Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
1234 posts

Uber Geek
+1 received by user: 275


  # 1781795 13-May-2017 21:54
One person supports this post
Send private message

joker97:

 

Are personal computers at risk?

 

How to protect oneself?

 

http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html

 

 

 

 

Keep your device up to date.


3905 posts

Uber Geek
+1 received by user: 1215


  # 1781798 13-May-2017 22:17
Send private message

Fred99:

 

 

 

But I think on a vulnerable network/unpatched network, all it would have taken is for one user to stuff up, and you're in big trouble.

 

 

Yeah, it moves around through a hole in SMB, so if you have MS win7+ machines that are not patched, or have XP machine which were (until tonight) unpatchable, it can run riot - which I suspect is what happened in the UK...

 

ttps://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/


 
 
 
 


2119 posts

Uber Geek
+1 received by user: 1200


  # 1781800 13-May-2017 22:33
4 people support this post
Send private message

I'm seeing a hell of a lot of judging the average user here, and bugger all good information about this rather serious security issue.




Location: Dunedin

 


gzt

10815 posts

Uber Geek
+1 received by user: 1813


  # 1781805 13-May-2017 22:46
Send private message

Yep. For the average single windows machine internet user it's basically a non issue. Even the built in XP firewall will prevent an SMB attack vector from the net.

For users on any kind of network with windows file transfer enabled it is is more serious. Could get infected by any other machine on that network.

634 posts

Ultimate Geek
+1 received by user: 124


  # 1781808 13-May-2017 22:50
Send private message

It's interesting to see how much of the world is still running XP.

 

I still run XP for broadcast software compatibility. I used to run Linux for a more secure environment until a database crash reveled a bad backup history as well. But XP is still a good workhorse as far as go on holiday for a few months and forget about it.

 

However, I have never had critical machines using Windows SMB full stop. I lived through Nimda years ago to realise that Windows File Sharing given the previous popularity of Windows full stop was a ticking time bomb. Everything is transferred via secure FTP to and from a broadcast automation delivery machine.

 

I'm glad Microsoft have released a patch for this, and perhaps didn't realise exactly how many close to critical systems still run it. Yes everyone should be up to date, however it doesn't change the economic fact many of these systems are still used and now non-supported in favour of driving more sales of software than securing what's still in production.

 

 


20421 posts

Uber Geek
+1 received by user: 6263

Trusted
Lifetime subscriber

  # 1781810 13-May-2017 22:59
3 people support this post
Send private message

We just sacked a customer who refused to replace 5 of their 15 machines that had XP. They have spent about $3000 with us trying to keep them up and running over 18 months, we have begged, cajoled. They have been hit by about 8 malware including 2 ransomware. I just explained we don't mind being an ambulance at the bottom of the cliff on a very occasional instance, but we aren't interested in a full-time job doing it. 

 

They hired a replacement about 10 days later, who went in to do an audit and walked out without completing the audit and said he wasn't interested in the job. (I know the guy). 

 

 


Fat bottom Trump
10207 posts

Uber Geek
+1 received by user: 5029

Lifetime subscriber

  # 1781812 13-May-2017 23:25
Send private message

I would need to know a lot more than I do to make an informed comment on this but a couple of things occur to me. First is that a business has every right to be selective about the customers they choose to work for. You are under no obligation to do jobs you don't want to. Also, you are in a fortunate position that you can afford to pick and choose. Second is that the customer is always right. If they are willing to pay for the service, they are fully entitled to it regardless of how you feel about it. Some companies would be grateful to have such customers, who keep generating business by clinging to obsolete technology. I see nothing wrong with that as long as they are happy to pay the price.

 

 





I reject your reality and substitute my own. - Adam Savage
 


 
 
 
 


634 posts

Ultimate Geek
+1 received by user: 124


  # 1781815 13-May-2017 23:40
One person supports this post
Send private message

The last place I worked at in broadcasting paid over $25,000 to update 2-3 workstations in an automation product including installation and licensing. Support was on top.

 

A $3,000 repair bill for a few motherboards and new hard disk drives work is not a big bill to pay compared to a full upgrade in that environment.

 

So cost is all relative to what it's being used for. Then there's what it's used for versus industry standard and familiarity to industry staff, and a proven track record for critical reliability.

 

For Joe Bloggs using 10 year old machines at his mechanic's workshop, probably not such a big deal if a new system has a few hick ups along the way.

 

 


1234 posts

Uber Geek
+1 received by user: 275


  # 1781819 14-May-2017 01:13
One person supports this post
Send private message

k1w1k1d:

 

I work for a nationwide company with about 15 branches and have only recently had my XP PC replaced with a W7 one. We still have some PC's and service department laptops running XP.

 

All the company computers have full admin rights, and UAC is turned off.

 

Most of the company PC's and laptops also have automatic updates turned off by the IT Dept. This is so they don't have Windows Update "hassles".

 

I can't even get them to update IE10 to IE11 on our server. Get quite a few unsupported browser notices, so have to jump back to IE11 or Firefox on the PC to get access.

 

I guess all of the above makes us a likely candidate for an attack?

 

 

 

We did have one of our salesmen open an attachment on his laptop which encrypted one of the server drives. Luckily they were able to stop it before it got to any of the others. Drive had to be formatted and reloaded from the previous night's backup.

 

 

 

 

 

 

That "IT Dept" should all be fired for incompetence, and to answer your question, it's only a matter of time unfortunately.


4502 posts

Uber Geek
+1 received by user: 1068


  # 1781826 14-May-2017 07:23
Send private message

kiwirock:

 

The last place I worked at in broadcasting paid over $25,000 to update 2-3 workstations in an automation product including installation and licensing. Support was on top.

 

 

 

 

NexGen?


Stu

Hammered
5250 posts

Uber Geek
+1 received by user: 1179

Moderator
Trusted
Lifetime subscriber

  # 1781838 14-May-2017 08:45
7 people support this post
Send private message

Rikkitic: ....... Second is that the customer is always right........

Sorry, but I disagree. Especially when it comes to IT.




Keep calm, and carry on posting.

 

 

 

Click to see full size Click to see full size


2863 posts

Uber Geek
+1 received by user: 772


  # 1781849 14-May-2017 10:13
Send private message




Common sense is not as common as you think.


69 posts

Master Geek
+1 received by user: 16


  # 1781850 14-May-2017 10:15
Send private message

Seems ironic to me that the writers of this crypto malware neglected to encrypt the string containing the domain name.

 

I guess that next time they'll know to obsfucate the critical strings in their code?

 

 

 

 


3905 posts

Uber Geek
+1 received by user: 1215


  # 1781869 14-May-2017 11:28
One person supports this post
Send private message

vexxxboy:

 

Researcher finds kill switch

 

 

Yeah, but sinkholing the domain only stops this variant, it doesn't stop someone else rolling another version that checks a different Domain ( one that this time they control)-

 

Everyone needs to make sure that they are have the MS17-010. patch for current Win releases,

 

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

 

or this one for XP etc

 

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

 

along with having good backups and computing practices

 

 


1705 posts

Uber Geek
+1 received by user: 943


  # 1781877 14-May-2017 11:53
Send private message

MickeyD:

 

Seems ironic to me that the writers of this crypto malware neglected to encrypt the string containing the domain name.

 

I guess that next time they'll know to obsfucate the critical strings in their code?

 

 

 

Is that how it was detected?  I assumed someone analysed a victim PC's traffic


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.