the tools used to process that information, the ways these tools guide public health decisions, and whether these tools have had any positive or negative outcomes.

  • Due Process. If the government seeks to limit a person’s rights based on this “big data” surveillance (for example, to quarantine them based on the system’s conclusions about their relationships or travel), then the person must have the opportunity to timely and fairly challenge these conclusions and limits.

Work-from-Home Security Advice

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/03/work-from-home_.html

SANS has made freely available its “Work-from-Home Awareness Kit.”

When I think about how COVID-19’s security measures are affecting organizational networks, I see several interrelated problems:

One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Two, sensitive organizational data will likely migrate outside of the network. Employees working from home are going to save data on their own computers, where they aren’t protected by the organization’s security systems. This makes the data more likely to be hacked and stolen.

Three, employees are more likely to access their organizational networks insecurely. If the organization is lucky, they will have already set up a VPN for remote access. If not, they’re either trying to get one quickly or not bothering at all. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse.

Four, employees are being asked to use new and unfamiliar tools like Zoom to replace face-to-face meetings. Again, these hastily set-up systems are likely to be insecure.

Five, the general chaos of “doing things differently” is an opening for attack. Tricks like business email compromise, where an employee gets a fake email from a senior executive asking him to transfer money to some account, will be more successful when the employee can’t walk down the hall to confirm the email’s validity — and when everyone is distracted and so many other things are being done differently.

Worrying about network security seems almost quaint in the face of the massive health risks from COVID-19, but attacks on infrastructure can have effects far greater than the infrastructure itself. Stay safe, everyone, and help keep your networks safe as well.

10+ важни неща за епидемията, които трябва да разберем

Post Syndicated from Боян Юруков original https://yurukov.net/blog/2020/10-vajni-neshta-korona/

В последните три месеца и особено в последните три седмици бяхме заляти с много числа, съвети, фалшиви новини, яросни отричания, безсърдечни подмятания, откровенни лъжи и сериозни предупреждения. Всички сме прегрели от информация, притеснение и несигурност. Знам това.

Тук съм събрал няколко неща, които смятам за важни да се изяснят и разберат. В общи линии това е моето разбиране какво предстои на база всичко, което изчетох. Не съм епидемиолог или лекар, не съм в щаба за епидемията и чета същите новини и данни както всички. Затова ще се радвам на обратна връзка и при нужда ще допълвам и коригирам.

1. Повечето от диагностицираните сега с коронавирус са били заразени и заразни от седмици

Вече сякаш всички знаем, че коронавирус има между 1 и 14 дни икубационен период. Важно следствие от това е, че тези, които се тестват сега заради типичните симптоми или контакт с вече диагностицирани, са били заразени с вируса преди средно около седмица. Кривата на увеличението, което виждаме у нас и навсякъде в Европа, показва всъщност какво е било нивото на заразяване още в началото на март. Тогава още доста хора и някои властимащи все още успокояваха, че всичко ще е ок.

Това е също доста преди да бъде открит първият случай у нас. В действителност, вирусът е пристигнал много по-рано – някъде през февруари и то не веднъж, а няколко пъти. Това може да съдим по разпределението на случаите. Почти сигурно е на този етап, че няма да открием как, кои и от къде са го внесли.

2. Дори най-строгите мерки няма да дадат резултат две седмици

Друго следствие от този икубационен период е, че никоя мярка не би дала резултат веднага. Настрана от факта, че видимо не се прилагат достатъчно ефективно, дори най-стриктната изолация ще забави бъдещите заразявания. Част от тези, които са се заразили вчера, ще покажат първи симптоми до края на март. Тези, които ще предпазим спазвайки социална изолация и по-добра лична хигиена, може би пак ще се заразят, но доста по-късно.

Затова не може да очакваме която и да е мярка да действа бързо. Трябва търпение и отговорност от всеки. Трябва един друг да се пазим, предупреждаваме, насърчаваме или порицаваме. Паниката е оправдана, особено при такова ниско доверие в управлението и здравните власти. Не помага обаче никак точно сега и затова да загърбим цинизма си за малко.

3. Вирусът не може да се спре, а само да се забави

Нищо от обсъжданите мерки няма да намалят заболеваемостта. Нищо съществуващо в момента не може. Няма ваксина и лечение и няма да има още поне година. Разработват се по-бързи и надеждни тестове, но те помагат само за изолация на болните и следене на обстановката.

Това, което целим в момента е единствено удължаване на кривата на заразените, за да се даде възможност на без това малкото и претоварени лекари и медицински сестри да се грижат за тези с тежки симптоми.

