Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Watch Battlestar Galactica and you will understand.
Our whole industry has failed so unbelievably hard at software security, they got no other option than to use a non-digital representation to get rid of malicious contaminants in PDF files.
Yes, this is ridiculous and pretty fucked up. But if you really want to protect healthcare data, there currently is no other way than just not to allow transfer of untrusted data into the trusted system in any way - including indirect transfer by removable media.
This actually is the most secure way to do it today. And it really doesn't look like that will change soon. -
God fucking dammit just there are enough converters for pdf pages to images
Or fucking add pdf support what hell of software requieres something like this?! -
Grumm18232y@jonas-w what is safer (aka better) than a doctor physically scanning a paper ?
See @Oktokolo's answer about security with this kind of data. -
@Oktokolo I mean if the documents are being sent as PDFs by email that level of security is already broken anyways
-
Grumm18232y@ScriptCoded but not between the user and the healthcare system.
The pdf printed cannot contain any security risks.
(Unless you blackmail or point a gun to the doctor and force him to scan an other document) -
j0n4s53102y@Grumm well the pdf is already on the same computer as the health software, so if it would be malicious it could literally do harm already even if you won't upload it through his software. There are pdf to image convertors, you could take Screenshots, you could use some kind of "scanner emulator" The scanner tactic is probably the best security wise (if you would download and open the pdf on a seperate system), but is it really worth the money, paper, toner, ink, time and quality loss?
-
Grumm18232y@jonas-w Sure, but those are just assumptions.
Maybe the health software runs in an isolated sandbox, or it requires extra security credentials to open it.
Maybe the scanner is some OCR software too.
There can be a thousand other reasons.
But what I see is they are all similar.
I asked some medical documents about my dad (medical treatment, what they found and all that)
So I can check myself for all those things and guess what, the doctor was not allowed to send the documents as a pdf to my email.
All she could do was print the relevant parts and hand them over in person.
Fear of digitization ? I don't think so. -
Can we invent a paper that can be printed to, but when done put through process to make it blank? Something cheaper than buying more paper?
-
@Grumm There are a million image formats that don't allow embedded macros or other questionable data. If the information is in text, the format you're looking for is plaintext. Information security is about tradeoffs, but there are plenty of options that are insubstantiality less secure than a total air gap and avoid having to print out documents.
-
@jonas-w If you have a webcam, even a display is scannable, and you've achieved the exact same level of security as a file upload that only accepts JPEG and PNG images, validates the format and strips all non-pixel data.
Except you lose a lot of quality, and avoid some risks in the IP stack. -
But in keeping with German IT, I would expect that the software isn't even properly air gapped since it needs to talk to a database, they just minimize the area of the user interface because this can fool unqualified public servants into believing that the system is secure and contracting the agency again.
-
@Oktokolo the same separation could be achieved by taking a picture of a screen. That would eliminate the waste problem and the quality would probably be good enough.
-
@jonas-w I somehow assumed separate computers. Actually, as a developer i would just suggest keeping the paper system for now. Secure digital systems don't exist in practice. There are lots of companies that sell certified stuff and claim security. But then comes the next 0-day abused by an inventive malware author and the data is gone and/or somewhere else before the patches reach your system.
If you aren't able to secure it yourself, don't personally know someone who can and would do an honest audit... and you can use paper - then just use paper. -
hjk10156962y@Grumm having a literal paper trail is a potential leak in itself. The computer that prints it opens the files anyway. It can print to an ingestion system or convert it to images. So the target system can be made only to accept images.
There are so many options that do not result in beautiful smart robots screwing us over.
Digitization in germany be like:
I sent a doctor some documents via E-Mail and i just saw how they printed to documents, then scanned them and then threw them away.
I asked why?
They said the system where they need the documents only allows to directly scan documents from a scanner and doesn't allow PDFs....
I just can't
That much paper waste because i sent them an email with like 30 pages of documents.
rant