Go Back   English Forum Switzerland > Off-Topic > Off-Topic > International affairs/politics  
Reply
 
Thread Tools Display Modes
  #21  
Old 14.05.2017, 11:16
JagWaugh's Avatar
RIP
 
Join Date: Apr 2009
Location: Eglisau
Posts: 7,273
Groaned at 47 Times in 46 Posts
Thanked 14,131 Times in 5,506 Posts
JagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Quote:
View Post
The last three were only necessary because of the first two. The crime victims are not to blame - only foolish for not taking precautions in the face of the risks.
I disagree. This isn't a zero day exploit. The job of the IT at the NHS is to provide an environment configured such that even when Gwendolyn in Accounts can't resist the urge to open the attachment named "Autoinstall MySecretPasswordStealer.exe" nothing other than a warning on a monitoring system happens, and Gwendolyn sees nothing other than "Gwendolyn, you're a numpty, we've protected the system and the users from your actions."

The world is full of bad guys and Gwendolyns... a proper IT environment protects the system, and the users from these two threats.

The two things you can't provide a decent level of protection against are zero day exploits, and idiot sysadmins.
__________________
If everyone you know agrees with you consistently, they are either not listening, or not capable of critical thought.
Reply With Quote
The following 6 users would like to thank JagWaugh for this useful post:
  #22  
Old 14.05.2017, 11:52
Forum Veteran
 
Join Date: Aug 2010
Location: Zürich
Posts: 513
Groaned at 4 Times in 3 Posts
Thanked 442 Times in 249 Posts
ThomasSSS has a reputation beyond reputeThomasSSS has a reputation beyond reputeThomasSSS has a reputation beyond reputeThomasSSS has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

On one hand, there is a lot of low hanging fruit in computer security, IT departments do need to get their act together, and in this particular case the most basic precautions would have been effective.

On the other hand, there are a lot of IT risks that are objectively hard to protect against. e.g. it is simple to disable Word macros, but if somebody's job requires them to deal with random Word documents provided by outside parties, that is a non-starter.

Simply put, things will stay bad until shoddy computer security becomes anathema, and it has sunk in enough that, for example, nobody leaves Word macros enabled. (To be clear, Microsoft is much better than it used to be; this is just an easy-to-explain example of a feature that is too hard to make secure and too popular to turn off.) Many organizations see IT security as a cost center to minimize, not as an insurance policy necessary to prevent ruin. I'm not sure how to change this mindset without some well publicised ruin, but one can hope.

And finally, needing to pay a ransom or restore everything from backup (these organizations do have backups, right?) is one of the least ruinous things that can happen. In a typical environment, software with enough access to hold data for ransom has enough access to ship it all off to be used for identity theft or similar. So the real answer is that this is one of the mildest wake up calls imaginable. Somehow I doubt it will be enough, but one can hope.
Reply With Quote
  #23  
Old 15.05.2017, 08:40
Forum Legend
 
Join Date: Sep 2006
Location: Albisrieden
Posts: 4,894
Groaned at 107 Times in 75 Posts
Thanked 7,266 Times in 2,688 Posts
nickatbasel has a reputation beyond reputenickatbasel has a reputation beyond reputenickatbasel has a reputation beyond reputenickatbasel has a reputation beyond reputenickatbasel has a reputation beyond reputenickatbasel has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Jein.
- Your house getting burgled is the fault of the burglar
- If the burglar was able to get in through the balcony window you left open, the burglary was still the burglar's fault, even though you were foolish enough not to have taken reasonable security measures.

Cheers,
Nick

Quote:
View Post
I disagree. This isn't a zero day exploit. The job of the IT at the NHS is to provide an environment configured such that even when Gwendolyn in Accounts can't resist the urge to open the attachment named "Autoinstall MySecretPasswordStealer.exe" nothing other than a warning on a monitoring system happens, and Gwendolyn sees nothing other than "Gwendolyn, you're a numpty, we've protected the system and the users from your actions."

The world is full of bad guys and Gwendolyns... a proper IT environment protects the system, and the users from these two threats.

The two things you can't provide a decent level of protection against are zero day exploits, and idiot sysadmins.
Reply With Quote
This user would like to thank nickatbasel for this useful post:
  #24  
Old 15.05.2017, 09:50
Forum Veteran
 
Join Date: Aug 2010
Location: Zürich
Posts: 513
Groaned at 4 Times in 3 Posts
Thanked 442 Times in 249 Posts
ThomasSSS has a reputation beyond reputeThomasSSS has a reputation beyond reputeThomasSSS has a reputation beyond reputeThomasSSS has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

It's not about ethics, it's about reality.

