trickery.net  

Go Back   trickery.net > Technical > Software & Security

Reply
 
Thread Tools
Old 12-May-2017, 16:56   #1
BFH
Fixer of dead hard drives
BFH's Avatar
Join Date: Oct 2003
Location: The Final Frontier
Posts: 3,643
BFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond repute
NHS cyber attack

The police network isn't connected to the internet - presumably the NHS one isn't either... which means some stupid fuck walked in with a non protected USB pen drive. Either way, the IT team really dropped the ball...

hope they tested their backups recently.

they do run backups right...? (this is government so all options are open of course).
__________________
Elite Dangerous Current ship: Imperial Clipper,Cmdr Naughtius Maximus,Moto: fuck it
The BFH: http://www.andystoolkit.co.uk/thebfh.php
BFH is offline  
Reply With Quote
Old 12-May-2017, 17:02   #2
GroovYF
Octave Doctor
GroovYF's Avatar
Join Date: Oct 2003
Location: Halifax & Leeds
Posts: 23,766
GroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond reputeGroovYF has a reputation beyond repute
Major firms in Spain hit with it this morning. Telefonica got it.
I was just reading comments on El Reg and someone's suggested the NHS network is handled by Telefonica? (N3 network)

We have offices in Spain and I was asked to check some file servers out for anything malicious.... luckily nothing.
__________________
photoblog
GroovYF is offline  
 groovyf 
Reply With Quote
Old 12-May-2017, 17:25   #3
[n00b]Zippy
Waterborne Trailer-Trash
[n00b]Zippy's Avatar
Join Date: Oct 2003
Location: Shropshire Union Canal
Posts: 12,825
[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute
I used to have N3 access from my desk at home. The NHS's attitude to patient data security was woeful when I was contracting for them. At the Trust I did most of my work for, I could take database backups from every major clinical and administration system whenever I wanted and do whatever I wanted with them, including taking them offsite in whatever format I wished, unanonymised and unencrypted. I was also a domain administrator as they couldn't be arsed finding out what specific privileges I needed and granting them. From the other half-dozen or so Trusts I did less work for, I have no reason to believe that they were any more secure anywhere else.
__________________
And now we rise and we are everywhere
[n00b]Zippy is online now  
Send a message via MSN to [n00b]Zippy
Reply With Quote
Old 12-May-2017, 17:29   #4
Fulmineus
karma killer
Fulmineus's Avatar
Join Date: Nov 2003
Location: Colchester
Posts: 17,521
Fulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond reputeFulmineus has a reputation beyond repute
Sounds like a confession!
__________________
belua vasta, lupus! udisque paludibus exit,
oblitus et spumis et sparsus sanguine rictus,
fulmineus, rubra suffusus lumina flamma.


Say NO! to capital t Sponsored by AQA
Fulmineus is offline  
Reply With Quote
Old 12-May-2017, 20:41   #5
Scorpius
Spilling Campion 2008
Scorpius's Avatar
Join Date: Oct 2003
Location: Preston
Posts: 4,560
Scorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond reputeScorpius has a reputation beyond repute
Quote:
Originally Posted by Fulmineus View Post
Sounds like a confession!
we should elect such a person to be Prime minister
__________________
“If cats looked like frogs we'd realize what nasty, cruel little bastards they are. Style. That's what people remember.”
Sir Terry P
R.I.P 12/03/2015
Scorpius is offline  
Send a message via MSN to Scorpius  g1ausbaltar 
Reply With Quote
Old 12-May-2017, 20:51   #6
cunning-stunt
Falling to bits.
cunning-stunt's Avatar
Join Date: Oct 2003
Posts: 4,756
cunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond reputecunning-stunt has a reputation beyond repute
Could be NSA exploit to blame.

https://www.forbes.com/sites/thomasb.../#66412b0de599
cunning-stunt is online now   Reply With Quote
Old 12-May-2017, 23:11   #7
burundi
WARNING: May contain nuts
burundi's Avatar
Join Date: Oct 2003
Location: Prestonia
Posts: 11,498
burundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond repute
Mcafee has released an extra .dat file to push out via EPO to block this.

The file extensions to look for using file screening are: .wnry, .wcry, .wncry, and .wncryt

It is an exploit patched by MS in March. Get your systems patched.

