Better than even
"We will update this article if and when we receive a response."
My money's on "if".
Cockrell Hill, Texas has a population of just over 4,000 souls and a police force that managed to lose eight years of evidence when a departmental server was compromised by ransomware. In a public statement, the department said the malware had been introduced to the department's systems through email. Specifically, it arrived …
The new wave of software waits until the backups have run before launching - so all the backups are encrypted.
The way around this is a little counter-intuitive, slow backups over a metered connection so that when you see the connection get pegged because everything is being backed up, you can start looking at the problem and shut the door to preserve the backups of the backups.
"All" the backups depends a bit on the depth of your backup scheme, too -- expiring all the non-encrypted backups takes months to years in many situations. (And yes, depending on how fast it works the abnormally large incrementals might be a warning sign.) Of course, you still lose everything between the last non-encrypted backup and the date of discovery.
It was a US police station. You really think there's a chance that they're running Linux ? Because if they were, the story would be a lot bigger since there would be a vulnerability exposed in Linux.
No, this is a bog-standard Windows environment, likely running with Outlook email. If they're lucky, they've got funds for an Exchange server.
Which means they're about as secure as a whore who never uses condoms, and the consequence is inevitable.
In passing, maybe it might have been worth 4 fucking Bitcoins to ensure that a single accused person (not to mention the dozens that might be implicated) could have his innocence proven ?
Oh, sorry. This is the US of NSA - an arrest means YOU'RE FUCKING GUILTY, YOU PIECE OF TRASH.
A friend recently took a two week trip to the USA to visit his children. After the visit he bought a train ticket for an early morning departure. He asked if he could stay overnight in the station and was told it was OK. At some point the police arrived and told him to leave, they did not accept that he had a valid ticket. Then they handcuffed him and stamped on the cuffs which hospitalised him due to hand injuries.
Torture, civil forfeiture and legalised spying. I will not be visiting the USA!
Please tell that to all those migrants trying to cross our southern border without going thru customs. I don't think they realize how bad it is in Gringo Land. You could do Trump and the rest of us citizens a signal service by making that wall (and whatever other draconian immigration policies Trump has in mind) unnecessary!
It's crazy that so many poor migrants should suffer so in the journey. And now in addition, who knows what other horrors, courtesy of Cheeto Jesus?
YOU (yes...you!) could stop all this suffering, just by explaining to them what a hell hole it is they are trying so hard to enter! If you can somehow take on and are successful in this humanitarian quest, you would be a hero to millions and then people would really listen to you (finally!). It would put you in the perfect position to properly and publicly excoriate President Trump for the monster he is! Ha ha!!
Easy does not make good backups though. For mission critical serves real tested and network isoated backups are a must.
Microsoft Office may have been the entry point and it could have been macros which did the deed. Hope this does not cause people to be unfairly jailed for lack of exculpatory evidence.
"Hope this does not cause people to be unfairly jailed for lack of exculpatory evidence." - from US incarceration rate it's more likely that large number may be spared jail time or - for Texas in particular - death row.
However, since we don't live in VR (yet) the impact may be just inconvenience to court clerks.
All too often in the US legal system, a police officer's sworn testimony is given more weight than that of any other person. While everyone is supposed to be equal under the law, if its your word against a police officer's, with no evidence either way, a judge will side with the officer every time. Sometimes it will take multiple supporting witnesses to overcome the bias. The officer *supposedly* has no vested interest in the outcome of a trial, while the defendant does, by definition. So the officer would not have a reason to lie, necessarily. However, should a conviction fail, I think its safe to think the officer's next promotion might be a little slower coming, to there's a hidden interest in having successful convictions following the officer's arrests.
So yes...the playing field in a court of law always tilts in favor of whatever the police officer's report and/or sworn testimony says, and the opposing side has a battle to prove it wrong or mistaken.
Sad but true and it's just as bad if not worse with a jury trial. We, as a people, have become indoctrinated by TV cop shows over the years where the cops are honest and fair minded and the bad guys are always guilty. The one exception to this was the old Perry Mason.
An unfortunate truth, that. On rare occasion, you will see an officer remove the handcuffs and let the person go (seen that happen a few times on shows like COPS. Supposedly the person is merely being "detained"...but it says a lot about the relations between police and the public that they think putting someone in cuffs is "for everyone's protection". Sorry, officer, you don't need protection from me - I'm not going to prison for 10 years for assault and battery of a police officer - or anybody else for that matter. That you feel you do doesn't speak very well to your attitude toward the general public, though.
