* Posts by Ken Hagan

5675 posts • joined 14 Jun 2007

‪WannaCry‬pt ransomware note likely written by Google Translate-using Chinese speakers

Ken Hagan
Gold badge

A rookie error

When composing a ransom note, always translate from your native language to English first and only then crank out translations from that English into every other language including your own.

1
0

Sysadmin finds insecure printer, remotely prints 'Fix Me!' notice

Ken Hagan
Gold badge

Re: Hacking for fun and profit...

" The security that is there, they complain about because it's "inconvenient". "

That's the problem. We've produced a generation who think that "it just works" is the highest praise that can be bestowed on software and they've never considered the downside. Downside number one is that when it stops working, there are no knobs to tweak or user-serviceable parts inside, you just have to buy a new one. (Because if *that* doesn't work, you can take it back to the shop!) Downside number two are the security issues described here.

Perhaps we need some more sound-bites:

"If it just works, then one day it just won't."

"If you didn't have to unlock it, no-one else has to either.".

These could be siblings for "If you didn't pay, you are the product, not the customer.".

3
0
Ken Hagan
Gold badge

Re: University printers

"every PC - and yes, the printers - in the department had real-world public IP addresses"

Just because the address is routable doesn't mean it is routed. I imagine that anyone outside that university's network would have some difficulty in sending so much as a ping packet to a host inside it.

0
0
Ken Hagan
Gold badge

Re: "the printer was no longer visible"

Please do go on.

Although you've hinted at it, the same information may also be available in respect of the friends and relatives of the child and since these are electronic documents you can add pictures (or possibly even sound or video) or links to social media to the list of source data.

0
0
Ken Hagan
Gold badge

Re: "the printer was no longer visible"

@Aladdin: Er, so you've explained how the school-children aren't the product, they're merely being groomed to become the product later. Mmm... I feel much more comfortable with the arrangement now.

3
0

Your job might be automated within 120 years, AI experts reckon

Ken Hagan
Gold badge

Re: "asked 352 machine learning researchers to predict how AI will progress."

Well if those AI experts are using their own brains as a benchmark, they might be right.

Meanwhile in the real world, we have no non-circular or objective definition (let alone measure) of intelligence and no reason to suppose that a sufficiently intelligent robot wouldn't have the same hopes, fears, aspirations and loyalties as its meaty friends. Moreover, medicial science proceeds along its own path and in another century's time we might all be enjoying healthy 200-year lives as part-cyborgs ourselves.

When the singularity comes, will anyone notice?

9
0

Windows is now built on Git, but Microsoft has found some bottlenecks

Ken Hagan
Gold badge

Re: What will Gnome do now...

Since Microsoft are open-sourcing all this, it won't be long before someone ports this new filesystem to Linux. Then, since the trend seems to be to always prefer to run filesystems in user-space, someone will create a gfvs-gvfs package.

2
0
Ken Hagan
Gold badge

Re: GVFS sounds super dumb

I can think of several possible points:

1) If your git repository is 300GB (perhaps because you have several decades of spaghetti dependencies in there) then you don't want to pull it all in at once. The usual DVCS approach of "grab the repo and party on dude" doesn't scale. (Yes I've heard of re-factoring and technical debt. Apparently, despite re-writing Windows from the ground up with every major release, MS haven't.)

2) If your toolchain doesn't support git, you need to make it look more like a normal part of the file system, because everyone supports "normal files". So MS have written a filesystem driver that does that. (According to the blog, they intend to ditch this approach in the longer term, in favour of building git support into NTFS. What ... the ... fsck! Can you spell "retrograde"?)

3) Having done 1 and 2, your next problem is that you don't have all the files locally and still need wire access to the originals, so some kind of proxy might be nice.

I can see that purists might reckon that all this is solving the wrong problem, but if the Right solution is quickly re-factor 300GB of source code then I can also see that MS might be forgiven for pursuing this approach. When you are up to your nose in shit, opening your mouth to call for help isn't necessarily the thing you do first.

