436 posts • joined 3 Apr 2008
Better stock up on supplies then
Well, that brings the time you need to have stocked up on essential supplies forward from March 2019 to the end of the year then. You know, food, medicine, fuel maybe.
It doesn't actually matter if HMRC pull the rabbit out of the hat and make it work on time, we still haven't even started on the rest of the infrastructure needed for the new customs environment.
It didn't matter if your systems were up-to-date with NotPetya or not. It harvested administrator and local administrator credentials via a custom version of Mimikatz and used those, in *addition* to spreading through ETERNALBLUE / DOUBLEPULSAR etc.
I suspect that many of the organisations so badly hit had decent patch management regimes, but were weaker on passwords. It was not the same as WannaCry. No, not at all.
In the old days..
In the old days they would have been even more screwed. When domains expired they used to drop straight away and could be reregistered almost instantly. That changed a bit more than a decade ago. If you think that getting your domain out of REDEMPTIONPERIOD is a pain, trying to get it back from some anonymous domainer who wants a fortune for it is even harder..
Re: Science Fiction saves the world!
Footfall is probably one of the best and most plausible alien invasion novels, Mote is the best first contact novel I've read. I wasn't so keen on Pournelle's solo works, but when working with Larry Niven there was a good combination of ideas - I guess Niven had the big ideas, Pournelle then made them credible.
And Chaos Manor was always a must-read in Byte. Sure, it was just some guy fiddling around with computers but you'd often learn something. And Pournelle was right about keyboards..
That damned sinkhole server
I seem to remember him Tweeting that various law enforcement agencies kept trying to shut down or seize the sinkhole server. It seems that a lot of agencies just didn't understand what was going on and were in their own little bubble.
Funnily enough, one of my bosses offered me a trip to Black Hat / Defcon. Didn't fancy the idea much then. Fancy it less now.
There were five in the UK..
There were five Multics systems in UK Universities as I recall, Birmingham, Bath/Bristol (AUCC), Brunel, Cardiff and Loughborough. Typically these were hooked up to Lear-Siegler ADM3a or similar terminals, ours used British-built Insight VDT-1s (who were eventually bought our by Sanderson Electronics).
Of course, as with probably most 1980s computing students we tried to hack it, but unlike other boxes the security was very solid. Social engineering attacks worked the best. Yes, I got into a lot of trouble in those days..
As an aside, Paul Smee was one of the leading Multicians of the time IMO. Sadly he passed away back in 2006 - http://www.bristol.ac.uk/news/2006/5138.html
The mouse that never worked in the afternoon..
One day (in the early 1990s) I was called out to install something-or-other in an academic department of the college I worked in that I hadn't previously been aware of.
Having set whatever it was up, the users casually mentioned that another one of their computers didn't work in the afternoon.. well, *most* afternoons. It was OK in the morning, but after lunch it apparently stopped and the person using it couldn't do any more work. This had been going on for months. It didn't seem to particularly bother them that they spent their afternoons sitting around doing nothing.
It transpired that the problem was that the mouse stopped working, and with no mouse they couldn't possibly interact with the state-of-the-art Windows 3.1 PC. They just accepted that it didn't work in the afternoon.
The problem was a daft one.. the early optomechnical mouse had optical sensors internally which were being flooded out by the sunlight shining on the plastic. Putting in a better mouse fixed the problem. But what got me was the laid-back attitude to not doing any work. Maybe not surprising in that environment.
(The same department also had a then-massive 21" CRT monitor on another system that they insisted on running in VGA resolution despite there being no reason to do so. They went ballistic when I tweaked it to 800x600 pixels).
In one lab installation we put a box file under the monitor to raise it up a bit, because the PC was a tower system under the desk. For a laugh, I printed out an icon of a floppy disk drive and glued it onto the box file. On more that one occasion we had baffled users who didn't understand why the disk didn't go in. Hmm.
I had one of those too. But it wasn't really a German car (despite the Daimler ownership), it was a French car with all the fun and unreliability that goes with it. Electrical gremlins, leaks, ECU failures, steering rack faults, fractured aircon pipes. Not really reliable. But fun to drive when it wasn't being fixed.
That's a pretty impressive portfolio of designs - https://en.wikipedia.org/wiki/Frank_Stephenson
On the Mini.. well, it a contentious one amongst car fans. Issigonis was trying to design something cheap, small on the outside and big on the inside all while using as much from the BMC parts pin as possible. The fact that it was cute to look at and fun to drive were rather pleasing secondary factors.
When *Rover* tried to redesign the Mini in the late 1990s, they came up with a number of things which were closer to the Issigonis idea of efficient packaging (some looked like the Daewoo Matiz), where BMW was more interested in the cuteness factor. In the end, BMW won and the Mini was a huge success.
There's an interesting and more detailed story about the development of the Mini and the prototypes that never made it here: http://www.aronline.co.uk/blogs/cars/mini-bmw/mini-2/the-cars-mini-development-history/
Remember the iPhone 4. Or maybe the Ford Pinto.
