Toggle sidebar

News Article: That big ransomware attack yesterday

This gets into the weeds of programming more than most on here would care to be:

https://jaxenter.com/power-ten-nasas-coding-commandments-114124.html


NASA's Jet Propulsion Lab did research on reliable software add that article basically goes over their findings. The principal researcher, Holzmann points out: "If the rules seem Draconian at first, bear in mind that they are meant to make it possible to check code where very literally your life may depend on its correctness: code that is used to control the airplane that you fly on, the nuclear power plant a few miles from where you live, or the spacecraft that carries astronauts into orbit."


And their findings are often considered in parts in the for-profit world but cast off in whole because they eat too much into profitability.
 
rgw said:
The problem here is ultimately that Microsoft, Apple, Google, and basically everyone else in the software or internet service business are not making their software like a life depends on it. When each started they weren't seeking the infrastructure market but eventually they got there and didn't turn away public and private infrastructure entities when they offered to give them tons of money to use their software products or services. But their software does not live up to the rigors of infrastructure, life-or-death type systems. They're failure prone, typically under-reviewed, often over-engineered. At this point, it is a free market failure because we accept their haphazard "fix it in post" patch approach instead of demanding that they eat some of their huge cash hordes to shore up their systems to make them infrastructure-capable. God forbid we tell our corporate betters who increasingly hold people's lives in the balance that they can't profit as much for awhile until they fix their mess. Bad programming kept ambulances off the road in Britain. There is a real human cost here and Microsoft and others can't keep getting away with it.
Click to expand...

As someone from the other side of this I'll say customers are to blame for demanding cheaper and buying "good enough" in the place of better solutions. This industry is riddled with great, dead products that offered far more but customers couldn't value the premium. I know I've repped several of them
 
To Microsoft's credit I think the move to the servicing branch model is a move in the right direction. At least you can load LTSB on critical stuff and it has 10 years of security patching with all the features stripped out.
 
Jon said:
As someone from the other side of this I'll say customers are to blame for demanding cheaper and buying "good enough" in the place of better solutions. This industry is riddled with great, dead products that offered far more but customers couldn't value the premium. I know I've repped several of them
Click to expand...


I guess that is the "market failure" I speak of just from the demand side, right? Hah
 
TIDE-HSV said:
I'm thinking about going back to 7. My network ran beautifully on it and has never run adequately on 10. Several MS techs have been unable to help me...
Click to expand...

Earl, I don't know what kind of performance issues you are having but I found that if I use either the edge browser or chrome it helped the performance on my network. Windows 10 does not seem to play well with Internet Explorer for me. I am not any kind of expert that is just what I found that helped issues we were having.
 
PacadermaTideUs said:
Live global WannaCrypt infection map. Good-guy researchers have tapped into the programming in such a way as to be able to track where the malware is propagating in real time. Hope none of you see a green dot appear at your location.

https://intel.malwaretech.com/WannaCrypt.html
Click to expand...

Watching this is like a popcorn machine that never stops. Scary how fast and how far something like this can spread.
 
bama_wayne1 said:
Earl, I don't know what kind of performance issues you are having but I found that if I use either the edge browser or chrome it helped the performance on my network. Windows 10 does not seem to play well with Internet Explorer for me. I am not any kind of expert that is just what I found that helped issues we were having.
Click to expand...
My problem has been that the network is up or down on whim. I never know which other machines I can reach or can reach me. The problem is always "The network path cannot be found," which is about the same thing as saying "The fridge is out of beer"...
 
TIDE-HSV said:
My problem has been that the network is up or down on whim. I never know which other machines I can reach or can reach me. The problem is always "The network path cannot be found," which is about the same thing as saying "The fridge is out of beer"...
Click to expand...
No, "network path cannot be found" = nuisance, "fridge out of beer" = CRISIS
 
In addition to running three AV programs (which cooperate) plus CryptoPrevent, I examine all email in MailWasher and never open attachments I haven't scanned.I'm doing a little pro bono work for an organization supporting our local state park and one of them had some material they had copied from a similar organization. The friend interfacing with me said he had it on a thumb drive. I asked him to just send it to me digitally. Day before yesterday, he wanted again to bring it over on a thumb drive and I had to tell him no outside thumb drive ever got plugged into my network. I posted this in the other thread, but I thought it needed repeating...
 
