Security or obscurity
Steve Pampling (1551) 8172 posts |
I think just at present some people are probably glad that RO is obscure. I wonder how long we can rely on this to hide from the worlds bad side? |
James Wheeler (3283) 344 posts |
For now, I think we’re a long way off from needing to worry, but it would be nice to factor in some security features, like better memory protection and privledge seperation, in a future version. Thing is, backwards compatability is RO’s achilles heel. Maybe a good practice is to maintain support in RO5 but encourage better coding practices so it the majority will work on a future version like RO7, which will incorporate more important features, when RO7 is released |
Malcolm Hussain-Gambles (1596) 811 posts |
I think having totally open and insecure networks, running unpatched and obsolete software, your screwed. ;) Don’t open the email called naughtynurse.mpg.virus.exe |
GavinWraith (26) 1563 posts |
Without trust life becomes hellish. I agree that backwards compatibility can become a burden. Wistful fantasies are often beaten down by decisions made in simpler times, which in retrospect became shackles. Unfortunately we do not have the luxury of starting afresh with a clean sheet. |
Steve Pampling (1551) 8172 posts |
A junior colleague referred to our actions on Friday as “going into turtle mode”
I delete half of the internal mail4, never mind the external spam, but that sounds rather nice :) 1 Internal firewall for protecting manufacturers “tat” and limit where it can talk to |
Rick Murray (539) 13851 posts |
Oh thank god. I saw the story breaking and thought about you…
Of course. These days one just Googles stuff. And… mpg? mkv! More seriously now… One can have a more secure system. One can, as a programmer, jump through many hoops and battle the kernel, play chess with the devil, and cryptographically sign every line of code. So while having a more secure system would be nice, some of the best steps you can take are to keep it sectioned away from the outside world. My Pi can talk out, but only port 80 is allowed in. No unnecessary services are running (no ShareFS, no Samba…). This means the real worry is contaminated software, something that, thankfully, is mostly of another age. Messing with people’s RISC OS machines won’t make anybody any bitcoin, so there’s so much less reason… |
David Feugey (2125) 2709 posts |
As long as we want, since it’s a Windows only threat… |
Frederick Bambrough (1372) 837 posts |
That’s what’s so good about the RISC OS community… optimism. |
Malcolm Hussain-Gambles (1596) 811 posts |
My response was a general statement of most networks out their BTW, I have no knowledge of the NHS networks (thankfully). |
James Wheeler (3283) 344 posts |
Yes but you need more. Users introducing rougue software is only one avenue of your computer being attacked. Remote exploits are very common. At the moment, I’d be surprised if someone is malicously targetting RO users, but if they do, things will be easy for them. |
Steve Pampling (1551) 8172 posts |
Living near the edge – some of our staff went up the road to George Eliott (Nuneaton) when they asked for an assist. Not really much hope shutting the stable door… You may have seen some NHS establishments say they were not informed, Au contraire the inforation is distributed. |
John McCartney (426) 148 posts |
Naughty nurses, eh? Chance’d be a fine thing! Mmmmm… I too am surprised to see you here, Steve. I thought you’d be stuck at the coal face. Four aspects of this whole affair spring to mind, though there might well be many more. 1. We’ll never be rid of the threat so long as there are berks out there who see ransomeware as a means to a fast bitcoin. 2. The NHS’s unwillingness or inability (for inability, read “being hamstrung by the Treasury’s penny-pinching”) to migrate away from XP. I’m amazed at the number of XP boxes I see whenever I have a medical appointment; I’m at that age when I have a season ticket from the local trust so I see XP everywhere. 3. Hunt’s short-sightedness in cancelling the support package from Microsoft. Whether or not that would have saved us from this weekend’s fiasco, I don’t know. 4. We’ll never be rid of the threat so long as there are berks out there who click on links without thinking. Now, back to the naughty nurses… |
Doug Webb (190) 1180 posts |
I too was surprised to see Steve’s posting here but it shows some in the NHS know what to do. It is all to easy to say that the NHS being crippled by money constraints is the real cause or that the government is as well but though they may be at fault for a lot of things it isn’t so clear cut here I think. These are individual NHS trusts that receive large amounts of money with various high paid NHS professionals running things, at least we are told this, so some of this can be clearly laid at the door of those who manage and run those IT departments. As Steve pointed out some things could have been done to lock things down that may have stopped this in the first place or limited it’s impact. Plus if they don’t have a back up routine in place then that is an even bigger failure to undertake risk management and any Trust that is in that position should be asked to explain why. Finally I have mixed feelings about Microsoft at the moment on the one hand you can say they have been great at pushing out a fix to unsupported OS’s in less than a day but on the other hand they knew of this issue and the surrounding publcity by those that exposed the issue a while back and did nothing |
Malcolm Hussain-Gambles (1596) 811 posts |
I appreciate that many people just have to blame the government for everything, but morons cancelling support contracts without any understanding of what they are doing is endemic everywhere. To be fair to M$, it’s up to the companies IT Security to ensure that systems are patched, not M$. After all you have to judge the risk and make a call. Can’t expect M$ to do that for all companies. |
Steve Pampling (1551) 8172 posts |
If you reference against businesses IT spend vs. their total budget and compare with the typical budget for NHS IT and total budget then the NHS spend is best described as “pitiful”.
