Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[STEMO]

A low-level cheap punishment would be to ban the criminal from using a computer, tablet, smartphone and having or using any Internet connection for x months as a first sentence and then escalate as required with subsequent offences.

It's not a bad idea Rods, but how do you enforce it? 

Ban Jonnie Scumbag from using the internet is all very well, but he'll just carry on using his mates IP address. No? 

Not if you chop his fingers off 

[Lizzie Zoom]

So it seems this is yet another example of the USA security services trying to take advantage of a "weapon" that they can use but ends up being turned against us all.  If the NSA had not intervened then Microsoft would have been able to take far more effective action to stop this attack, and probably those to come:

http://www.bbc.co.uk/news/technology-39905509

 

I say bring in the young army of IT experts; those aged between 5 and 25, who will fight these attacks very quickly!

[biggriffin]

When they arrest little Johnny no mates computer hacker, why not give him the option to work for aunty Teresa at gchq or go to prison, were uncle Winston will look after him.
Or is that to easy

[Entwood]

So it seems this is yet another example of the USA security services trying to take advantage of a "weapon" that they can use but ends up being turned against us all.  If the NSA had not intervened then Microsoft would have been able to take far more effective action to stop this attack, and probably those to come:

http://www.bbc.co.uk/news/technology-39905509

 

I say bring in the young army of IT experts; those aged between 5 and 25, who will fight these attacks very quickly!

Microsoft issued a patch that prevented this attack working over 2 months ago. All the machines affected have simply not been updated regularly. Microsoft told the world years back they were no longer supporting Win XP .. yet numerous, nay, thousands, of computers still run it ... so whose fault is it really ?? 

If you don't update it is your fault, not the company providing the updates. Anyone with half an interest in IT will tell you that the hackers are one step ahead of the latest systems ... and about 200 miles ahead of outdated software like XP .....

So, if the NHS network managers had done their job PROPERLY .......   

EDIT ...  Interesting reading . 

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/?utm_source=t.co&utm_medium=referral

[Varche]

It would be helpful if a cost was supplied to the public of these cyber attacks.  Most of which will be borne by us the tax payer. Instead it is all talked sbout as though it is a minor inconvenience.

I agree with you to a point on XP not being supported. However the reverse of the coin is why should companies have to keep updating hardware and operating software versions. Most only use them asa database. XP was quite adequate. To draw a car analogy. How would Omega owners feel if they had to have the latest engine installed in their car very couple of years. Also thatafter five years or less parts wouldnt be available for your car. Have to buy a new car sir.

Perhaps the world has it wrong and Microsofft should be supporting their products for longer....

Good luck with that!

[aaronjb]

Perhaps the world has it wrong and Microsofft should be supporting their products for longer....

Microsoft will support just about anything for as long as you want given sufficient financial incentive - just ask people like the MOD & US Military about their support contracts for "unsupported" operating systems.

They'd support it for you, too, and the rest of us, but nobody would stomach the cost.

You know the adage: Good, cheap or fast; pick two.

Everyone picked cheap and fast.

[Marks DTM Calib]

The world is full of equipment running XP on embedded systems and will be for a long time to come, are we expecting every heart monitor, CT scanner, MRi and control system to be updated?

[Kevin Wood]

I develop software for some kit that still runs Windows 2000. 

The fact is that some things (normally very expensive things) have a longer life cycle than the operating system they use to interact with the user. Successive Windows versions seem designed to deliberately break things that worked in previous versions, so upgrading is not usually an option.

None of this is a problem, except that there is a fascination with connecting everything to the internet these days.

If you have something that needs to run an unsupported cheap, nasty consumer OS, for god's sake, take a tube of epoxy to the ethernet and USB ports.

[Entwood]

I develop software for some kit that still runs Windows 2000. 

The fact is that some things (normally very expensive things) have a longer life cycle than the operating system they use to interact with the user. Successive Windows versions seem designed to deliberately break things that worked in previous versions, so upgrading is not usually an option.

None of this is a problem, except that there is a fascination with connecting everything to the internet these days.

If you have something that needs to run an unsupported cheap, nasty consumer OS, for god's sake, take a tube of epoxy to the ethernet and USB ports.

And thats the big clue .. I "look after" a small network ( 8 ) of win XP machines that run some very specialised custom written (not by me!) software that would cost a fortune to rewrite. There is no internet connectivity, the floppy/optical drives have all been removed, the USB ports are not connected. In the company safe are two hard drives. The "master", which is never installed, and a single "spare". On the very rare occasions when things go wrong, swap the hard drive and away we go. I then make another image from the master on a new "spare" and life continues. Not cutting edge .. but simple, secure and effective.

Lastly, written into employment contracts and emphasised repeatedly, any employee found even trying to connect any external software or hardware to the system is summarily dismissed.

[TheBoy]

MS are actually one of the good guys when it comes to security support, both in cost and in lifecycle length.

All software has faults, but there is loads we as users can do to negate this, particularly around limiting our rights on a PC - but everyone's ego does not match their actual ability, so they run everything as an administrator, and tone down UAC. Then complain when their retarded actions cause their machine to be compromised.


