Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 14th May 2017, 9:25 PM   #16
chook
Member
 
Join Date: Apr 2002
Posts: 480
Default

Quote:
Originally Posted by chip View Post
Some of those XP machines are small components in a much larger weapons systems, ie an entire warship or submarine.
Ah. So I had very cleverly started comparing apples and oranges. My bad.
__________________
Quote:
Originally Posted by Autti View Post
My house is actually a spacious elaborate case for my computer. Get your priorities right.
Quote:
Originally Posted by Sgt Bilko View Post
RX Vega will launch at SIGGRAPH 2017, you can quote me on that
chook is offline   Reply With Quote

Join OCAU to remove this ad!
Old 14th May 2017, 11:48 PM   #17
mrpats
Member
 
Join Date: Dec 2002
Posts: 411
Default

Quote:
Originally Posted by chook View Post
I realise this probably makes me an arrogant dick but, oh well.

The only people getting got by this deserve it.
  • If the vendor doesn't support disabling SMB1. you need a new vendor.
  • If the vendor provides a business critical application, you need a new vendor.
  • If the vendor is the only one, you need a new vendor.
If we stopped giving our money to vendors that were shit then there would be no more vendors :P.

In a more serious fashion the only way to make the vendor do their job is to punch them in the balls impact their bottom line. Granted that might mean a hit to our bottom line in the meantime but since we had a way to do this without the shitty vendor in the first place we can go back to doing it that way and at least be secure. I eagerly anticipate management going "but will someone please think of the profit?" The best response to that is likely "so how is that profit going for you now that all your things are gone?"
A pretty ignorant comment "The only people getting got by this deserve it."

So how do the healthcare sector "deserve" it. ?

It must be easy to ensure everything gets patched, you aren't running ANY legacy applications that can't be updated to a later OS and every one abides by the AUP and security recommendations.

The primary difference between this threat and other ransomware threats is Wannacry self-propagates.

There was another ransomware campaign being run last week, Jaff, it didn't get as much media coverage but it's still just as scary, however unlike Wannacry all it takes is a user to open an attachment to get popped, but I guess they would "deserve it" too.

Finally, as Info security professionals we must accept that not all businesses can afford to run the latest and greatest and/or implement all the security controls and meet 100% compliance. The cost doesn't always come from the technology, but from the FTE required to maintain and administer the systems. When you talk to healthcare and schools about hiring IT guys at $100k each or nurses/teachers/support staff at ~$60k the question becomes rhetorical.

Don't get me wrong, I too get frustrated at the mis-configurations that border on inept and negligent but work with your orgs, put your skin in the game. Don't just sit on the sidelines yelling "get a new vendor" or "won't somebody think of the security".
__________________
Quote:
Originally Posted by oli View Post
...The fact that it's also the largest I've had makes me want to leave it bare anyway.

Last edited by mrpats; 14th May 2017 at 11:51 PM. Reason: grammar
mrpats is offline   Reply With Quote
Old 15th May 2017, 10:40 AM   #18
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,560
Default

Quote:
Originally Posted by cbb1935 View Post
If it's a medical device that needs XP, then you have to question how good the device actually is, if the company cannot invest in upgrading their imaging/reporting/acquisition PCs to more recent operating systems.
You're a hospital, and you need a Widget machine... If you're lucky, there are 2 manufacturers of Widget machines in the world, but more often there is only 1. So you buy it. What operating system it runs isn't even a question that gets asked.

Quote:
Originally Posted by chook View Post
Some years ago (two? three?) the US Navy paid Microsoft about USD9M to keep providing them with security for XP I thought. That isn't a lot of $250K machines right there.
$250K machines, sign me up .


Quote:
Originally Posted by cbb1935 View Post
I guess as medical devices become more and more technology reliant, there needs to be stricter controls and regulations around future proofing of such devices (or replacing them to prevent them becoming a security risk to a hospital).

When software goes wrong with medical devices, bad shit can happen

https://en.wikipedia.org/wiki/Therac-25

It's cheaper (and for the most part, safer) to change the software from a known good configuration.

What needs to change is how these devices get used.

We've got a bunch-o-shit still running XP Embedded. They aren't used as general purpose computing devices, they aren't connected to the internet, and they don't share files via SMB.

You're at a much greater risk running unsupported software exposed to the internet (ala Exchange 2007) than you are of running XP machines in their own sandbox.