Almost anywhere, if you leave a bike at a well traveled public bike rack without locking it up, it will disappear within a few days. The police will still take a report and nobody will call the bike thief less than criminal, but everybody will also tell you to use a bike lock.
Reply With Quote
  #25  
Old 15.05.2017, 10:03
Senior Member
 
Join Date: Feb 2008
Location: Ticino
Posts: 356
Groaned at 8 Times in 5 Posts
Thanked 375 Times in 174 Posts
paizuri is considered knowledgeablepaizuri is considered knowledgeablepaizuri is considered knowledgeable
Re: NHS under a nationwide cyber attack?

Quote:
View Post
Jein.
- Your house getting burgled is the fault of the burglar
- If the burglar was able to get in through the balcony window you left open, the burglary was still the burglar's fault, even though you were foolish enough not to have taken reasonable security measures.

Cheers,
Nick
But because you also paid a security firm to make sure that your windows were closed (see what i did there) it is the security firm's responsibility as well.
Reply With Quote
This user would like to thank paizuri for this useful post:
  #26  
Old 15.05.2017, 10:11
JagWaugh's Avatar
RIP
 
Join Date: Apr 2009
Location: Eglisau
Posts: 7,273
Groaned at 47 Times in 46 Posts
Thanked 14,131 Times in 5,506 Posts
JagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Microsoft released patches for XP over the weekend:

https://blogs.technet.microsoft.com/...crypt-attacks/

XP is 14 years old, support ended (with more than enough advance warning) in 2014, yet MS is still supporting XP. So much for the "Evil Empire" thesis.
Reply With Quote
  #27  
Old 15.05.2017, 10:55
Slaphead's Avatar
Forum Legend
 
Join Date: May 2007
Location: Zürich
Posts: 3,230
Groaned at 34 Times in 30 Posts
Thanked 9,408 Times in 2,870 Posts
Slaphead has a reputation beyond reputeSlaphead has a reputation beyond reputeSlaphead has a reputation beyond reputeSlaphead has a reputation beyond reputeSlaphead has a reputation beyond reputeSlaphead has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Quote:
View Post
I disagree. This isn't a zero day exploit. The job of the IT at the NHS is to provide an environment configured such that even when Gwendolyn in Accounts can't resist the urge to open the attachment named "Autoinstall MySecretPasswordStealer.exe" nothing other than a warning on a monitoring system happens, and Gwendolyn sees nothing other than "Gwendolyn, you're a numpty, we've protected the system and the users from your actions."

The world is full of bad guys and Gwendolyns... a proper IT environment protects the system, and the users from these two threats.

The two things you can't provide a decent level of protection against are zero day exploits, and idiot sysadmins.
In ideal world you would be right. However the issue with the NHS is less to do with idiot sysadmins, and more to do with idiot beancounters and idiot managers.

Just try getting a budget authorised to deal with what non IT people see as simply a theoretical threat - forget it.

So, in the case that no budget is available, a responsible admin would internally firewall off the affected systems, or even airgap them. Then you'll watch all the doctors, consultants and managers complain like hell because it affects their day to day workload, and then there'll be a executive order to reconnect those systems - you can't win.

Add to that there are a lot of computers controlling specialist hardware such as X-Ray machines and MRI scanners which simply cannot be updated as the devices are so old that the controlling software is no longer in development and will simply not work on newer systems. No budget will be authorised to replace a six figure piece of equipment that's still working.

Businesses and organisations need to wake up to the idea that the IT department should outrank every other department in the organisation, including the board. If you don't have a functional IT system then you don't have a business or an organisation.


Edited to add:

Quote:
View Post
Microsoft released patches for XP over the weekend:

https://blogs.technet.microsoft.com/...crypt-attacks/

XP is 14 years old, support ended (with more than enough advance warning) in 2014, yet MS is still supporting XP. So much for the "Evil Empire" thesis.
Closing the barn door after the horse has bolted. MS knew that the vulnerability was mega critical way back before the Shadow Brokers made it all public. That's how they were able to patch supported systems before the leak.

Producing a patch now for XP just seems to me to be more of an arse covering move to prevent damage to their reputation and to keep them out of the courts.
__________________
...allegedly.
Reply With Quote
The following 2 users would like to thank Slaphead for this useful post:
  #28  
Old 15.05.2017, 11:25
JagWaugh's Avatar
RIP
 
Join Date: Apr 2009
Location: Eglisau
Posts: 7,273
Groaned at 47 Times in 46 Posts
Thanked 14,131 Times in 5,506 Posts
JagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Quote:
View Post
In ideal world you would be right. However the issue with the NHS is less to do with idiot sysadmins, and more to do with idiot beancounters and idiot managers.

Just try getting a budget authorised to deal with what non IT people see as simply a theoretical threat - forget it.

