Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 14th May 2017, 7:02 PM   #16
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,062
Default

Quote:
Originally Posted by cbb1935 View Post
True that, but as the manufacturer of such devices, you would think some future proofing would be built into place to accommodate future operating systems.

E.G the interface is USB, and the software used can be upgraded (along with OS).

I can't imagine a hospital forking out $$$$ for a Da Vinci Robotic Operating Robot, only for the manufacturers to not be thinking about Windows 10, but rather only Windows 7 support.
You are so far removed from reality - people don't care about the peripheral devices - they care about the quality of data/reporting.

But also, the FDA is largely responsible here as I understand. They have to approve all equipment in the Medical field - and getting that re-assessed is expensive as fuck.
NSanity is online now   Reply With Quote

Join OCAU to remove this ad!
Old 14th May 2017, 7:11 PM   #17
rainwulf
Member
 
Join Date: Jan 2002
Location: bris.qld.aus
Posts: 3,910
Default

Quote:
Originally Posted by cbb1935 View Post
True that, but as the manufacturer of such devices, you would think some future proofing would be built into place to accommodate future operating systems.

E.G the interface is USB, and the software used can be upgraded (along with OS).

I can't imagine a hospital forking out $$$$ for a Da Vinci Robotic Operating Robot, only for the manufacturers to not be thinking about Windows 10, but rather only Windows 7 support.

(note that is just an example).

I guess as medical devices become more and more technology reliant, there needs to be stricter controls and regulations around future proofing of such devices (or replacing them to prevent them becoming a security risk to a hospital).
I dont know about you but i wouldn't be happy knowing a robot about to perform surgery on my is running xp OR windows 10.

Middle of a surgery "oh we are adding new features to windows and its going to reboot"

fuuuuu
__________________
derp
rainwulf is offline   Reply With Quote
Old 14th May 2017, 7:21 PM   #18
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,062
Default

Quote:
Originally Posted by rainwulf View Post
I dont know about you but i wouldn't be happy knowing a robot about to perform surgery on my is running xp OR windows 10.

Middle of a surgery "oh we are adding new features to windows and its going to reboot"

fuuuuu
except this kind of equipment is actually designed for LTSB.

Unlike your desktop
NSanity is online now   Reply With Quote
Old 14th May 2017, 9:14 PM   #19
looktall
Working Class Hero
 
looktall's Avatar
 
Join Date: Sep 2001
Location: brabham.wa.au
Posts: 22,919
Default

May have been already mentioned but there was apparently a kill switch of sorts in the code.
https://thewest.com.au/news/world/ma...-ng-b88475582z
Quote:
He began analysing a sample of the malicious software and noticed its code included a hidden web address that wasn’t registered.

He “promptly” registered the domain, something he regularly does to try to discover ways to track or stop malicious software.

Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm Proofpoint, was doing his own analysis. The western Michigan resident said he noticed the authors of the malware had left in a feature known as a kill switch.

Huss took a screen shot of his discovery and shared it on Twitter.

Soon he and MalwareTech were communicating about what they had found: That registering the domain name and redirecting the attacks to MalwareTech’s server had activated the kill switch, halting the ransomware’s infections.
looktall is offline   Reply With Quote
Old 14th May 2017, 9:25 PM   #20
chook
Member
 
Join Date: Apr 2002
Posts: 361
Default

Quote:
Originally Posted by chip View Post
Some of those XP machines are small components in a much larger weapons systems, ie an entire warship or submarine.
Ah. So I had very cleverly started comparing apples and oranges. My bad.
__________________
Quote:
Originally Posted by Autti View Post
My house is actually a spacious elaborate case for my computer. Get your priorities right.
Quote:
Originally Posted by PabloEscobar View Post
China had to abort their zerg rush policy and limit new unit creation.
chook is offline   Reply With Quote
Old 14th May 2017, 11:48 PM   #21
mrpats
Member
 
Join Date: Dec 2002
Posts: 412
Default

Quote:
Originally Posted by chook View Post
I realise this probably makes me an arrogant dick but, oh well.