Remember the iPhone 4 and antennagate? People wondered how Apple could regain the trust of customers after messing that up, and yet they fixed the problem and moved on. There's no real reason why this should turn into significant long-term damage for Samsung
If no other models start to blow up. If their PR machine gets back on track. And their competitors don't capitalise on the problem.
People still buy cars from Ford too, despite the beancounters deciding that it was cheaper to let people die in the deathtrap they called the Ford Pinto rather than fix the underlying problems. Consumers can be surprisingly forgiving with companies that they trust.
Passport, driving licence validity
Where your driving licence will be valid in the UK, there's a possibility that it will not be valid in Europe. Even more likely, the EU-style passport may not be valid for travel to EU countries at least, because travellers will no longer have the rights and privileges of being an EU citizen.. that will be something the EU will have to decide.
Gragh, students and their sodding games
I worked with students for quite a long time. One irritation was that they would insist on playing games on the lab computers which were meant for.. well, work. Back in those days all the games were DOS games, and they almost all used Mode 13h for graphics (320 x 200 pixels x 256 colours).
I knocked together a simple TSR that intercepted the interrupt that changed the display mode.. every time you tried to change to 13h it would display an error and reboot. The TSR was pretty well hidden, I don' t think any of the users ever figured it out.
The other essential DOS tool was an application that replaced the FORMAT command with one that checked to see if the user was trying to format C: (because yes, you could actually do that). If they were it would let off an alarm, which would tend to attract attention. Yes, students actually did this either maliciously or stupidly. If they were just trying to format a floppy disk, it would pass it on to the REAL format command which had simply been renamed.
What always flabbergasted me was when students were working on their dissertations, they wouldn't ever bother to have a backup copy of the floppy disk they had to store it on. Norton Utilities certainly rescued quite a few academic careers.
When we upgraded to a Novell network the problem was that the students would never log out, and students would end up with each others dissertations. Eventually, we wrote a screensaver in VB which would log them out automatically. Unfortunately, it would tend to do it while the students were looking up references in their books and it would shut down.. being not very observant, they didn't notice the GREAT BIG RED timer which gave them five minutes grace.
I recently looked at an issue involving fake LinkedIn profiles. I was getting nowhere with a reverse image search of the profile images with the usual technologies until somebody suggested flipping the image.. and all of a sudden the reverse image search started working.
That was a relatively simple circumvention technique. I'm sure there are plenty of reversible techniques to apply to a picture that would screen it from this sort of detection. But it would probably catch quite a lot of this material from being circulated.
Re: Don't rely on this so called "report"
Don't a Google search for "site:.science" shows a LOT of sites, and you can tell straight away that a large quantity of them are complete crap.
There is of course a caveat with just counting the number of bad domains.. if you take a worthy domains such as theregister.science then it counts as just one good domain, but obviously the value of that domain is much greater. Thus you can have 99% crap and 1% of actual value. Yes, I'm still minded to block some of these.. but you need to be aware of collateral damage.
How to detect and stop it..
All our corporate computers are joined to a domain and are managed by WSUS. However, a small number of laptops (about 0.5%) managed to initiate the download despite having policies to block running the GWX component in place. It looks like the process might have triggered when the laptops were outside of our corporate environment. We spotted the unusual traffic before it became a problem.
If you log your internet traffic, then searching for "10240.16384.150709-1700" is useful to reveal who is downloading Windows 10 components on your network.
Microsoft have some new guidance on how you can block the OS upgrade here:
If you run the DOC (or DOCM or whatever) through olevba.py (http://www.decalage.info/fr/python/olevba) then it will extract the underlying macro. It will be heavily obfuscated, but the obfuscation itself is a clue that it is bad.
Alternatively, Payload Security's Hybrid Analysis (hybrid-analysis.com) does a very good job with these malicious documents, and will show what network traffic is going on.
The mistake was.. Symbian
I pretty much agree with the article 100% - Elop found Nokia in an impossible situation that was not of his making. He tried a high-risk high-reward strategy with Windows which didn't really work out. Android would have been a low-risk but low-reward approach, as the article says.. Android manufacturers are hardly raking in the cash. Sticking with MeeGo looked very much like a high-risk low-reward approach, so dumping it was probably the best decision. So the choice was really between Android and Windows. Choose one.
I think the crucial mistake was how Elop dealt with Symbian. When he become CEO, I believe that Symbian was still the best-selling smartphone platform in the work. While it lacked the capabilities of main rivals iOS and Android, it was still a very capable and lightweight OS with a ton of applications available for it.
Prior to Elop, the idea was that Symbian would move downmarket into Series 40 territory with Maemo/MeeGo taking the high end. Insteal, Elop announced that Symbian would be phased out which had the Osborne Effect on Symbian sales which collapsed, leaving a huge hole in Nokia's sales book. Then, crazily, they tried to add more features into Series 40 to make it more Symbian-like.. for example the Asha series of devices. That was a lot of effort to re-create something they already had.
Symbian certainly has its detractors, but the final Nokia Belle handsets were really rather good.