Forum menu
At least this problem wasn't self-inflicted. Unlike the one a few months ago when an IT contractor emailed every nhs.net email address (about a million iirc), and then peoplpe started clicking Reply All to say "I don't think this is meant for me".
mrjmt - Member - Block User - Quote
So, I'm struggling to understand quite how its had such a big impact?If it spreads via a SMB vulnerability, does this mean that each of these organisations have a WAN facing SMB port open on a machine that hasn't been patched?
No, its introduced via the usual- emails, downloaded attachments.
Then once inside it hunts out other SMB ports on the LAN and spreads itself?
AIUI, it uses any mapped SMB resources to explore, log, and then spread under that users credetials- easy with SSO setups.
If this is the case, in the NHS for example is it just infecting servers or also desktop machines?
Its agnostic re desktops or servers, it just wants to find as many files as it can and encrypt/infect.
If so why do the desktop machines have the SMB port open anyway? Is it open by default?
They need SMB ports open to access mapped resources, but internally only.
just think if a major bike forum and a few internet cycle retailers went down, there would be massive cycle anger in the uk, and a huge increase in production in most uk and world wide offices of cyclists
They need SMB ports open to access mapped resources, but internally only.
Ah, thats the bit I misunderstood, makes sense now I think about it, but I'd assumed that it was only computers that [i]hosted[/i] SMB shares that were vulnerable, but the ports sit open (and are vulnerable to the exploit) even if you only access shares on other machines and don't actually host any.
Aracer, it's pretty much been answered but in short, compatibility mode is sod all help ime. Big environment 1000s of users, multiple businesses and loads of bespoke or niche software that wouldn't run on w7
If it spreads via a SMB vulnerability, does this mean that each of these organisations have a WAN facing SMB port open on a machine that hasn't been patched? Then once inside it hunts out other SMB ports on the LAN and spreads itself?No, its introduced via the usual- emails, downloaded attachments
There's nothing to indicate email was involved at all.
So yes, it could be that organisations have SMB exposed to the public Internet. It only takes one machine to be patient zero. It could also have brought in with a device; a user picks up an infection at home, brings their laptop into work where it automatically logs in to the Wi-Fi and boom, we're away.
Anyway, just got home.
We're a managed services provider for a lot of household names. Our internal machines are managed with WSUS, and our customer-facing cloud solution likewise falls under WSUS. Though of course, it's not that simple as the patch requires a reboot, so even though we've got multiple layers of redundancy you still have to be a little bit frosty about it.
We've also got various stand-alone servers, legacy systems, odds and sods dotted all over the place for various reasons. That's what I was asked to look at, so I've just spent seven hours hunting down and manually patching them. Fun.
All done? Will you sleep well now?
Now on a conference call...
It never ends.
Just got off the phone. That only took an hour. At least I get to (watch Doctor Who and) go to bed, the other guys are still at it. Reconvene at 9 tomorrow.
The last time this happened to me was the Millennium Bug, and we had ages to prepare for that.
Just had misfortune of hearing edwina currie on radio pontificating about this.
She clearly knows nothing other than the sensationalist headlines but that didn't stop her; one suggestion - 'go to imperial college, get a PhD student and tell them to sort it'.
Dopey cow.
Multiple references to 'hackers' but no mention of ransomeware.
No mention of widespread infections across multiple countries and business sectors.
No mention of NSA.
No mention of the 'kill switch'.
No discussion of possible perpetrators.
Much general criticism of Microsoft with no specifics or evidence.
She should not be used by broadcast media and then put down.
As for possible perpetrators - any takers for North Korea?
Cougar - ModeratorThe last time this happened to me was the Millennium Bug, and we had ages to prepare for that.
And then ages after of people going "don't see what all the fuss was about, everything worked out fine, why do we listen to you bloody techies..."
I had the misfortune of hearing edwina currie on R5 a few weeks ago pontificating on cuts to disability benefit, I'd personally go on record as stating that I'd like to punch her in the face repeatedly until her face is reduced to a pulp, she is utterly repulsive and anyone who defends the decrepit Tory hag would be next in line to receive the same treatment.
@somafunk - so you're not her biggest fan?
We could start a thread - 'Who hates edwina currie - no reason required'.
Reasons would be good though.
She is vile, ignorant and condescending.
And then ages after of people going "don't see what all the fuss was about, everything worked out fine, why do we listen to you bloody techies..."
Yeah, that really, really makes me cross. "Nothing happened, what was all the fuss about?" Nothing happened because a lot of people put a lot of work into ensuring that nothing happened. At the turn of the Millennium when most people were having the party of their lives, I was sat in the office on my own with nothing further to do just in case "anything happened" (I spent most of the time shooting the breeze on the phone with a colleague in another company who'd got saddled with the same gig).
You have a shit IT dept and everyone notices, "what do we pay you for?"; you have a fantastic IT dept and no-one notices, "what do we pay you for?" It's a thankless bloody task.
(Point of order, I'm not IT any more though I've spent many years doing it. I got drafted in tonight as I was best placed to do this particular job and the primary teams were slammed with their own problems.)
so you're not her biggest fan?
That's certainly one polite way of expressing my disregard for her right to existence.
On the same program/discussion she mentioned that there was absolutely no poverty in this country and there was no need for societal use of food banks. Needless to say I utterly ****ing despise her and her ilk and would personally consider it a service to humanity to drag the decrepit whore by the hair round a few "choice" housing estates to explain her words to those who rely on such non-essential services. Of course for her to do this I'd have to remove or refrain from pounding her smug face with my fist which would leave me in a quandary, would I be satisfied with seeing her ripped apart by a baying crowd?, I suspect i would garner a certain thrill from seeing her fed to the wolves so to speak.
