I agree but when you have 10k machines plus 10k servers nothing gets rushed just incase it all goes wrong - have seen it go wrong before. Also with MS firing out so many updates you end up doing things in batches in schedule upgrades (which can be once a month based on some SLA's)
NHS computer systems hacked!?
- Thread starter Tone1979
- Start date
I agree but when you have 10k machines plus 10k servers nothing gets rushed just incase it all goes wrong - have seen it go wrong before. Also with MS firing out so many updates you end up doing things in batches in schedule upgrades (which can be once a month based on some SLA's)
How does that work if e.g. the company you just bought £3bn worth of MRI machines goes out of business and is no longer updating the software? Just bin them and spend another £3bn replacing them?
Yep. In other government departments XP has only just been replaced. The contractors avoided doing it for years and years, then eventually bailed. Which is why some have started bringing back in-house IT.
Interesting about the killswitch - could fake the dns and appropriate response on a network maybe - but I'd be wary there might be some catch to that :s maybe there is some way they could exploit that though I can't see it.
Looks like it has a secondary backdoor payload and the ability to use that to try and infect machines that aren't directly exploitable as well as the RDP iteration :s
which just shouldn't be acceptable in this day and age, hence strengthening the law. If you aren't holding any customers data then do what you want. If you are then do it properly or outsource.
Thanks for this, rather interesting reading. Does this mean that the code was effectively open source? (I have no idea how these things work, but my interest is piqued)
I work for a very large business that's entirely owned by a company that exists solely for the purpose of providing money to people at the top of the hierarchy, i.e. exactly the opposite of the purpose of a state-run organisation. It uses a mix of WinXP, Win7 and Win2K Server.
The obvious reason is money and the usual short term thinking. It would cost money to buy licenses. It would cost money to hire enough people to be able to do the job. This is money that wouldn't be going into the pockets of the people at the top of the heirarchy, so it's perceived by people who can make the decision as being a waste of money. It's cheaper in the short term to keep an inadequate number of people trying to juggle everything to keep systems just about working most of the time. It's more expensive in the long term, but long term thinking is rare. This is how most businesses work, regardless of whether they're run by the state or to provide as much money as possible to people at the top of the hierarchy.
With Win10, another obvious reason is security. Since Win10 is designed to be spyware and a rootkit, it's at least debateable whether it's the right thing to be used for anything that might have any confidential information on it.
or you know design new software.
Mri also doesn't hold customer data, so don't have it on the larger network or connected to the internet.
Sorry its late and I dont get you - if this crytolocker was weakened crypto then it could be broken (or backdoored) and everything would be good taking the snoopers charter on board with its horrible implications.
The current situ is crypto is very difficult to break allowing this stuff to happen - hence today with one of two outcomes - pay the money or rebuild everything from bckups
Whilst I agree the snoopers charter stuff is wrong it doesnt affect this other than to make it easier to fix
The R&D costs of developing that software in the first place are probably massive - redoing all that work essentially blind is going to multiply that :s
No it wouldn't make it easier to fix. You think virus writers would actually leave a backdoor in their own virus? They don't care what the laws says.
I'm not putting it very clearly - quite tired and I know what I'm saying in my head but not able to convey it very well.
There isn't some sort of cryptography council which sit around and only invent cryptography methods that the UK government is happy with, erase all traces of previous research and implementations worldwide, and the people who make malware then decide to obey the law and only use backdoored crypto algorithms. The only outcome would be that companies that need to abide by the UK laws are fundamentally less secure as a result.
Tell me about it!
I work for a police force and we completed upgraded all our system to Windows 7 back in February this year.......THIS YEAR!!!! And here is me completing my MCSA in Windows 10 certification oday. When they finally decide to upgrade to Windows 10, I wont be around to help them.
And asim18...companies who want to use Windows 10 because its a "virus" according to you. They use Windows 10 Enterprise...Windows 10 but with no fluff
If you want go all tin foil hat with it then you combine it with WSUS too.
Last edited:
if such laws existed, who in there right mind wouldn't get annoted/documented source code and full rights as part of the purchase of such equipment.
It would need a significant shake up of the law - a lot of those type of systems aren't shipped with code due to IP reasons i.e. so as not to facilitate competitors, etc.
While on the other hand the kind of systems we use at work would normally have full documented source as part of the contract.
Defence did theirs last year, but it isn't vulnerable to these kind of infections. They use their own infrastructure (as in actually having their own routes through BT's exchanges) and it's all encrypted. Other departments pretty much get shafted, because when the contractors screw theirs up, the military police don't kick their door in.
So now every company purchasing software needs a team of developers to audit the code. Why wouldn't they make their own software at that point? The cost would make it unfeasible.
did you miss the last dozen posts, yes it would and it would take a long time until it could be enforced, and as I said that is why it should be done asap.