homepage
  roll on christmas  
click here to find out more about ship of fools click here to sign up for the ship of fools newsletter click here to support ship of fools
community the mystery worshipper gadgets for god caption competition foolishness features ship stuff
discussion boards live chat cafe avatars frequently-asked questions the ten commandments gallery private boards register for the boards
 
Ship of Fools


Post new thread  Post a reply
My profile login | Register | Directory | Search | FAQs | Board home
   - Printer-friendly view Next oldest thread   Next newest thread
» Ship of Fools   » Community discussion   » Hell   » NHS cyber attack (Page 2)

 - Email this page to a friend or enemy.  
Pages in this thread: 1  2 
 
Source: (consider it) Thread: NHS cyber attack
Boogie

Boogie on down!
# 13538

 - Posted      Profile for Boogie     Send new private message       Edit/delete post   Reply with quote 
A question - are Apple systems as susceptible to hacking as Microsoft?

--------------------
Garden. Room. Walk

Posts: 12175 | From: Boogie Wonderland | Registered: Mar 2008  |  IP: Logged
lilBuddha
Shipmate
# 14333

 - Posted      Profile for lilBuddha     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Holy Smoke:
In the case of the ransomware attack, the fault is almost entirely with the victims, because they failed to take basic precautions.

Are you an idiot or are you at fault for not refreshing your browser and reading the posts between that one and this statement?
You want someone to blame besides the attackers, blame the fucking Tories. If the bastards had properly funded the NHS and this had happened, then you could possibly apportion blame to the NHS.

BTW, the victims are the patients.

--------------------
So goodnight moon, I want the sun
If it's not here soon, I might be done
No it won't be too soon 'til I say goodnight moon

- A. N. Parsley, D. Mcvinni

Posts: 15478 | From: out of the corner of your eye | Registered: Dec 2008  |  IP: Logged
Jay-Emm
Shipmate
# 11411

 - Posted      Profile for Jay-Emm     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Boogie:
A question - are Apple systems as susceptible to hacking as Microsoft?

No, but...

(part of which is the proportionately smaller market giving a kind of herd immunity, that MS have to keep things consistent to let many more older programs work*, and that old vulnerable systems need to be used for the dedicated software that can't make the jump)

*there's a story about 95 and sim city.

Posts: 1529 | Registered: May 2006  |  IP: Logged
Sioni Sais
Shipmate
# 5713

 - Posted      Profile for Sioni Sais   Email Sioni Sais   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Karl: Liberal Backslider:
quote:
Originally posted by Sioni Sais:
quote:
Originally posted by Penny S:
In the case of the person I have been "caring" for, with three different hospitals and two different surgeries involved, none of them have been able to access information about previous treatment. Two of the hospitals have been part of the same organisation and share nursing staff. I'm not convinced about the computer network making things easier.

A network that had been maintained with the necessary security updates would have been in a far better state.
Yes, wouldn't it. However it's never that simple. IT professionals do not leave stuff unpatched for fun, for shniggles, or, in the main, out of imcompetence (there's always one, of course). There are a number of factors which can put a delay between patch release and implementation, in any large organisation especially. Of the top of my head:

*legacy software that was written for an OS three generations ago and which needs extensive testing on new OSes or patch levels;
*negotiation of downtime;
*experience of dodgy patches in the past leading to a desire to wait just to make sure MS doesn't pull it the next day;
*company change procedures and policies that simply take time.

All in all, I'm not really surprised a March patch wasn't universally in place.

Back in the dim and distant past I was involved in changing from an earlier version of Windows to Windows XP. That meant testing stuff under both operating systems to ensure the results were the same. It wasn't thrilling and it took months. Even then there were a few applications that wouldn't run under XP, so they had to be isolated until we replaced them. What we did do was put in place a regular maintenance regime with monthly routine update plus emergency updates as required.

If there is a problem it is that if you let things slip, it's difficult to drag yourself back to a safe place.

Posts: 23619 | From: Newport, Wales | Registered: Apr 2004  |  IP: Logged
Holy Smoke
Shipmate
# 14866

 - Posted      Profile for Holy Smoke     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by lilBuddha:
quote:
Originally posted by Holy Smoke:
In the case of the ransomware attack, the fault is almost entirely with the victims, because they failed to take basic precautions.

