Ransom ware

Update your fucking software. Those lazy badtards, especially in the NHS, should be given the boot for this chocking situation.

Not sure updating your software could have stopped this attack. It mimics Invoices, requests etc. The UK have got off lightly compared to most of the other 99 countries.

It seems it was a stolen virus from the NSA and used against major corporations, just so happens it's our NHS that have been hit - but nothing compared to Russia - how ironic!

I've just got my laptop back after spilling orange juice on the keyboard!!  £120 later for a new mother-board...I opened it up and had a virus. It's took me two days of trying to use an Eraser tool to get rid of it with no joy....so had to wipe my laptop and start again, loading all my applications, software etc back on to it....but have to say - it's running like a dream now.

If many of those organisations (especially the UK ones) had updated their OS to move away from the unsupported ones that were particularly vulnerable, the would have stood a chance.

Others, needed to apply the patch that Microsoft sent out in March and that would have saved them.

And then you have the fuckers who haven't even backed up their data...

but anything running windows XP - like half the NHS cannot get updates from microsoft./ they should be nowhere near the internet though

exactly. any fucker working in IT who should have been on top of this, and wasn't, should be sacked. These systems are life critical sometimes and should be treated with respect. How many A&E depts. had to turn patients away yesterday?

Yeah, let's sack everyone involved with IT in the 99 countries that have been affected by this virus....plus sack all of the NSA I.T staff as well for allowing this virus to be stolen.

Sacking is not always the answer Dawg...you never made a mistake at work?

Have you ever made a life threatening, system critical mistake that causes havoc when it was your responsibility to oversee such issues? Especially when it seems an easy fix? It's been alleged some organisations haven't backed up data. The minimu you do is run your patch update and that's if you're an ordinary. I'd like you and me. When IT, and IT security is within your remit, you've a higher standard to report to. What's this with not holding people accountable?

Ahh, a Blame Culture is your thing, rather than a Just Culture?

Thank fuck you don't work in aviation!

"Let's sack anyone who makes a mistake, or is in a position of responsibility, when something goes wrong"......"those stupid people"

People like you would have let the captain of the Concordia off with a cup of tea and a biscuit. If it's your actual job to be in charge of IT security, you'd think that the least you can do is not allow the use of unsupported and outdated software that is open to viruses. It's quite simple really. I really don't understand why you can't see it.

Because you have given NO facts whatsoever, as to where you have come up with this supposition....you've jumped to conclusions and just said "sack the lot of them".

Show me all this evidence to your theory, and, if you're right, I'll happily go along with somebody being accountable for these decisions.

In aviation, we accept mistakes will happen. We used to have a blame culture 20+ years ago, which quickly evolved into a 'no blame' culture for going to the other extreme....what we have now is a 'just culture'....one whereby we try and learn from mistakes or errors. Searching for a solution rather than someone to blame...unless it;s an intentional violation, then disciplinary is forthcoming.
We've seen aviation become much safer because of this culture....but feel free to show me the evidence on what you have claimed, and I'll happily go along with your theory.

Topdawg wrote:People like you would have let the captain of the Concordia off with a cup of tea and a biscuit. If it's your actual job to be in charge of IT security, you'd think that the least you can do is not allow the use of unsupported and outdated software that is open to viruses. It's quite simple really. I really don't understand why you can't see it.

As for the Captain of the Concordia....have you read any of the investigation reports into this from a Threat and Error Management (TEM) point of view? If you have, you'd know there were massive failings in the hierarchical structure of the company that led to this action being allowed to happen....but hey, let's just throw out some random accident and claim to be an expert on accident investigation hey?

You mean you haven't been watching the news or reading the papers? What would happen if it was your job to be viewing the scanners at an airport but you brazenly didn't do it, and somebody takes a weapon or a bomb on a plane, would you get a simple slap on your wrist and somebody say better luck next time or would you be out in your ear? How many hospitals were hit because people hadn't applied the security patch made available some two months ago or were using outdated and unsupported software? The breach was so serious that Microsoft have apparently made patches for the OS they no longer support.