26
5

Mouse sperm kept frozen in SPAAAAACE yields healthy pups

Ken Hagan
Gold badge

Re: A bit gimmicky?

If I might add two further points...

Embryos are fully immersed in liquid and bouyancy means that the net effect of gravitation on the developing embryo is zero even for an elephant on Earth.

The likely importance of radiation on a developing embryo is so large that even if the mice had emerged hideously deformed, we'd assume that it was the radiation rather than the micro-gravity. We're therefore in the situation where we learn nothing about the effects of micro-gravity regardless of the result of the experiment.

0
0
Ken Hagan
Gold badge

Re: A bit gimmicky?

The opening half-dozen paragraphs of the article state quite clearly that the purpose of the study was not these second or third order effects, but rather the irradiation that I mentioned. Even if it hadn't been, how would you test a mouse for a mild impairment to some as-yet-unidentified aspect of its general health? It's not like you can give them a questionnaire when they grow up.

It is universally accepted (and fairly easy to argue with a back-of-the-envelope calculation) that gravity just isn't very important for small creatures and is vanishingly unimportant on the scale of a developing embryo. Whilst it is nice to check universally accepted wisdom from time to time, it seems rather poor value for money to test this one in this particular way. I genuinely hope that this work has either been grossly mis-reported (which is quite common and not necessarily the fault of the last reporter in the chain) or was not funded from the public purse.

0
0
Ken Hagan
Gold badge

A bit gimmicky?

Can't help feeling it would have been easier to irradiate the sperm down here on Earth.

0
3

Google wants to track your phone and credit card through meatspace

Ken Hagan
Gold badge

Won't prove a damn thing

Since the data is anonymised, no third party can check Google's analysis without "taking Google's word for it" on a whole range of questions around the data collection and accuracy. If you are prepared to take Google's word for it on this or any other issue, this data won't make you any more likely to trust them. Therefore, the exercise is useless for the stated purpose.

So, Google, what's the real purpose?

2
0

Redmond puts wall around Windows 10 for Chinese government edition

Ken Hagan
Gold badge

Those features sound like things that the Chinese government might like its general population to benefit from, too. I wonder how long it will be before this becomes the plain "China Edition".

1
0

Netgear 'fixes' router by adding phone-home features that record your IP and MAC address

Ken Hagan
Gold badge

Re: Similar technical data

@FuzzyWuzzys: That sort of hopeless guesswork is probably why I get geo-IP-ed to Bracknell. Perhaps you live in a country where there are such things as "local ISPs". I can't think of any in the UK.

But the real problem with your algorithm is that is uses existing geo-IP knowledge to locate the router, which makes the information that Netgear have collected utterly worthless to people who do geo-IP, which is what was being suggested.

0
0
Ken Hagan
Gold badge

"You forgot BT and Vodafone."

No. The OP said "updating".

2
0
Ken Hagan
Gold badge

Re: Similar technical data

"flogging all the MAC addresses [...] to all the geo-IP companies they can find."

Not much use unless you know the location of the router. Netgear don't. The ISP (probably) does. Likewise, the location of connected devices is only useful if you know that they stay connected at that location, and mostly these days they don't.

0
1

No nudity please, we're killing ourselves: Advice to Facebook mods leaks

Ken Hagan
Gold badge

Well what other rules are there? Not legal ones, that's for sure...

"*All material cited is in English. Moderation guidelines for other countries will be required to follow local laws."

How fortunate for FB that all English-speaking countries have the same local laws.

15
1

Wannacry: Everything you still need to know because there were so many unanswered Qs

Ken Hagan
Gold badge

Re: SMB shares

Perhaps those large organisations allow VPN access. Then you could have non-internet-facing SMB shares exposed to a box that might (for some other reason) have been internet-facing at some point in the recent past. For example, a GP's surgery might have an old Win2k8R2 server that has been mis-configured and no-one is really paying attention, but it probably does have access to the interior of the NHS network.

