"We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately."

And which fucking idiot let them put unauthorised devices on the network in the first place?

So not only are our MPs pretty much technically useless but the IT department that set their network up is a stupid as they are.

"If you have an infected mobile device or USB key, please remove it until we clean the rest of the devices on the network, at which time you can use these devices and infect the network again."

On a sort of unrelated article on the BBC (about access to the Daily Sport being blocked on the Parliamentary Network) :

"Guidance issued to all MPs in December 2007 warns MPs they have a duty to ensure the Parliamentary network is used properly "by themselves and their staff" and to avoid actions that "threaten the integrity of the system or bring it into disrepute"."

Hmmm, I guess that the whole thing is a complete fuck up and maybe they should scrap it all and start again.

Now, I am not a native English-language speaker, but even I can see that the English language of this memo... well, leaves a bit to be desired.

Also, "An additional characteristic of this virus is that for some types of files it can skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software."? Duh, I guess they are using the wrong "virus checker software", then.

At least they will save some paper by not having to print out state secrets and leave them on the train - now the hackers will be able to fetch what they want, right from the source.

Isn't technology wonderful?

There you go Mr Bush. You can now account for all those "Missing Emails".

Dear Govt.

PLEASE STOP SPENDING MY MONEY ON CRAP SOFTWARE - free is cheaper..

regards

And the reason the IT Team at parliament can't disable access USB Storage devices automatically is?.

Paris, because even she can't figure out why disabling usb storage devices is not a default policy?

the penguin! This would never have happened had they been running linux. Seriously, MS Windows is just not fit for purpose in any environment.

> We are unable to clean PCs and portable computers which are either not switched on or which are not authorised devices. We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately

So they actually allow "unauthorised devices" to do anything on the network at all? FFS what bunch of clueless f***wits have our MPs chosen to run their IT?

Any unauthorised device on our network gets firewalled into uselessness upon connection, closely followed up with a visit from a PFY after we've told him we're cutting his curry budget.

If a device isn't authorised then the network port should be blocked. Authorised machines should detect if unauthorised usb devices are attached and flag it with security.

The company I work for does this and it's not tasked with running the country.

Incompetent fools.

Maybe this will prompt parliamentarians to think again about the proposed children's database, where plain reasoning so far seems to have failed.

So anyone can plug any device into the houses of commons network with no LAN access management, USB autorun is still enabled and encryption banned

So basically a 5 year old could get onto the network at the heart of our government?

You'd think that given the billions they are spending on pointless plastic cards they would splash out a few quid on basic network security in their own offices

Black helicopter as apparently it wouldn't take a Clancy-esq raid to steal their information, just an out of date security pass and any old laptop should do it

Is there a way to see if you are infected with Conficker if you don't have (current) A/V software installed? I'm in AC mode because my in-laws are the Windoze users, and they haven't updated their A/V in at least a year. I'd like to see if they are clean or not, but I don't have A/V myself because I'm an all-Linux shop.

Somewhere I remember reading that various Linux-based live CDs had been spun as A/V scanners; pointers?

well maybe nows the time to remind our MPs of the benefits of Gnu/Linux

...is the line about MP3 players. Surly not a secure storage mechanism? Shouldn't these PCs be locked down a bit more than that?

...to see that unauthorised devices are to be kept off the network temporarily, so that once the entire environment is cleaned of the worm, some monumentally clueless head-in-the-clouds expense-abuser with a god complex can plug in his/her mp3 player and start the whole process all over again.

Coat cos that's them rifling through my pockets for more cash to put in their trough.

Given the cosy relationship between Microsoft and various government figures, what else are we to expect than an amateur IT shop with a policy of running Microsoft stuff plus the seemingly obligatory value-added trinkets like anti-virus software? I suppose the prevailing view is that such trinkets are an adequate protection for the infrastructure against the Representatives of the Britards running dirty software, presumably with full administrative privileges and an unguarded route to the network.

"...Conficker pwns Parliament"

Conflicker has to get in the queue after the US gov. and MS.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Been available since Published: October 23, 2008

Anyone thinking this does not need application, or hardline enforcement is an idiot and should be fired. Anyone not knowing what it is (and holding post in IT) should be fired. Anyone witless enough to do nothing, and let this thing burn needs to be fired.

It's a windows RPC attack vector, it was from day zer0 worm-able and was ALWAYS going to be a worm, and everyone knew it.

Nothing should be on the network with out it being applied.

Anyone running the network/security not enforcing it should be fired.

Any Person/MP breaking the security rules, principles, and policies should have access removed.

Seeing as these assholes believe in taking away their citizens cars for not paying duty, they can suffer having their equipment crushed for placing the country's government network at risk, a far greater crime than Johnny sixpack not paying road tax.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250

Has been available for examination since 2008.

Tool for helping cleaning up the huge mess that should never have existed

http://www.bdtools.net/

All that being said, expecting these cretins, who are the worst government in modern history, who dream up and scheme and implement destruction of everything worthwhile, while enacting their own 1984 programme, to know what they are actually doing, to know how to manage anything, or do anything the right way is our fault. These witless idiots need to be gone, and anyone supporting them, their antics, bullshit, lies, 'ID cards' and all the rest of their crap, and the sooner these type of things are fully published to show their utter witless, pointless, enormously wasteful stupdity, the better.