“Cuff-links” is the short form comment used by one of my colleagues. 1 I know of a surgery/health centre that has it’s IT network covered by what used to be the PCT (CCG’s these days) with a private firm doing the PC & systems. I could tell you what the password is on every PC that firm installs. The replication is bad enough, the brainless simplicity of the password is just… |
Malcolm Hussain-Gambles (1596) 811 posts |
Ah the other thing, the “support” that was cancelled in this case I think was extended, extended support for windows xp. Which not surprisingly was insanely expensive. So vaguely understandable. Cuff-links that’s awesome. :D Nice password rotation policy then! |
Rick Murray (539) 13851 posts |
At work, some stuff is locked with combination padlocks. I can pick these easily (look inside the gaps below the number wheels and the mechanism is clear, I might to write a blog article on it). Well, one of those is correct, for each of the locks. Maybe different, but still rather evident, don’t you think? Huh. |
Steve Pampling (1551) 8172 posts |
That’s a description of the sort of numbers I’d use… … to “scramble” things when locked except several such locks I know don’t have 9 |
Doug Webb (190) 1180 posts |
It may be but I think you would be surprised at the spend at some private outfits and not in a positive way. As I said it isn’t always about money and if those in charge are good then they assess the risks and/or read the information that is sent out as you pointed out it isn’t as if they can say they were not told. Ignorance is not an accepted defence in somethings. Those who are paid to make decisions or take responsibility for IT matters in Trusts ultimately should be held responsible if they abdicated their responsibilities but some how I can’t see that happening either so some minions will no doubt suffer as is the usual way. |
David Feugey (2125) 2709 posts |
Not sure. It’ll be very easy to crash it. But to attack it… that depends. On my first system, there is no incoming port opened. On my other one, there is no Internet connection. To be honest, there is only one way to protect a computer from Internet threats: sandbox every application that use the network connection. And sign every executable. Once you decide to make R/W SMB shares, you have NO WAY yo block the action of a ransomware. That’s just the result of a bad strategy. |
Steve Pampling (1551) 8172 posts |
Nope, not foolproof. |
Malcolm Hussain-Gambles (1596) 811 posts |
@Steve – I’d disagree even with that! @David |
James Wheeler (3283) 344 posts |
That’s true. In my mispent youth, social engineering was always my favourite avenue.
Not really the only way. W^X memory protection and chroot features aren’t sandboxing but are quite good at slowing down hackers. Sandbox is not a bad idea but it’s annoying in the real world. If I sandbox my browser and download some files, I can only access them inside the sandbox. This is why a lot of iOS apps have dropbox or google drive integrated just so you can get your files out. If you create an API to for certain activities, like saving files outside the sandbox, you’ve weakened the sandbox and that is now an avenue a hacker may use to escape the container and gain access to your computer. For my servers and routers, I use OpenBSD because it has only had 2 remote exploits in the base software in 25 years. Even then, I can spend days securing a new server even though I often only use base software. My home router took 8-12 man hours to set up. Not because it’s hard, I could probably do it in 1 hour, but because I want it to be secure. There are no quick or simple fixes when it comes to computer security, even when using secure software. |
Rick Murray (539) 13851 posts |
Do remember that a sandbox is really just another layer to break through. There’s nothing magical about them, and they have been compromised.
Again, no guarantee. Better than wide open, but don’t be lumped into false security. |
James Wheeler (3283) 344 posts |
Signing is good against MITM or protecting yourself from downloading hacked software but that’s all it offers. You’re still relying on a chain of trust. If you don’t already possess the signature from a safe channel, then its pointless 9 times out of 10. OpenBSD used to be released on CDs and printed the signature on the cover. Each release also contained the key for next release so 5.9 had the key for 6.0, 6.0 had the key for 6.1 etc… Unless you’re paranoid, then you’re relying on software to check the chain, and that then is the weak link. I think RO is a long way away from real world benefits of signed binaries. The main fixes RO needs is changes to the kernel and overall architecture to harden the system to a hostile internet. |