Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 13th May 2017, 11:25 AM   #1
scrantic Thread Starter
Member
 
Join Date: Apr 2002
Location: Melbourne
Posts: 1,644
Default EternalBlue ms17-010/WannaCry Ransomware

I'm sure everyone has seen the news overnight?

So everyone is fully patch against ms17-010 yeh?

https://technet.microsoft.com/en-us/.../ms17-010.aspx

If not why not?
__________________
System| Intel Core i7-860 | Gigabyte GA-P55A-UD3P |
| Intel 530 180GB | 8GB Corsair DDR3 1333 |
| MSI GTX275 896MB| Antec P183 | Antec 750W PSU |
Storage Synology DS1511+ 4 x Hitachi 3TB Deskstar 5K3000
scrantic is offline   Reply With Quote

Join OCAU to remove this ad!
Old 13th May 2017, 11:57 AM   #2
IACSecurity
Member
 
IACSecurity's Avatar
 
Join Date: Jul 2008
Location: ork.sg
Posts: 727
Default

and why have you got SMB1 still enabled..
__________________
Wartcom man loves sad donkey
Whatever I say is generally bullshit Trololing. So get over it.
IACSecurity is offline   Reply With Quote
Old 13th May 2017, 12:00 PM   #3
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,403
Default

Quote:
Originally Posted by scrantic View Post
I'm sure everyone has seen the news overnight?

So everyone is fully patch against ms17-010 yeh?

https://technet.microsoft.com/en-us/.../ms17-010.aspx

If not why not?
because I'm still on XP obv.
PabloEscobar is offline   Reply With Quote
Old 13th May 2017, 12:01 PM   #4
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 15,908
Default

Quote:
Originally Posted by PabloEscobar View Post
because I'm still on XP obv.
because muh vendor still fkn uses SMB1 for their bullshit app that is fucking shit.
NSanity is online now   Reply With Quote
Old 13th May 2017, 6:53 PM   #5
scrantic Thread Starter
Member
 
Join Date: Apr 2002
Location: Melbourne
Posts: 1,644
Default

Well MS have released an OOB update for unsupported OS's

https://blogs.technet.microsoft.com/...edium=referral

http://www.catalog.update.microsoft....px?q=KB4012598
__________________
System| Intel Core i7-860 | Gigabyte GA-P55A-UD3P |
| Intel 530 180GB | 8GB Corsair DDR3 1333 |
| MSI GTX275 896MB| Antec P183 | Antec 750W PSU |
Storage Synology DS1511+ 4 x Hitachi 3TB Deskstar 5K3000
scrantic is offline   Reply With Quote
Old 13th May 2017, 11:38 PM   #6
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,403
Default

Quote:
Originally Posted by scrantic View Post
Sweet, now I don't have to update from XP, OR pay for support... all I need to do is make sure any vulnerabilities get a cool name, and attack the NHS with them.
PabloEscobar is offline   Reply With Quote
Old 14th May 2017, 2:34 AM   #7
chook
Member
 
Join Date: Apr 2002
Posts: 440
Default

I realise this probably makes me an arrogant dick but, oh well.

The only people getting got by this deserve it.
  • If the vendor doesn't support disabling SMB1. you need a new vendor.
  • If the vendor provides a business critical application, you need a new vendor.
  • If the vendor is the only one, you need a new vendor.
If we stopped giving our money to vendors that were shit then there would be no more vendors :P.

In a more serious fashion the only way to make the vendor do their job is to punch them in the balls impact their bottom line. Granted that might mean a hit to our bottom line in the meantime but since we had a way to do this without the shitty vendor in the first place we can go back to doing it that way and at least be secure. I eagerly anticipate management going "but will someone please think of the profit?" The best response to that is likely "so how is that profit going for you now that all your things are gone?"
__________________
Quote:
Originally Posted by Autti View Post
My house is actually a spacious elaborate case for my computer. Get your priorities right.
Quote:
Originally Posted by Sgt Bilko View Post
RX Vega will launch at SIGGRAPH 2017, you can quote me on that
chook is online now   Reply With Quote
Old 14th May 2017, 10:57 AM   #8
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,403
Default

Quote:
Originally Posted by cbb1935 View Post
Patched this week's ago. There really is NO excuse for people getting hit by this, even if they do a monthly patch cycle.
People get hit by this because they are running old unsupport software for $Reasons. *cough* Exchange 2007 *cough*.

I'd hazard a guess that the NHS has a large number of cheap XP machines attached to a larger number of VERY EXPENSIVE medical imaging and diagnostic machines.