It is the same over here. A policeman can perjure himself and still the judges will not throw the book at him for lying. How do I know? I witnessed it first hand. Police are above the law and in most cases can do and say whatever they like with impunity. They are treated differently.
This story doesn't make any sense. If it's evidence then it'll be on something write-once, read-only. A DVD or some such. Otherwise you can't guarantee anything about the unbroken chain.
For anything that's gone to court, or going to court, then the defence and court will have copies.
All they can possibly have lost is recent, ongoing, investigations and then only if they don't have the original. I can believe that for car footage or Police station CCTV but not anything supplied by a third party.
I completely agree. It's a very low quality legal system if evidence isn't kept in a manner where a person's hand written signature is required every time it is examined. Hence the old fashioned idea of a tamper proof evidence bag.
"Kept on a server" doesn't count.
Here is the UK evidence bags are used. And the police are slightly keen to do that part of their job properly as judges and juries are generally cynical and disbelieving. A policeman saying in court "I saw him do it on a video" who is unable to produce said video is unlikely to be believed, especially if they had no log book entries to back that up (as would be likely - who would write down a running commentary whilst watching a video? They'd be expecting to be able to watch it again...). There is also a likelihood that the judge would never allow such testimony in the first place as it is impossible for the jury to assess the quality of the testimony.
"a cloned email address imitating a department issued email address"
IOW, a From: line can say whatever the sender wants it to say. It's all that the recipient sees because they're not really going to dig down into the rest of the headers and a requirement for verification isn't built into our email protocols.
We don't need to have to train users. We don't need to have email clients pop-up warnings. We don't need to have to run anti-virus on attachments or prevent them being opened. We need to bounce the mail at the recipient's service provider so that the recipient never sees any mail that doesn't come from where it claims to come from.
This may, of course, close off the route whereby some bank or other business has a
commercial spammer digital marketing business send you marketing emails pretending to come from themselves. Oh, what a crying shame!
Here is the UK quite a lot of ISPs won't let you send email using their severs that doesn't have your correct address in the 'from' field.
At least that stops some of the flow of malicious email out of infected PCs, etc. If every email server on the planet did the same thing, we'd be better off.
"Here is the UK quite a lot of ISPs won't let you send email using their severs that doesn't have your correct address in the 'from' field."
If you don't use their servers that has little effect. It would stop a simple spambot from using their servers which might get them blacklisted and I suspect that's the limit of their worries.
It would only be an effective means of stopping forged headers if they also prevent you from using some other provider's server. Having had my own domain through several changes of ISP the latter case hasn't been a restriction and the fact that so many spams do have lying From: lines makes it quite clear that it's not a restriction in general.
I've made this suggestion to the Hotmail Support Staff numerous times, or at least just the option to be able to block emails based on what is written in the from field (not necessarily where it actually came from). For some reason, I've never received a response. It seems like ti would be dead easy to implement server side, would save them a tonne of storage cost and bandwidth but they dont seem to have any desire to do this. It boggles belief sometimes...
"People opening mails from paypall.com or paypal.be (im assuming paypal dont own all tlds)"
They own paypall.com and paypal.be is "not available" so I guess they've got a lock on that. In general someone in Paypal's position will be pretty thorough at getting likely faked names under control. If they miss one and assuming verification were de rigeur then anyone wanting to use one would have to register it themselves and leave some sort of trail for fraud investigators. At present it's not a problem for spammers to simply put in paypal.com as I'm sure we've all seen multiple times.
It;s not just paypal.x domains that could be the issue though
But spammers do not need paypal.com -paypa1.com could look legit with many fonts (as plenty where 1 looks like l) - and a whole host of unicode charset options to have fun on domain names.
Actually there is a way to validate the From header. If you try to spoof an email from a @paypal.com address to a gmail user it will not only put it in spam, but if you open it there will be a notice on the top telling you it is not the real paypal.com.
This is not some special agreement between gmail and paypal but is based entirely on open industry standards - I have implemented the same anti-spoof protection for some of my own domains. SPF validates the envelope address (allowing a server to "take responsibility" if it wants), but DMARC validates the From address (meaning it validates the claim about who sent it).
The only case where you can't validate an email sender is if users are allowed to use unrelated third party SMTP servers (so some public email providers can't require it), which I certainly hope does not apply to an official police email address.
"This is not some special agreement between gmail and paypal but is based entirely on open industry standards"
As things stand this is entirely optional as you make clear: "I have implemented the same anti-spoof protection for some of my own domains".
Until this is universally required the situation remains, you can still be pwned by a forged email header.
Biting the hand that feeds IT © 1998–2019