Nice post-mortem of the WannaCrypt outbreak
TL:DR - Everything you knew about the outbreak is probably wrong.
It didn't spread by email.
It couldn't infect Windows XP.
(
evil_andy Stick stick stick stick sticky sticky stick stick, Mon 22 May 2017, 10:45,
Share,
Reply)
Interesting
So the NHS using outdated xp probably saved it from being a much worse attack?
(
Cerebus Sticky! Sticky! Stick! Stick!, Mon 22 May 2017, 11:15,
Share,
Reply)
Amazing irony
I'm sure the Execs at the Trusts still using XP will be saying they predicted this outbreak years ago and deliberately didn't upgrade
(
spazzcaptain Misses Valin @, Mon 22 May 2017, 11:20,
Share,
Reply)
I suspect this story won't be highly publisized so in order to be seen to be doing something lots of xp equipment will be scrapped.
(
Cerebus Sticky! Sticky! Stick! Stick!, Mon 22 May 2017, 11:28,
Share,
Reply)
You say that like scrapping XP would be a bad thing...
(
evil_andy Stick stick stick stick sticky sticky stick stick, Mon 22 May 2017, 12:04,
Share,
Reply)
There's probably lots of medical equipment that was programmed to run on XP and is not Windows 10 compatible.
You going to scrap a half a million pound scanner because it needs XP?
(
Cerebus Sticky! Sticky! Stick! Stick!, Mon 22 May 2017, 12:14,
Share,
Reply)
^
One trust I worked at had some apparently vital software that was running on a stand alone machine as it was only compatible with Windows 95.
This was in 2008
(
TownsendsPublisher is all gravy baby, Mon 22 May 2017, 12:19,
Share,
Reply)
Yeah we've got equipment in the uni labs connected to a pc running windows 98
That said, it's not connected to the internet
(
gronkpan https://twitter.com/VomitingLarry, Mon 22 May 2017, 22:49,
Share,
Reply)
Oh sure
But I'd be willing to bet there's lots of just basic admin machines around that are also on XP and have a clear upgrade route.
Source: We do some work where NHS health professionals are the end users and we're always having to make things IE7 compatible.
(
evil_andy Stick stick stick stick sticky sticky stick stick, Mon 22 May 2017, 13:08,
Share,
Reply)
Am I the only one that doesn't do business with the NHS?
(
Cerebus Sticky! Sticky! Stick! Stick!, Mon 22 May 2017, 13:54,
Share,
Reply)
That just makes it worse.
You can't easily disable Samba using group policy but any IT bod worth their salt should have the presence of mind to block the ports in the firewall. It's an easy and effective fix and, unlike the paying for XP support red herring, costs nothing. There's really no excuse for this.
(
jonbob loves you, Mon 22 May 2017, 12:50,
Share,
Reply)
Disabling SMBv1 is a single registry change and you can push that out using Group Policy like any other registry change. The problem is it then breaks unexpected stuff. I had to re-enable it on one server as removing it broke scanning to a folder, as well as AD logins on Linux and our ESX host.
More of interest though is that the patch for Windows Vista and upwards had been available for two months at that point but not deployed. That's a failure of IT risk management.
(
evil_andy Stick stick stick stick sticky sticky stick stick, Mon 22 May 2017, 13:12,
Share,
Reply)
Terrifying - NHS IT bods leave ports 445 and 139 open to the internet on firewalls?
Christ, even my fucking home hub doesn't does do anything as daft as that. No wonder everyone blamed some idiot clicking on a link in an phishing email - leaving vulnerable ports open like that is literally unthinkable in IT circles. It's akin to having a door to outside in an operating theatre and leaving it ajar so that the nurses can can pop out for a quick fag part way through surgery - all manner of nastys can just blow in off the street
(
buffet_the_appetite_slayer ٩(●̮̃•)۶ jacked in to the ICE on, Mon 22 May 2017, 14:12,
Share,
Reply)