Are you an idiot or are you at fault for not refreshing your browser and reading the posts between that one and this statement?
No, I think the problem is that I disagree with you.
Posts: 331 | From: UK | Registered: Jun 2009  |  IP: Logged
lilBuddha
Shipmate
# 14333

 - Posted      Profile for lilBuddha     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Boogie:
A question - are Apple systems as susceptible to hacking as Microsoft?

The simple answer is not really.
Apple have fewer attacks primarily because there are fewer Apple computers and therefore they are a a less profitable target.
Backwards compatibility, not having control over hardware and other issues add to the vulnerability of Windows systems.
But anyone thinking that mass switching to Apple will end this sort of problem is delusional.
Besides, the cost of doing so would be massive. New computers, new servers, tons of training, new software purchases. new patient management systems, data migration, data recreation after inevitable losses in the migration, etc.

--------------------
So goodnight moon, I want the sun
If it's not here soon, I might be done
No it won't be too soon 'til I say goodnight moon

- A. N. Parsley, D. Mcvinni

Posts: 15478 | From: out of the corner of your eye | Registered: Dec 2008  |  IP: Logged
lilBuddha
Shipmate
# 14333

 - Posted      Profile for lilBuddha     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Holy Smoke:
quote:
Originally posted by lilBuddha:
quote:
Originally posted by Holy Smoke:
In the case of the ransomware attack, the fault is almost entirely with the victims, because they failed to take basic precautions.

Are you an idiot or are you at fault for not refreshing your browser and reading the posts between that one and this statement?
No, I think the problem is that I disagree with you.
I've outlined some of why the blame lies elsewhere. Do you have anything besides disagreement to counter that?

--------------------
So goodnight moon, I want the sun
If it's not here soon, I might be done
No it won't be too soon 'til I say goodnight moon

- A. N. Parsley, D. Mcvinni

Posts: 15478 | From: out of the corner of your eye | Registered: Dec 2008  |  IP: Logged
Net Spinster
Shipmate
# 16058

 - Posted      Profile for Net Spinster   Email Net Spinster   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Boogie:
A question - are Apple systems as susceptible to hacking as Microsoft?

They are susceptible but in different ways. However many more business operations are run on MS so many hackers concentrate on MS.

I gather that the NHS still had a lot of computers running Windows XP which is highly vulnerable since security patches have not been released for it for several years. Why NHS did not update could be for a combination of reasons.

1. Computer just not updated to a more recent version of the operating system because of
a. time constraints (its been a few years folks)
b. cost of the upgrade
c. user doesn't like the newer versions
d. specialized legacy software that only runs on XP (I work for an organization that has a few systems like that and they are isolated on the network [to get to them remotely you need to go through a more secure gateway] and used only for the legacy software [no web browsing or email reading])

2. Computer is so old it can't be upgraded so a new one has to be bought.
a. time constraints (again few years)
b. cost of buying a new computer

3. Legacy software possibly inhouse only running on XP that can't be isolated. Replacing it would probably cost money, time, and specialized people. This is one reason why where I work replaced a lot of inhouse software with commercial software since then the cost of making the software work on new operating systems is spread among more consumers.

Where I work which is far smaller than the NHS though big locally has been going through a massive several year project to make sure things are more secure and that it will be easier to respond to new threats. Its been painful for some, but, it is working (so far).

--------------------
spinner of webs

Posts: 1059 | From: San Francisco Bay area | Registered: Dec 2010  |  IP: Logged
Amanda B. Reckondwythe

Dressed for Church
# 5521

 - Posted      Profile for Amanda B. Reckondwythe     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by mr cheesy:
It sounds like one needs a backup which is physically disconnected from the desktops and the internet to avoid spreading the malware. I wonder how many now have backups like that.

The standard practice is to backup on removable media and store it offsite -- usually several days' worth of backups.

--------------------
"We're not in Wonderland anymore, Alice." – Charles Manson

Posts: 9820 | From: The Great Southwest | Registered: Feb 2004  |  IP: Logged
no prophet's flag is set so...

Proceed to see sea
# 15560

 - Posted      Profile for no prophet's flag is set so...   Author's homepage   Email no prophet's flag is set so...   Send new private message       Edit/delete post   Reply with quote 
The blame for this worldwide attack is directed most appropriately at the American spy agency, NSA, and Microsoft. NSA for developing the virus tools to do this deed. Microsoft for creating abandon-wear operating operating systems. Thankfully most large servers are running Linux.