===

By Anonymous Coward Posted Friday 27th March 2009 15:02 GMT

Linux

Is there a way to see if you are infected with Conficker if you don't have (current) A/V software installed? I'm in AC mode because my in-laws are the Windoze users, and they haven't updated their A/V in at least a year. I'd like to see if they are clean or not, but I don't have A/V myself because I'm an all-Linux shop.

Somewhere I remember reading that various Linux-based live CDs had been spun as A/V scanners; pointers?

===

Plenty of pointers if you google 'Linux Live CD Virus Scan'.

Personally i've used Knoppicillin (Knoppix-based live cd with several scanners available, unfortunately there's no online source to get the disc from. It's spun once in a while and delivered with a magazine subscription to C't Magazine)

And i've used Trinity Rescue Kit: http://trinityhome.org/Home/index.php?wpid=1&front_id=12

Which also features multiple scanners. Both distros are also capable of online updates.

If you don't feel like downloading yet another ISO, maybe this is useful:

http://njlinux.blogspot.com/2008/01/virus-scan-windows-using-linux-live-cd.html

This might help

http://trinityhome.org/Home/index.php?wpid=1&front_id=12

Quote:

"New features include a home brewed very powerful PC cloning tool, boot TRK from a TRK over PXE, more hardware support with kernel 2.6.26, completely rewritten winpass, another extra virusscan engine (Vexira), making a total of 5 scan engines, 2 rootkit detection utils and lots more utils and bugfixes. "

I have not tried this yet but it looks good.

Another place to look:

http://www.livecdlist.com/

It's all a big April fools joke, a message will pop up on all the computers saying Wiping Hard Drive........... and then go APRIL FOOLS!!!!! and uninstall it self. All without too much of a hitch.

Another bit of Microsoft stupidity, autorun.inf, which they are finally trying to kill off after a couple of decades of spreading viruses and malware.

Microsoft is to secure software what the Pope is to safe sex.

I worked in a government department once. All the IT staff knew what needed to be done to keep the system secure. The problem was management didn't want the hassle of telling people "No", so just told the IT crowd to shut up and do what the loosers wanted.

There have been a lot of negative or derogatory comments about PICT. Several people have pointed out the nature of the IT setup at Parliament. It sounds like PICT are working in IT support hell. Give the support guys & gals a break. Instead, direct your anger at the managers who allow the situation to arise in the first place 'cause they refused to say "No"

A/C - 'Cause I don't want to burn bridges

Better ban viruses.

Oh, and set up a database to track them all.

Every virus must have an ID card. That'll stop them!

And can we block their web site?

Or maybe we could tax them?

Push down a policy disabling autoruns on all drives for all systems. Something I've been trying to get my company to do for the last year or so. How hard is that? Bang---one vector of infection gone (unless someone is stupid enough to find the virus file on their flash drive and manually run it)

Well lets face it the solution is to ensure that MP's use Mac's.

Totally impervious to current hacks and will also mean that IT staff in parliament are out of a job!

Saves money in the long run 11

http://blogs.technet.com/mmpc/archive/2009/01/13/msrt-released-today-addressing-conficker-and-banload.aspx

Are our Parliamentary machines so poorly protected?

If they are - its unbelievable.

Problem is the prime attack vector is via RPC, and requires MS08-67 to be applied to block that.

When examined, the MS suggestion on blocking autorun was found to be fallable and another patch has had to be issued to make a policy stopping autorun work as expected.

I'll say it again, for simplicity.

MS08-67 was one of those patches, that is a zero day biggy. One that everyone reads/takes notice, starts patching. Its not a maybe. Its not a do we, don't we, its a gold plated fix and patch NOW. And that was in oct 2008. Not deploying it, was not an option. It was never an option. Seeing companies go down to downadup and conflicker is simply amazing. People need firing.

People need to be fired over this, just as people have always needed to be fired for handing out admin rights on windows boxes like confetti. THE largest problem with Windows is that its treated by every tom, dick, and harry like a playground, l want it like my home computer blah blah. And everyone persist with idocy like I want admin rights, and I don't need to patch and secure. Heads need to roll, and people need to put security first over giving everyone what they want.

Any company where unpatched boxes are common, and where you get something like conflicker/downadup happening is a fire the head of IT incident, fire the Dirtector responsible for IT/security and compliance, and drag the board together and demand serious, ground up changes.

Its time that in the case of public sector networks, this kind of negligence resulted in people being fired and cases brought for negligence against the senior management responsible.

Is "slow for most of the week" the best you (or Conficker) can come up with?

FAIL

FAIL

FAIL

Doing a high-profile grafitto is the *very least* expected for any measure of acknowledgement, anything less is FAIL territory and means we can laugh at the dickhead who programmed Conficker. Good job on getting the media to spread the FUD though!!

Paris, because she's weeping at how pathetic Conficker is.

I use the Trend Micro Housecall site for situations such as that. The site d'loads a Java or <shudder>ActiveX scan engine and does a full system check