Looks like your standard email containing dodgy link vector so far although that hasn't been confirmed as definite yet.
__________________
I arose gigantic and black, I howled at the night and the night howled back.
burundi is offline  
 Geldrey 
Reply With Quote
Old 13-May-2017, 00:15   #8
[n00b]Zippy
Waterborne Trailer-Trash
[n00b]Zippy's Avatar
Join Date: Oct 2003
Location: Shropshire Union Canal
Posts: 12,825
[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute[n00b]Zippy has a reputation beyond repute
Reported as a worm on the BBC
__________________
And now we rise and we are everywhere
[n00b]Zippy is online now  
Send a message via MSN to [n00b]Zippy
Reply With Quote
Old 13-May-2017, 20:10   #9
burundi
WARNING: May contain nuts
burundi's Avatar
Join Date: Oct 2003
Location: Prestonia
Posts: 11,498
burundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond reputeburundi has a reputation beyond repute
Once it gets into a system it spreads, but to get into the system in the first place dodgy links appear to be used.
__________________
I arose gigantic and black, I howled at the night and the night howled back.
burundi is offline  
 Geldrey 
Reply With Quote
Old 14-May-2017, 10:06   #10
PsYcHoKiLLa
topicophiliac
PsYcHoKiLLa's Avatar
Join Date: Oct 2003
Posts: 2,195
PsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond reputePsYcHoKiLLa has a reputation beyond repute
Quote:
Originally Posted by BFH View Post
The police network isn't connected to the internet - presumably the NHS one isn't either... which means some stupid fuck walked in with a non protected USB pen drive. Either way, the IT team really dropped the ball...

hope they tested their backups recently.

they do run backups right...? (this is government so all options are open of course).
It's e-mails, dumb people constantly clicking links in e-mails when they don't know where it came from, I work on IT support and have been on 3 of the NHS lines. They all have allocated share folders of their own and also communal ones so as soon as they do that the worm is off and running.

...and yes, they're supposed to have nightly backups of the network folders but sometimes it doesn't happen.
PsYcHoKiLLa is offline  
Reply With Quote
Old 14-May-2017, 20:58   #11
EvilGrin
my other forum is full
EvilGrin's Avatar
Join Date: Oct 2003
Location: Lancs, UK.
Posts: 8,070
EvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond reputeEvilGrin has a reputation beyond repute
Private Eye - April 2014

__________________
Edugeek - Techies in Education!
EvilGrin is offline  
Send a message via ICQ to EvilGrin Send a message via AIM to EvilGrin Send a message via MSN to EvilGrin Send a message via Yahoo to EvilGrin  EvilGrinUK 
Reply With Quote
Old 15-May-2017, 10:42   #12
Brocken
Bit lost
Brocken's Avatar
Join Date: Oct 2003
Posts: 5,932
Brocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond reputeBrocken has a reputation beyond repute
Heh - I'm signed up to gov.uk civil service job alerts in IT. Here are the ones from this morning:

W115 Tech Open - Computer Network Operations Specialist
W115 Tech Open - IT Infrastructure Engineers
W115 Tech Open - Software Engineers & Developers
W115 Tech Open - System Engineers & System Designers
W115 Tech Open - Cyber Security and Information Assurance
W115 Tech Open - Communications Technology Analyst
W115 Tech Open - Maths and Cryptography
W115 Tech Open - Critical national Infrastructure Technical Specialists

Normally there's only one, maybe two a week.
Brocken is offline  
Reply With Quote
Old 15-May-2017, 11:00   #13
Inertiaman
Join Date: Oct 2003
Posts: 39,331
Inertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond repute
Wanted - Stable Door Bolter. No experience of horses required.
__________________
Quote:
Originally Posted by Karmic
what you say doesn't count for shit because you rely on quotes from websites that are obviously biased
Inertiaman is offline  
Reply With Quote
Old 15-May-2017, 12:54   #14
BFH
Fixer of dead hard drives
BFH's Avatar
Join Date: Oct 2003
Location: The Final Frontier
Posts: 3,643
BFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond repute
Quote:
Originally Posted by Inertiaman View Post
Wanted - Stable Door Bolter. No experience of horses required.
missed off "must have experience of government ineptitude"
__________________
Elite Dangerous Current ship: Imperial Clipper,Cmdr Naughtius Maximus,Moto: fuck it
The BFH: http://www.andystoolkit.co.uk/thebfh.php
BFH is offline  
Reply With Quote
Reply

Go Back   trickery.net > Technical > Software & Security


Similar Threads
Thread Thread Starter Forum Replies Last Post
Google targeted in large-scale cyber attack - TOYS EVERYWHERE! Red7 Current Affairs 58 25-Mar-2010 11:12
Bush prepares to attack Iran - his generals prepare to quit.. DarthWtf Current Affairs 40 05-Mar-2007 20:59
Total Realism mod for R:TW. EvilGrin Real Time Strategy 0 24-Oct-2004 00:57
ATTACK ATTACK ATTACK fab Quake & Doom Series 38 26-Nov-2003 14:49

Users Viewing Thread: 1 (0 members and 1 guests)
 

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 18:41.


Powered by vBulletin® Version 3.7.0 Release Candidate 3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright ©2003 - 2013, trickery.net