So, in the case that no budget is available, a responsible admin would internally firewall off the affected systems, or even airgap them. Then you'll watch all the doctors, consultants and managers complain like hell because it affects their day to day workload, and then there'll be a executive order to reconnect those systems - you can't win.

Add to that there are a lot of computers controlling specialist hardware such as X-Ray machines and MRI scanners which simply cannot be updated as the devices are so old that the controlling software is no longer in development and will simply not work on newer systems. No budget will be authorised to replace a six figure piece of equipment that's still working.

Businesses and organisations need to wake up to the idea that the IT department should outrank every other department in the organisation, including the board. If you don't have a functional IT system then you don't have a business or an organisation.
We're on the same page vis idiot beancounters and managers, see my earlier post.

I've had quite a few run-ins with F&A people about the primacy of IT. Some got it, some didn't.

I've been known to say things like "You can decide to change the company rules, logo, official letterhead and font as much and as often as you wish. Until we implement those changes all you have done is make a decision. It isn't a change until we make it so."

I've also put an overheated mailserver on a cart and wheeled it via serpentine route through the entire office space of a building. To each user who asked me what I was doing, or why the mail wasn't working, I explained that for 4 years running my budget request for air conditioning for the server room had been refused, and that what I was now doing was cooling the mail server which had overheated, as I had warned would eventually be the case if the server room wasn't equipped with A/C. Head of F&A threatened to fire me for that one, then I pointed out that for two years I had warned him that I would do exactly that when push came to shove.

I have also threatened to write a memo to all users explaining the consequences of the fact that my budget request for a tape robot and media was approved for the robot, but not for the media "Because there wasn't money for media this year."

The specialist hardware systems are indeed a problem, but you can find ways to mitigate the issue in many cases... but this entails F&A understanding that when you say "We need to address this risk." they should be listening.
__________________
If everyone you know agrees with you consistently, they are either not listening, or not capable of critical thought.
Reply With Quote
  #29  
Old 15.05.2017, 14:05
Corbets's Avatar
Forum Legend
 
Join Date: Mar 2007
Location: DK - previously Zug
Posts: 3,327
Groaned at 169 Times in 123 Posts
Thanked 6,699 Times in 2,236 Posts
Corbets has a reputation beyond reputeCorbets has a reputation beyond reputeCorbets has a reputation beyond reputeCorbets has a reputation beyond reputeCorbets has a reputation beyond reputeCorbets has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Quote:
View Post
We're on the same page vis idiot beancounters and managers, see my earlier post.

I've had quite a few run-ins with F&A people about the primacy of IT. Some got it, some didn't.

I've been known to say things like "You can decide to change the company rules, logo, official letterhead and font as much and as often as you wish. Until we implement those changes all you have done is make a decision. It isn't a change until we make it so."

I've also put an overheated mailserver on a cart and wheeled it via serpentine route through the entire office space of a building. To each user who asked me what I was doing, or why the mail wasn't working, I explained that for 4 years running my budget request for air conditioning for the server room had been refused, and that what I was now doing was cooling the mail server which had overheated, as I had warned would eventually be the case if the server room wasn't equipped with A/C. Head of F&A threatened to fire me for that one, then I pointed out that for two years I had warned him that I would do exactly that when push came to shove.

I have also threatened to write a memo to all users explaining the consequences of the fact that my budget request for a tape robot and media was approved for the robot, but not for the media "Because there wasn't money for media this year."

The specialist hardware systems are indeed a problem, but you can find ways to mitigate the issue in many cases... but this entails F&A understanding that when you say "We need to address this risk." they should be listening.
Just as often, though, you get IT people who can't articulate the risk. The same IT people who have been known to pull the occasional fast one by overstating the importance of X or Y or massively underestimate the cost of project Z are now telling the CFO they need money again - but this time, it really is critical.

To be fair, those IT people also have a hell of a time assessing risk. Lord knows it's anything but a science, no matter how much we try to make it so. So it all becomes a big ol cluster-something-or-other, without any one party to blame, usually.
__________________
I'm likely typing from an iPad. Please disregard odd word usage.
Reply With Quote
This user would like to thank Corbets for this useful post:
  #30  
Old 15.05.2017, 19:36
curley's Avatar
Forum Legend
 
Join Date: Oct 2006
Location: canton ZH
Posts: 11,502
Groaned at 183 Times in 151 Posts
Thanked 12,914 Times in 6,750 Posts
curley has a reputation beyond reputecurley has a reputation beyond reputecurley has a reputation beyond reputecurley has a reputation beyond reputecurley has a reputation beyond reputecurley has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Quote:
View Post
Jein.
- Your house getting burgled is the fault of the burglar
- If the burglar was able to get in through the balcony window you left open, the burglary was still the burglar's fault, even though you were foolish enough not to have taken reasonable security measures.