0
0

Do we need Windows patch legislation?

Ken Hagan
Gold badge

"By that only 4 years support argument why buy Windows 10?"

Well, yes. Why? It's not a foregone conclusion.

On the other hand, if MS stick to their stated aim of Win10 being the last Windows you will ever buy, they've adopted essentially the same model as Linux:- No given release is supported for more than a few years, but an upgrade to the latest release is free and usually runs all your stuff.

(Possibly this is why Win10 is now so annoying. MS aren't making any money out of it so they might as well use it as a public beta for all their crazy ideas. The distinction between "current branch for consumers", which makes no money and gets all the shitty experiments, and "current branch for business", which makes money and perhaps skips the experiments that didn't work, would suggest that this is exactly how MS now feel about their former cash cow.)

1
0
Ken Hagan
Gold badge

If your x-ray machine's certification depends on certain machines being present or absent elsewhere on a network then I have to question whether the certification is sane, but even so, you just provide the network environment required by the certification and then place my device outside of that.

There is simply no way that a need to transfer data from A to (eventually) B requires that A be placed on the same network as B.

3
0
Ken Hagan
Gold badge

Re: Motor car recall

Fine as long as you realise that the entity analogous to the motor vehicle manufacturer in these cases is the company that makes the medical equipment, of which a Windows OS is merely a component part.

It is the job of an engineer to create a more reliable whole out of less reliable parts. Otherwise every chain would only be as good as its weakest link.

0
1
Ken Hagan
Gold badge

Re: Would we excuse the manufacturer and allow unsafe vehicles on the road?

"If you were a government spying agency and found a back door to take control of other peoples' computers, would you let on?"

I'd have to ask whether this was the sort of vulnerability that my rival agencies might also be able to find. (Hint: much of the Windows source code has actually been made available to foreign governments at various points in history, so the answer is a bif, fact YES.) I'd also have to ask if my fellow countrymen might therefore be at risk from the activities of that rival agency.

Given that the West has, historically, made far more use of computers in their economy than the East, I'd say that the NSA *ought* to have been erring on the side of disclosure (to MS) for most of the last 30 years.

3
0
Ken Hagan
Gold badge

"the x-ray machine needs to send its output to a server"

So it sends it to a cheap linux box containing two network ports. One port goes to the x-ray machine and the other goes to the wider network. Run a script on the linux box to move files onward as required. As far as the x-ray machine is concerned, nothing has changed. As far as malware on the wider network is concerned, it now has to break into a linux box before it can even see that there is an x-ray machine on the other side.

Yes it is slightly more complicated, but once you've worked out the details you can semi-isolate lots of similarly challenged pieces of kit. (Perhaps the chaps at http://www.nhsbuntu.org could help you set it up.) Yes, it isn't perfect isolation, but it is a perfectly valid component in a layered defence. Yes, it is a pain in the butt, but if it were my job to protect the IT of an entire hospital and I had the constraint of accomodating an XP-driven device, I'd reckon that something like this was what I was being paid for.

7
2
Ken Hagan
Gold badge

@big_D: I have, for many years, maintained a small collection of VM images with different versions of Windows. Whenever I work on them, I snapshot them first and revert afterwards, so as far as each VM is concerned, the only thing I have ever done to it is wake it up once a month, let it update and then put it back to bed.

Several machines (two Vistas and two Win7s) have actually just updated themselves into oblivion under this "cruel regime". That is, they reached a state where they blue-screened at startup and this was repeatable if I reverted to the previous image and let them try eating that month's updates a second time.

Of the survivors, the XP machines were taking several hours each month by the end (2014-ish) and the Win7 boxes that remain are taking quite a while each month now as well.

1
1
Ken Hagan
Gold badge

Re: All products have a support life

Good analogy, but it doesn't lead to your desired conclusion.

