NHS! Attacked

[psmiffy]

There are a number of reasons, not least - where to start?

Is it not true though that even with the best will in the world - and the authority - the administration of patches in the corporate world in any organisation where the use of software goes beyond office and diary software is an achilles heel - anything that requires any specialist drivers or multi-site licenses will need (or it is perceived that it needs) testing thoroughly leading to delays in updating - plus the time it takes to package and update the corporate roll out

 

[Profpointy]

Is it not true though that even with the best will in the world - and the authority - the administration of patches in the corporate world in any organisation where the use of software goes beyond office and diary software is an achilles heel - anything that requires any specialist drivers or multi-site licenses will need (or it is perceived that it needs) testing thoroughly leading to delays in updating - plus the time it takes to package and update the corporate roll out

And moreover your patch then breaks a pariticular application that's really important. So do you drop the patch for them but not everyone else? Now you've two versions of your build to maintain. Pretty soon you have 50 different builds. User has a problem - is it because of his individual set of patches or something that is an easy fix. Help desk cost multiply and someone asks why it costs £3k a year to maintain a PC you could buy for £400.

 

[Tin Pot]

Is it not true though that even with the best will in the world - and the authority - the administration of patches in the corporate world in any organisation where the use of software goes beyond office and diary software is an achilles heel - anything that requires any specialist drivers or multi-site licenses will need (or it is perceived that it needs) testing thoroughly leading to delays in updating - plus the time it takes to package and update the corporate roll out

Sure, but this is only painful because IT is done badly as a whole. Fixing it for security reasons also fixes it as a whole.

Dev systems don't mirror test systems don't mirror preproduction systems don't mirror production systems (if they exist at all), so testing patches is fundamentally flawed.

Developers code badly and rely on the OS in ways they shouldn't, so patches that should have no affect on apps end up destroying APIs.

All these problems also make systems unreliable, slow, expensive to maintain and hard to recover - it's not just causing security problems.

The hard sell is this: You can either patch regularly and know when outages might happen, and prep for it, or you can sing "lalala I'm not listening" until wannacry wipes out your health service.

 

[BluesDave]

There is far too much reliance on computers and Internet services these days. Everything is vulnerable and no security system is completely impervious to hackers.
You can't hack into a pen and paper and life would be far simpler if we all went back to that as well as not having the ridiculous situation of having to carry a telephone around with us at all times.
He says tapping out this message on a smartphone.

 

[Buck]

And whilst we're at it let's get rid of electrickery and telephones and central heating and television and oh the internet as well

 

[psmiffy]

Help desk cost multiply and someone asks why it costs £3k a year to maintain a PC you could buy for £400.

£3000pa and the rest - pay for your local server, pay for the machine, pay for each user, pay for each item of software - and the little lads and lasses who come out to fix it wonder why they get stick

 

[psmiffy]

You can't hack into a pen and paper and life would be far simpler if we all went back to that

No way - I started out writing reports in the era that everything was typed and hand drawn and you made backups using carbon paper - it was a big breakthrough when we could make copies of reports using a photocopier - the thousands of miles I drove as a kid just to take data from the field to the office so it could be processed - the hours i spent waiting outside phone boxes while a lorry driver wrote down his pickups - on the plus side if there was ever a crisis you could fix it before you could manage to communicate it to anyone

 

[Tin Pot]

People forget how shoot paper based records management is!

But yes, I've had it with IT outside of work

 

[MarkF]

I work in the NHS and a technophobe, whenever I want to access a PC I can usually guess the PW within a minute or say 3 attempts. Same goes for the push button security codes on doors too. The code to my works locker room is 123.

 

[mjr]

As a by-product - the level of spam (the spam that i allow - marketing from companies i buy things from et.al.) dropped away to almost zero over last weekend - a week later it still has not returned to pre-attack levels

This made me take a closer look at the monitor graphs from one of the older and more active/attacked mailservers we manage and I wouldn't say spam rejections dropped away but there does look to be about a 20% reduction. So I suspect machines vulnerable to Wannacry may have been being exploited to send spam for some time.

 

[classic33]

I work in the NHS and a technophobe, whenever I want to access a PC I can usually guess the PW within a minute or say 3 attempts. Same goes for the push button security codes on doors too. The code to my works locker room is 123.

Default code, similar to the door locks you'll use everyday.

 

[classic33]

There is far too much reliance on computers and Internet services these days. Everything is vulnerable and no security system is completely impervious to hackers.
You can't hack into a pen and paper and life would be far simpler if we all went back to that as well as not having the ridiculous situation of having to carry a telephone around with us at all times.
He says tapping out this message on a smartphone.

You'd be suprised if you knew.