The only people getting got by this deserve it.
  • If the vendor doesn't support disabling SMB1. you need a new vendor.
  • If the vendor provides a business critical application, you need a new vendor.
  • If the vendor is the only one, you need a new vendor.
If we stopped giving our money to vendors that were shit then there would be no more vendors :P.

In a more serious fashion the only way to make the vendor do their job is to punch them in the balls impact their bottom line. Granted that might mean a hit to our bottom line in the meantime but since we had a way to do this without the shitty vendor in the first place we can go back to doing it that way and at least be secure. I eagerly anticipate management going "but will someone please think of the profit?" The best response to that is likely "so how is that profit going for you now that all your things are gone?"
A pretty ignorant comment "The only people getting got by this deserve it."

So how do the healthcare sector "deserve" it. ?

It must be easy to ensure everything gets patched, you aren't running ANY legacy applications that can't be updated to a later OS and every one abides by the AUP and security recommendations.

The primary difference between this threat and other ransomware threats is Wannacry self-propagates.

There was another ransomware campaign being run last week, Jaff, it didn't get as much media coverage but it's still just as scary, however unlike Wannacry all it takes is a user to open an attachment to get popped, but I guess they would "deserve it" too.

Finally, as Info security professionals we must accept that not all businesses can afford to run the latest and greatest and/or implement all the security controls and meet 100% compliance. The cost doesn't always come from the technology, but from the FTE required to maintain and administer the systems. When you talk to healthcare and schools about hiring IT guys at $100k each or nurses/teachers/support staff at ~$60k the question becomes rhetorical.

Don't get me wrong, I too get frustrated at the mis-configurations that border on inept and negligent but work with your orgs, put your skin in the game. Don't just sit on the sidelines yelling "get a new vendor" or "won't somebody think of the security".
__________________
Quote:
Originally Posted by oli View Post
...The fact that it's also the largest I've had makes me want to leave it bare anyway.

Last edited by mrpats; 14th May 2017 at 11:51 PM. Reason: grammar
mrpats is offline   Reply With Quote
Old 15th May 2017, 10:40 AM   #22
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,310
Default

Quote:
Originally Posted by cbb1935 View Post
If it's a medical device that needs XP, then you have to question how good the device actually is, if the company cannot invest in upgrading their imaging/reporting/acquisition PCs to more recent operating systems.
You're a hospital, and you need a Widget machine... If you're lucky, there are 2 manufacturers of Widget machines in the world, but more often there is only 1. So you buy it. What operating system it runs isn't even a question that gets asked.

Quote:
Originally Posted by chook View Post
Some years ago (two? three?) the US Navy paid Microsoft about USD9M to keep providing them with security for XP I thought. That isn't a lot of $250K machines right there.
$250K machines, sign me up .


Quote:
Originally Posted by cbb1935 View Post
I guess as medical devices become more and more technology reliant, there needs to be stricter controls and regulations around future proofing of such devices (or replacing them to prevent them becoming a security risk to a hospital).

When software goes wrong with medical devices, bad shit can happen

https://en.wikipedia.org/wiki/Therac-25

It's cheaper (and for the most part, safer) to change the software from a known good configuration.

What needs to change is how these devices get used.

We've got a bunch-o-shit still running XP Embedded. They aren't used as general purpose computing devices, they aren't connected to the internet, and they don't share files via SMB.

You're at a much greater risk running unsupported software exposed to the internet (ala Exchange 2007) than you are of running XP machines in their own sandbox.

Last edited by PabloEscobar; 15th May 2017 at 10:43 AM.
PabloEscobar is online now   Reply With Quote
Old 15th May 2017, 11:13 AM   #23
looktall
Working Class Hero
 
looktall's Avatar
 
Join Date: Sep 2001
Location: brabham.wa.au
Posts: 22,919
Default

Quote:
Originally Posted by PabloEscobar View Post
You're a hospital, and you need a Widget machine... If you're lucky, there are 2 manufacturers of Widget machines in the world, but more often there is only 1. So you buy it. What operating system it runs isn't even a question that gets asked.
I'm not in the medical industry but this is the exact same situation I face with the magic science machines we use.