Apple isn't reasonable solution for most users worldwide. Far too expensive. It also issues updates which deliberately wreck other-OS compatibility including simply connecting to servers and Apple devices to other OSes. For unsophisticated users Google Chrome and Android are much cheaper than Appley things.

--------------------
Maybe I should stop to consider that I'm not worthy of an epiphany and just take what life has to offer
(formerly was just "no prophet") \_(ツ)_/

Posts: 10279 | From: Treaty 6 territory in the nonexistant Province of Buffalo, Canada ↄ⃝' | Registered: Mar 2010  |  IP: Logged
Alan Cresswell

Mad Scientist 先生
# 31

 - Posted      Profile for Alan Cresswell   Email Alan Cresswell   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Holy Smoke:
I think the problem is that I disagree with you.

Strange, I thought the problem was that you were being an ignorant prick.

--------------------
Citizen of the world.

Posts: 31509 | From: East Kilbride (Scotland) or 福島 | Registered: May 2001  |  IP: Logged
chris stiles
Shipmate
# 12641

 - Posted      Profile for chris stiles   Email chris stiles   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by no prophet's flag is set so...:
The blame for this worldwide attack is directed most appropriately at the American spy agency, NSA, and Microsoft. NSA for developing the virus tools to do this deed. Microsoft for creating abandon-wear operating operating systems. Thankfully most large servers are running Linux.

The problem is even in a world where all the affected organisations were running Linux on the desktop the same situation could have arisen due to the reasons Karl describes around migrations and upgrading.
Posts: 3350 | From: Berkshire | Registered: May 2007  |  IP: Logged
no prophet's flag is set so...

Proceed to see sea
# 15560

 - Posted      Profile for no prophet's flag is set so...   Author's homepage   Email no prophet's flag is set so...   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by chris stiles:
quote:
Originally posted by no prophet's flag is set so...:
The blame for this worldwide attack is directed most appropriately at the American spy agency, NSA, and Microsoft. NSA for developing the virus tools to do this deed. Microsoft for creating abandon-wear operating operating systems. Thankfully most large servers are running Linux.

The problem is even in a world where all the affected organisations were running Linux on the desktop the same situation could have arisen due to the reasons Karl describes around migrations and upgrading.
Probably not. To install any package, an end user has to specifically become an admin user. A virus package would require at minimum a password to be given. The user would this deliberately make the package executable. Better still is requiring a full login as admin. Very explicit authorisation required for execution of a prog or installation.

Windows is too loose with this, unless deployed at business levels where end user doen't know the admin passwords. I have less experience with Windows but in gov't office I had to request permission to even get permission to open emailed documents which we unauthorised default. Which seems to indicate Microsoft could deploy decent minimal security by default.

--------------------
Maybe I should stop to consider that I'm not worthy of an epiphany and just take what life has to offer
(formerly was just "no prophet") \_(ツ)_/

Posts: 10279 | From: Treaty 6 territory in the nonexistant Province of Buffalo, Canada ↄ⃝' | Registered: Mar 2010  |  IP: Logged
Adeodatus
Shipmate
# 4992

 - Posted      Profile for Adeodatus     Send new private message       Edit/delete post   Reply with quote 
Two quick points from me.

First, in 2010, Tory Health Secretary cancelled a contract between the NHS and Microsoft that, among other things, allowed easy bulk ordering of MS products and services. At the time he said it was something about free market yadda yadda Tory gobshite yadda yadda. The immediate effect was that some NHS IT costs almost doubled overnight. The longer term effect was that each Trust within the NHS then had to look after the maintenance and upgrading of its own systems, at hugely inflated cost.

Secondly, in 2015, Jeremy *unt scrapped the NHS's security contract with MS, because austerity yadda yadda within our means Tory gobshite 2 yadda yadda. The result of that was that NHS MS systems have been essentially defenceless - apart from whatever measures individual Trusts have put in place on a piecemeal basis - ever since.

Am I angry this has happened? Yes. Am I surprised? Given the two utter arsewipes who've held the post of Health Secretary since 2010, definitely not.

--------------------
"What is broken, repair with gold."

Posts: 9714 | From: Manchester | Registered: Sep 2003  |  IP: Logged
lilBuddha
Shipmate
# 14333

 - Posted      Profile for lilBuddha     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by no prophet's flag is set so...:
The blame for this worldwide attack is directed most appropriately at the American spy agency, NSA, and Microsoft.