Cheers,
Nick
Your insurance will argue differently
Reply With Quote
  #31  
Old 15.05.2017, 20:17
Slaphead's Avatar
Forum Legend
 
Join Date: May 2007
Location: Zürich
Posts: 3,230
Groaned at 34 Times in 30 Posts
Thanked 9,408 Times in 2,870 Posts
Slaphead has a reputation beyond reputeSlaphead has a reputation beyond reputeSlaphead has a reputation beyond reputeSlaphead has a reputation beyond reputeSlaphead has a reputation beyond reputeSlaphead has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Quote:
View Post
Just as often, though, you get IT people who can't articulate the risk. The same IT people who have been known to pull the occasional fast one by overstating the importance of X or Y or massively underestimate the cost of project Z are now telling the CFO they need money again - but this time, it really is critical.

To be fair, those IT people also have a hell of a time assessing risk. Lord knows it's anything but a science, no matter how much we try to make it so. So it all becomes a big ol cluster-something-or-other, without any one party to blame, usually.
Often cost overruns are as a result of moving goalposts. You've done the feasibilty work, worked out how to integrate into existing systems, and come up with a pretty accurate timescale and cost-scale. Everything's good and the project starts. Then management comes back 3 or 6 months into a project and demand what they see as a minor change in the specification.

You then spend the next week working out how you can shoehorn this "minor" change into the work already done, and then eventually realise that everything already done will need to be scrapped and it would need to be started from scratch to succesfully integrate that change. Often this can require major changes to the systems that this project will integrate with as well.

Often what non IT people see as a very minor change is, in actual fact, an absolute massive undertaking, and often what non IT people think of as a seriously major change only requires a couple of lines of extra code.
__________________
...allegedly.
Reply With Quote
  #32  
Old 16.05.2017, 11:34
Rob's Avatar
Rob Rob is offline
Senior Member
 
Join Date: Jul 2006
Location: Baden AG
Posts: 464
Groaned at 8 Times in 7 Posts
Thanked 1,337 Times in 520 Posts
Rob has a reputation beyond reputeRob has a reputation beyond reputeRob has a reputation beyond reputeRob has a reputation beyond reputeRob has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Why am I not surprised? Microschrott have known about this for months and the patch was done in February.

https://www.theregister.co.uk/2017/0...ing_flaws_too/

Edit: and there's already a new version out, and this doesn't have a kill switch.

https://www.theregister.co.uk/2017/0...crypt_variant/

Last edited by Rob; 16.05.2017 at 11:49.
Reply With Quote
  #33  
Old 16.05.2017, 11:52
Forum Legend
 
Join Date: Aug 2009
Location: Vaud
Posts: 4,552
Groaned at 492 Times in 321 Posts
Thanked 4,099 Times in 1,952 Posts
CorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond reputeCorsebouTheReturn has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Typical.
Got a call at 01am, then at 03am from a client because their managers (the head of or something) have made a emergency meeting and were asking if our closed system was impacted by Wannacry...

YES! I wannacry!
Reply With Quote
This user would like to thank CorsebouTheReturn for this useful post:
  #34  
Old 16.05.2017, 18:43
Forum Legend
 
Join Date: Feb 2010
Location: CH
Posts: 9,549
Groaned at 326 Times in 266 Posts
Thanked 13,822 Times in 7,136 Posts
greenmount has a reputation beyond reputegreenmount has a reputation beyond reputegreenmount has a reputation beyond reputegreenmount has a reputation beyond reputegreenmount has a reputation beyond reputegreenmount has a reputation beyond repute
Re: NHS under a nationwide cyber attack?

Latest news on the subject

http://news.sky.com/story/cyberattac...ckers-10879388

http://www.reuters.com/article/us-cy...-idUSKCN18B0AC


Quote:
View Post
Typical.
Got a call at 01am, then at 03am from a client because their managers (the head of or something) have made a emergency meeting and were asking if our closed system was impacted by Wannacry...

YES! I wannacry!
LOL

Last edited by greenmount; 16.05.2017 at 19:20.
Reply With Quote
Reply

Tags
cyber attack, nhs, ransomware




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cyber attack on Digitec etc Guest TV/internet/telephone 43 20.03.2016 14:18
Talk Talk cyber attack in UK. PanFastic Daily life 3 24.10.2015 01:21
Flame, an unknown Massive cyber-attack discovered Sbrinz International affairs/politics 25 01.06.2012 23:51
Grounds for asylum under attack The Local Swiss news via The Local 1 20.05.2012 08:55
Internet Explorer users under attack jrspet General off-topic 10 19.12.2008 09:43


All times are GMT +2. The time now is 04:06.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0