You add to this that some instruments cost huge amounts to replace but the low workload they do means it takes a long time to recover those costs making it hard to justify replacing a perfectly functioning instrument.
looktall is offline   Reply With Quote
Old 15th May 2017, 11:46 AM   #24
bcann
Member
 
Join Date: Feb 2006
Location: NSW
Posts: 4,025
Default

Quote:
Originally Posted by looktall View Post
I'm not in the medical industry but this is the exact same situation I face with the magic science machines we use.

You add to this that some instruments cost huge amounts to replace but the low workload they do means it takes a long time to recover those costs making it hard to justify replacing a perfectly functioning instrument.
even with all this taken into account, there is ZERO reason to have this kind of a box connected to the internet at ALL. they should've firewalled/vlanned the crap out of this box and kept it in its own little isolated world.

Unfortunately the idiots up above who no doubt overrode this decision will be let off without incident and some poor SAP will be downhill when that poo comes thundering down that hill.
__________________
Quote:
Originally Posted by elvis View Post
All I do is hand folks the working gun. Up to them as to whether or not they go hunting to bring home the bacon, or shoot themselves in the foot. I am merely the lowly gunsmith, and nothing more.
bcann is offline   Reply With Quote
Old 15th May 2017, 12:06 PM   #25
hosh0
Member
 
Join Date: May 2007
Location: Sydney N.S.W
Posts: 8,862
Default

Quote:
Originally Posted by mrpats View Post
A pretty ignorant comment "The only people getting got by this deserve it."

So how do the healthcare sector "deserve" it. ?

It must be easy to ensure everything gets patched, you aren't running ANY legacy applications that can't be updated to a later OS and every one abides by the AUP and security recommendations.

The primary difference between this threat and other ransomware threats is Wannacry self-propagates.

There was another ransomware campaign being run last week, Jaff, it didn't get as much media coverage but it's still just as scary, however unlike Wannacry all it takes is a user to open an attachment to get popped, but I guess they would "deserve it" too.

Finally, as Info security professionals we must accept that not all businesses can afford to run the latest and greatest and/or implement all the security controls and meet 100% compliance. The cost doesn't always come from the technology, but from the FTE required to maintain and administer the systems. When you talk to healthcare and schools about hiring IT guys at $100k each or nurses/teachers/support staff at ~$60k the question becomes rhetorical.

Don't get me wrong, I too get frustrated at the mis-configurations that border on inept and negligent but work with your orgs, put your skin in the game. Don't just sit on the sidelines yelling "get a new vendor" or "won't somebody think of the security".
I get all that, I really do. but my one comment is, businesses take physical security so seriously and they will spend the $$ needed to physically secure their shit. Yet digital security is never treated as seriously and I think it's time people start seeing it as important as just having your most important (and sometimes only copy) documents/artifacts/devices/hardware etc in a box by the side of the road.
__________________
IRWA (I'd Rather Walk Alone)


In God we trust, all others we virus scan.
hosh0 is offline   Reply With Quote
Old 15th May 2017, 12:10 PM   #26
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,062
Default

Boys - here is some needful.

Here is a nice list of KB's to search for to see if you're patched.

Windows 7
KB4012212
KB4012215->KB4015549->KB4019264

Server 2008 R2
KB4012212
KB4012215->KB4015549->KB4019264

Vista
4012598

Server 2008
KB4012598->KB4018466

Server 2012
KB4012217->KB4015551->KB4019216

Windows 8.1
KB4012216->KB4015550->KB4019215

Server 2012 R2
KB4012213
KB4012216->KB4015550->KB4019215

Windows 10
KB4012606->KB4019474
KB4013198->KB4019473
KB4013429->KB4019472

Server 2016
KB4013429->KB4019472


And when you're not patched, here is a nice list of things to install...