NSA for developing the virus tools to do this deed.

Allegedly. Given that vulnerabilities have been, and will continue to be, discovered and exploited without their help; meh.
quote:

Microsoft for creating abandon-wear operating operating systems.

Apple are the kings of abandon ware. They are the ones who gave a big 🖕🏼 to their old OS users. Microsoft has plenty of issues, but just how long are they supposed to support the old stuff? No one expects this from anyone else.
quote:

Thankfully most large servers are running Linux.

Given most merely means more than half, this is a possibility, but numbers are harder to track than often claimed. Two things to this, however:
One - Linux might be a bit more secure, but much of that is security through obscurity, just like Apple.
Two - Targets are more often the end-user, rather than the servers they connect to, so this will be Windows regardless.
Three (Three things) is that if Linux were more commonly distributed in desktop systems, it would share the old version issues just the same.

Like what you like, use what you wish. Just do it with less ignorance and many of these problems will be less widespread.

--------------------
So goodnight moon, I want the sun
If it's not here soon, I might be done
No it won't be too soon 'til I say goodnight moon

- A. N. Parsley, D. Mcvinni

Posts: 15478 | From: out of the corner of your eye | Registered: Dec 2008  |  IP: Logged
chris stiles
Shipmate
# 12641

 - Posted      Profile for chris stiles   Email chris stiles   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by no prophet's flag is set so...:
Probably not. To install any package, an end user has to specifically become an admin user. A virus package would require at minimum a password to be given. The user would this deliberately make the package executable. Better still is requiring a full login as admin. Very explicit authorisation required for execution of a prog or installation.

On a single user (desktop) system - all an analogous virus requires is the ability to place the an executable somewhere where a process running by the user could execute it, and access to the users data - as that's all that matters.

Besides - I bet if you go back to Debian 3.0 or RHEL 7.1 (similarly old) there'd be plenty of remote holes that could be exploited, even before you layered a similarly rich desktop system. The problem is with the difficulty and the cost of upgrading, software quality is secondary (in this case)

Posts: 3350 | From: Berkshire | Registered: May 2007  |  IP: Logged
Ricardus
Shipmate
# 8757

 - Posted      Profile for Ricardus   Author's homepage   Email Ricardus   Send new private message       Edit/delete post   Reply with quote 
[Total tangent]
quote:
Originally posted by lilBuddha:
🖕🏼

I have learnt a new thing about UBB today! [Yipee] [Yipee] [Yipee]

--------------------
Then the dog ran before, and coming as if he had brought the news, shewed his joy by his fawning and wagging his tail. -- Tobit 11:9 (Douai-Rheims)

Posts: 6885 | From: Liverpool, UK | Registered: Nov 2004  |  IP: Logged
Ricardus
Shipmate
# 8757

 - Posted      Profile for Ricardus   Author's homepage   Email Ricardus   Send new private message       Edit/delete post   Reply with quote 
OK, I've Googled a bit (so now I know everything) and I'm going to risk universal opprobrium by admitting Holy Smoke might have a point.

The fact that Microsoft would end support for XP in 2014 was known seven years in advance, and government departments were supposed to put in place migration plans for when this happened. What expired in 2015 was a one-off extra year's support that the Cabinet Office bought for all government systems, not just the NHS. Source.

If, in those eight years, a particular NHS Trust judged it more cost-effective to buy extended support for XP rather than migrate, there was nothing to stop them from doing so. What seems to have happened is that a number of Trusts have neither migrated nor arranged for extended XP support. Source.

Some posters are saying that the problem is that the Conservatives have underfunded the NHS. This is true* and reprehensible, but it only exculpates those Trusts' managers if the things on which they did spend their inadequate budgets bought better patient value than IT security (i.e., if they'd spent money on IT security, they'd have had to cut something even more vital elsewhere). I find this questionable. It doesn't look like this hack actually did that much damage but it had the potential to be a lot worse.

Having said that, the buck is supposed to stop with the Cabinet minister, and it is disgraceful that Mr Hunt is nowhere to be seen and Ms Rudd and Mr Fallon are busily shovelling the blame elsewhere.


* AIUI the problem isn't so much that they're withholding money from the NHS, but that they're making false economies elsewhere that nullify what they give to the NHS, as well as wasting billions on solutions in search of a problem such as GPs' consortia. But it comes to the same.

