topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:46 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: [Breaking News] Cyber Attack cripples UK NHS.  (Read 18575 times)

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,741
    • View Profile
    • Donate to Member
[Breaking News] Cyber Attack cripples UK NHS.
« on: May 12, 2017, 12:01 PM »
NHSCA.png

From: http://www.bbc.co.uk...news/health-39899646

A major incident has been declared after NHS services across England and Scotland were hit by a large-scale cyber-attack.
Staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.
The BBC understands up to 25 NHS organisations and some GP practices have been affected.
It comes amid reports of cyber-attacks affecting organisations worldwide.
A Downing Street Spokesman said Prime Minister Theresa May was being kept informed of the situation, while Health Secretary Jeremy Hunt is being briefed by the National Cyber Security Centre.

Follow Developments Live

Read More: http://www.bbc.co.uk...news/health-39899646
« Last Edit: May 12, 2017, 12:10 PM by Stephen66515 »

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,741
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #1 on: May 12, 2017, 12:03 PM »
Doesn't seem to be directly aimed at the NHS and seems more like it was an unintentional hit - Hopefully the coder behind the malware learns of what is going on and comes forward with decryption keys - It's happened before (with somebody releasing decryption keys) so it isn't impossible!


wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,741
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #3 on: May 12, 2017, 02:56 PM »
https://www.wordfenc...;utm_campaign=051217

It is important to note that unsupported versions of Windows, like XP, did not receive this security update.

Exactly what I have been saying to people who are talking about this issue.  If you are still on Windows XP (Which has not received any security updates for over 3 years now) the only person at fault, is you.  If you don't take very basic measures to keep your system secure then there is nobody else you can blame (Yeah you can blame the malware dev but when there are very VERY basic steps to mitigate these issues...)

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #4 on: May 12, 2017, 03:14 PM »
https://www.wordfenc...;utm_campaign=051217

says that there was an update for this in March ...
According to Microsoft a fix for this vulnerability was released on March 14th for all affected versions of Windows.
Tom

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #5 on: May 12, 2017, 03:45 PM »
https://www.wordfenc...;utm_campaign=051217

says that there was an update for this in March ...
According to Microsoft a fix for this vulnerability was released on March 14th for all affected versions of Windows.

Just because there was an update doesn't mean that everyone did so.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #6 on: May 12, 2017, 04:11 PM »
^ well, yeah, that was my point, if a little understated :D

EDIT//
I was presuming that some of those affected were using more recent OS's (and simply not updating regularly), but may be wrong there
//EDIT
Tom
« Last Edit: May 13, 2017, 01:03 AM by tomos »

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #7 on: May 12, 2017, 04:33 PM »
An OS that was released over 15 years ago, in an age where people pay for latest phones, latest consoles and other gadgets ... sorry but that's silly. We are not in a time where we can be lax about privacy. Mitigating cyber attacks, ransomware are very much a subset of privacy surely.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #8 on: May 13, 2017, 12:18 AM »
An OS that was released over 15 years ago, in an age where people pay for latest phones, latest consoles and other gadgets ... sorry but that's silly.
Yes and no.

In general, I agree that it's silly to cling on to an operating system that's that old - but there might be good reasons for it at a hospital. They have special equipment that sometimes, unfortunately, need drivers that haven't been updated for modern systems.
- carpe noctem

6DecadesOld

  • Participant
  • Joined in 2017
  • *
  • default avatar
  • Posts: 13
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #9 on: May 13, 2017, 05:39 AM »
I thought there were certain entities in possibly the commercial arena that were still able to receive updates for XP, if they had some sort of special code in the registry.  I am not sure about medical facilities, but I thought that some financial institutions had XP still in some ATM systems and that Microsoft was still giving them a kind of minimum support.

And that point about some equipment in older hospitals requiring the XP OS seems not too far-fetched.

Just a few months ago I surprised a dentist I was seeing for the first time; I saw his monitor near the chair and he was using that system for recording my information and I recognized it was an XP system.
Do you still have your TRS-80?

dr_andus

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 851
    • View Profile
    • Dr Andus's toolbox
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #10 on: May 14, 2017, 06:37 AM »
This incident highlights some interesting issues concerning corporate social responsibility. If you have a product (e.g. Win XP) that has fundamentally changed the world and the world in its current form still relies on it to function, then you (MS) can't just decide for commercial reasons to entirely abandon it (and the world). I mean you can, but it is not right and it will have consequences, including commercial ones.

