Posts by Doctor Syntax 16426 posts • joined 16 Jun 2014
"And because a ton of scripted code has been replaced by a ton of C code"
ISTR a rubric which went something like:
Never do in C that which you can do in shell.
Never do in shell that which you can do in awk.
Never do in awk that which you can do in sed.
Never do in sed that which you can do in tr.
"A timely reminder that this stuff is written by journalists, technical journalists, but journalists all the same."
That's right. Journalists who put this paragraph in the article:
The bug is technically present in Debian Stretch (aka Debian 9), Buster (aka 10) and Sid (aka Unstable), however "systemd-resolved is not enabled by default in Debian," according to the project's Salvatore Bonaccorso, so either you have nothing to worry about, apply the patch yourself, or hang tight for the next point release.
It helps to read the article as well as the comments.
In a Crown Court case the judge kept reprimanding a prosecution "expert witness" for stating opinions which were outside her perceived remit. She was trying too hard to help the prosecution.
I've had the experience of the prosecution QC (who'd called me) trying to push me further than I was prepared to go. Eventually the defence lodged an objection.
Adam is right. Although an expert is called by one side or the other their real role should be to help the court. In my day I and my immediate colleagues were Civil Servants although one or two labs, notably the Met, were run by the police although the staff were civilian. I'm very much against the privatisation that's happened. Indeed, I thought at the time that the lab should have had a supervisory board from the judiciary to emphasise the fact that we were servants of the court.
"Microsoft are now doing criminal investigations? If evidence isn't generated and validated by the plod, I'm not sure that will stand up in a court. (?)"
So i you were to witness a crime and aren't a policeman you don't think your evidence would stand up in court? Anybody can be give evidence in court to what they witness.
Someone with appropriate expertise can give expert evidence which includes what opinions they draw. They don't have to be police officers; in the UK forensic scientists aren't, nor are pathologists. I think when it comes to investigating Microsoft scams Microsoft would have provided expert advice to the police and their personnel (not the company itself) would be readily accepted as experts by the court.
"Microsoft has provided patches for Windows XP on up through Windows 10 that block ALL of the ongoing ransomware assaults."
Are you sure? From a previous Reg article:
The malware performs a scan of the network for vulnerable SMB file-sharing services so that it can spread via EternalBlue and EternalRomance. It also scans the computer's RAM to harvest login credentials – preferable any admin or domain admin creds present – so that these too can be used to spread the malware via remote command-line tools PsExec and WMIC. These latter pair appear to be the primary method of propagation.
"You have NO excuse."
If I had a £ for every post which effectively says "Works for me so if it doesn't work for you it's your fault" I'd be rich. Maybe they're more informative about the breadth of experience of the posters than of anything else.
Admins do not all have the final word in policies. Very likely there'll be some who have been forbidden from patching because "we can't afford the downtime". In my time I've had a couple of similar blocks imposed on Unix migrations (and a very bad migration platform choice imposed on me). The businesses may - arguably - have got what they deserve, the admins not necessarily so.
"the fixes are a better tax rightoff" or some such malarkey."
It's not only the fixes that cost or even the immediate losses of business during the downtime. It's the loss of confidence by customers. It's also the increased insurance premiums. In fact, if this starts causing serious losses to insurance customers businesses all over, irrespective of whether they've been hit, will start to see their insurers stipulating the precautions they're going to have to take before they get cover.
" My own list of suspects would start with recently terminated sys admins."
Or any other techy from there.
I wonder whether the private keys were being emailed in plain text to that email box. Of course with it closed down maybe victims are getting their email bounced back to them.
"Some programs are capable of re-constructing this data, though they're invariably either very, very expensive or very, very un-user friendly (requiring a good knowledge of how a disk drive physically works at a cylinder-and-sector level)."
<cough/> https://en.wikipedia.org/wiki/PhotoRec
Free and IIRC, fairly straightforward. But it does depend on the original data being undamaged on the disk.
"Not in any doubt as to a lower TCO for general use."
That TCO might need some revision this year.
"I'll lay odds in the affected companies the MAC/Unix Systems are still going
Because no one uses them as user desktops"
You think those with Macs aren't using them as user desktops?
"MS have patched the vulnerabilities in question."
Only very belatedly. They were embarrassed into having to patch XP after its EoL. If the problem was known during XP's lifetime, shouldn't it have been patched then? If it was known during 7's development should it ever have been in 7?
There are reasons other than indolence why stuff doesn't get patched or at least patched promptly and doesn't get replaced (see TFA and also the frequent posts about the effects of enforced updating of 10).
