Fail! Fail! Fail! Fail! Fail! Fail!Fail! Fail! Fail! Fail! Fail! Fail! Fail! Fail! Fail!Fail! Fail! Fail!
IBM has apologised after supplying a malware-infected USB stick to delegates of this week's IBM AusCERT security conference. The unlovely gift was supplied to an unknown number of delegates to the Gold Coast, Queensland conference who visited IBM's booth. Big Blue does not identify the strain of malware involved in the attack …
So they can provide direction on exactly how many (typed) fails equal an EPIC FAIL.
10 fails = 1 EPIC FAIL
100 fails = 1 HMRC Data Loss Event.
1000 fails = 1 LHC 'event'
10000 fails = 1 EDS Contract Award
100000 fails = 1 Sun midrange Purchase
1000000 fails = 1 Attempt by me to tabulate this text.
1. You don't need to worry, because it is "a type of virus widely detected for at least two years " (unless you run the same anti-virus software as IBM, obviously.
2. Windows autorun - A G A I N !!! ???
What the FK is this carp still doing there? Especially after all the marketing carp about secure computing?
Here buy this lock for your front door. It makes things very convient for you because it also opens the door for you. If anyone else walks anywhere near it (thieves, criminals, rapists, politicians...), it automatically opens letting them in too.........
As mentioned above, many corporations (mine included) reset your laptop's settings every time you boot up.
Yes, I have TweakUI, and I turn off focus-grabbing ("If I want to pay attention to you, I'll darned well click on you. Otherwise, leave me alone!") and auto-run, only to find them turned back on every time I reboot.
I eventually gave up, figuring if my company wants to pay me to waste my time watching windows grab focus, and introduce viruses into their infrastructure, it's their business.
.... AusCERT 2008, Telstra (arguably Australia's largest telco) did the same thing - USB keys handed out from opening - 2 hours later, embarrassing announcement over PA system requesting the return of all Telstra USB keys due to a malware infection .... and they were trying to highlight their secure services!!!!!!!
I mean that was a virus which used a flaw only apparent in a _few_ versions of one of very many operating systems. It's very unlikely, especially at a Security conference that any of the people there had the propper equipment to execute that virus on their main systems.
I've received quite a few freebie pendrives over the last few years. They're very handy, and free is hard to beat. Most are pre-printed with company logos, but I have a couple where the logos peeled off to reveal major manufacturers' names. Nice.
Hardly need to add that they always get reformatted immediately. Autorun? You're joking of course. Free software? Well we know what that's likely to be worth if it's being handed out at a trade stall,even if there's no malware.
Take the freebies (get your friends to get extras for you), reformat them immediately and run. Where's the problem?
..is the single stupidest idea MS ever implemented. Disappointingly Ubuntu does the same, and it would be trivial to exploit in terms of automatically running something to do a job in your home directory. We do however at least have the advantage that doing anything really damaging would require the user to enter their password, and if they're that bloody daft then there's nothing you can do to protect them. Still, would be nice to default to no auto run, it's be one less job to do after install.
I am curious as to why it took til Friday night, 2 days after the main conference is over to get the message out! I have seen the Sophos note confirming that there was bad stuff on the stick but I have not seen any reports of punters who caught something from a contaminated stick.
Seems to me that Release Managers of products (even of freebies) should be scanning the digital content of the package with multiple anti-malware products BEFORE release. IBM's own email that provided self-help procedures to USB recepients essentially advocated using at least 2.
Biting the hand that feeds IT © 1998–2019