--------------------
Then the dog ran before, and coming as if he had brought the news, shewed his joy by his fawning and wagging his tail. -- Tobit 11:9 (Douai-Rheims)

Posts: 6885 | From: Liverpool, UK | Registered: Nov 2004  |  IP: Logged
Ricardus
Shipmate
# 8757

 - Posted      Profile for Ricardus   Author's homepage   Email Ricardus   Send new private message       Edit/delete post   Reply with quote 
To put the underfunding argument into perspective, the one-year XP support deal, for the entire public sector, cost £5.5m (source in the second link above). The NHS budget for 2015/6 was £116,400m (source).

--------------------
Then the dog ran before, and coming as if he had brought the news, shewed his joy by his fawning and wagging his tail. -- Tobit 11:9 (Douai-Rheims)

Posts: 6885 | From: Liverpool, UK | Registered: Nov 2004  |  IP: Logged
Schroedinger's cat

Ship's cool cat
# 64

 - Posted      Profile for Schroedinger's cat   Author's homepage     Send new private message       Edit/delete post   Reply with quote 
I would completely accept that the situation could have been predicted something like this. And this should have been dealt with in some way.

The thing is, with cuts elsewhere, the vast cost of upgrading - not just on one Trust, because in some cases, it would require national changes - was not justified when it would mean taking money from patient care. And the Right wing would have had a field day if it had been revealed that the NHS was spending many millions of IT not on patients.

But the reason is the chronic lack of funding from central government. Users - including the IT departments - have had to manage as they can. That is the same as any business - the problem in this case is that government was not prepared to finance ongoing upgrades of IT equipment.

Holy Smoke should have a point. Inserted somewhere delicate.

--------------------
Blog
My books for your enjoyment
Lord may all my hard times be healing times
take out this broken heart and renew my mind.

Posts: 18150 | From: At the bottom of a deep dark well. | Registered: May 2001  |  IP: Logged
Karl: Liberal Backslider
Shipmate
# 76

 - Posted      Profile for Karl: Liberal Backslider   Author's homepage   Email Karl: Liberal Backslider   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Ricardus:
To put the underfunding argument into perspective, the one-year XP support deal, for the entire public sector, cost £5.5m (source in the second link above). The NHS budget for 2015/6 was £116,400m (source).

116 billion.

--------------------
Might as well ask the bloody cat.

Posts: 17190 | From: Chesterfield | Registered: May 2001  |  IP: Logged
no prophet's flag is set so...

Proceed to see sea
# 15560

 - Posted      Profile for no prophet's flag is set so...   Author's homepage   Email no prophet's flag is set so...   Send new private message       Edit/delete post   Reply with quote 
[tangent]
quote:
Originally posted by chris stiles:
quote:
Originally posted by no prophet's flag is set so...:
Probably not. To install any package, an end user has to specifically become an admin user. A virus package would require at minimum a password to be given. The user would this deliberately make the package executable. Better still is requiring a full login as admin. Very explicit authorisation required for execution of a prog or installation.

On a single user (desktop) system - all an analogous virus requires is the ability to place the an executable somewhere where a process running by the user could execute it, and access to the users data - as that's all that matters.

Besides - I bet if you go back to Debian 3.0 or RHEL 7.1 (similarly old) there'd be plenty of remote holes that could be exploited, even before you layered a similarly rich desktop system. The problem is with the difficulty and the cost of upgrading, software quality is secondary (in this case)

I realize that we're pursuing a bit of a tangent, but since you posted this, consider that they might be able to engineer it if Linux used only one or 2 formats for partitions. Plus, we're talking multiple distros. I suppose someone could write something that went after fairly standard partitions in some Ubuntu version or other (one of the more commonly used today). It's pretty difficult to write malicious code expecting that it will affect all Linux computers without knowing what partitions the user may have chosen. And that's just in standard installs.
[/tangent]

Back to expiry dates with Microsoft versions, such as XP. I don't know, I had a 6 volt system in a 1963 Bug (VW Beetle) which changed to 12 volt in all of them I think in 1966, and they also changed some of the engine, light hooding and other body parts, and later bumpers. But I still could get working parts for it, made by others, not part of VW right up until I sold it 6 years ago (another story, a sad one for me, I had it since 1975).

But Microsoft doesn't allow tinkering with the code, it isn't released and we can't legally patch XP or other versions ourselves. Which is ridiculous. It doesn't matter that they announced that they declared it obsolete if people are still productively using it. They should either support it or let others support it. But they don't.