As to XP, its fine. Just don't allow it onto open networks, and definitely not near the internet

[Rods2]

I develop software for some kit that still runs Windows 2000. 

The fact is that some things (normally very expensive things) have a longer life cycle than the operating system they use to interact with the user. Successive Windows versions seem designed to deliberately break things that worked in previous versions, so upgrading is not usually an option.

None of this is a problem, except that there is a fascination with connecting everything to the internet these days.

If you have something that needs to run an unsupported cheap, nasty consumer OS, for god's sake, take a tube of epoxy to the ethernet and USB ports.

The problem is that much of the medical equipment needs to be connected to a network to be of any practical use as the data it is collecting needs to be shared, saved in patients notes etc.

[Entwood]

I develop software for some kit that still runs Windows 2000. 

The fact is that some things (normally very expensive things) have a longer life cycle than the operating system they use to interact with the user. Successive Windows versions seem designed to deliberately break things that worked in previous versions, so upgrading is not usually an option.

None of this is a problem, except that there is a fascination with connecting everything to the internet these days.

If you have something that needs to run an unsupported cheap, nasty consumer OS, for god's sake, take a tube of epoxy to the ethernet and USB ports.

The problem is that much of the medical equipment needs to be connected to a network to be of any practical use as the data it is collecting needs to be shared, saved in patients notes etc.

But that network does NOT need internet access, it just needs access to its own network ... do the employees REALLY need to use google, BBC, personal email servers etc etc etc whilst "supposed" to be working ??

[Rods2]

So it seems this is yet another example of the USA security services trying to take advantage of a "weapon" that they can use but ends up being turned against us all.  If the NSA had not intervened then Microsoft would have been able to take far more effective action to stop this attack, and probably those to come:

http://www.bbc.co.uk/news/technology-39905509

 

I say bring in the young army of IT experts; those aged between 5 and 25, who will fight these attacks very quickly!

Microsoft issued a patch that prevented this attack working over 2 months ago. All the machines affected have simply not been updated regularly. Microsoft told the world years back they were no longer supporting Win XP .. yet numerous, nay, thousands, of computers still run it ... so whose fault is it really ?? 

If you don't update it is your fault, not the company providing the updates. Anyone with half an interest in IT will tell you that the hackers are one step ahead of the latest systems ... and about 200 miles ahead of outdated software like XP .....

So, if the NHS network managers had done their job PROPERLY .......   

EDIT ...  Interesting reading . 

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/?utm_source=t.co&utm_medium=referral

As one of the globe's richest companies with over $100bn in the bank, they could afford to maintain these older embedded systems but to keep the money profit-making engine turned up to 11 and shareholders happy, they must continue to create new income streams by making new incompatible systems and make old systems obsolete to force you to update, so the cash keeps rolling in.

The good news is that Microsoft is steadily losing ground to Linux with the smartphone/tablet market already lost and the majority of web servers using Linux. The desktop/laptop market is shrinking and I suspect that this trend will continue.

[Rods2]

I develop software for some kit that still runs Windows 2000. 

The fact is that some things (normally very expensive things) have a longer life cycle than the operating system they use to interact with the user. Successive Windows versions seem designed to deliberately break things that worked in previous versions, so upgrading is not usually an option.

None of this is a problem, except that there is a fascination with connecting everything to the internet these days.

If you have something that needs to run an unsupported cheap, nasty consumer OS, for god's sake, take a tube of epoxy to the ethernet and USB ports.

The problem is that much of the medical equipment needs to be connected to a network to be of any practical use as the data it is collecting needs to be shared, saved in patients notes etc.

But that network does NOT need internet access, it just needs access to its own network ... do the employees REALLY need to use google, BBC, personal email servers etc etc etc whilst "supposed" to be working ??

Yes, as information needs to be shared over multiple networks. During treatments where I have a rare eye condition the doctors have resorted, twice in my presence to an Internet expert database to find out more and also for emailing a London hospital for a second opinion. Where I had some US research papers on the condition the neurologist I was seeing over an MRI scan, the detailed images which were online, looked up the papers I had found and bookmarked them for his own background reading. This is the real world where the Internet is a vast database of expert knowledge (as well as much populist trash) and a wide area communication system.

[Kevin Wood]

But that network does NOT need internet access, it just needs access to its own network ... do the employees REALLY need to use google, BBC, personal email servers etc etc etc whilst "supposed" to be working ??

Exactly. 

As soon as you put Windows on something, users will assume it's for social networking, watching YouTube videos, etc. not, in this case, making ill people better. The answer is that windows was not an appropriate choice for a device with a long life cycle, but it was the cheap one at the time and plenty fell into that hole.

The choices are there, really. Use something with a smaller attack surface than windows, lock down what users can do to the bare minimum needed to get their jobs done and ignore their moaning, or invest in porting everything to the latest, fully supported Windows. Even then, though you're in trouble if your users are stupid.