Cyber 'kidnapping'.

[MJI]

This actually was a similar situation to my own old business, except that we carried on using the old software because it continued to do all we required. It was a DOS program which ran on everything from DOS 4 through to Win 7 32 bit. From Win 95/98(I think) onward, I ran it in a window, not full screen, but it was fine to run full screen if required. Because it was used with 2 other programs, one of which wouldn't run under Win 7, I proved it would all work in XP mode under Win 7, and similarly tried it under Win10. This was precautionary in case I continued working longer than I anticipated - thankfully, it was not necessary.

 

We used other later programs where necessary, and I would have moved to something modern had I the need to work much beyond the date I'd planned for. "Making Tax Digital" would have ensured that anyway, I think.

 

As you say, I'm not surprised that people continue to use XP - it worked, with a wide range of old and new software, it became the accepted interface(even now I make Win 10 replicate the XP interface as far as possible) and, if I'm honest and purely from a user's perspective, I wish MS had made XP the basis for their "Windows as a service" concept rather than Win 10, and had kept the compatibilities built in to XP. In the end, it is my view that it is the reduced backwards compatibility, coupled with the longevity and high cost of replacement of some equipment, which is at the root of current NHS updating problems.

 

 

Like many people running VGA graphics dos programs we were hit by Vista but it was so poor FDISK was a valid option. But we had one PC on site where they used Vista so they had to drop to 25 line mode and no shape graphics.

 

Then out came 7 and we spent ages trying to get our software working that is how I learnt about NETBIOS.

 

All this was sitting there stopping me from converting to WIN32.

 

If MS get rid of WIN32 there will be severe problems there!

 

Oh it took about 5 years!!!!!!!

[raymw]

Software does not wear out. Why do you need to 'update' it? I do not understand why many companies seem to have so many pc's directly/indirectly connected to the internet. Probably cheaper than having dedicated private networks. Then, they let folk take laptops home, or let them use their own laptops connected to the office network. There are many basic actions that can be taken to reduce the impact of what has happened over the past few days, it just needs a rethink of what the companies actually want to achieve.

[melmerby]

Yet if I read elsewhere correctly, the embedded version is still being served with updates, and will be until 2019. Ironic, if it needs them less.

 

The Nim.

I assumed some of these "embedded" systems do not have HDDs or other normal memory storage devices so nowhere to store extra code and quite often devoid of many of the interfaces found on normal PCs so how do they get hijacked?

 

Keith

[antrobuscp]

I assumed some of these "embedded" systems do not have HDDs or other normal memory storage devices so nowhere to store extra code and quite often devoid of many of the interfaces found on normal PCs so how do they get hijacked?

 

Keith

I don't know for sure now, but I seem to recall reading that the embedded version was used in POS systems and behind cash machines and the like. There must obviously be the need for updates given that they run until 2019 for XP. I also think a lot of bank systems are very old bespoke systems which have given problems in the past when banks have come together. I don't know how valid these points still are.

 

Colin

[antrobuscp]

I have a tablet pc running Win 8, and it cannot be upgraded to Win 8.1 or 10. I downloaded and installed the MS patch as it did not appear to have been previously installed despite the machine having been updated. Not sure if Win 8 is still supported. Something else to check.

 

Colin

[Guius]

I had my computer files hacked and held to ransom over the weekend by Cyber Attackers and I've just got access to them again. The only things that seem to have been affected was my photo files, the criminals left the following note; "We looked in two of your photo files labelled Terriers,Pugs, Greyhounds and Growlers but no dog photos, similarly a file labelled Doodlebugs, Spaceships, Rocket and V1s V2s but no images of Space vehicles. We only found photographs of old trains in all of them and they're of no value to us so you can have them back for free" Hate to think what they expected to find in the folder marked Copper Knob.

 

Regards

 

Guy

[2mmMark]

...and the NHS needs a larger budget for the free update from Microsoft because?

 

No update is ever "free"  when you take account of the time and effort needed to deploy it.  When I bought my current laptop in 2014, it needed a lot of updates applying, one of which was a critical update. This failed due to known problems so I had to split it up and apply each part individually. A good few hours work went into that. Multiply that across a wide estate of PCs and you begin to see the problem.

 

As a result, I declined Microsoft's kind offer of Windows 10 as I had a reliable working PC which I'd set up just how I like it. I also disabled Microsoft's annoying Windows 10 reminders.

 

A lot of corporates including the one I worked for invest a lot of time in testing, preparing and rolling out updates using automated tools. Costs a lot of money. Which is why said corporate outsourced it to external Indian contractors. I wish them lots of luck with that one.