If I was a non-US large organisation such as the NHS, I would think twice about continuing to invest into MS products and would start very quickly to consider alternatives (such as the French police that went with Linux). There are also national security issues for a non-US country to have such a total reliance on the product of a single US corporation:

Europe's reliance on Microsoft has governments under a worrying digital 'killswitch'


Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #11 on: May 14, 2017, 08:17 AM »
An OS that was released over 15 years ago, in an age where people pay for latest phones, latest consoles and other gadgets ... sorry but that's silly.
Yes and no.

In general, I agree that it's silly to cling on to an operating system that's that old - but there might be good reasons for it at a hospital. They have special equipment that sometimes, unfortunately, need drivers that haven't been updated for modern systems.

Many of our clients are medical, and this is indeed quite true. Also - just to make things worse - since these systems frequently manage to be just complex enough to offer/require a (remote) support agreement...Air Gaping is not an option.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #12 on: May 14, 2017, 08:25 AM »
It is the faults of the UK and US governments primarily.

It is the US governments fault for legislating that the NSA can snoop on American citizens that ultimately got stolen by/leaked to hackers (which everyone knows is inevitable) - this is going to happen more oftne inthe US and UK and we should all be railing against the decimation of our rights and privacy as citizens.

It is the UK's fault to refusing to fund the necessary upgrades to computer hardware/software in the NHS. It isn't by negligence but a decision not to fund.

When the NHS were building integrated infrastructure across all branches of the NHS everyone knew this would be an inevitable result - to be honest I am surprised it took so long!!

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #13 on: May 14, 2017, 10:17 AM »
It is an almost fundamental design issue. It's like chicken and egg argument, driver for modern system not existing/available is an impediment to moving from XP to 7.
As for funding issue, that's both yes and no, up until very recently - and in some cases still - bank ATMs and commercial POS ran XP ....  at multi million and sometimes billion companies. Not restricted to government entities.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #14 on: May 14, 2017, 11:12 AM »
f you have a product (e.g. Win XP) that has fundamentally changed the world and the world in its current form still relies on it to function, then you (MS) can't just decide for commercial reasons to entirely abandon it (and the world). I mean you can, but it is not right and it will have consequences, including commercial ones.
I quite disagree.
Windows XP is 15+ years old, has had way longer support lifetime than you get for LTS version of other software, and there's been a very clearly planned and communicated timeline for support EOL. Now, it would be interesting if some product liability (within limited timeframe) was introuced - Poul-Henning Kamp of FreeBSD frame has some thoughts on this that are worth reading, but for a product as antiquated as WinXP, it really is the fault of the victims for not upgrading.

As I've said, and Stoic Joker confirmed, there's good reasons why some equipment is not upgraded, and it's not easy to secure those machines - but it's not impossible, either. Virtualization, network segragation, proper backups, etc... and obviously a lot of the photos we've seen the last couple of days show pwned machines where there really aren't any good excuses for not having patched.

Anyway, the bugs exploited are pretty bad - the SMBv1 used for worming isn't exactly XP-only, and the Windows Defender/Anti-Malware exploit is probably the worst I've seen in... 10+ years, I reckon.

It is the US governments fault for legislating that the NSA can snoop on American citizens that ultimately got stolen by/leaked to hackers (which everyone knows is inevitable) - this is going to happen more oftne inthe US and UK and we should all be railing against the decimation of our rights and privacy as citizens.
-Carol Haynes (May 14, 2017, 08:25 AM)
NSA does what National Security Agencies do - I'm appalled at how they're doing mass surveillance of honest citizens, but NSA doing offensive malware research is not a problem - the bugs were there, it's only a matter of time before somebody found and exploited them.
- carpe noctem

xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #15 on: May 14, 2017, 06:52 PM »
If I was a non-US large organisation such as the NHS, I would think twice about continuing to invest into MS products and would start very quickly to consider alternatives (such as the French police that went with Linux). There are also national security issues for a non-US country to have such a total reliance on the product of a single US corporation:
Europe's reliance on Microsoft has governments under a worrying digital 'killswitch'
This is not a US vs. the world issue.  It is just as much of an issue for US institutions.  In particular, it affects poorer individuals and organizations like non-profits more than anyone else, since those are the ones who must stretch their technology funds to the greatest extent.

More important, it jeopardizes even those who are up-to-date on their security patches because they rely on the same network as those who aren't, and any network is only as secure as its weakest links.  These hackers were looking for a quick buck, but someone else could exploit this kind of vulnerability to obtain information that would allow them to penetrate other, nominally more secure, systems.  This is a major method used by state organizations, who are not in it for monetary gain, for hacking their opponents.