[quote=Cougar ]At the turn of the Millennium when most people were having the party of their lives, I was sat in the office on my own with nothing further to do just in case "anything happened"
Well to be fair, anybody with that job would surely appreciate that the start of the new millenium was actually a year later.
nice trolling NW - it was good to see Cougar so precisely following the script you'd given him the cue for!
NW wasn't trolling, he was empathising, is how I read it at least.
200!
So for seven years TM was Home Sec, head of a dept. taking decisions about matters like NHS security.
If soma had the choice, her or EC?
Oh, I remember 1999… a lot of work, a lot of good planning, a lot of problems caught live yet mitigated against before they went public. Well done all. Newspapers then acted like all that effort was a waste of time and money. Ever since I have NEVER relied on journalists working for newspapers, radio or TV to learn about anything remotely related technology of any kind. How many scientists or engineers work in the mainstream media? Next to none.
I'm still going. Started again at 9 this morning.
On the upside, I'll have netted about a week's pay by the time I'm done.
Sliver lining.
New bike?
Cougar - ModeratorNW wasn't trolling, he was empathising, is how I read it at least.
Kind of tying it to the current thing and some of the reasons why IT doesn't get the attention it needs
Still going. Got all the core servers done, now just mopping up all the shit like random Jump Servers. Just found my first XP SP2 machine... HULK SMASH!
I've MANUALLY patched and controlled-rebooted 60 servers so far. Yesterday all I had to eat until 10:30pm was a Mars bar. * malware writers, and *ing kill me now.
Just downed tools. 12 hours today.
No-one cares, do they? (-:
Nope 😉
Pah!....all you do is push buttons and bash keyboards, it's not as if you have a strenuous manual job that leaves you crippled by the end of the working day
Runs and hides under the stairs............. 😉
XP SP2? retro-tastic!!
No-one cares, do they? (-:
If I was wearing a hat, I'd doff it to you, sir. 🙂
Depends who you are working for cougar - the NHS you get kudos for
Just downed tools. 12 hours today.
I got away with it lightly (a few hours yesterday) but a lot of people in my organisation will have been putting in many hours.
Anyway at last questions have been asked about those unsupported unpatched machines. I'm hoping they've been switched off and sod the consequences to the business.
Corporate, sadly. The NHS horse has bolted.
all you do is push buttons and bash keyboards, it's not as if you have a strenuous manual job that leaves you crippled by the end of the working day
I know you're joking, but in seriousness, I've done that. I used to have a job constructing kids' playgrounds, you know the soft play style things with ball pools and big plastic slides and stuff? We worked 12 hour shifts 7 days a week when doing installations (because the boss was a skinflint) and I've been more knackered after doing 8 hours thinking than I ever have lugging scaffolding poles about.
at last questions have been asked about those unsupported unpatched machines
You can still patch 2003 and XP (though I wouldn't advertise that fact).
corporate - you get no sympathy then - just charge the buggers a fortune for their lack of sense in not sorting out the vulnerabilities
You can still patch 2003 and XP
W2k??
corporate - you get no sympathy then - just charge the buggers a fortune for their lack of sense in not sorting out the vulnerabilities
It's Not That Simple. Read back.
W2k??
Ye gods.
True story, when the Kaminsky DNS poisoning scare broke several years ago (2008?), we got a missive from a customer demanding what steps we were taking to mitigate the issues on their NT4 DNS servers.
Ye gods.
Yup.
used to have a job constructing kids' playgrounds, you know the soft play style things with ball pools and big plastic slides and stuff?
Jeez!......this just gets better n' better....so you spent all day whizzing down slides and rolfing about in ball pits?, sounds like a perfect job 😀
Good man cougar.
How many/few organisations will block IT access until all (?) staff have been briefed on IT security?
Yes, I understand cost implications etc but how do they compare with damage caused by insecure processes and poor understanding/implentation of IT security.
Before the nhs mafia kicks off, I also understand the (broad) implications in terms of treatment and possible threat to life.
What about the use of third party media - personal memory sticks plugged into work network as an example. Sackable offence?
Banks have been (relatively) unaffected as far as we know; they should be prime targets which suggests that their collective efforts to secure their IT systems have been broadly successful.
Successive uk govs have commissioned so many unsuccessful large scale IT driven projects.
£10 billion worth of IT projects -
likely to be closer to £15 billion - written-off or scaled back since 2002.
No accountability but Crapita, Serco, PWC and others continue to flog dud solutions to gullible ministers & civil servants; jolly nice chablis, let's have another bottle and I'll sign the contract with this Mont Blanc pen you gave me at Christmas.
Gov criticises private sector; how about some self-flagellation based on incompetence and inaction in the public sector?
If I used random capitals and exclamation marks this could have been a rant.
It's not.
I'm one of the little guys who is thoroughly frustrated by self-serving and incompetent politicos; the ruling mentality can be summarised as....don't know, don't care but I'm important and you're not.
Did an audit on a prospective customer network last year, had uptimes on core switches and firewalls over 10 years and sounded shocked when we told them we wouldn't cover the targets they wanted us to meet for an outsource on their availability, change and security chapters buried within 1800 pages of contract docs.
You have a shit IT dept and everyone notices, "what do we pay you for?"; you have a fantastic IT dept and no-one notices, "what do we pay you for?" It's a thankless bloody task.
This x 1,000! I had the NYE1999 gig too. Got into the office at 14:00 on NYE and left site at 05:00 in the morning. Nothing happened. Apart from the 12 months previous that I'd spent arguing with the business that we really needed to harden up our AV protection.
Banks have been (relatively) unaffected as far as we know; they should be prime targets which suggests that their collective efforts to secure their IT systems have been broadly successful.
Or that their key IT systems are on completely different platforms.