 

Mark

[PaulCheffus]

Software does not wear out. Why do you need to 'update' it? I do not understand why many companies seem to have so many pc's directly/indirectly connected to the internet. Probably cheaper than having dedicated private networks. Then, they let folk take laptops home, or let them use their own laptops connected to the office network. There are many basic actions that can be taken to reduce the impact of what has happened over the past few days, it just needs a rethink of what the companies actually want to achieve.

Hi

 

So when I am on call 24/7 you are expecting me to sit at my desk in the office when I could be sleeping. Not really practical which is why my company expects us to take our laptops home when on call.

 

Cheers

 

Paul

[pete_mcfarlane]

The unbridled proliferation of sudo and subsequent abuse of its access authority has seriously compromised this security model*, while SE Linux does the exact opposite, taking the core principle even further.

 

*gaining access to admin tasks with sudo is simply entering the same password twice (first access to the account, then sudo accepts that same pw to grant admin powers to that account) whereas a separate root user and associated password creates another barrier to gaining full access to a Unix-based system, like Linux and/or BSD.

Sudo and similar tools are used because they can increase security, by allowing servers to be locked down to prevent people logging on directly as root (except via the console). They also log who has run what command as root, which is critical in large organisations where dozens of people need root access, and an audit trail is needed. Much more secure than letting people know the root password, unless you have a tool that can issue a new time limited root password on demand.

[raymw]

Hi Paul,

 

When I was on call 24/7, had to live withing a certain distance of the office.A pager/phone call would get me there, a do member of staff would normally arrive before me, get out the drawings/ whatever. needed. I suppose it depends on the nature of the business. We had a radio system, since in emergency situations the mobile phone network can not be relied on for communications in the field. Not aware of what they do now, but that worked pretty well.

[melmerby]

I don't know for sure now, but I seem to recall reading that the embedded version was used in POS systems and behind cash machines and the like. There must obviously be the need for updates given that they run until 2019 for XP. I also think a lot of bank systems are very old bespoke systems which have given problems in the past when banks have come together. I don't know how valid these points still are.

 

Colin

 

I've seem systems in the past where the OS was on EAROMs or similar and could be updated/changed with certain tools (maybe plugged in a user port of some sort) They could not be affected by external sources in normal use.

Maybe the WinXP for POS terminals would be cut down considerably from the normal version with such limited functionality that most of the security fixes/updates just wouldn't be needed.

 

Back in the day when OSs were somewhat smaller than today ROMs were used and if an update was required the ROM was changed.

We had a desktop at work (HP) running a HP OS which was held on a plug in card with a bank of ROMS on. To update the OS change the card. There weren't many updates in those days, usually things like extra functions added after a couple of years!

It couldn't be used like a modern PC anyway as it was designed to do specific tasks, although many plug in cards for adding different functions were available from HP. (The one at work had a very nice version of Basic on a card)

 

Keith

[57xx]

The flaw is in Windows itself - Sever Message Block - not in Word

 

The patch to stop this flaw was published in March for Windows 7, 8.1 and 10. According to the InfoSec press a version of the Patch has now been released for XP.

 

Whilst the press have made much of the flaw in XP it does exist in later versions so make sure you are patched up to date.

 

Correct, SMBv1 to be precise. Later versions of SMB are not affected.

 

For any techies who didn't join Microsoft's Skype broadcast yesterday, here is the pack they distributed, no copyright involved, it is for everyone's benefit. The recording of the broadcast is still online to listen too, the link is on the 2nd page of the presentation. You can also have a good laugh at some of the questions asked by supposed IT "professionals".

 

CustomerReady WannaCrypt Guidance.pdf

[57xx]

But why were they selling software so riddled with bugs in the first place?

 

It's not a "bug" as such, just old code. To quote Microsoft's own server team:

 

"The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage. Frankly, its naivete is staggering when viewed though modern eyes. I blame the West Coast hippy lifestyle."

 

And as long as people/businesses hang on to old operating systems (both client and server) that are no longer in support, then SMB1 will still be there. I tried to disable it on my laptop yesterday (very easy to do) until I was sure I was patched and all my file shares became inaccessible - because our file servers are running old and out of date Windows Server 2003. I guess no one thought that would be an issue, it's only some files servers after all and the bean counters don't want to pay for it. 

[coachmann]

First an internet ransom, then Labours manifesto....      

[Guest]

I assumed some of these "embedded" systems do not have HDDs or other normal memory storage devices so nowhere to store extra code and quite often devoid of many of the interfaces found on normal PCs so how do they get hijacked?

 

Keith

 

They will generally have a small flash memory like a mobile phone. Windows and the various programs that might be running on it can't cope with a read-only file system so Microsoft have a thing the call the 'Enhanced Write Filter' It's basically a RAM disk where any writes to the read-only C: drive actually end up. It looks like you've written to C: but on a reboot everything is back to the factory state.

