Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-17 Thread David Lochrin
On Tuesday 16 May 2017 at 10:40 Jim Birch wrote: >> it's difficult to see why any organisation would prefer Windows. > > 1. Existing applications and infrastructure > 2. Existing staff skills and available skills in new recruitments > 3. System component interoperability > > It's difficult to

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-15 Thread Dr Bob Jansen (in Korea)
The South Korean government has previously mandated XP/IE/ActiveX for gov funded web sites, so you need IE and ActiveX to do anything official in Korea. However, this ruling has been relaxed but I suspect the investment in the technology is too much for most organisations to change. I suppose,

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-15 Thread Jim Birch
> it's difficult to see why any organisation would prefer Windows. 1. Existing applications and infrastructure 2. Existing staff skills and available skills in new recruitments 3. System component interoperability It's difficult to see how a moderate to large organisation that uses Windows

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-15 Thread Tom Worthington
On 15/05/17 12:14, David Lochrin wrote: ...Debian offers a number of GUI implementations, including the widely used KDE which can be configured to have the traditional Windows look & feel. Yes, I use the Mint Linux with an old fashioned Windows interface. ... it's difficult to see why any

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread Roger Clarke
At 11:32 +1000 15/5/17, David Lochrin wrote: >https://technet.microsoft.com/en-us/library/security/ms17-010.aspx#MS17-010 Thanks David! It's dated 14 Mar 2017. So I wonder how many times sites have been bitten by bad patches, and have decided to always wait x patch-releases or y weeks before

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread David Lochrin
On 15/05/2017 11:32, David Lochrin wrote: > [...] the relevant Microsoft reference is "Microsoft Security Bulletin > MS17-010 - Critical" at > https://technet.microsoft.com/en-us/library/security/ms17-010.aspxMS17-010 > > This gives links to the relevant updates for various MS O/S. Sorry about

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread Jim Birch
On 15 May 2017 at 12:11, JanW wrote: why didn't it find these 'baddies' when they were delivered? Because the list of threats is constantly increasing. There's an army of people out there developing detection and countermeasures. An attack like this causes a flurry of

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread David Lochrin
On 15/05/2017 11:35, Tom Worthington wrote: > Over the last five years I have been a student at three higher education > institutions. The enrollment instructions for each said I had to have > Microsoft Windows (or Apple OS) and the Microsoft Office suite. I ignored > this and used Linux with

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread Tom Worthington
On 15/05/17 11:08, Roger Clarke wrote: ... You'd hope that individual IT Directors / CSOs did some homework by Sunday evening at the latest ... I would hope that IT directors do not have old, un-patched copies of Windows as part of their infrastructure. If they do, then the organization

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread David Lochrin
On 15/05/2017 11:08, Roger Clarke wrote: > And it doesn't include information on which patch-package, of which date, > affecting which software, is the one that matters A bulletin from CERT was waiting in my inbox on Sunday morning. I'm not at my usual computer now and so can't forward it, but

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread Jim Birch
Maybe they should have waited for someone to register the domain then got a vigilante squad of recently retired HNS execs to pay him a visit. Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread Roger Clarke
At 12:25 +1200 15/5/17, Paul Bolger wrote: >Also interesting over here (NZ) that the media spent the weekend reporting >the attack, but didn't bother to tell people how to avoid being attacked >themselves when they returned to work this morning. The only Staysmart Alert that's arrived so far

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread Scott Howard
No, but you can have it do a TXT lookup and check the response, or something similar. For bonus marks, sign the response using an asymmetric key so that it can't be reverse engineered. (or any one of a thousand other options that would be far better than a single DNS lookup as this one seemingly

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread Hamish Moffatt
On 15/05/17 10:25, Paul Bolger wrote: The next one will have the kill switch encrypted. I think it was discovered by watching the network traffic from an infected computer - the investigator would have noticed the DNS lookup requests for the magic domain. You can't encrypt that. Hamish

Re: [LINK] British researcher finds a 'kill switch' for global cyber attack

2017-05-14 Thread Paul Bolger
The next one will have the kill switch encrypted. Be interesting to know if anybody who has tried to pay the ransom actually got their files back. I suspect that the perpetrators weren't expecting quite this level of success, and may be swamped by the upsurge in custom.