Last edited by PabloEscobar; 15th May 2017 at 10:43 AM.
PabloEscobar is online now   Reply With Quote
Old 15th May 2017, 11:13 AM   #19
looktall
Working Class Hero
 
looktall's Avatar
 
Join Date: Sep 2001
Location: brabham.wa.au
Posts: 23,131
Default

Quote:
Originally Posted by PabloEscobar View Post
You're a hospital, and you need a Widget machine... If you're lucky, there are 2 manufacturers of Widget machines in the world, but more often there is only 1. So you buy it. What operating system it runs isn't even a question that gets asked.
I'm not in the medical industry but this is the exact same situation I face with the magic science machines we use.

You add to this that some instruments cost huge amounts to replace but the low workload they do means it takes a long time to recover those costs making it hard to justify replacing a perfectly functioning instrument.
looktall is online now   Reply With Quote
Old 15th May 2017, 11:46 AM   #20
bcann
Member
 
Join Date: Feb 2006
Location: NSW
Posts: 4,185
Default

Quote:
Originally Posted by looktall View Post
I'm not in the medical industry but this is the exact same situation I face with the magic science machines we use.

You add to this that some instruments cost huge amounts to replace but the low workload they do means it takes a long time to recover those costs making it hard to justify replacing a perfectly functioning instrument.
even with all this taken into account, there is ZERO reason to have this kind of a box connected to the internet at ALL. they should've firewalled/vlanned the crap out of this box and kept it in its own little isolated world.

Unfortunately the idiots up above who no doubt overrode this decision will be let off without incident and some poor SAP will be downhill when that poo comes thundering down that hill.
__________________
Quote:
Originally Posted by elvis View Post
All I do is hand folks the working gun. Up to them as to whether or not they go hunting to bring home the bacon, or shoot themselves in the foot. I am merely the lowly gunsmith, and nothing more.
bcann is offline   Reply With Quote
Old 15th May 2017, 12:06 PM   #21
hosh0
Member
 
Join Date: May 2007
Location: Sydney N.S.W
Posts: 8,914
Default

Quote:
Originally Posted by mrpats View Post
A pretty ignorant comment "The only people getting got by this deserve it."

So how do the healthcare sector "deserve" it. ?

It must be easy to ensure everything gets patched, you aren't running ANY legacy applications that can't be updated to a later OS and every one abides by the AUP and security recommendations.

The primary difference between this threat and other ransomware threats is Wannacry self-propagates.

There was another ransomware campaign being run last week, Jaff, it didn't get as much media coverage but it's still just as scary, however unlike Wannacry all it takes is a user to open an attachment to get popped, but I guess they would "deserve it" too.

Finally, as Info security professionals we must accept that not all businesses can afford to run the latest and greatest and/or implement all the security controls and meet 100% compliance. The cost doesn't always come from the technology, but from the FTE required to maintain and administer the systems. When you talk to healthcare and schools about hiring IT guys at $100k each or nurses/teachers/support staff at ~$60k the question becomes rhetorical.

Don't get me wrong, I too get frustrated at the mis-configurations that border on inept and negligent but work with your orgs, put your skin in the game. Don't just sit on the sidelines yelling "get a new vendor" or "won't somebody think of the security".
I get all that, I really do. but my one comment is, businesses take physical security so seriously and they will spend the $$ needed to physically secure their shit. Yet digital security is never treated as seriously and I think it's time people start seeing it as important as just having your most important (and sometimes only copy) documents/artifacts/devices/hardware etc in a box by the side of the road.
__________________
IRWA (I'd Rather Walk Alone)


In God we trust, all others we virus scan.
hosh0 is offline   Reply With Quote
Old 15th May 2017, 12:10 PM   #22
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,015
Default

Boys - here is some needful.

Here is a nice list of KB's to search for to see if you're patched.

Windows 7
KB4012212
KB4012215->KB4015549->KB4019264

Server 2008 R2
KB4012212
KB4012215->KB4015549->KB4019264

Vista
4012598

Server 2008
KB4012598->KB4018466

Server 2012
KB4012217->KB4015551->KB4019216

Windows 8.1
KB4012216->KB4015550->KB4019215

Server 2012 R2
KB4012213
KB4012216->KB4015550->KB4019215

Windows 10
KB4012606->KB4019474
KB4013198->KB4019473
KB4013429->KB4019472

Server 2016
KB4013429->KB4019472


And when you're not patched, here is a nice list of things to install...