Cars are built from components. If the company that makes the brake sub-assembly finds the fault and notifies the car manufacturer, it is up to the car manufacturer to issue the recall because it is the car as a whole that has to meet consumer trading standards.

Likewise, the MRI scanner vendor can say "Don't attach my scanner to the internet" and then any vulnerability in the component (XP) is not relevant to whether the whole (scanner) is deemed to be working correctly.

3
0

Yo, patch that because scum still wanna exploit WannaCrypt-linked vuln

Ken Hagan
Gold badge

It's worth following the link in the article

Rapid7 have some nice graphs showing what and where. It seems that Server 2008 R2 (with only service pack 1) accounts for about half of all directly connected Windows boxes.

That perhaps isn't surprising, until you realise that these are the subset of Windows boxes that have a completely clueless owner port 445 open.

2
1

US judges say you can Google Google, but you can't google Google

Ken Hagan
Gold badge

That big G...

We don't have proper verbs in English, so you can't "Google" anything without offending a grammar nazi. If Google want to protect their name, they should insist that people google with a trademark annotation.

3
0

WannaCrypt 'may be the work of North Korea' theory floated

Ken Hagan
Gold badge
Thumb Up

Re: Excuseotron

Up-voted for the splendid hashtag.

1
0
Ken Hagan
Gold badge

Re: Dear Leader

I think "Dear Leader" is now "Dead Leader". The current incumbent goes by the moniker "Fatty Kim", at least on Chinese social media.

0
0
Ken Hagan
Gold badge

Re: Naive Question

"The bigger issue for things like medical equipment is probably the drivers."

Possibly. I don't recall seeing a "Medical" device type in Device Manager. There may be some medical devices that ship with a bespoke "interface card", particularly the really old ones that were built for DOS, but I would hope that the majority of devices written in the last couple of decades communicate with more sane options like RS232 (now carried over USB and supported by every OS on the planet) or an ethernet cable (similarly universal).

It might take time to validate any new configuration, so that you can tick the box labelled "Doesn't kill the patient", but I doubt whether device support is the blocking issue for that XP->whatever roll-out.

0
2
Ken Hagan
Gold badge

I agree. If your reduced to using the timezone as "evidence" then you scraped your way through the bottom of the barrel a long time ago. A more plausible conspiracy theory is that the NSA have just noticed that most of the world's XP systems are in countries they don't like and later systems can be protected if MS can be persuaded to put out a patch two months before the attack. (If you want a soundbite, they've weaponised Microsoft's update policy.)

But a vastly more plausible theory still is that some normal crook decided to strap a ransomware payload on the back of a new exploit they found on the interwebs. There are *far* more crooks than there are nation states, so the odds are *always* in favour of the mundane explanation.

11
0

Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant

Ken Hagan
Gold badge

Re: Inevitable

"Because the likes of the FSB & PLA must be too stupid to have also discovered these types of vulnerabilities."

If they knew about them, they didn't do a very good job of protecting their own gear from them.

1
0

For now, GNU GPL is an enforceable contract, says US federal judge

Ken Hagan
Gold badge

"That since it did not sign anything when it downloaded Artifex's software there is no contract to be enforced."

That's a very odd argument. Do you think it would work if I downloaded Windows and then tried to argue that I hadn't signed anything?

35
1

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

Ken Hagan
Gold badge

Re: Kill switch

More likely, it didn't occur to them that any of these "tools" had kill-switches. Presumably now that will occur to them and they'll flick the switches for all the other exploits they've lost. It would be gross negligence not to, since part of their mission is to protect US IT systems.

3
0
Ken Hagan
Gold badge

Re: Rogue One ...

I doubt it. Since this has become a long comment thread, let me re-iterate a point that someone else made further up. If you are the NSA and intending to use this against a particular target, you want a kill switch that you can register once you've hit that target, to stop your weapon becoming any more public than it needs to.

Also, to answer another query from further up ("why include a kill-switch when you can't register it without disclosing your identity"), if you are the NSA and you register a garbage domain name, no-one is going to know why or try to arrest you even if they do.