The financial truth of the matter is, that it will probably be cheaper to restore or pay the ransom (even accounting for downtime) than it would be to replace those machines.
PabloEscobar is offline   Reply With Quote
Old 14th May 2017, 3:51 PM   #9
wazza
Member
 
wazza's Avatar
 
Join Date: Jun 2001
Location: NSW
Posts: 3,211
Default

Quote:
Originally Posted by cbb1935 View Post
If it's a medical device that needs XP, then you have to question how good the device actually is, if the company cannot invest in upgrading their imaging/reporting/acquisition PCs to more recent operating systems.
It's not likely a case where the device isn't available now with a later OS, just that they bought the device however many years ago with XP, and can't justify spending upwards of $250k replacing a perfectly functioning device just because IT say the OS it's running is no longer supported. There may also be no supported way to upgrade from XP to 7/8.1/10 without buying a new machine.
wazza is offline   Reply With Quote
Old 14th May 2017, 3:56 PM   #10
chook
Member
 
Join Date: Apr 2002
Posts: 440
Default

Quote:
Originally Posted by wazza View Post
It's not likely a case where the device isn't available now with a later OS, just that they bought the device however many years ago with XP, and can't justify spending upwards of $250k replacing a perfectly functioning device just because IT say the OS it's running is no longer supported. There may also be no supported way to upgrade from XP to 7/8.1/10 without buying a new machine.
Some years ago (two? three?) the US Navy paid Microsoft about USD9M to keep providing them with security for XP I thought. That isn't a lot of $250K machines right there and could other organisations have done the same? I don't think the issue is IT said it isn't supported but that the security posture of the business will become worse and worse. That is a risk management thing, not a technology thing.
__________________
Quote:
Originally Posted by Autti View Post
My house is actually a spacious elaborate case for my computer. Get your priorities right.
Quote:
Originally Posted by Sgt Bilko View Post
RX Vega will launch at SIGGRAPH 2017, you can quote me on that
chook is online now   Reply With Quote
Old 14th May 2017, 6:32 PM   #11
chip
Member
 
Join Date: Dec 2001
Location: Perth
Posts: 3,338
Default

Quote:
Originally Posted by chook View Post
Some years ago (two? three?) the US Navy paid Microsoft about USD9M to keep providing them with security for XP I thought. That isn't a lot of $250K machines right there...
Some of those XP machines are small components in a much larger weapons systems, ie an entire warship or submarine.
chip is offline   Reply With Quote
Old 14th May 2017, 7:02 PM   #12
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 15,908
Default

Quote:
Originally Posted by cbb1935 View Post
True that, but as the manufacturer of such devices, you would think some future proofing would be built into place to accommodate future operating systems.

E.G the interface is USB, and the software used can be upgraded (along with OS).

I can't imagine a hospital forking out $$$$ for a Da Vinci Robotic Operating Robot, only for the manufacturers to not be thinking about Windows 10, but rather only Windows 7 support.
You are so far removed from reality - people don't care about the peripheral devices - they care about the quality of data/reporting.

But also, the FDA is largely responsible here as I understand. They have to approve all equipment in the Medical field - and getting that re-assessed is expensive as fuck.
NSanity is online now   Reply With Quote
Old 14th May 2017, 7:11 PM   #13
rainwulf
Member
 
Join Date: Jan 2002
Location: bris.qld.aus
Posts: 3,899
Default

Quote:
Originally Posted by cbb1935 View Post
True that, but as the manufacturer of such devices, you would think some future proofing would be built into place to accommodate future operating systems.

E.G the interface is USB, and the software used can be upgraded (along with OS).

I can't imagine a hospital forking out $$$$ for a Da Vinci Robotic Operating Robot, only for the manufacturers to not be thinking about Windows 10, but rather only Windows 7 support.

(note that is just an example).

I guess as medical devices become more and more technology reliant, there needs to be stricter controls and regulations around future proofing of such devices (or replacing them to prevent them becoming a security risk to a hospital).
I dont know about you but i wouldn't be happy knowing a robot about to perform surgery on my is running xp OR windows 10.

Middle of a surgery "oh we are adding new features to windows and its going to reboot"

fuuuuu
__________________
derp
rainwulf is offline   Reply With Quote
Old 14th May 2017, 7:21 PM   #14
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 15,908
Default

Quote:
Originally Posted by rainwulf View Post
I dont know about you but i wouldn't be happy knowing a robot about to perform surgery on my is running xp OR windows 10.

Middle of a surgery "oh we are adding new features to windows and its going to reboot"

fuuuuu
except this kind of equipment is actually designed for LTSB.

Unlike your desktop
NSanity is online now   Reply With Quote
Old 14th May 2017, 9:14 PM   #15
looktall
Working Class Hero
 
looktall's Avatar
 
Join Date: Sep 2001
Location: brabham.wa.au
Posts: 23,011
Default

May have been already mentioned but there was apparently a kill switch of sorts in the code.
https://thewest.com.au/news/world/ma...-ng-b88475582z
Quote:
He began analysing a sample of the malicious software and noticed its code included a hidden web address that wasn’t registered.

He “promptly” registered the domain, something he regularly does to try to discover ways to track or stop malicious software.

Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm Proofpoint, was doing his own analysis. The western Michigan resident said he noticed the authors of the malware had left in a feature known as a kill switch.

Huss took a screen shot of his discovery and shared it on Twitter.

Soon he and MalwareTech were communicating about what they had found: That registering the domain name and redirecting the attacks to MalwareTech’s server had activated the kill switch, halting the ransomware’s infections.
looktall is online now   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 4:34 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Micron21!