So are you saying the captain did nothing wrong either? Did the judge that sentenced him to 16 yrs overreact too?

So who are you sacking????

Topdawg wrote:So are you saying the captain did nothing wrong either? Did the judge that sentenced him to 16 yrs overreact too?

Of course the Captain did something wrong...stop being so naive. Pointless having this conversation with you, as you clearly have no understanding of human factors.

I've been having a pointless conversation with you right from the start. I say fire whoever has a position of responsibility and accountability for IT security that allows for computers or systems not to have been updated with the latest security patch. Come on, you've got to do the bare minimum to start with. Only the day before there was a warning from a doctor about ransom ware. How can the negligence of a few people bring down so many systems and close A&E wards?

From the professional work I did in the past, I would have flagged up such basic issues with recommendations for immediate remedial action. And I didn't work in IT security. What human issues should we consider for not updating flawed software?

We're all great at saying "I would have....I knew that would happen"...after the event.

1. What if the budget wasn't there to update or upgrade the software?

2. Who do you sack then?

Blame, blame, blame....you've still not given any facts as to who is responsible for this. And whilst your at it, sack everyone at Nissan, Fed Ex, Germany's Rail Operator plus hundreds more at major companies around the world who have experienced a 90% increase of attacks than happened to the NHS.

Whilst you're at it...let's make sure all of those responsible for the below attacks were sacked:

In the last two years alone, hackers have wreaked havoc on:

Yahoo (2013):
Details of 1 billion accounts stolen in the largest data breach on record
eBay (2014):
eBay asked 145m users to change passwords after hackers stole customers' names, addresses, and dates of birth
Heartbleed (2014):
A serious vulnerability was discovered in encryption technology used to protect many of the world’s major websites, leaving them vulnerable to data theft
Sony (2014):
A cyber attack on Sony Pictures Entertainment leaked the private details of 47,000 employees and actors
Yahoo (2014):
Details of 500 million user accounts were stolen by “a state-sponsored actor”, although they have yet to be made public
US Central Command (2015):
Hackers claiming links to Isil managed to take control of CentCom’s Twitter and YouTube accounts, changing the logo to an image of a hooded fighter
Ashley Madison (2015):
Hackers threatened to publish the names of up to 37m AshleyMadison.com customers - a dating website for adulterous affairs
Talk Talk (2015):
Almost 157,000 customers' personal details were accessed when hackers targeted TalkTalk’s website, stealing 15,656 bank account numbers, sort codes, and obscured credit card details
MySpace (2016):
360m passwords and email addresses, believed to have been stolen several years before, were listed on a hidden internet marketplace on the dark web

Tiny companies getting hacked....

Did you include scammers taking £100M off facebook and google over two years?

It seems to me that you don't appear to know what you're talking about. The patch from microsoft is free. If you're paying for it, you're being conned

My job was to look at flaws in systems. Apparently, I was pretty good at my job, so I do have some good experience and knowledge. It's such a basic thing to routinely update software for bugs and viruses etc. It's been such a basic thing for over 20 years that it's shocking that it's happened to such an extent. And yes, many other organisations, across many countries, have been affected by this. But, and I'm guessing here, quite a few have weaknesses in their systems that have allowed this to happen.

I have my microsoft updates set to be automatically checked each day. If I'm told that an update is critical, I make a point of applying it immediately. It really is that simple.

As with all things...if things were that 'simple' as you claim....there'll be thousands getting the chop from the hundreds, upon hundreds of major corporations that have been infected by this virus.

Probably a job going for the 'sacker and explainer'...maybe you should apply seen as you've got all the answers...

I haven't got all the answers. No need to be flippant, cheeky or whatever.  

There should be straightforward policies and procedures to follow especially when we are talking business critical systems. The severity of the response should be proportional to the level of negligence and the importance of the system to the organisation.

I'm a reasonable guy with staff but I'd fire someone, if I could, for not following such important procedures as this.