Does anyone know the details of their AirGap service?
Taking services/networks offline is common during incident response management so it might be indicative of them taking appropriate action rather than them being knocked off-line.
Let’s hope their service lives up to the marketing.
That's why I never trust "non-cloud" companies with cloud storage, because you never know if they suddenly don't want to do it anymore, or in this case get hacked because of incompetencies.
This is actually somewhat true at all major cloud companies. Google, Microsoft and Amazon all have very limited usage of their own commercial cloud services among engineering teams.
I'm not sure about Google, but at MS we absolutely use our own cloud heavily. sometimes there's big legacy stuff, but nowadays most of that has gone onto Azure under the hood. I've heard Amazon is much the same way.
the only exception I can really think of is infrastructure that you need to recover from disasters, which isn't on Azure for obvious bootstrapping reasons.
Until I was at Microsoft a few years ago there was always a struggle to get internal teams to use Azure. There were constant talks to get O365 and Bing (so, the bulk of internet-facing servers) on Azure, but nothing never materialized. I have heard Google is a lot worse in this regard.
Lots of folk (not solely non-technical) treat cloud sync as a backup - when often it’s not. Can’t comment on Fujitsi’s offering.
In any case it should only be one of the three copies of your data.
Anecdotally, photographers - especially professional ones , take backups quite seriously. I’ve often read good blogposts written by them on how to backup your images. And I believe the 3-2-1 rule originally came from a photographer Peter Krogh.
I have a friend who works at G that told me shortly after he started working there, he accidentally typed some portion of his password into another website, at which point his laptop immediately locked down and he was forced to change his password before doing anything else.
And yes, it does store a hash of the password on the local machine, although I suspect it's only a 32 bit hash or something so you can't 'crack' it to recover the original password.
Doing a partial string match on a password would effectively require it in reversible form. Even if you hashed all the possible substrings of the password, it would be trivial to brute force given all the hashes of the same string with one extra character on the end...
But OP was mistaken - the tool Google uses only alerts if the entire password is typed. Meaning that OP's friend was careless with password hygiene. As is nearly every new Google employee.
If there's ransomware on an employees's laptop you simply throw it away and give them another one. And have them go through a lot of security training after.
Assuming they were the weakness. It might be that patching velocity was the reason the laptop became infected. Where I work that is managed via patch management software not the end-user.
Taking services/networks offline is common during incident response management so it might be indicative of them taking appropriate action rather than them being knocked off-line.
Let’s hope their service lives up to the marketing.