(I actually have a Windows XP running in a VirtualBox I can use an old Garmin GPS for topographic maps for wilderness travel, but it doesn't have an internet connection._Yes, and it is legal because it is on the box the XP came with.

[ 15. May 2017, 03:34: Message edited by: no prophet's flag is set so... ]

Posts: 10279 | From: Treaty 6 territory in the nonexistant Province of Buffalo, Canada ↄ⃝' | Registered: Mar 2010  |  IP: Logged
Ricardus
Shipmate
# 8757

 - Posted      Profile for Ricardus   Author's homepage   Email Ricardus   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Karl: Liberal Backslider:
quote:
Originally posted by Ricardus:
To put the underfunding argument into perspective, the one-year XP support deal, for the entire public sector, cost £5.5m (source in the second link above). The NHS budget for 2015/6 was £116,400m (source).

116 billion.
I was trying to avoid this phenomenon.

--------------------
Then the dog ran before, and coming as if he had brought the news, shewed his joy by his fawning and wagging his tail. -- Tobit 11:9 (Douai-Rheims)

Posts: 6885 | From: Liverpool, UK | Registered: Nov 2004  |  IP: Logged
Alan Cresswell

Mad Scientist 先生
# 31

 - Posted      Profile for Alan Cresswell   Email Alan Cresswell   Send new private message       Edit/delete post   Reply with quote 
We have a variety of computers running obsolete OS. We even have two running MS-DOS on 486 processors. We think about updating them every couple of years (usually when we struggle to find a replacement power supply for a 25 year old computer, or buy a supply of floppy disks). But, that would require a) new computers, b) new interface cards, c) re-write the software that runs the devices (including porting into a new development environment) and d) extensive testing to verify that the system operates in exactly the same way as before and our procedures still satisfy our QC requirements. Basically, that would be a year of work and considerably more expense than just the new hardware. Sometimes it's simply not possible to replace an older system running an "obsolete" OS.

--------------------
Citizen of the world.

Posts: 31509 | From: East Kilbride (Scotland) or 福島 | Registered: May 2001  |  IP: Logged
Baptist Trainfan
Shipmate
# 15128

 - Posted      Profile for Baptist Trainfan   Email Baptist Trainfan   Send new private message       Edit/delete post   Reply with quote 
NHS Wales managed to upgrade and standardise its systems and so avoided the attack. Today it is blocking emails from the English NHS as a precaution, which should prove "interesting".
Posts: 8496 | From: The other side of the Severn | Registered: Sep 2009  |  IP: Logged
Alan Cresswell

Mad Scientist 先生
# 31

 - Posted      Profile for Alan Cresswell   Email Alan Cresswell   Send new private message       Edit/delete post   Reply with quote 
Though, as the number of systems affected must be much smaller than the number of vulnerable systems in the world the fact that NHS Wales escaped may be down to luck - if they're blocking emails from affected sources it does suggest that someone thinks there are still parts of their system that are not secure.

--------------------
Citizen of the world.

Posts: 31509 | From: East Kilbride (Scotland) or 福島 | Registered: May 2001  |  IP: Logged
Baptist Trainfan
Shipmate
# 15128

 - Posted      Profile for Baptist Trainfan   Email Baptist Trainfan   Send new private message       Edit/delete post   Reply with quote 
Indeed - but I suppose there only needs to be one weak point for it to get stuffed.

Probably the cyber-attackers are frightened of Dragons and Leeks (or aren't willing to deduct the Severn Bridge Toll out of their ransom).

Posts: 8496 | From: The other side of the Severn | Registered: Sep 2009  |  IP: Logged
Jane R
Shipmate
# 331

 - Posted      Profile for Jane R   Email Jane R   Send new private message       Edit/delete post   Reply with quote 
However robust your system may be, if it has to talk to other systems it is always going to be vulnerable to some attacks. It's like a castle with a gate in the wall; however strong the wall may be, all it takes is for some idiot to open the gate. NHS Wales are taking sensible precautions against idiots opening the gate.
Posts: 3505 | Registered: May 2001  |  IP: Logged
Karl: Liberal Backslider
Shipmate
# 76

 - Posted      Profile for Karl: Liberal Backslider   Author's homepage   Email Karl: Liberal Backslider   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Ricardus:
quote:
Originally posted by Karl: Liberal Backslider:
quote:
Originally posted by Ricardus:
To put the underfunding argument into perspective, the one-year XP support deal, for the entire public sector, cost £5.5m (source in the second link above). The NHS budget for 2015/6 was £116,400m (source).

