[Info-vax] Meditech in the news

[Arne Vajhøj]

On 1/12/2022 5:23 PM, George Cornelius wrote:
> Arne Vajh?j <arne at vajhoej.dk> wrote:
> [...]
>> Hewlett Packard said in a letter published by Kyoto University on
>> December 29, 2021 that it took "100% responsibility" for the issue
>> ...
>> HPE said: "The backup script includes a find command to delete log files
>> older than 10 days. In addition to functional improvement of the script,
>> the variable name passed to the find command for deletion was changed to
>> improve visibility and readability."
>> ...
>> The company added: "However, there was a lack of consideration in the
>> release procedure of this modified script. We were not aware of the side
>> effects of this behavior and released the [updated] script, overwriting
>> [a bash script] while it was still running," HPE admitted. "This
>> resulted in the reloading of the modified shell script in the middle of
>> the execution, resulting in undefined variables. As a result, the
>> original log files in /LARGE0 [backup disc storage] were deleted instead
>> of the original process of deleting files saved in the log directory."
>> </quote>
> 
> Say what you will, 100% online backup storage does not replace
> magnetic tapes that are removed from tape drives and moved to a
> tape rack or an external vault when the backup is complete.
> 
> Backups should be physically secured, or at least something close to
> that: an interlock associated with each backup such that it takes
> more than mere programmatic action by root to overwrite it. Now that
> ransomware takes steps to erase your backups, an interlock that
> requires human intervention, perhaps at the storage array console
> itself, in order to be overridden, should be the norm, not the
> exception.

There is certainly advantages of having backups on tape.

But with hundreds of TB then the effort to do proper tape backup
is significant.

Arne