Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 13th May 2017, 11:25 AM   #1
scrantic Thread Starter
Member
 
Join Date: Apr 2002
Location: Melbourne
Posts: 1,637
Default EternalBlue ms17-010/WannaCry Ransomware

I'm sure everyone has seen the news overnight?

So everyone is fully patch against ms17-010 yeh?

https://technet.microsoft.com/en-us/.../ms17-010.aspx

If not why not?
__________________
System| Intel Core i7-860 | Gigabyte GA-P55A-UD3P |
| Intel 530 180GB | 8GB Corsair DDR3 1333 |
| MSI GTX275 896MB| Antec P183 | Antec 750W PSU |
Storage Synology DS1511+ 4 x Hitachi 3TB Deskstar 5K3000
scrantic is offline   Reply With Quote

Join OCAU to remove this ad!
Old 13th May 2017, 11:57 AM   #2
IACSecurity
Member
 
IACSecurity's Avatar
 
Join Date: Jul 2008
Location: ork.sg
Posts: 932
Default

and why have you got SMB1 still enabled..
__________________
Wartcom man loves sad donkey
Whatever I say is generally bullshit Trololing. So get over it.
IACSecurity is offline   Reply With Quote
Old 13th May 2017, 12:00 PM   #3
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,297
Default

Quote:
Originally Posted by scrantic View Post
I'm sure everyone has seen the news overnight?

So everyone is fully patch against ms17-010 yeh?

https://technet.microsoft.com/en-us/.../ms17-010.aspx

If not why not?
because I'm still on XP obv.
PabloEscobar is offline   Reply With Quote
Old 13th May 2017, 12:01 PM   #4
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,045
Default

Quote:
Originally Posted by PabloEscobar View Post
because I'm still on XP obv.
because muh vendor still fkn uses SMB1 for their bullshit app that is fucking shit.
NSanity is online now   Reply With Quote
Old 13th May 2017, 6:53 PM   #5
scrantic Thread Starter
Member
 
Join Date: Apr 2002
Location: Melbourne
Posts: 1,637
Default

Well MS have released an OOB update for unsupported OS's

https://blogs.technet.microsoft.com/...edium=referral

http://www.catalog.update.microsoft....px?q=KB4012598
__________________
System| Intel Core i7-860 | Gigabyte GA-P55A-UD3P |
| Intel 530 180GB | 8GB Corsair DDR3 1333 |
| MSI GTX275 896MB| Antec P183 | Antec 750W PSU |
Storage Synology DS1511+ 4 x Hitachi 3TB Deskstar 5K3000
scrantic is offline   Reply With Quote
Old 13th May 2017, 11:38 PM   #6
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,297
Default

Quote:
Originally Posted by scrantic View Post
Sweet, now I don't have to update from XP, OR pay for support... all I need to do is make sure any vulnerabilities get a cool name, and attack the NHS with them.
PabloEscobar is offline   Reply With Quote
Old 14th May 2017, 1:24 AM   #7
cbb1935
Member
 
cbb1935's Avatar
 
Join Date: Aug 2001
Posts: 34,101
Default

Patched this week's ago. There really is NO excuse for people getting hit by this, even if they do a monthly patch cycle.
__________________
"I think in this world, if you can do something you love as a job and it doesn't feel like a job that is one of the greatest gifts you can have" - Hugh Jackman 2009
cbb1935 is offline   Reply With Quote
Old 14th May 2017, 2:34 AM   #8
chook
Member
 
Join Date: Apr 2002
Posts: 359
Default

I realise this probably makes me an arrogant dick but, oh well.

The only people getting got by this deserve it.
  • If the vendor doesn't support disabling SMB1. you need a new vendor.
  • If the vendor provides a business critical application, you need a new vendor.
  • If the vendor is the only one, you need a new vendor.
If we stopped giving our money to vendors that were shit then there would be no more vendors :P.

In a more serious fashion the only way to make the vendor do their job is to punch them in the balls impact their bottom line. Granted that might mean a hit to our bottom line in the meantime but since we had a way to do this without the shitty vendor in the first place we can go back to doing it that way and at least be secure. I eagerly anticipate management going "but will someone please think of the profit?" The best response to that is likely "so how is that profit going for you now that all your things are gone?"
__________________
Quote:
Originally Posted by Autti View Post
My house is actually a spacious elaborate case for my computer. Get your priorities right.
Quote:
Originally Posted by PabloEscobar View Post
China had to abort their zerg rush policy and limit new unit creation.
chook is offline   Reply With Quote
Old 14th May 2017, 10:57 AM   #9
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,297
Default

Quote:
Originally Posted by cbb1935 View Post
Patched this week's ago. There really is NO excuse for people getting hit by this, even if they do a monthly patch cycle.
People get hit by this because they are running old unsupport software for $Reasons. *cough* Exchange 2007 *cough*.

I'd hazard a guess that the NHS has a large number of cheap XP machines attached to a larger number of VERY EXPENSIVE medical imaging and diagnostic machines.

The financial truth of the matter is, that it will probably be cheaper to restore or pay the ransom (even accounting for downtime) than it would be to replace those machines.
PabloEscobar is offline   Reply With Quote
Old 14th May 2017, 2:38 PM   #10
cbb1935
Member
 
cbb1935's Avatar
 
Join Date: Aug 2001
Posts: 34,101
Default

Quote:
Originally Posted by PabloEscobar View Post
People get hit by this because they are running old unsupport software for $Reasons. *cough* Exchange 2007 *cough*.

I'd hazard a guess that the NHS has a large number of cheap XP machines attached to a larger number of VERY EXPENSIVE medical imaging and diagnostic machines.