It is a little odd that someone adapting this software to a very different purpose, requiring as large a target as possible, chose to leave the kill-switch in (and in the clear). Perhaps they didn't understand the code they were using.

8
0
Ken Hagan
Gold badge

Re: Hunt to blame for NHS attack

"MS does still support, if you pay..."

Not sure about that. The original offer was $200 for the first year and $400 for the second and $800 for the third, per seat. That third year ended a few weeks ago. I've not seen any mention of a fourth year, at any price, to anyone.

Refs:

(2017) https://www.theregister.co.uk/2017/03/17/microsoft_to_kill_windows_vista_april_11/

(2014) https://www.theregister.co.uk/2014/01/14/win_xp_uk_gov_hacker_deadline_miss

4
0
Ken Hagan
Gold badge

Re: Amazing you can leave the SMB port open

"Also, one questions why file sharing is necessary in these days of web and other fat client based apps."

File sharing is a client-server app. The end-user-facing client is a file browser rather than a web browser. Some programs (particularly older ones) are designed to speak http, others are designed to speak to the "local" file system. Re-writing all those programs to fetch their data over http would merely expose them to a different set of holes.

5
0
Ken Hagan
Gold badge

Re: And we'd sure appreciate it if you could stop clicking on attachments

"stage one of Really Good Security: you have left your ego at the door."

Stage two is to persuade all of your user base to leave their egos at the door, too. In an organisation as large as the NHS, stuffed (er, staffed) with doctors and surgeons for whom self-confidence may actually be a job requirement (who here feels brave enough to knock a person out to within a gnat's breath of death, then stick a knife into them and cut out some of what you find?), I fear that stage two may actually be impossible.

4
0
Ken Hagan
Gold badge

Re: You are missing the point

"They now are not going to get any money."

Too right. It would be fair to assume that most of the world's major intelligence agencies (particularly the Russian one, which isn't noted for its light touch against Enemies of the State) are now waiting for someone to try to pick up the cash. If there's anyone with balls big enough to march in and claim it, we'd probably be able to feel their gravitational field.

8
0

Well this is awkward. As Microsoft was bragging about Office at Build, Office 365 went down

Ken Hagan
Gold badge

Re: Numpties.

"Ohhh, so, Microsoft is paying damages to all affected, then ?"

Have a "Whooosh!" on me. You can share it with the other down-voters.

2
1
Ken Hagan
Gold badge

Re: I'm in Texas

Perhaps they felt that providing a map, with state boundaries and fuzziness in affected areas, made it unnecessary to expend the proverbial thousand words on a more detailed list. (Just as you didn't explicitly say that you were an O365 user.)

12
0
Ken Hagan
Gold badge

Re: Numpties.

"Remind me again why I should trust a company with centralized control of my data"

You should trust them because the penalty clauses in the contract make it really bad for them if you suffer any kind of outage and so they'll make every conceivable effort to deliver. Just like any other kind of service or product that you buy in from outside, in other words. Businesses have been doing this for years and I really don't see what the fuss is about.

Obviously it would be bonkers if you didn't have any such clauses in the contract ...

1
9

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

Ken Hagan
Gold badge

It proves a point that many people here have been making since XP went out of support. *Every* patch from MS that fixes holes in a later version of Windows reveals a weakness that might exist in XP. MS have therefore been publishing exploits against XP for several years now. I believe the NHS's special deal to continue to receive patches expired quite recently. This is an entirely predictable result of NHS management's failure to have any kind of plan for moving off XP.

9
0

Microsoft's Windows 10 ARM-twist comes closer with first demonstration

Ken Hagan
Gold badge

Re: Isn't Google unifying Android and ChromeOS as well?

"The temptation of a single line is strong, because it means to save on development costs."

You (as well as Google and all the rest) should distinguish between unifying at the API level and unifying the end-user shell or skin.