May Security Update Rollup downloads

Win2008 – KB4012598
http://www.catalog.update.microsoft....aspx?q=4012598

Win2008R2/SBS2011 – KB4019264
http://catalog.update.microsoft.com/...px?q=KB4019264

Win2012 - KB4019216
http://catalog.update.microsoft.com/...px?q=KB4019216

Win2012R2 – KB4019216
https://www.catalog.update.microsoft...px?q=KB4019215

Win2016 - KB4019472
http://catalog.update.microsoft.com/...px?q=KB4019472


Pre-req for 2012-2012R2 (if it hasn’t been patched since April 2014)
https://support.microsoft.com/en-us/...ate-april-2014

Pre-req for 2008r2 (if it hasn’t been patched since April 2015 – n.b you need SP1)
https://support.microsoft.com/en-us/...server-2008-r2

Last edited by NSanity; 15th May 2017 at 1:54 PM.
NSanity is online now   Reply With Quote
Old 15th May 2017, 12:14 PM   #27
LinX
Member
 
LinX's Avatar
 
Join Date: Jan 2002
Location: Hobart, Tas
Posts: 510
Default

Quote:
Originally Posted by IACSecurity View Post
and why have you got SMB1 still enabled..
Why on earth do people still persist with Windows

Jokes aside .. so many legacy apps .. Why people pay money for this crap is anyones guess.
__________________
Small - Medium Business Managed Services, Technology and Skills uplift for Enterprise.
www.ceph-it.net
LinX is offline   Reply With Quote
Old 15th May 2017, 12:49 PM   #28
IACSecurity
Member
 
IACSecurity's Avatar
 
Join Date: Jul 2008
Location: ork.sg
Posts: 932
Default

Quote:
Originally Posted by bcann View Post
even with all this taken into account, there is ZERO reason to have this kind of a box connected to the internet at ALL. they should've firewalled/vlanned the crap out of this box and kept it in its own little isolated world.

Unfortunately the idiots up above who no doubt overrode this decision will be let off without incident and some poor SAP will be downhill when that poo comes thundering down that hill.
They are connected to the internet. Say an Anesthetics machine, it reports on usages of each drug type, and predicts and reports upon maintenance and pending failures so that components can be replaced inline with its usage schedule. It also reports on cleaning cycles and all that stuff. It is very clinically important that faults are fixed before they are faults. It is a very valid reason for it to be connected, even if connected to an internal network.. they are internet accessible one way or another.

It doesn't have to be 'directly hooked up to a DSL line' to be 'on the internet' as far as worms go.

It is all just 'IoT' but with people on the other end of the thing.
__________________
Wartcom man loves sad donkey
Whatever I say is generally bullshit Trololing. So get over it.
IACSecurity is offline   Reply With Quote
Old 15th May 2017, 1:31 PM   #29
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,310
Default

Quote:
Originally Posted by NSanity View Post
Boys - here is some needful.

Here is a nice list of KB's to search for to see if you're patched.

Now, if you could make WSUS reporting not balls. I'd marry you in a heartbeat.
PabloEscobar is online now   Reply With Quote
Old 15th May 2017, 1:39 PM   #30
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,062
Default

Quote:
Originally Posted by PabloEscobar View Post
Now, if you could make WSUS reporting not balls. I'd marry you in a heartbeat.
https://msdn.microsoft.com/en-us/pow...ent/get-hotfix
Code:
PS C:\> $A = Get-Content "servers.txt"
PS C:\> $A | ForEach { if (!(Get-HotFix -Id "KB4012216" -ComputerName $_)) { Add-Content $_ -Path "Missing-kb953631.txt" }}
off you go.

My biggest problem is trying to get a hand on all the pre-reqs for our Service Desk. catalog.update.microsoft.com is being fucked...

Last edited by NSanity; 15th May 2017 at 1:41 PM.
NSanity is online now   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 9:29 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Micron21!