116 billion.
I was trying to avoid this phenomenon.
Yeah, and I didn't read properly. Knackered. Been working 7 days straight.

--------------------
Might as well ask the bloody cat.

Posts: 17190 | From: Chesterfield | Registered: May 2001  |  IP: Logged
chris stiles
Shipmate
# 12641

 - Posted      Profile for chris stiles   Email chris stiles   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by no prophet's flag is set so...:
I realize that we're pursuing a bit of a tangent, but since you posted this, consider that they might be able to engineer it if Linux used only one or 2 formats for partitions. Plus, we're talking multiple distros. I suppose someone could write something that went after fairly standard partitions in some Ubuntu version or other (one of the more commonly used today). It's pretty difficult to write malicious code expecting that it will affect all Linux computers without knowing what partitions the user may have chosen. [/tangent]

I understand this is a tangent so not going to spend much time here, but you don't need knowledge of partitions to get this to work, just have something that iterates recursively down a users home directory encrypting each file it finds block by block - there'll be cases where the filesystem re-allocates the new content to new blocks but in practice you'll make enough of a mess that they'll still need to decrypt to recover.

And most commercial environments would still be monocultures.

[ 15. May 2017, 10:28: Message edited by: chris stiles ]

Posts: 3350 | From: Berkshire | Registered: May 2007  |  IP: Logged
chris stiles
Shipmate
# 12641

 - Posted      Profile for chris stiles   Email chris stiles   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Ricardus:

Some posters are saying that the problem is that the Conservatives have underfunded the NHS. This is true* and reprehensible, but it only exculpates those Trusts' managers if the things on which they did spend their inadequate budgets bought better patient value than IT security (i.e., if they'd spent money on IT security, they'd have had to cut something even more vital elsewhere). I find this questionable. It doesn't look like this hack actually did that much damage but it had the potential to be a lot worse.

Which assumes that they were capable of measuring and accounting for all of their risks perfectly - in which case they could still get unlucky when a lower probability risk blows up.

The other issue is that due to outsourcing a number of the trusts have been hollowed out to the point where they don't retain the expertise to necessarily being able to measure the risks properly.

Posts: 3350 | From: Berkshire | Registered: May 2007  |  IP: Logged
lilBuddha
Shipmate
# 14333

 - Posted      Profile for lilBuddha     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Alan Cresswell:
We have a variety of computers running obsolete OS. We even have two running MS-DOS on 486 processors. We think about updating them every couple of years (usually when we struggle to find a replacement power supply for a 25 year old computer, or buy a supply of floppy disks). But, that would require a) new computers, b) new interface cards, c) re-write the software that runs the devices (including porting into a new development environment) and d) extensive testing to verify that the system operates in exactly the same way as before and our procedures still satisfy our QC requirements. Basically, that would be a year of work and considerably more expense than just the new hardware. Sometimes it's simply not possible to replace an older system running an "obsolete" OS.

There will come a time when you cannot tape, glue and patch together what you have and it will cost even more to change.

[ 15. May 2017, 17:34: Message edited by: lilBuddha ]

--------------------
So goodnight moon, I want the sun
If it's not here soon, I might be done
No it won't be too soon 'til I say goodnight moon

- A. N. Parsley, D. Mcvinni

Posts: 15478 | From: out of the corner of your eye | Registered: Dec 2008  |  IP: Logged
no prophet's flag is set so...

Proceed to see sea
# 15560

 - Posted      Profile for no prophet's flag is set so...   Author's homepage   Email no prophet's flag is set so...   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by lilBuddha:
There will come a time when you cannot tape, glue and patch together what you have and it will cost even more to change.

Depends on the task. A RaspberryPi™ or Arduino™ can be had for very cheap (as little as $5) depending on what you need, and they do a fine job of simple repetitive tasks, e.g., making sure incremental backups occur.
Posts: 10279 | From: Treaty 6 territory in the nonexistant Province of Buffalo, Canada ↄ⃝' | Registered: Mar 2010  |  IP: Logged
Leorning Cniht
Shipmate
# 17564

 - Posted      Profile for Leorning Cniht   Email Leorning Cniht   Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by lilBuddha:
There will come a time when you cannot tape, glue and patch together what you have and it will cost even more to change.

