Posts by Halfmad 881 publicly visible posts • joined 16 Jan 2013
That's entirely irrelevant, managing your assets, having a good up to date audit of what is installed on your endpoints and servers is IT management 101. You can't secure something if you don't know what you have, they didn't know. This is just one of likely many failings on their part.
So likely they had no inventory, no vulnerability scanning, no third party patching solutions etc at a minimum.
Great in theory assuming these companies have them but as most will be smaller private clinics (At least in the UK) I can put money on them not having any in-house IT staff, nevermind CIOs etc.
NHS is very unlikely to be directly affected as DICOM will be at least behind national boundaries like PSN/SWAN etc however that doesn't mean this isn't NHS data and NHS patients..
Cost of a bus journey to my work is greater than a train ride, there are fewer of them (1 bus per hour, 2 trains per hour) and the journey takes longer compared to a train (bus is 45 minutes, train 8) due to the route.
Monthly tickets are cheaper however, but not by much and ironically if the trains aren't running I get a more direct route which is faster by replacement bus service than by bus.. where as if the bus isn't running I get to pay for my own taxi.
Not all departments want to accommodate it, mine doesn't. I work in Infosec, could easily work from home 4 days a week but because my boss wants to see me in the office that's where I am - constantly interrupted as a result. On the couple of days I've been allowed to work from home I have no only got more done but the quality of work has been better IMHO.
I did use to work from home a lot though so I'm very disciplined about it and if anything work harder to keep the perk.. or I did.
When I worked in schools the Arts and IT staff were the most chilled there, the name of a software wouldn't have been a problem.
I deployed GIMP to several hundred PCs in high schools, back then "GIMP" was a term used in gaming to say something had been reduced in effectiveness and that's how the kids also used the word.
I've said it before on here but the current method of ransomware attacks isn't that dissimilar to old Saxons ponying up the silver to the Vikings in the 800s-900s etc.
Sh!t happens
Person in charge panics or realises they are defeated.
They pay up.
Person in charge doesn't bother improving defences.
Rinse and repeat again later on. They never learn.
Also worked for a UK council, thing is even though there is waste things like backups were still considered incredibly important and has proper processes in place unlike just about everything else. Office backups, regular testing of backups etc was all done.
Room for improvement but the picture is no where near as bad as the US in this one case IMHO.
There's typically a common theme running through these infections - outsourcing.
You look at them and IF they have IT staff there's hardly any of them, most or all services are outsourced so nobody actually "cares" about the IT infrastructure as failures may well generate revenue and use up service tickets to resolve.
Now look at UK councils, most don't outsource and the result is MOST do the basics very well like backups. Those that do outsource will typically keep key services like that in-house specifically to ensure it's done correctly and incident response is so much faster and more effective as a result.
Years ago my parents wanted a laptop. I went online and spec'd them one as any dutiful son would. Even gave them 3 options.
They went to PCW, first I knew about it was when I visited and my Dad said it was a "bit slow". When I saw the laptop I asked where he got it, when he told me I just groaned.
Silly me though I assumed it would be all the crapware that was bogging it down - not entirely. It was one of the slowest HDDs I'd ever seen, far too little RAM for Windows 8 and running on a very "low power" AKA useless CPU.
Sadly by that point they couldn't return it as they'd had it too long and didn't want to cause a fuss. They did however never ignore my advice again and I built my Dad a gaming PC a few years later.. nothing like seeing a 70 year old playing Skyrim!
Years ago I use to run IT for a group of schools, during build up to the summer holidays I'd order in PCs to replace existing but ageing ones, I'd always order 2-3% more than needed. When asked why - I explained to management that we expected at least a 1% failure rate on either the base unit or monitor and as the rooms had a fixed number of PCs needed per class, (typically 20 + 1 teacher) we had to ensure those were identical and working. The only way to avoid being a few down, as these would be installed right up until the day before students came back was the over-order and have the faulty units RMA'd and used elsewhere in the schools e.g. admin areas when they came back, the "extra" PCs would be used after all, no money wasted.
Took them a while to get to grips with it but as it was an operational thing and we typically got a larger discount by ordering in greater numbers they were OK with it. As you said singular experiences aren't really helpful. I'd be ordering 1500-1600 PCs for every summer, some years were better than others depending on who we were forced to buy from (Dell/HP etc) but failure rates were always around 0.8-1.1% typically PSU related or damage en-route.
I still use my Kindle from 2012 or so, has no backlight etc but I like it's dull screen, somehow easy on the eyes in a well lit room and have no desire to replace it.
Doesn't stop Amazon spamming me relentlessly to do so but the fact my kid has stood on mine and it's still going strong has won me over, great little basic device.
Yeah the permissions especially are simply far too relaxed on the Android store, it should always be the minimum required.
Then again on IOS it's not much better. I have bought an app but because I don't allow it to collect telemetry data it simply keeps putting a banner across the top saying we aren't "supporting them". I mean WTF? I literally bought the app you *****.
If you need local access to pwn, then you could do just about anything on that PC anyway.
I guess HOW he got access locally may be the question here, did he leverage the Steam client etc? Doesn't sound like it but wierder things have been done via steam chat in the past!
Trump voters? Jump lumping them all together now? Wow - blame a group with no power over the decisions being taken.
The voted before the Huawei nonsense came out, should they all be condemned for not having clear enough crystal balls too?
Why is it these days people are collectively blamed without any evidence or consideration of how you group them? Just blame them all.. what a society.
You don't have to stop, you have to moderate. Use what is useful and stop the instagram/twitter etc nonsense unless it's actually beneficial to you (it is in limited cases).
I don't see technology as the problem, it's how SOME people use it that is.
Many of us have no option but to have a phone on us for work, as a carer etc. If you've ever had parents with dementia you know having your phone on you can save a life.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