4. Повечето болни от коронавирус не са за болница

Тепърва ще бъдат диагностицирани десетки и стотици заразени всеки ден. Повечето ще са с леки до средни симптоми – също като грип. Единствено тези с тежки симптоми, които застрашават живота им, ще са за болница. Останалите имат огромната отговорност да си седят заключени вкъщи и да се лекуват както с всеки грип. Отговорността ще е в това да не правят контакт с никого, особено възрастни хора. Единствено при влошаване на симптомите следва да се обадят в болницата.

Всичко това е, защото леглата в инфекциозните и интензивните отделения са твърде малко където и да е по света и далеч няма да стигнат за всички. Особено за тези, които нямат нужда от интензивна грижа, е по-добре да стоят вкъщи. Освен, че няма да натоварват лекарите, ще се предпазят и сами от други инфекции, които за жалост не са изключение в болниците. Да не забравяме, че се върна и епидемията от морбили с над 200 случая от началото на годината. Болните от нея и друго заразни болести ще са в същите инфекциозни.

5. Личната хигиена е просто, но ефективно средство да се предпазим

Макар да изгледа твърде елементарно, именно личната хигиена е спряла или намалила редица заразни болести. Това е основната мярка срещу грип, хепатит А, ентеровируси и много други. В никакъв случай не е гаранция, че няма да се заразите от които и да е от тях, но определено намалява шансовете. Също така не действа срещу повечето други зарази като туберколоза, морбили, варицела, коклюш и други, но срещу тях имаме други ефективни мерки – ваксини, лекарства и добри протоколи за лечение. Срещу този вирус няма за сега и хигиената е единственото, което имаме на разположение.

Как да миете най-добре ръцете си ще намерите тук, а тук има полезни линкове как да подготвите работното си място и обществени обекти.

6. Не стойте изцяло заключени вкъщи, ако не сте болни

Ограничаването на социални контакти не означава, че трябва да се барикадирате вкъщи зад стена от стоте рола тоалетна хартия, които сте си купили. Не означва, че не може да излизате въобще. Няма да имате избор така или иначе, защото пак ще трябва да пазарувате, работите и прочие.

Излизането навън всъщност е препоръчително, когато е на чист въздух и не е в тълпи. Разходки в парка, в гората, дори бягане из квартала. Това е здравословно. Хванете гората, ако имате възможност. Само стойте далеч от селата и други хора, особено.

Това, разбира се, не важи за онези, които са диагностицирани с вируса, имат симптоми или съмнения, че са били в контакт с болни. Те следва да се самоизолират, да следят здравето си и при проблеми с дишането незабавно да се свържат с личния си лекар или 112.

7. Маските няма да ви предпазят, но ще пазят другите

Вирусът е много малък, повечето маски не са подходящи за който и да е вирус, а и почти всички от нас не ги използват правилно. Носенето на маска няма да ви предпази да се заразите от другите. В определени случаи по-простите еднократни маски може дори да влошат шансовете, защото задържат капки от въздуха, а и ви карат да си пипате лицето. Има разбира се, маски, които са доста ефективни в този тип защита, но най-добре да се пазят за лекарите и сестрите, които се излагат всеки ден на пряка опасност от заразяване. На нас по улицата и в магазина няма да ни са от голяма полза, ако сме здрави.

Следва да носите маска, когато сте болни и кашляте. Това важи както за коронавирус, така и за грип и настинки. Дори да нямате симптоми, ако посещавате възрастен човек, за когото се грижите, задължително трябва да сте с маска, да си миете ръцете веднага след като влизате и да ограничавате физическия си контакта с него или нея докато сте там. Същото трябва да правите докато приготвяте или опаковате храна, която им носите. Така ще ги предпазите най-добре.

8. Повечето ще караме вируса

Това е неизбежно. Дори с хигиена и изолация рано или късно ще стигне до около 70% от населението. Така единственият въпрос е кога ще се разболеем и дали ще има достатъчно легла и лекари да се погрижат за тежките случаи. В момента 7-8% от активните случаи в Европа са такива. С най-голям риск са тези със заболявания на белите дробове и сърцето.

За жалост няма изгледи да бъдат разработени терапии в следващите месеци, така че неизбежно много възрастни хора ще се споминат дори при най-добрата апаратура и пълно внимание на лекарите. И да, това ще са поне няколко хиляди души. Това е мисъл, с която трябва да свикнем, но и да не забравяме, че единствено с спешни и драстични мерки тези случаи няма да бъдат десетки хиляди.