May Security Update Rollup downloads

Win2008 – KB4012598
http://www.catalog.update.microsoft....aspx?q=4012598

Win2008R2/SBS2011 – KB4019264
http://catalog.update.microsoft.com/...px?q=KB4019264

Win2012 - KB4019216
http://catalog.update.microsoft.com/...px?q=KB4019216

Win2012R2 – KB4019216
https://www.catalog.update.microsoft...px?q=KB4019215

Win2016 - KB4019472
http://catalog.update.microsoft.com/...px?q=KB4019472


Pre-req for 2012-2012R2 (if it hasn’t been patched since April 2014)
https://support.microsoft.com/en-us/...ate-april-2014

Pre-req for 2008r2 (if it hasn’t been patched since April 2015 – n.b you need SP1)
https://support.microsoft.com/en-us/...server-2008-r2

Last edited by NSanity; 15th May 2017 at 1:54 PM.
NSanity is online now   Reply With Quote
Old 15th May 2017, 12:14 PM   #23
LinX
Member
 
LinX's Avatar
 
Join Date: Jan 2002
Location: Hobart, Tas
Posts: 504
Default

Quote:
Originally Posted by IACSecurity View Post
and why have you got SMB1 still enabled..
Why on earth do people still persist with Windows

Jokes aside .. so many legacy apps .. Why people pay money for this crap is anyones guess.
__________________
Small - Medium Business Managed Services, Technology and Skills uplift for Enterprise.
www.ceph-it.net
LinX is offline   Reply With Quote
Old 15th May 2017, 12:49 PM   #24
IACSecurity
Member
 
IACSecurity's Avatar
 
Join Date: Jul 2008
Location: ork.sg
Posts: 727
Default

Quote:
Originally Posted by bcann View Post
even with all this taken into account, there is ZERO reason to have this kind of a box connected to the internet at ALL. they should've firewalled/vlanned the crap out of this box and kept it in its own little isolated world.

Unfortunately the idiots up above who no doubt overrode this decision will be let off without incident and some poor SAP will be downhill when that poo comes thundering down that hill.
They are connected to the internet. Say an Anesthetics machine, it reports on usages of each drug type, and predicts and reports upon maintenance and pending failures so that components can be replaced inline with its usage schedule. It also reports on cleaning cycles and all that stuff. It is very clinically important that faults are fixed before they are faults. It is a very valid reason for it to be connected, even if connected to an internal network.. they are internet accessible one way or another.

It doesn't have to be 'directly hooked up to a DSL line' to be 'on the internet' as far as worms go.

It is all just 'IoT' but with people on the other end of the thing.
__________________
Wartcom man loves sad donkey
Whatever I say is generally bullshit Trololing. So get over it.
IACSecurity is offline   Reply With Quote
Old 15th May 2017, 1:31 PM   #25
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,560
Default

Quote:
Originally Posted by NSanity View Post
Boys - here is some needful.

Here is a nice list of KB's to search for to see if you're patched.

Now, if you could make WSUS reporting not balls. I'd marry you in a heartbeat.
PabloEscobar is online now   Reply With Quote
Old 15th May 2017, 1:39 PM   #26
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,015
Default

Quote:
Originally Posted by PabloEscobar View Post
Now, if you could make WSUS reporting not balls. I'd marry you in a heartbeat.
https://msdn.microsoft.com/en-us/pow...ent/get-hotfix
Code:
PS C:\> $A = Get-Content "servers.txt"
PS C:\> $A | ForEach { if (!(Get-HotFix -Id "KB4012216" -ComputerName $_)) { Add-Content $_ -Path "Missing-kb953631.txt" }}
off you go.

My biggest problem is trying to get a hand on all the pre-reqs for our Service Desk. catalog.update.microsoft.com is being fucked...

Last edited by NSanity; 15th May 2017 at 1:41 PM.
NSanity is online now   Reply With Quote
Old 15th May 2017, 1:47 PM   #27
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,560
Default

Quote:
Originally Posted by NSanity View Post
My biggest problem is trying to get a hand on all the pre-reqs for our Service Desk. catalog.update.microsoft.com is being fucked...
Cheers Guvnor'

If I was going to exploit something, I'd sure as fuck be pointing my botnet at the source of the patches .
PabloEscobar is online now   Reply With Quote
Old 15th May 2017, 2:02 PM   #28
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,015
Default

Quote:
Originally Posted by PabloEscobar View Post
Cheers Guvnor'\
if you write something fancy, plz share.
NSanity is online now   Reply With Quote
Old 15th May 2017, 2:29 PM   #29
dave_dave_dave
Member
 
dave_dave_dave's Avatar
 
Join Date: Mar 2004
Location: Gold Coast
Posts: 2,544
Default

Have been running a Crypto Canary (set it up as a honey pot unauthenticated / everyone share) on our network for some time now. Quick and easy to setup with File Server Resource Manager.

https://chrisreinking.com/stop-crypt...res-with-fsrm/
__________________

\0/
|
/\
Muhammad
dave_dave_dave is offline   Reply With Quote
Old 15th May 2017, 2:36 PM   #30
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,560
Default

https://github.com/kieranwalsh/Power...PatchState.ps1


mebe?
PabloEscobar is online now   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 10:37 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Micron21!