Grid Cyberattack risk

Post by **clv101** » 12 May 2017, 19:47

It proves a point that many people here have been making since XP went out of support. *Every* patch from MS that fixes holes in a later version of Windows reveals a weakness that might exist in XP. MS have therefore been publishing exploits against XP for several years now. I believe the NHS's special deal to continue to receive patches expired quite recently. This is an entirely predictable result of NHS management's failure to have any kind of plan for moving off XP.

Good point ^

cubes · Post by **cubes** » 12 May 2017, 19:51

clv101 wrote:This seems to be global attack, probably the largest one yet. It targets a known, and patched Microsoft vulnerability... 'cept many people/organisations don't keep their software updated.

A lot of large organisation don't update quickly - patches can sometimes cause more problems than they solve (obviously not in this case though...)

Post by **adam2** » 14 May 2017, 14:58

The attack appears to be worsening.
http://www.bbc.co.uk/news/0

Whilst there is no evidence the grid is being specifically targeted, I perceive some risk to electricity supplies.
Probably not a great risk, but this an unknown unknown, and it is well to be cautious.

Mark · Post by **Mark** » 15 May 2017, 17:30

clv101 wrote:
It proves a point that many people here have been making since XP went out of support. *Every* patch from MS that fixes holes in a later version of Windows reveals a weakness that might exist in XP. MS have therefore been publishing exploits against XP for several years now. I believe the NHS's special deal to continue to receive patches expired quite recently. This is an entirely predictable result of NHS management's failure to have any kind of plan for moving off XP.
Good point ^

The result of budget cuts over the past few years.....?

£5.5million IT support contract was scrapped in 2015:
http://www.dailymail.co.uk/news/article ... s-ago.html

Potemkin Villager · Post by **Potemkin Villager** » 16 May 2017, 09:49

Mark wrote:
clv101 wrote:
It proves a point that many people here have been making since XP went out of support. *Every* patch from MS that fixes holes in a later version of Windows reveals a weakness that might exist in XP. MS have therefore been publishing exploits against XP for several years now. I believe the NHS's special deal to continue to receive patches expired quite recently. This is an entirely predictable result of NHS management's failure to have any kind of plan for moving off XP.
Good point ^
The result of budget cuts over the past few years.....?

£5.5million IT support contract was scrapped in 2015:
http://www.dailymail.co.uk/news/article ... s-ago.html

As far as I remember XP was strong and stable.

BritDownUnder · Post by **BritDownUnder** » 16 May 2017, 09:54

I used Ubuntu for a while. Clunky but bulletproof. Now I use Apple except for work which gets updated almost everyday.

I wonder if the grid could use linux.

Little John · Post by **Little John** » 16 May 2017, 11:49

I am a Linux user and have been full time since 2007. Since then, I've not had not a single virus or any other malaware. That's not to say that Linux is completely safe. Nothing is. But, it is a lot safer than the alternatives.

For anyone thinking of swapping from MS Windows to Linux, I recommend either Ubuntu Mate or Linux Mint Cinnamon. Both of these distros are very new-user-friendly.

https://ubuntu-mate.org/

https://www.linuxmint.com/

Mr. Fox · Post by **Mr. Fox** » 16 May 2017, 12:25

BritDownUnder wrote: I wonder if the grid could use linux.

GE's XA/21... so Unix based (but GUI is Java based, so clients could be running anything, I guess?)

Post by **clv101** » 16 May 2017, 19:28

Some parts of the civil service are sensible. When I worked at the Met Office, all the hundreds of scientists used Linux desktops - and the Cray supercomputers also run Linux. It's perfectly possible for a large enterprise (of demanding users, not just a few walled garden apps on a thin client) to successfully run Linux estates. However, HR, Finance, the execs etc all ran Windows!

vtsnowedin · Post by **vtsnowedin** » 17 May 2017, 02:27

BritDownUnder wrote:I used Ubuntu for a while. Clunky but bulletproof. Now I use Apple except for work which gets updated almost everyday.

I wonder if the grid could use linux.

If a lot of users switched to linux would not the hackers begin to concentrate on linux? The only reason it is "safe" today is because it is a fringe market and not worth the hackers time.

BritDownUnder · Post by **BritDownUnder** » 17 May 2017, 05:47

vtsnowedin wrote:
BritDownUnder wrote:I used Ubuntu for a while. Clunky but bulletproof. Now I use Apple except for work which gets updated almost everyday.

I wonder if the grid could use linux.
If a lot of users switched to linux would not the hackers begin to concentrate on linux? The only reason it is "safe" today is because it is a fringe market and not worth the hackers time.

Not so sure about that. I think the linux ethos is different and emphasises contributions from many people and transparency and openness. Criticism and contributers would probably pick up an exploitable hole in the software before it is even issued.
i think there is a more 'techie' reason why linux and ubuntu are more secure revolving around permissions and lack thereof but someone else will have to explain that one.

Microsoft software on the other hand is probably not open or invities contributions from the public....

Little John · Post by **Little John** » 17 May 2017, 07:17

Linux is far more security-conscious, as a baseline, and one has to take overt actions to lessen that security. That baseline involves password protection for just about every damned action and full hard drive encryption. For most people, this is over the top and so it is possible to get hold of linux distros that have set the security levels a bit lower than it can be. But, the protocols are still there and higher level security can be reinstated in a moment.

To repeat, nothing is 100% secure. But, I can say with 100% confidence that Linux is significantly more secure than Windows.

Post by **clv101** » 17 May 2017, 09:18

vtsnowedin wrote:
BritDownUnder wrote:I used Ubuntu for a while. Clunky but bulletproof. Now I use Apple except for work which gets updated almost everyday.

I wonder if the grid could use linux.
If a lot of users switched to linux would not the hackers begin to concentrate on linux? The only reason it is "safe" today is because it is a fringe market and not worth the hackers time.

No, that's not true. Linux (and Mac OS) are fundamentally more secure than than Windows irrespective of the interest of hackers.

Linux is certainly not a 'fringe market'. In fact I'd suggest a lot more 'interesting' stuff is running on Linux so all things being equal hackers are a lot more interested in compromising Linux than Windows! The Internet runs on Linux, servers, routers, datacentres, supercomputers etc.

cubes · Post by **cubes** » 19 May 2017, 22:12

vtsnowedin wrote:
BritDownUnder wrote:I used Ubuntu for a while. Clunky but bulletproof. Now I use Apple except for work which gets updated almost everyday.

I wonder if the grid could use linux.
If a lot of users switched to linux would not the hackers begin to concentrate on linux? The only reason it is "safe" today is because it is a fringe market and not worth the hackers time.

Probably but things seem to get patched far quicker on linux ime. Can't say it's totally secure out of the box though and still needs tweaking to get the right balance between security and usability.

OpenBSD is an OS that concentrates on security, technically not linux as it's a BSD-based unix system.

Post by **adam2** » 27 Jun 2017, 16:59

Looks like another cyber attack is under way.
Initial reports suggest that several overseas utilities are victims.

http://www.bbc.co.uk/news/technology-40416611