Windows 10: Cyber attack in UK, US, China, Russia, Spain, Italy, and others

Hi there @Fafhrd

Even TEXT based email is hackable -- people will want stuff scrambled -- confidential email e.g patients condition etc you certainly don't want to send in plaintext -- and that's where a piece of malware could be sent -- low tech can be even HARDER to fight against than High tech.

Do you remember way back when when we had things like BBS's (Bulletin Boards) before web browsers became universal. People could transmit binary data by encoding it into ASCII where it would be converted back on the recipients terminal / computer.

You might remember XMODEM and YMODEM protocols and probably the best known ZMODEM

ZMODEM - Wikipedia

I'm afraid the text based solution won't work -- also doctors etc might need photos etc so not a practical alternative.

@dalchina

With a DISTRIBUTED system it should be easier to have 24 hr access not LESS -- a central system if it goes down is much more vulnerable. Of course with distributed systems keeping data up to date is not a trivial problem but is "do-able" and if I were a doctor a say 3 hr old record would be 100% better than NO record but there's no reason why data shouldn't be up to date -- Airline companies do this type of thing all the time --thank goodness THEY weren't hacked or that could have caused SERIOUS problems.

Cheers
jimbo

 

If your email reader - like PINE - remember? - only shows text, encrypted stuff is gobbledygook. Jim, I said "attachments".

Anything confidential should be sent as safe attachments.

Scanned at source, verified as clean, signed and the credentials checked on receipt. If not found to be bonafide, then anything except the plain text in the message body, is rejected with an automatic reply to sender, and message of action taken to recipient.

If all attachments received are centrally scanned for malware - doublecheck! - usually Word documents, zipfiles, & images, and opened in sandboxed environments for the user then the system should be unaffected.

 

The attack has been stop the kill switch has been triggered which abort its 'Accidental Hero' Finds Kill Switch To Stop Wana Decrypt0r Ransomware - Slashdot

 

The NHS claims that the number of systems based on XP has been much reduced over the last few years, down to less than 1 in 20. The spokesman denied the effect of the attack was due to using older systems. (Truth? Spin?)

Many NHS trusts are back up and running again.

Note the Nissan factory in the UK was also affected. Doubt that was using XP.

 

Probably just unpatched.

 

Hi there

@Fafhrd


I remember using Pine -- and also probably the worst Office type of system I've ever encountered --Old IBM system running on a mainframe called PROFS !!. Fortunately that was back in the annals of time !!!

Problem with "Scanned at source" -- is By WHOM and By WHAT. If documents are confidential you don't really want ANY 3rd party stuff to even LOOK at them.

It's still relatively easy for some scumbag if he / she (or more likely an it) knows what to do with a datascope in a server farm which can easily pick up plaintext so leaks are almost impossible to stop unless the whole datacentre (servers etc) are 100% Dark -- and that's not so possible these days with Cloud and 24 / 7 operations.

Humans will always commit "pecaddillos" -- it's virtually impossible to guarantee the honesty of 100% of a huge workforce -- especially when big money is involved.

Perhaps we should get back to SNAIL MAIL or these days DRONES can deliver objects within hours. Carrier Pigeons are also only hackable by Farmers with Shotguns !!!!

Low tech is actually very difficult to Break --this might be surprising to some of the younger generation bought up on mobile phones etc etc. My best teachers years ago were often people who had worked in "certain professions" in some small countries in sensitive areas of the planet -- even years later on that training is still valuable and just as valid today as it was when I was a keen young thing just leaving Imperial College London as an enthousiastic Engineer. !!!

Cheers
jimbo

 

Hi Jimbo,

I think mail is scanned anyway by antimalware - looking for known code signatures and heuristically for segments that may indicate that the code could call home, and send data or download further malware executable code using certain ports.

The acid test is the speed of throughput - there should be a limited mean period between receipt and delivery of any quantity of data for any item, if the data is delayed between these points then alarms should ring, and flag the point of delay. Delay means other unwanted processes taking place, like copying or decrypting.

But yes, there are always leaks and dishonest staff, and you are right that any security measures are likely to be circumvented, and the less security in place, the less likely folk will try to purloin stuff - if you put a fence round it it becomes more attractive to a thief.


I was based at Imperial College for periods between 1977 and 1983, some of the time in the Inorganic Chemistry labs of the Nobel Laureate, the late Sir Geoffrey Wilkinson, trying to develop variant homogeneous catalysts for in-vitro cell membrane lipid modulation for my work at Chelsea College just down the road. Brilliant, down-to-earth guy to work with.

 

I've used CryptoPrevent since the day it came out.

 

SecureAplus premium is free from Sharewareonsale today
- 12 AV engines
- white listing

SecureAPlus also smartly does application whitelisting upon install and automatically updates and maintains the list of trusted applications...

SecureAPlus works and plays well with others by keeping its antivirus engines in the cloud. Not only does this make it inherently fast even on older machines but also lets it work alongside other antimalware and antivirus software, or even other security apps like firewalls and sandboxing.

Hmm, well, on a trial basis with Avast installed, a full scan ran ok. Not sure I'm happy about having two AV solutions though... and how does cloud scanning work- 'unknown' files would have to be uploaded for analysis, wouldn't they- like Virustotal?

Daily software giveaway and discounts | SharewareOnSale