The financial truth of the matter is, that it will probably be cheaper to restore or pay the ransom (even accounting for downtime) than it would be to replace those machines.
My brother is in the medical diagnostic industry (quite high up too), and we've often talked about how insecure some of these devices are.

Their company insists that their devices (and acquisition/reporting PCs) are individually firewalled and on their own VLAN to prevent issues, and run on Win7 (at the moment).

But he said you'd be amazed the number of lax IT admins in health sector who argue till blue in the face that (brothers med diag devices) can share the same network as everything else.

In this day and age it really isn't acceptable to expect people to deal with devices hanging off XP machines.

If it's a medical device that needs XP, then you have to question how good the device actually is, if the company cannot invest in upgrading their imaging/reporting/acquisition PCs to more recent operating systems.
__________________
"I think in this world, if you can do something you love as a job and it doesn't feel like a job that is one of the greatest gifts you can have" - Hugh Jackman 2009
cbb1935 is offline   Reply With Quote
Old 14th May 2017, 3:51 PM   #11
wazza
Member
 
wazza's Avatar
 
Join Date: Jun 2001
Location: NSW
Posts: 3,268
Default

Quote:
Originally Posted by cbb1935 View Post
If it's a medical device that needs XP, then you have to question how good the device actually is, if the company cannot invest in upgrading their imaging/reporting/acquisition PCs to more recent operating systems.
It's not likely a case where the device isn't available now with a later OS, just that they bought the device however many years ago with XP, and can't justify spending upwards of $250k replacing a perfectly functioning device just because IT say the OS it's running is no longer supported. There may also be no supported way to upgrade from XP to 7/8.1/10 without buying a new machine.
wazza is offline   Reply With Quote
Old 14th May 2017, 3:56 PM   #12
chook
Member
 
Join Date: Apr 2002
Posts: 359
Default

Quote:
Originally Posted by wazza View Post
It's not likely a case where the device isn't available now with a later OS, just that they bought the device however many years ago with XP, and can't justify spending upwards of $250k replacing a perfectly functioning device just because IT say the OS it's running is no longer supported. There may also be no supported way to upgrade from XP to 7/8.1/10 without buying a new machine.
Some years ago (two? three?) the US Navy paid Microsoft about USD9M to keep providing them with security for XP I thought. That isn't a lot of $250K machines right there and could other organisations have done the same? I don't think the issue is IT said it isn't supported but that the security posture of the business will become worse and worse. That is a risk management thing, not a technology thing.
__________________
Quote:
Originally Posted by Autti View Post
My house is actually a spacious elaborate case for my computer. Get your priorities right.
Quote:
Originally Posted by PabloEscobar View Post
China had to abort their zerg rush policy and limit new unit creation.
chook is offline   Reply With Quote
Old 14th May 2017, 6:31 PM   #13
IACSecurity
Member
 
IACSecurity's Avatar
 
Join Date: Jul 2008
Location: ork.sg
Posts: 932
Default

Quote:
Originally Posted by wazza View Post
It's not likely a case where the device isn't available now with a later OS, just that they bought the device however many years ago with XP, and can't justify spending upwards of $250k replacing a perfectly functioning device just because IT say the OS it's running is no longer supported. There may also be no supported way to upgrade from XP to 7/8.1/10 without buying a new machine.

Yes, that. and its not $250K, its more like $2m to $4m for a FMRI, Fluroscope, Multi-Slice CT etc.

Where is the business case to replace them every 5 years as the original OS goes out of date.

And yes they do need network connectivity, unless you want your medical results on USB sticks along with your 20GB CT and hope that USB stick management of every man and his dog is up to scratch.

That is the reality of the industry, its not good, but thats it.
__________________
Wartcom man loves sad donkey
Whatever I say is generally bullshit Trololing. So get over it.
IACSecurity is offline   Reply With Quote
Old 14th May 2017, 6:32 PM   #14
chip
Member
 
Join Date: Dec 2001
Location: Perth
Posts: 3,322
Default

Quote:
Originally Posted by chook View Post
Some years ago (two? three?) the US Navy paid Microsoft about USD9M to keep providing them with security for XP I thought. That isn't a lot of $250K machines right there...
Some of those XP machines are small components in a much larger weapons systems, ie an entire warship or submarine.
chip is offline   Reply With Quote
Old 14th May 2017, 6:57 PM   #15
cbb1935
Member
 
cbb1935's Avatar
 
Join Date: Aug 2001
Posts: 34,101
Default

Quote:
Originally Posted by wazza View Post
It's not likely a case where the device isn't available now with a later OS, just that they bought the device however many years ago with XP, and can't justify spending upwards of $250k replacing a perfectly functioning device just because IT say the OS it's running is no longer supported. There may also be no supported way to upgrade from XP to 7/8.1/10 without buying a new machine.
True that, but as the manufacturer of such devices, you would think some future proofing would be built into place to accommodate future operating systems.

E.G the interface is USB, and the software used can be upgraded (along with OS).

I can't imagine a hospital forking out $$$$ for a Da Vinci Robotic Operating Robot, only for the manufacturers to not be thinking about Windows 10, but rather only Windows 7 support.

(note that is just an example).

I guess as medical devices become more and more technology reliant, there needs to be stricter controls and regulations around future proofing of such devices (or replacing them to prevent them becoming a security risk to a hospital).
__________________
"I think in this world, if you can do something you love as a job and it doesn't feel like a job that is one of the greatest gifts you can have" - Hugh Jackman 2009
cbb1935 is offline   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 10:31 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Micron21!