blonde poker forum

for the layman

what should we (as individuals) do about ransomware that we night not already be doing?

http://www.cnbc.com/2017/05/12/cyberattacks-in-12-nations-said-to-use-leaked-nsa-hacking-tool.html

Never open attachments in emails unless you're expecting something from a known source. If you're not sure just hold shift and delete to permanently get rid of. Obviously make sure your malware and anti virus applications are up to date.

1. Upgrade to Windows 10. The latest ransomware only works on Windows XP, 7 & 8. Win10 also downloads and installs patches automatically - the patch for the current issue was released in March.

2. Take backups. Assume your PC goes up in flames today, what will you have lost? Ransomware, unless you're willing to pay the $000's demanded, is essentially the same.  Gmail and OneDrive provide gigabytes of free storage space to backup your important docs/photos/etc.

Stop putting fuckwits* in charge of organisations that are highly reliant on computers.


* that means Jeremy Hunt (also the CEO of any private sector business significantly affected should be sacked)

This is a really big deal, but the media are portraying it as an attack on the NHS, & that's not the case at all - it's a global thing, & it will attack those most vulnerable or who have poorly maintained sites or lax security protocols.

Russia has been worst hit, followed by Spain, or that was the case yesterday, & that could change.

The NHS is especially vulnerable due to the very nature of how it uses the internet, with so many linked networks (Hospitals, Surgeries, Drug Companies etc), &, sad to say, it would seem to have very poor digital security.  I'd say it was unlikely that any high volume commercial organisations will be vulnerable, simply because they take online security very seriously indeed.  

There's quite an interesting piece about the whole thing here;

https://www.bleepingcomputer.com/news/security/wana-decryptor-wanacrypt0r-technical-nose-dive/
 

The heat will likely come to the IT guy responsible not the CEO, it's the CEO that will probably do the sacking if it can't be resolved...

Which is as it should be isn't it(?)

If I was in charge of IT I wouldn't want the CEO micro-managing everything I do - the flip side to that is that it would be my fault if there was a screw up.

Sounds good. How does this situation change if the CEO has given you a woefully inadequate amount of money to enable to do your job?

No it isn't imo.  For some reason "the buck stops here" has been eliminated from business and political leaders.  They simply refuse to accept responsibility for large scale failure.  The latest scam for CEOs is that they don't get their bonus when there is a horrific cock-up costing shareholders millions.

Woefully inadequate amounts of money isn't a term often used in connection with NHS IT projects

Something like this is always going to affect the NHS first, as a lot of the systems that they use aren't compatible with Windows 8/10 so they have to keep using older Windows versions.

Some of the stuff they used when I was last working in it (18 months ago), would only work on Windows XP for crying out loud!

Is it just horrifically underfunded? Why do they only work on xp? Too many systems to update? Why aren't more of these systems airlocked? It doesn't appear they get system updates too often so why connect them to the net?

Nhs

Nah, they're specialist systems for specialisms that are either horrifically expensive to replace (privately) or that the Trust involved doesnt want to replace them.

I'm guessing us latte sipping kale eating macbook using hipster douchebags are relatively safe from all this?

You missed out smug.

Yes.

(https://img.memesuper.com/00fef2832df2941f50986507470cd57c_smug-alert-one-of-my-favorites-south-park-pinterest-south-park-thanks-meme_500-281.jpeg)

The problem exists with organisations such as the NHS because when a security patch gets released by Microsoft it probably takes a good month or more for the patch to be tested against all the organisations systems before being applied.

There are some that probably hit them without notice though, which is real life.

Then again you have the crew than want to sack everyone for anything even though they are probably useless themselves at packing biscuits in the factory they work in....

(https://pbs.twimg.com/media/C_sz5mOXgAEY_TK.jpg)

NHS Wales Informatics Service
Yesterday at 7:38am ·
**NHS Wales staff notice**
NHS England has suffered a significant cyber attack. We have not been affected in Wales. However, as a precautionary measure we have blocked all inbound emails (from external senders and NHS England) to NHS Wales until further notice. All outbound emails, and emails within NHS Wales, are unaffected. We will review this on Monday.
When emails are blocked, both the sender and the recipient will receive a response to say that the email has been dropped and deleted.
We have also disabled the client services supported file shares until Monday.

from facebook

The tech that needs to run on NHS clients can't be that complex, surprised they don't just modify a Linux build or something and put that on. Would be way easier and cheaper and could make it just as intuitive to use as a tablet or something. And it would be a lot easier to roll out in-house patches to security vulnerabilities. Also it should be scaleable (so somewhat future proof) and able to run on low spec PCs.

That's article would of been prior to the last election I think

I think it's complex because there would be a lot of 'bespoke' things they want doing with it. It's easy enough working out how to do it so that it'd work when a handful of computers used by a handful of people would use it but it gets more complicated because of working out every single possible combination of every single use that could possibly be done (for every single layer of permission for each level of staffing).

My company works for a bunch of publishing companies and nobody has a completely robust, foolproof system when the layer of complexity required for them is much less complex.

Another problem for the NHS is that there are a lot of hoops to jump through to tender for a public sector contract, and there are only a handful of companies that are able to even do a job that big - when you have so little choice of suppliers I could appreciate you'd be inclined towards caution about changing things that currently work just fine.