Probably true, but not helpful. Because what is true is that Alan doesn't have enough money to replace all of his obsolete crap. Sure - some of his obsolete crap will fail in the next few years, but you don't know which bits it will be, and he can't afford to replace everything.

So you wait, and fix, and patch, and eat the downtime when the thing finally implodes.

(It just so happens that I've heard the line "we no longer have the ability to build that code, so here's what we're doing instead" more than once in the last few weeks.)

Obsolete products, made by companies who ceased to exist two or three acquisition cycles ago. And so on.

There's a couple of big, budget-breaking, obsolete systems that I rely on that are going to need to be replaced in the next decade. Figuring out how to pay for it is interesting...

Posts: 4245 | From: USA | Registered: Feb 2013  |  IP: Logged
lilBuddha
Shipmate
# 14333

 - Posted      Profile for lilBuddha     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by no prophet's flag is set so...:
quote:
Originally posted by lilBuddha:
There will come a time when you cannot tape, glue and patch together what you have and it will cost even more to change.

Depends on the task. A RaspberryPi™ or Arduino™ can be had for very cheap (as little as $5) depending on what you need, and they do a fine job of simple repetitive tasks, e.g., making sure incremental backups occur.
What many gov't agencies and large companies face is legacy software that cannot be migrated to newer or different systems. The cost and problems of replacing that software far exceeds the hardware issues. This is what Alan was referring to.

--------------------
So goodnight moon, I want the sun
If it's not here soon, I might be done
No it won't be too soon 'til I say goodnight moon

- A. N. Parsley, D. Mcvinni

Posts: 15478 | From: out of the corner of your eye | Registered: Dec 2008  |  IP: Logged
no prophet's flag is set so...

Proceed to see sea
# 15560

 - Posted      Profile for no prophet's flag is set so...   Author's homepage   Email no prophet's flag is set so...   Send new private message       Edit/delete post   Reply with quote 
This blog updates fairly regularly of progress with this virus. The entry "wannacry new variants detected" is from 14 May.

--------------------
Maybe I should stop to consider that I'm not worthy of an epiphany and just take what life has to offer
(formerly was just "no prophet") \_(ツ)_/

Posts: 10279 | From: Treaty 6 territory in the nonexistant Province of Buffalo, Canada ↄ⃝' | Registered: Mar 2010  |  IP: Logged
lilBuddha
Shipmate
# 14333

 - Posted      Profile for lilBuddha     Send new private message       Edit/delete post   Reply with quote 
quote:
Originally posted by Leorning Cniht:
Probably true, but not helpful. Because what is true is that Alan doesn't have enough money to replace all of his obsolete crap. Sure - some of his obsolete crap will fail in the next few years, but you don't know which bits it will be, and he can't afford to replace everything.

I'm not denying this or blaming Alan.
But it is true that the crises of today are generated by policies in the past.* The whys and wherefores could be a Hell thread in themselves.

*Unfortunately, these are still in place in the present in too many places.

--------------------
So goodnight moon, I want the sun
If it's not here soon, I might be done
No it won't be too soon 'til I say goodnight moon

- A. N. Parsley, D. Mcvinni

Posts: 15478 | From: out of the corner of your eye | Registered: Dec 2008  |  IP: Logged
Wesley J

Silly Shipmate
# 6075

 - Posted      Profile for Wesley J   Email Wesley J   Send new private message       Edit/delete post   Reply with quote 
According to the blog linked above and other news sources, such as the WaPo, it woz the North Koreans who dunnit.

--------------------
Be it as it may: Wesley J will stay. --- Euthanasia, that sounds good. An alpine neutral neighbourhood. Then back to Britain, all dressed in wood. Things were gonna get worse. (John Cooper Clarke)

Posts: 7101 | From: The Isles of Silly | Registered: May 2004  |  IP: Logged



Pages in this thread: 1  2 
 
Post new thread  Post a reply Close thread   Feature thread   Move thread   Delete thread Next oldest thread   Next newest thread
 - Printer-friendly view
Go to:

Contact us | Ship of Fools | Privacy statement

© Ship of Fools 2016

Powered by Infopop Corporation
UBB.classicTM 6.5.0

 
Check out Reform magazine
sip of fools mugs from your favourite nautical website
 
  ship of fools