The former is probably essential if you want to attract developers to a "new" platform. Simply trying it out needs to be no more than a compiler switch. If they see potential in the results, they will be willing to tweak their code for the "extreme device metrics".

The latter is utterly counter-productive, precisely because of the extreme device metrics just alluded to.

9
0
Ken Hagan
Gold badge

"Instead of the 7-Zip installer, how about a full PC benchmark suite?"

Prediction: Not only will MS not do that, they will write words in the EULA which try to stop anyone else doing that and publishing the results, like they did with .NET. (I don't know if that language is still there, but the first few versions were certainly "If you benchmark the software then you will get MS's permission before publishing the results." type of thing.)

I assume that such clauses are unenforceable, but IANAL, as they say.

7
3

Cloudflare goes berserk on next-gen patent troll, vows to utterly destroy it using prior-art bounties

Ken Hagan
Gold badge

Re: bow and arrow - good!

The architecture described in the article is an HTTP proxy. Clients connect to the proxy which accesses the actual website behind the scenes and then the proxy delivers possibly modified content back to the client. The client never accesses the actual website. That's the whole point of the proxy.

So would there be any prior art for HTTP proxies around the 2002 timeframe. Well ... I suppose there's always the RFC that describes how HTTP has been carefully designed to make them possible. Would that count?

That's a serious question, by the way. In the sane world where you can't just grab an existing public standard and announce that you own it, of course it counts. In a US court hearing an IP case? Hmm ... much less clear cut. We shall see.

10
0

Microsoft touts next Windows 10 Creators Update: It's set for a Fall

Ken Hagan
Gold badge

Cycles of re-invention

This Microsoft Graph rubbish sounds like it is intended to create an experience where it doesn't matter which device you used to create something, or which device you are now using to access it, and perhaps both at once. In such a brave new world, one might say "The network is the computer.".

As I recall, *that* failed partly because people didn't much like having all their stuff on someone else's server and partly because the wire between you and that server was a piece of wet string compared to the various high-speed busses in a PC. Neither of those objections seems to have gone away.

9
1

Oh, great: There's a new Same Origin Policy exploit for Edge

Ken Hagan
Gold badge

This, and the other thousand exploits against JavaScript's security model that have dribbled out at a steady rate over the last 20 years, is why "HTML5 apps" are a bad idea.

Theoretically, there's no intrinsic problem that anyone can point to. In practice, when the world has spent 20 years trying to plug the holes and is still failing several times per month, there comes a moment when rational players ought to conclude that there perhaps is an intrinsic problem and it is simply that we don't know what it is.

8
12

It's 2017 and Windows PCs are being owned by EPS files, webpages

Ken Hagan
Gold badge

Re: Why does Microsoft still try and integrate applications into core OS

There is no such integration. All the apps you mention are user-space and no more privileged than anything you can buy from third parties (like me). Even Explorer only has the property you mention because it is the user shell. (I'm not sure where you get the idea about IE. It's totally separate. Not that anyone would ever want to run it as a full Administrator, of course.)

Tip: If you *do* want an administrative copy of Explorer, fire up something harmless (like NOTEPAD) with full privileges and use the File Open dialog.

5
3
Ken Hagan
Gold badge

Modern software philosophy

I'd dispute "modern" and "philosophy". I have been watching people complain on the internet about the low quality of "modern" software for the last 25 years. It both puzzles and amuses me.

It has always been the case that software written for cash has taken the business-like approach of asking "how much will this bug cost to find (let alone fix) and how much will it cost to leave it in". You test until finding new bugs becomes unacceptably costly and you hope that the bugs left in will be relatively low impact as a result.

All commercial anything has used this approach since forever. It's basic economics. Happily, we can use equally basic economics to conclude that if you negotiate penalty clauses for bugs, you can increase the incentive to find and fix them before release. Since most shrink-wrap EULAs go out of their way to say "this software is not fit for anything" I think you can probably guess where the bar lies by default!

10
0

Forums

Biting the hand that feeds IT © 1998–2017