« Last Edit: May 14, 2017, 07:25 PM by xtabber »

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #16 on: May 14, 2017, 08:18 PM »
NSA does what National Security Agencies do - I'm appalled at how they're doing mass surveillance of honest citizens, but NSA doing offensive malware research is not a problem - the bugs were there, it's only a matter of time before somebody found and exploited them.

It isn't malware research - they actually produced the malware that was used by the hackers. As far as I am aware they weren't reporting the security issue to MS but rather keeping it quiet so that they could illegally exploit it themselves.

The UK government is arguing that GCHQ should have the tools to access anyone's computer, browsing history, email (basically ANYTHING you do online) as a matter of law and expecting companies including MS and Apple to hand over sufficient info to allow them to do that. They even want methods to break online encryption used for shopping.

So far American companies have resisted but UK ISPs are already forced to hold data on every customer for 2 years - including all the above data.

In the US the NSA & Co seem to have a carte blanche to do anything they want without any sort of scrutiny or oversight. If they can't get legal access to things they just build tools to hack them.

As for funding issue, that's both yes and no, up until very recently - and in some cases still - bank ATMs and commercial POS ran XP ....  at multi million and sometimes billion companies. Not restricted to government entities.

For commercial companies that is bordering on criminal negligence.

For government funded bodies like the NHS it is a political decision. The current (and last) UK government actively wants to destroy the NHS. The secretary of state for health even wrote a book arguing it should be scrapped and based on private insurance and we know how well that works in the US!!! The non-funding of IT maintenance and upgrades was a political decision which not only verges on the criminal but given that the public have been put at risk and confidential data that should be protected potentially leaked (nobody actually knows if data has been stolen) it is actually criminal because they have not taken steps to comply with their own data protection legislation/laws.
« Last Edit: May 14, 2017, 08:24 PM by Carol Haynes »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #17 on: May 15, 2017, 02:24 AM »
It isn't malware research - they actually produced the malware that was used by the hackers. As far as I am aware they weren't reporting the security issue to MS but rather keeping it quiet so that they could illegally exploit it themselves.
-Carol Haynes (May 14, 2017, 08:18 PM)
Oh, but it *is* malware research - and weaponization of the bugs found. And that's fine, really, it's part of what a national security agency should be doing. We're a lot better off with this model than having intentional backdoors inserted by government agencies.

Of course it's bloody bad that agencies have had their malware treasure troves robbed and leaked by bad actors, but there's no guarantee that the exploits wouldn't have been found by somebody else. You can be sure that the cybercriminals have people hunting for 0days.

Your "govt must have access to everybody's data" worries is something I share, but it's a different issue from TLAs hunting for bugs and weaponizing them.
- carpe noctem

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #18 on: May 15, 2017, 06:03 AM »
...If I was a non-US large organisation such as the NHS, I would think twice about continuing to invest into MS products and would start very quickly to consider alternatives (such as the French police that went with Linux). There are also national security issues for a non-US country to have such a total reliance on the product of a single US corporation:
Europe's reliance on Microsoft has governments under a worrying digital 'killswitch'
____________________________
That's evidently a valid point - or at least, the French police would have presumably thought so, anyway. How did that Linux thing work out for the French police, by the way? Was that project completed on time and budget, having delivered to its objectives, or was it sabotaged from within and turned into an expensive trainwreck? (I have no idea, but it might be interesting to find out.)

Whenever I read of some strategic IT project that breaks "new" territory - a potential trainwreck - it reminds me of a New Zealand project that did notoriously become an expensive trainwreck. It was the NZ police INCIS project in New Zealand, in the early '90s. I saw it happen, and it was like watching a trainwreck in slow-motion, and one knew that it was wrecking and that the taxpayers were going to have to foot the bill (cost overruns).

What happened was that the NZ Police put out a tender for project INCIS (Integrated National Crime Information System) as their IT platform to deliver IT services for the '90's and beyond.
A lot of their existing technology at the time was delivering services to online terminals from IBM and/or Univac mainframes hosted in a high-security data centre in Wanganui (New Zealand) by GCS Ltd. (Government Computing Services), which was the first of the SOEs (State-Owned Enterprises) to be privatised by the NZ Government and put up for sale (EDS Corp. eventually bought GCS Ltd.).

There were 2 major competitors for the INCIS tender - IBM and Microsoft. GCS also could have easily done the business, but, as the incumbent supplier, their bid was largely unwanted/rejected. The tender was won by IBM, whose response to the tender (as I vaguely recall) had proposed the general approach of a fairly conventional distributed 3-tier client-server architecture based on IBM OS/2 (Surprise!), with maybe some IBM mainframes/minis acting as central or distributed local servers for some services. I thought it was a pretty solid and feasible proposal, though it required detailed planning. At the time, OS/2 was recognised as being a stable OS that was technically way ahead of and out-performed the then current Windows OS in almost all benchmarks.