 

It exists as a feature to stop users breaking things permanently but it's no protection against malware  since although the device is reset on a reboot it can immediately become reinfected. Also software that knows about the write filter can easily flush the RAM disk back to the flash, which is how software updates work on these devices.

[Metr0Land]

Returning to the NHS attack, do we know how/why a lot of NHS trusts weren't hit?

A lot has been made of those that were hit, still using WinXP and then the blame game breaking out. Were those that were safe using WinXP with updates or were they using later software? Surely some of the hospitals that were safe, were doing the same kind of work as some of those that got hit?
 

[Danemouth]

Returning to the NHS attack, do we know how/why a lot of NHS trusts weren't hit?

 

A lot has been made of those that were hit, still using WinXP and then the blame game breaking out. Were those that were safe using WinXP with updates or were they using later software? Surely some of the hospitals that were safe, were doing the same kind of work as some of those that got hit?

 

 

Until retirement I was an Information Security Manager for a small financial institution.

 

My suspicion is the quality of the email and web gateways together with their anti-virus software. Those with good gateways e.g. blocking access to malicious sites, properly configured and up to date virus signatures would be better placed than those who took less care.

 

The proper configuration of internet gateway firewalls is another factor.

 

There are also other factors such as does the user logged into a computer have admin rights on that machine? 

 

Dave

[martin_wynne]

It's not a "bug" as such, just old code. To quote Microsoft's own server team:

 

"The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage. Frankly, its naivete is staggering when viewed though modern eyes. I blame the West Coast hippy lifestyle."

 

So why were Microsoft still selling it until a few months ago, never mind in XP? And only fixed it when someone else told them it was no good?

 

Surely they should be expected to go back over their old code and check that it is still fit for purpose before including it in their latest products?

 

Having made billions over the years out of their near-monopoly position, just a little more spent on testing and checking for bugs in old code wouldn't go amiss. It seems that we are expected to test it for them, and having found flaws in it, be grateful if they provide a fix, and not mind all the trouble and inconvenience caused.

 

That might be acceptable if they were giving this old code away for free. But they are still charging good money for it.

 

Martin.

[pete_mcfarlane]

Returning to the NHS attack, do we know how/why a lot of NHS trusts weren't hit?

 

A lot has been made of those that were hit, still using WinXP and then the blame game breaking out. Were those that were safe using WinXP with updates or were they using later software? Surely some of the hospitals that were safe, were doing the same kind of work as some of those that got hit?

 

I went to the Doctor yesterday, and their PCs were still switched off, or not being used, pending a vist from IT support (including one which seemed to be running Win7). I suspect that a large part of the impact of the attack is down to the precautionary switching off of PCs to stop them getting infected, and that is going to be influenced by how risk averse that particular bit of the NHS is. 

 

I also suspect that the focus on Windows XP is in part down to the election. It's a good way of having a go at the Government for lack of investment in the NHS, and showcasing how your party would spend gazillions of pounds once elected. 

[Horsetan]

 

[brigo]

There's an interesting article here by Woody Leonhard about WannaCry

 

http://www.infoworld.com/article/3196673/malware/faq-are-you-in-danger-from-the-wannacrypt-ransomware.html

 

It appears that Windows XP and Windows 10 were not exploited by the attack, I suppose by inference then that Windows 7 was the main target. This would be logical as most business enterprises are probably still running Windows 7 and trying to resist the upgrade to 10.

 

One problem I have noticed with Windows 7 lately is a reluctance to update itself, constantly searching for updates or downloading them without actually doing anything. It appears that Windows Update needed an update itself. Manually installing update KB3172605 fixed it for me.

 

Brian

[melmerby]

 

There are also other factors such as does the user logged into a computer have admin rights on that machine? 

 

Dave

Like when the log in password is "admin" Far too many people are just lazy and wont set up decent passwords.

 

Keith

[Guy Rixon]

Organizations running Windows XP are able to get some continuing support (= security patches) by paying MicroSoft  for a special contract. After the end of general support for XP in 2014, the NHS had such a contract. The price goes up each year. When the renewal cost reached £5.5 million, the support was not renewed. I don't know whether this was decided inside the NHS or by the treasury.

[ian]

Organizations running Windows XP are able to get some continuing support (= security patches) by paying MicroSoft  for a special contract. After the end of general support for XP in 2014, the NHS had such a contract. The price goes up each year. When the renewal cost reached £5.5 million, the support was not renewed. I don't know whether this was decided inside the NHS or by the treasury.

 

That is Microsoft having a laugh. Just how many analysts, programmers and project managers could they employ for half that and still make money hand over fist?

[Guest]

That is Microsoft having a laugh. Just how many analysts, programmers and project managers could they employ for half that and still make money hand over fist?

 

The point isn't to make money it's to get shot of obsolete products. They're increasingly difficult to maintain.