Re: For the phone scammers ...
"Never had a call back."
I had once. The salesdroid's supervisor rung back to say the call must have been cut off.
16449 posts • joined 16 Jun 2014
The only call I ever got from one of those is one I missed - it just came up on the phone's missed call list.
What I do get from time to time is SEO spam in my Hotmail spam bin - that and phishing scams pretending to be from Outlook etc are the only ones that the Outlook filters let through. Occasionally I've delved into the Hotmail junk folder and sent replies to the usual amazing business propositions written as an out of office response and giving them the SEO address. After all, they're all in the same line of business so surely they'd appreciate the introductions.
Other responses are to ask them for the URL of the site they're sure they can improve because otherwise I can't tell which of my many(!) sites it is. Oddly they never respond. Another, bearing in mind that they're probably very proud of their English* is to reply pointing out how badly written their email is and I doubt that if this is the best they can do they couldn't be trusted with a site.
More recently I've taken to pointing out that if they're able to get first page in Google their own site must be on the first page if I search for "first page in Google" in Google but they seem to have omitted its URL so I can see for myself and what's more it's odd that they're using a gmail address rather than their own domain. Usually, of course they can't reply because their long established company - whose name they also managed to omit - is just a single chancer without a domain let alone a web site.
*I wonder, however, if they've bought the text of the email along with the spam list.
"Do these things do anything useful?"
The updates you get today should protect you against stuff that's been known for x* days. That means that some people will be infected in the period between release and the discovery and distribution of the AV update. In the normal state of affairs this will be a small proportion of vulnerable systems. When the virus spreads as rapidly as this today's updates are already too late.
*where x is however long it takes for the vendor to confirm reports and put together their update.
"Can you explain to me, with consideration for any contractual terms one might agree to in the EULA, how that proposal would work?"
It transpires that MS were very quickly able to knock out a patch for this vulnerability. They must finally have realised that they had responsibilities. So they question arises - was this EoLed because it wasn't feasible to continue maintenance or because they wanted to herd those who could be herded into upgrading?
"The good thing about this episode is that it is so high profile that no CTO or even IT manager is going to want to be caught out by it again and can not refuse to address the problem of running obsolete OS´s and maintaining a policy of never patching anything again."
I'd like to think you're right. Cynicism says that there'll be a subset of bean counters* for whom it confirms their belief that IT is a net very good cost centre.
*Bean counters are, of course, a cost centre but they lack self-awareness.
Interesting calculation. But you've omitted the cost of testing the ability of the existing applications to run on W10 and remediation or replacement of those that won't. An OS exists to run applications. These are the very arguments used against FOSS in such circumstances.
There's no silver bullet.
They knew the code had been stolen. But they chose not to activate the "kill switch".
Not activating it immediately it was stolen was reasonable. If they had the malware operators would have noticed it because they'd have had to debug it to get it to work. However they should have been watching for a release and thrown the switch as soon as they discovered it in the wild.
The NSA have a lot to answer for here and I hope govts. around the world let the US know that.
"But it's TRAINING."
And counter-training unfortunately. You train people to use email safely. Outside of your training session marketers everywhere are counter-training them to accept HTML mail as normal. Banks and others are counter-training them to click on URLs in their HTML mail. Social networks are counter-training them to throw complex files around. Gmail and the like are training them to view their mail through a browser, described here the other day as not a single point of failure but a whole three-dimensional space of failure.
"11. Update the antivirus version on regular basis and keep the definitions updated on a daily basis."
Today's definitions won't protect against yesterday's infection. And if that infection is also an aggressive worm as this was that's not going to be much use.
"12. Keep the computers and servers up to date with Windows updates and security patches."
In 15a you go on to explain why this isn't always possible.
"MSNet ports out there waving in the breeze of the general Internet"
Assumes a fact not in evidence. If you have a system with substantial internal SMB linkages than all it takes is one person to open an email booby trapped with a worm. The externally exposed port is your email port and that isn't going to work without being open externally.
you tell me what the "most basic principles of security" are that Microsoft have missed in current Windows and we'll see if your GNU/Linux distribution of choice has or has not also missed them.
OK. MS have always been a bit obscure about what any given fix does. Given that, in the real world, fixing one problem sometimes causes another. Recently they've taken to rolling multiple patches into one so it will take longer for sysadmins* to test and roll out.
My chosen distro is Debian LTS, ie systemd-free. Over to you.
*A good sysadmin is paranoid about everything.
"does this mean we can now collectively sue the Trump administration"
Downvoted for gratuitous Trump insertion. Clearly this goes back some way beyond the current administration. There may well be good reasons for suing the NSA, assuming they're not legally protected. There are also good reasons for being critical of Trump but conflating the two issues when they don't belong together weakens your argument. Learn to stay focussed.
The word you're looking for is "simplistic".