Then the fun began.
For some inexplicable reason, an ICIS project manager was appointed who apparently favoured Microsoft and was apparently openly critical of the IBM contract and the OS/2 technological direction and approach, or something. An antithetical schism rapidly formed within the project team(s), between the OS/2 camp and the Windows camp, and it was all downhill from thereon, and the project eventually (inevitably) failed.

A LOT of obvious conventional risks and lessons were re-learned from that project failure (see the links below). One of the main ones - straight out of Project Management 101 Risk Management - is the risk of staffing-up with inexperienced resources. The PSC (Project Steering Committee) needs to monitor and avoid the risk of staffing the project with human resources (people) who are not experienced in/with, or capable with, or who may be hostile to, the IT technology they will be required to use to implement the project according to the project technology implementation plan.

I have personally been put in a similar position, where I was assigned to recover a failed strategic $multi-million project which had run foul of exactly that risk - the risk of staffing-up with inexperienced resources - some of whom were openly hostile to the technology they were required to implement. The technology was not what was "conventionally acceptable" to the bulk of the IT project personnel assigned to the project.
I knew nothing about the technology, but I agreed to undertake the role, but only on condition that I was allowed to cast a new budget and plan, and that I was fully authorised to replace those personnel in the project team of 10 people whom I felt it was necessary to replace. I replaced 8 of them within about two weeks, and the project ran smoothly and was recovered on-time and on-budget, exceeding its delivery objectives - all enabled because I had a superb project team that knew what it was doing and pulled together collaboratively all the way.

The rule is: If you are going to undertake an important and potentially costly strategic IT project, using a new or potentially controversial technology, then prepare for war. Provide the project with all the resources necessary to support it and to enable it to deliver and survive and protect itself for the duration of the project, in what will probably inevitably be an almost palpably hostile political environment - an environment that may ensue, where landmines, grenades, torpedoes, homing missiles, flack and nay-saying could well be the order of the day for months on end. And stick to a regularly-reviewed plan.

For all the above reasons, and though I could be wrong, of course, I would suggest that the UK NHS IT opportunities could very much belong to the Microsoft monopoly already and that it could thus cost potentially too much in terms of $money and political aggro to pull away and be put on a war footing by going down the Linux (or other) technology path, no matter how good that technology path may be.

Refer:
« Last Edit: May 15, 2017, 06:12 AM by IainB »

dr_andus

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 851
    • View Profile
    • Dr Andus's toolbox
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #19 on: May 16, 2017, 06:34 AM »
f you have a product (e.g. Win XP) that has fundamentally changed the world and the world in its current form still relies on it to function, then you (MS) can't just decide for commercial reasons to entirely abandon it (and the world). I mean you can, but it is not right and it will have consequences, including commercial ones.
I quite disagree.
Windows XP is 15+ years old, has had way longer support lifetime than you get for LTS version of other software, and there's been a very clearly planned and communicated timeline for support EOL.

I'm not sure if we're talking about the same thing. My point is that here we are no longer dealing with just any software of any private company. If Win XP has become a mission-critical part of vital infrastructures around the world, MS can no longer wash its hands by saying "I told you so, you should have upgraded." If people die because their operations were cancelled or other critical infrastructures fail as a result, it's beside the point whose fault it was and whether usual rules of business markets apply. It becomes a public and social issue. Even if MS doesn't think so, if they mishandle it, it could backfire on them very badly.

On another note, I think a lot of people and organisations have been sticking with XP and Win7 because they are actually pretty good products. The other day I turned back on an old PC of mine with Win95, and I was amazed how snappy the system was on some very old hardware (that was not turned on for years). So maybe that's why MS changed strategy and started producing crappier products, so customers have more motivation to keep upgrading to newer versions.  :D

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #20 on: May 16, 2017, 08:16 AM »
f you have a product (e.g. Win XP) that has fundamentally changed the world and the world in its current form still relies on it to function, then you (MS) can't just decide for commercial reasons to entirely abandon it (and the world). I mean you can, but it is not right and it will have consequences, including commercial ones.
I quite disagree.
Windows XP is 15+ years old, has had way longer support lifetime than you get for LTS version of other software, and there's been a very clearly planned and communicated timeline for support EOL.