TIDE-HSV said:
In addition to running three AV programs (which cooperate) plus CryptoPrevent, I examine all email in MailWasher and never open attachments I haven't scanned.I'm doing a little pro bono work for an organization supporting our local state park and one of them had some material they had copied from a similar organization. The friend interfacing with me said he had it on a thumb drive. I asked him to just send it to me digitally. Day before yesterday, he wanted again to bring it over on a thumb drive and I had to tell him no outside thumb drive ever got plugged into my network. I posted this in the other thread, but I thought it needed repeating...
Click to expand...

you are far better than most

https://nakedsecurity.sophos.com/2016/04/08/almost-half-of-dropped-usb-sticks-will-get-plugged-in/

People are still plugging in USB sticks scattered around parking lots, a new study has confirmed.

This time, the researchers hail from the University of Illinois. They decided to test what they call the “anecdotal belief” that people pick these things up and plug them in, so they dropped 297 drives on the school’s Urbana-Champaign campus last year.

Sure enough, they found that if there were real malware on these drives, it would have been successful at infecting those users who plug them in. The success rate fell between 45% and 98%, as they describe in a paper titled “Users Really Do Plug in USB Drives They Find“.

They also found that a USB drive-inflicted infection would take root very quickly: the first drive phoned home to the researchers in less than 6 minutes after it was placed.

Multiple security researchers have already determined that people do this, of course.
Click to expand...
 
Jon said:
you are far better than most

https://nakedsecurity.sophos.com/2016/04/08/almost-half-of-dropped-usb-sticks-will-get-plugged-in/
Click to expand...
I read that a while back. I get Sophos newsletter. I had to explain to my friend that it would be too late the instant I plugged the stick in. There's no leeway to scan it, and that's with autoplay disabled. As I said in the other thread, despite working for decades for Boeing, with a top security clearance, he didn't really understand the problem and had never heard of Stuxnet. I believe he took it personally, but he delivered the hard copy to my house. He leaned it up against the storm door so that I had to exit by another door to be able to retrieve it. I don't know if that were passive-agressive or muddy thinking... :D
 
Jon said:
As someone from the other side of this I'll say customers are to blame for demanding cheaper and buying "good enough" in the place of better solutions. This industry is riddled with great, dead products that offered far more but customers couldn't value the premium. I know I've repped several of them
Click to expand...

There's offering more user features, and then offering more reliability and security. They are not exactly the same. I wonder if the products you were repping offering the latter withoutbalso offering the former at a higher price than needed. Either way, this speaks to rgw's point that there should be some industry standards independent of either side's benefit, at least with respect to life and death infrastructure he was referring to.
 
LA4Bama said:
There's offering more user features, and then offering more reliability and security. They are not exactly the same. I wonder if the products you were repping offering the latter withoutbalso offering the former at a higher price than needed. Either way, this speaks to rgw's point that there should be some industry standards independent of either side's benefit, at least with respect to life and death infrastructure he was referring to.
Click to expand...

I've been in both positions and won't say which one I am currently in :)


Back in the Late 90's I was selling around SAP. I had a unix App servers that were offered with built in redundancy with multiple power supplies multiple NICs, no single points of failure and a very hardened OS in my particular flavor of Unix. I had to start selling Windows NT boxes that had little to no security and little to no redundancy as customers would ultimately push for exactly what I said "good enough". I would still design them as redundant and secure as I could but ultimately when it came PO time the IT guys and/or purchasing people cut that stuff out as they are "Nice to haves and not need to haves" I of course disagree but I was a commissioned sales guy.
 
I used to run a server that Linux of some ilk by Sun Microsystems and it was the most stable piece of equipment I ever had.
 
Jon said:
I've been in both positions and won't say which one I am currently in :)


Back in the Late 90's I was selling around SAP. I had a unix App servers that were offered with built in redundancy with multiple power supplies multiple NICs, no single points of failure and a very hardened OS in my particular flavor of Unix. I had to start selling Windows NT boxes that had little to no security and little to no redundancy as customers would ultimately push for exactly what I said "good enough". I would still design them as redundant and secure as I could but ultimately when it came PO time the IT guys and/or purchasing people cut that stuff out as they are "Nice to haves and not need to haves" I of course disagree but I was a commissioned sales guy.
Click to expand...
"Release no OS before its time," said MS never...
 
AUDub said:
Likely UNIX. Solaris or SunOS, depending on when you had it. And yes, *nix servers are extremely stable. I keep a Debian server running in the basement. It simply does not crash.
Click to expand...

You are correct AuDub it was Unix. It was a server with about 1,000 pieces of equipment connected via a monitoring system for production and quality analysis. It seems a lifetime ago.
 
You must log in or register to reply here.

New Posts

Advertisement

Trending content

Advertisement

Latest threads

Top Bottom
Back