As has already been pointed out all unpatched versions of Windows are vulnerable. Patching itself introduces risks - patches have been known to break things and now that MS are rolling multiple patches together those risks are increased. So patching also involves testing and testing takes time.
The specific risk for XP is that it doesn't get patches. But, again, the issues with XP aren't simple. In many cases it will have been retained because something mission-critical depends on it and replacing whatever that is may require major expenditure and further risks. If your MRI scanner, for instance, relies on a no-longer maintained piece of XP-only software do you simply put your hand in your pocket for a few million to replace it, commission a rewrite and take the risk that it may fail in some respect to emulate the existing product or do you keep using XP?
These sorts of issues are not easily solved. Of course they only exist in the real world so please feel free to keep helping with your advice.
"On stand-alone PC's, ensure you have an adequate AV solution"
The problem with this is that the signature for any new malware won't be available until the target has been released, infected systems and been reported. When something spreads as fast as this has done that will be much too late.
"yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks."
You may have to look a little further back than that. Maybe at some business that was writing current applications but has now been bought and re-bought by some bigger business and somewhere along the chain the application development has been discontinued, maybe the source lost and runs on nothing newer than XP.
There's no silver bullet.
"1: You do not normally have to use Windows. There are more secure alternatives."
As others have said there's a lot of specialist kit for which only Windows drivers and/or applciations exists (which version of Windows is another worry). So it's not as simple as that. However there should be proper network segmentation to protect these.
OTOH plain vanilla desktop office/mail/web machines could well be shifted to other platforms. However this would buy time, not complete protection. A booby-trapped email will inevitably find a supply of boobies if it's widely spammed.
What's needed is a better architecture that doesn't allow some random application to save or update whatever file it wants.
"ever tried deleting/moving/modifying a file on a network share that you only have "read" permissions to?"
Those file you only have read permission to - how did they get there? Could it be that someone has to have write permission?
On a more practical, albeit longer term scale alternatives to simple shared folder need to be looked at. As one approach I'm currently setting up Nextcloud at home. I have several alternative ways to share files with a client. One is to use the webdav client to sync a specific desktop folder with the server. That means that even if I had a ransomware program running wild on the client PC it could only (a) affect files on the synced folder and (b) the contents of the folder on the server are versioned so that the last good version can be restored.
Linux has been on ARM devices for a while. And:
# apt-get install p7zip
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 268 kB of archives.
After this operation, 812 kB of additional disk space will be used.
Get:1 http://mirrordirector.raspbian.org/raspbian/ jessie/main p7zip armhf
etc. but that "arnhf" gives the game away - this isn't emulated, it's fully native.
"Noone has the slightest interest in archiving years of invitations to go to the pub or links to cat videos."
Personally I've no interest in any crap for which the main purpose is the dissemination of cat videos.
"It's not even a youth thing: I'm 58 years old and never email anyone, outside of work."
Maybe you're prematurely aged and live a very restricted life if you don't actually do anything online that requires email.
"If there are Thunderbird developers still in existence (and I frankly doubt it), they have rejected each and every one of your ideas every hour of every day for years upon years."
Good try at trolling. As they incorporated Lightning (see my previous post) that's at least one of his suggestions that they haven't rejected. What's more their not rejecting it pre-dates his posting it.
On the whole I have some sympathy in their trying to ignore HTML and the like. It's an abomination in email.
"All I would ask, is for some decent native CalDAV implementation. The Calendar plugins always seem a bit "tacked on" and not fully integrated, and sometimes will cock up."
Starting with Thunderbird 38, Lightning is bundled with Thunderbird. This means you don't need to install it separately, but simply confirm to use it once you create a new profile or upgrade from a previous version of Thunderbird.
What's not, AFAIK, built in is Lightbird, an add-on to Lightning which provides a the calendar in its own window with a somewhat different and, to my mind, better interface. Native CalDav would also be useful.
The outcome I'd like to see is one that was discussed back when this was first raised: Thunderbird (and Lightning) joins the Document Foundation (i.e. LibreOffice) and preferably takes the other orphan child, Seamonkey, with it. LO would be able to add a mail client and PIM and, if Seamonkey is included, a browser. The interface could then go back to the old style which would better fit in with LO and maybe there'd be money to add in its own CalDav connector instead of relying on SOGO.
"cameras being moved so they did not read plates, as well as other attempts to damage them including setting them on fire."
There's also scope for a sort of crowd sourced DDOS attack. Make up flip books with number-plate fonts, each character being individually flippable and just show a rapid succession of randomly flipped "number plates" to the cameras. With a bit of extra planning the same number could be shown to widely separated cameras at more or less the same time.
"SLA's around it all"
Do those SLAs actually prevent things from going down?
Do they actually provide compensation for the real costs to the client when they do go down?
Do those trying to fix things when they go down have your, the client's interests as their prime motivation or are they just working to the SLA?
Biting the hand that feeds IT © 1998–2019