9.Не вируса ни убива, а собственото ни тяло

Има един мит, че боледуваме тежко от вирусите причиняващи това, които събирателно наричаме грип и настинка, защото ни е „паднал имунитета“. Всъщност това е точно обратното. Особено тежките случаи са заради свръх реакция на самият организъм срещу заразата. Тогава лигавиците ни се възпаляват, дихателните ни пътища се пълнят със слуз, от която кашляме много и в тежките случаи – бронхите ни се пълнят с течност и се затварят, което води със себе си бактериални инфекции и още усложнения. Всичко това е реакция на тялото в опит да се предпази, но когато е прекалено бурна, имунната система всъщност напада собствените си тъкани.

Не вирусът ни убива в такива случаи, а самото ни тяло. Една премерена реакция би била лека – главоболие, течащ нос, малко кашляне. Това означава здрава имунна система. Ако наистина има проблем с имунната система, няма да усетите никакви симптоми – включително възпаление и главоболие – докато е твърде късно. Тежките случаи, които изискват хоспитализация, всъщност се лекуват с лекарства подтискащи имунната реакция и намаляващи това възпаление. Обдишването пък е нужно, защото тялото в старанието си да изолира заразените тъкани, е спрял собственият си способ да получи кислород, което още повече натоварва органите.

10. Смъртността в новините не значи нищо

Говори се за 2, 3, 5% смъртност. Единственото, на което може да имаме доверие, са данните за най-възрастните, защото при тях почти винаги са тежки случаите и се отчитат. 7 до 14% смъртност над 70 години. Преди това не е въобще ниска смъртността, но много не се тестват и не знаем.

Никое от тези числа обаче няма значение, защото дори 0.5% смъртност сред младите пак означава стотици човешки животи. Призивите, които чуваме са, че трябва да се изолираме, за да предпазим най-възрастните, но в действителност пазим и себе си. По-младите и дори тези около 50-60 г. имат много по-големи шансове да оздравеят с обдишващи апарати и лекарско внимание. Ако същите лекари се грижат за още 50 души в отделението е едно. Ако се грижат за още 500 – шансовете ви намаляват сериозно дори да се на 30.

11. Не знам, но се учим в движение

Лекарите знаят вече доста как протича болестта COVID-19 благодарение на безпрецедентна обмяна на информация на световно ниво. За жалост, знаят твърде малко за самия вирус и какво следва след болестта. И не, не говоря за лекарите в България – никой по света не знае. Мерките, които се прилагат у нас са аналогични на онези навсякъде другаде. Някои по-бързо и строго, някои по-бавно ги въведоха, но се прави същото. Условията и разпределението на болните в държавите в различно, както и състоянието на здравната система, икономиката, информационното общество, доверието в институциите и прочие. Това са все неща, които влияят на развитието на епидемията.

Макар наистина статистиката за заразените и починалите да има своите условности, тя е изключително важна за тези опитващи се да се справят с епидемията. Обменът на информация, събирането, проверяването ѝ, проследяване на случаите и техните контакти е от критично значение. За жалост, здравните власти у нас не се славят като силни в това отношение. Това не означава, че няма много добри специалисти, които правят всичко по силите си в тази невъзможна ситуация.

12. Децата са в безопасност

Не, не са. Освен, че деца със сърдечни проблеми и компрометирана имунна система са уязвими, не трябва да забравяме, че това не е единствената зараза сега. Както казах – все още се върти морбили, в Европа има епидемия от коклюш, а скоро ще започнат и летните вируси. Не само, че имунната им система ще бъде отслабена и ще се преборят по-трудно с този вирус, не е достатъчно ясно какъв дългосрочен ефект ще има върху тях. Знае се, че подобно на грипа, но в много по-голяма степен влошава сърдечното здраве. Не е ясно обаче какви ще са последствията.

13. Паниката няма да убие повече хора от вируса

Икономическите, политическите и социалните проблеми причинени от вируса несъмнено ще внесат много хаос по света, че увеличи бедността и несигурността. Пазарите вече чувстват ефекта му силно. Никой не може да каже какъв ще е дългосрочният ефект, още повече, че се очакваше световна криза в следващите 6 месеца. Спорно е дали сегашната ситуация ще влоши този срив на пазарите или ще го смекчи – има аргументи и в двете посоки.

За обикновеното семейство това означава по-ниски доходи, по-високи цени на храните и повече несигурност. Това важи както за България, така и за която и да е страна по света. Някои сектори и държави ще бъдат ударени повече от други. Единственото, което ще помогне на възстановяването след идващата криза, ще е устойчивостта на гражданското общество, върховенството на закона и доверието в институциите.

Жална ни майка на нас българите по тези три точки.