I'm not sure if we're talking about the same thing. My point is that here we are no longer dealing with just any software of any private company. If Win XP has become a mission-critical part of vital infrastructures around the world, MS can no longer wash its hands by saying "I told you so, you should have upgraded." If people die because their operations were cancelled or other critical infrastructures fail as a result, it's beside the point whose fault it was and whether usual rules of business markets apply. It becomes a public and social issue. Even if MS doesn't think so, if they mishandle it, it could backfire on them very badly.

On another note, I think a lot of people and organisations have been sticking with XP and Win7 because they are actually pretty good products. The other day I turned back on an old PC of mine with Win95, and I was amazed how snappy the system was on some very old hardware (that was not turned on for years). So maybe that's why MS changed strategy and started producing crappier products, so customers have more motivation to keep upgrading to newer versions.  :D


So they are now bound to support it forever?

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #21 on: May 16, 2017, 08:26 AM »
By that logic, if somebody likes driving a 1965 Chevy Impala, because it's cool. But they get into an accident, and are killed because the 1965 Impala didn't have ABS, Air Bags, or computerized stability control. Their death is Chevrolet's fault.

The XP era internet doesn't exist anymore. During the XP era - Service Pack 2 Specifically - over 70% of Windows code was deprecated due to security issues. Changes to the architecture were made that resulted in their being no direct upgrade path from XP to Vista. This kind of stuff can't be "patched".

There is no fixing these old systems, from a security standpoint they must be replaced. And the issue isn't so much MS who was stuck begging and pleading with the hardware folks - to share the security burden by updating their shit - during the 5 years it took to get Vista launched. Creative soundcards being among the worst direct hardware access foot dragging offenders. Certain common (yet then becoming dangerous) practices like direct hardware access by software had to be stopped. And the fact that some lazy manufacturer decided to keep doing it on a$30,000 X-Ray machine...just because that's the way they'd always been doing it ... Is not Microsoft's fault. Or anything they have a snowball's chance in hell of "fixing".

dr_andus

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 851
    • View Profile
    • Dr Andus's toolbox
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #22 on: May 17, 2017, 06:41 AM »
I'm not sure if we're talking about the same thing. My point is that here we are no longer dealing with just any software of any private company. If Win XP has become a mission-critical part of vital infrastructures around the world, MS can no longer wash its hands by saying "I told you so, you should have upgraded." If people die because their operations were cancelled or other critical infrastructures fail as a result, it's beside the point whose fault it was and whether usual rules of business markets apply. It becomes a public and social issue. Even if MS doesn't think so, if they mishandle it, it could backfire on them very badly.

It turns out Microsoft would actually agree with me on this to some extent and have been trying to do something about it:

The need for a Digital Geneva Convention - Microsoft on the Issues

...cyberspace in fact is produced, operated, managed and secured by the private sector.  Governments obviously play all sorts of critical roles, but the reality is that the targets in this new battle – from submarine cables to datacenters, servers, laptops and smartphones – in fact are private property owned by civilians.

There’s an additional consequence that results from all this.  The tech sector today operates as the first responders to nation-state attacks on the internet.  A cyber-attack by one nation-state is met initially not by a response from another nation-state, but by private citizens.

...

And as the private citizens thrust into this challenge, the question for all of us in the tech sector is what we will do to address it.

...

We therefore need to recognize a critical truth – this is not a problem that we can solve solely with each of us acting alone.

...

While there is no perfect analogy, the world needs an organization that can address cyber threats in a manner like the role played by the International Atomic Energy Agency in the field of nuclear non-proliferation.  This organization should consist of technical experts from across governments, the private sector, academia and civil society with the capability to examine specific attacks and share the evidence showing that a given attack was by a specific nation-state.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #23 on: May 17, 2017, 06:52 AM »
^ that is relevant,
but I think that what f0dder and Stoic Joker say is more practically relevant to the situation. XP gotta go (unless machine is offline and not connected a network). Otherwise you are taking a risk: if that risk involves other people, then the decision (be it passive or active) to keep XP will probably be the cause of trouble for you and them -- by the sounds of it, even if MS tries to support it.
Tom

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: [Breaking News] Cyber Attack cripples UK NHS.
« Reply #24 on: May 17, 2017, 07:16 AM »
^ That's exactly the point.  No one company can be expected to support any software forever.  Money, resources, and effort expended to support a 15 year old OS is, at this point, charity and PR work in my opinion.  The companies themselves should see the technical debt that they have, and create a mitigation policy for changing their ongoing technical strategy.  The inability to get drivers isn't, IMO, a valid reason.  It might be an impediment or an obstacle, but not an insurmountable one.  It requires those same things that it seems that some expect Microsoft to invest, i.e. money, resources, and effort.