NSA have no excuses whatsoever for sitting on this stuff and letting it become a global problem. Countries which have experienced serious infrastructural problems should have been calling US ambassadors into their foreign affairs ministries for a good talking to.
"It could be the Ukrainians themselves who set this loose to try and blame their enemies."
More to the point, has MeDOc let anyone go recently and failed to delete their accounts and change any passwords they may have known? Because this is getting t sound like a bigger and better version of https://www.theregister.co.uk/2017/06/26/engineer_imprisoned_for_hacking_exemployer/ (for some values of better).
"leave it open & monitor who accesses it?"
Yes. I can see why the MSP would want to avoid an aiding and abetting charge or whatever the equivalent is in Germany but the responsible thing would have been to have gone to TPTB and asked how the latter wanted them to handle it. I'd have thought that the answer would have been to keep it running to gather evidence and I doubt that it was kept running long enough for that to have happened.
"It just seems odd that there have been 2 separate attacks, using different 'tools', within just a few weeks of each other. "
Why odd? There have been malware campaigns for a long time. Then the EternalBlue and a load of other stuff went public a while ago. Add some time for the malware writers to incorporate it and there's nothing surprising at all that a couple of specimens using it emerge at more or less the same time.
@Mark
You do realise, don't you, that there are a multiplicity of other OSs and of CPU architectures? There are also other forms of networking semantics than SMB. Each OS, CPU and networking technology you introduce into the mix raises the difficulty for an attacker more or less exponentially. As the system becomes more difficult to attack even Windows systems gain from herd immunity.
"malware writers *would* cater for all systems"
It raises the bar for them having to deal with all systems. It wouldn't just be a matter of recompiling the same code.
Also heterogeneous systems can have different modes of operation. For instance drop the idea of using a browser - or anything else - to apply a GUI to your server-based application. [Pauses to allow millennials to stop hyperventilating at the thought of a GUI-free application.] Now you have an old-fashioned terminal application that can be run via a link with the semantics of an RS-232 link. That really raises the bar on trying to get an infection back from a PC to the server.
"but there are plenty out there that silently do their work for weeks before activating"
Do you have a citation for the frequency of this? It keeps being raised but all the reported outbreaks seem to be pretty well instant or nearly so. According to TFA this one spreads for an hour before kicking in but that's very different to working for weeks.
"it could be argued that the NSA protected the business world by keeping it a secret."
This is an argument for security through obscurity. The main problem with this is that you have to maintain the obscurity for ever. By far the best approach is for the vulnerabilities to be notified back as soon as discovered, fixed and the fixes incorporated in future products and in updates to existing ones.
"it is a combination of friendly regulation and ready access to investors and capital markets willing and able to throw vast sums of money at tech."
1. The premise of TFA is the unfriendly regulation of the country as a whole.
2. The money will be thrown at the tech wherever it might be if they can't do that locally. And I believe Switzerland and several Caribbean islands might have money available.
Why?
Clicks File. Ooh, look, Open Remote File is an option. Select that, Click on Add service. Google Drive is actually the first choice there.
If you don't want to put your business in the hands of MS or Google for storage you could always turn to NextCloud, either running your own copy locally or sign up with a commercial vendor to host it.
"There are many in the (mainland) UK would happily cut the cord"
That could have happened a century or so ago had it not been clear that the result would have been an extremely bloody civil war. It might have settled matters but at a much higher cost than anything that's happened since.
"Yet, bizarrely the majority of voters claim that's what they want. Obviously they don't understand how to fill in a ballot paper, or lie to pollsters."
Back in the day it was hoped that PR voting would ensure moderates and even cross-community parties such as Alliance would thrive. It didn't work.
"it does essentially come down to the fact that English/Dutch protestants invaded the island in the 1680s"
A bit more complex than that. You appear not to have heard of the Elizabethan plantation nor of the Ulster Scots (where do you think that name Paisley comes from?). Then, of course, the Scots did come from Ireland in the first place - there's been toing and froing across the North Channel since it opened up (e.g. Argyll is derived from the name of an Irish tribe). You simply can't put a marker into the chain of events and say everything that side is right and everything the other is wrong. Attempting to over-simplify a situation is a sure-fire way of making things worse.
"and needs to get work done?"
Yes, they certainly need to get work done now to recover from this.
I take it you've no personal knowledge of Linux or other Unix-like systems. I've got a little secret for you. Most of those of us who use Linux have also had experience of Windows, including sorting out the problems it's caused for friends and family. We can actually reach an informed opinion of what actually works.
In my case I was using Unix systems to do real work years before Windows was thought of. Lab management, logistics management, industrial control systems, all grist to the mill.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Subscribe
