|
|
Post by MartinT on May 12, 2017 19:16:28 GMT
So very scary, the ransomware attack today. I know how easily it can happen and how fast it spreads. However, still using Windows XP after end of life and end of support is quite unforgivable. They've had 5 Operating Systems and about 10 years to plan and migrate away from it. It's probably a combination of the board not allocating sufficient resources and negligence by the top IT staff in not being insistent on doing the work, no matter what it takes. Today, I just feel for their IT staff. They have a lot of sleepless nights in front of them. Story here. |
|
|
|
Post by MikeMusic on May 12, 2017 19:52:26 GMT
Not clever for sure.
Thought MS covered XP if they paid for cover.
I know of a certain very large multi national that had/has MS cover as they had many 1000s of PCs to migrate from XP
Are they also at risk ?
|
|
|
|
Post by MartinT on May 12, 2017 19:56:00 GMT
MS Cover for an obsolete OS is no more than a sticking plaster. It's still vulnerable as hell and I have difficulty understanding how it's still there after all these wasted years. Yes I know that compatibility with legacy systems would have been their bug-bear, but exactly how long did they think they could go on without actually DOING SOMETHING!
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on May 12, 2017 20:57:08 GMT
Not good. When I was at my previous they had a tonne of XP machines still active and had to take out the extended cover, it was ridiculous really, they had to pay quite a lot for the extended, and what I could never comprehend was why they didn't spend that money on upgrading the O/S.
Like you though Martin, I feel for the IT staff responsible for sorting out the issues at the NHS, it's going to be a long drawn out weekend.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on May 12, 2017 23:40:53 GMT
Bloody NHS. It's totally incompetently run top to bottom and people are kidding themselves that throwing more money at it will improve things. I guess nothing has been done since that big cock up of an IT project was abandoned some years ago. Amazed they still had XP - remember seeing it in use about 7 or 8 years ago and it was past sell by date then. If they spent less on the salaries of the assholes that call themselves management something might get sorted. I do think some form of privatisation is inevitable down the line. Practically impossible task for government to get a grip on it now. Also the IT is piece meal which explains why many trusts did not get hit - which suggests some are either lucky or are more on the ball.
|
|
|
|
Post by Slinger on May 12, 2017 23:43:50 GMT
It should be probably be mentioned that this was a broad, multi-national attack, not a targeted hit on the NHS. There's a report by SKY from November 2016 here that discusses NHS cyber-security, or the lack of it. It seems nothing has improved. |
|
|
|
Post by MartinT on May 13, 2017 7:36:14 GMT
Indeed, Telefonica were hit too, for instance.
|
|
|
|
Post by stanleyb on May 13, 2017 7:40:44 GMT
It's easy to mark out XP as the main victim, but the problem is far wider than that. It's MS that built these back doors in their OS for the American secret service etc.
|
|
|
|
Post by MikeMusic on May 13, 2017 7:45:51 GMT
It's easy to mark out XP as the main victim, but the problem is far wider than that. It's MS that built these back doors in their OS for the American secret service etc. What else has been hit besides XP Stan ? |
|
|
|
Post by stanleyb on May 13, 2017 8:07:42 GMT
All of the Windows OS would have been vulnerable. The parts of the Windows OS that are affected are:
Microsoft Security Essentials
Microsoft System Center Endpoint Protection
Windows Defender
Microsoft Endpoint Protection
Windows Intune Endpoint Protection
Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft Forefront Endpoint Protection 2010
The vulnerability left the door open for hackers to install malware into these various software programs. The security gap was found on Saturday, May 6th, and within two days Microsoft had it patched. So if those PCs were not automatically updated they would be affected. The issue with this particular vulnerability is, by simply allowing the infected file to exist means you could have been infected. Therefore, users do not need to click on attachments, open emails, or download a particular file. Its sheer presence is enough to infect, which is quite alarming considering seven different security solutions were impacted.
|
|
|
|
Post by MartinT on May 13, 2017 8:39:28 GMT
I wrote to my staff about it last night. I force updates and invoke out of hours restarts. Why? Because otherwise it's human nature to avoid updates and restarts as being 'too inconvenient'. Before you know it, machines are months and months out of date with potential security loopholes.
I explained that perhaps people would give pause before complaining about the 'inconvenience' of a 10 minute delay just when they want to do something. I always suggest that they need just do it when they go for a coffee break or to lunch. Now, I shall be even less tolerant of their complaints. It won't be their head on the block if we had a serious breach.
|
|
|
|
Post by MikeMusic on May 13, 2017 9:35:07 GMT
I always like to leave updates for a couple of days in case, as happened once, twice or possibly more often the update was buggy.
Update Tuesday, I usually go for Friday
|
|
|
|
Post by MartinT on May 13, 2017 9:50:45 GMT
If you use a WSUS server to manage updates, there is a natural delay of a day or so when updates can be withdrawn before doing any harm. The Americans get them first because of the time zone.
|
|
|
|
Post by MikeMusic on May 13, 2017 10:08:57 GMT
My ex American employers told me off for updating once, saying the server took care of updates, with a delay.
Then that changed to instant.
As I was losing the will at that point I didn't raise it again
One of the many inconsistencies and stupities that caused me to leave what had been my own company
|
|
|
|
Post by Slinger on May 13, 2017 14:59:48 GMT
It should be pretty obvious to businesses that updates, patches and backups are a necessary evil at worst and need to be implemented a.s.a.p. I mean, you wouldn't forget to update your OS, apply manufacturer patches, update your drivers, and make regular (yes, more than once a year) data backups on your computer at home...would you?
|
|
|
|
Post by MikeMusic on May 13, 2017 15:37:29 GMT
Too busy being busy, 'moving forwards' and other crap.
Hopefully this shit storm should put a few people on the right track, then they will forget it until the next one.
(Oooh I do like this IBM clicky keyboard. So much better than the Ipad)
|
|
|
|
Post by MikeMusic on May 13, 2017 15:44:24 GMT
Checking and updating the other half's W10 PC.
Way out of date or the downloading is incredibly slow, everyone in download panic (?), the US being out of bed of course.
BTW for those who don't know it Malwarebytes free seems rather good.
Recommended by my old IT support guy.
Found and quarantined a dodgy file on this PC a few months back, made it run faster and smoother.
Keeps wanting you to upgrade which we keep ignoring
<later>
Download took ages. Still installing nearly an hour later. How far out of date was this thing ?
|
|
|
|
Post by MartinT on May 13, 2017 16:00:40 GMT
I mean, you wouldn't forget to update your OS, apply manufacturer patches, update your drivers, and make regular (yes, more than once a year) data backups on your computer at home...would you? Nope, do all that on all our computers  |
|
|
|
Post by markgrant on May 14, 2017 21:01:41 GMT
|
|
|
|
Post by MartinT on May 15, 2017 5:31:39 GMT
The problem is, it only takes one latent infected computer to be turned on this morning. They will have to have removed share permissions, but that's across thousands of users and will be disruptive in its own right.
|
|
