These days it's called penetration testing (or Pen testing for short) and a very nice income for white hat hackers. As for the software failing, it's usually the people failing. Most attacks these days are via social engineering to get an initial login and then you find all the priveledge escalation bugs and go on the rampage. However in the case of the post office given how in bed they are with Fujitsu I can believe simple carp processes and development.
going quantum (i sold and architected quantum security in the last role), it still doesn’t stop users, arrogant developers or business managers that wish to ignore the safety for customers because it hurts their numbers.
My favourite was the linux random number generator patch that =4 because 4 is a random number..
My favourite was the linux random number generator patch that =4 because 4 is a random number..
You do know that ransomware is clever enough to wait a while before fully activating so it gets on the backups first?
Which is why there have to be internal firewalls/protocols that help prevent infection of backups.
Many years ago was working at a place with a mainframe. Drive crashed taking the disk pack with it.
Engineers repaired the drive then to test the repair they decided to use the backup of the disk pack the drive killed. Only they'd not fixed the drive and it ate the backup disk too.
No worry people thought, we've got a tape backup. Until the operator tripped on his way to the tape deck, dropped the tape, the case cracked and damaged the tape making it unreadable.
**** that happens. After that they made sure that no-one got to just help themselves to disk packs. Especially backups.
Last edited by a moderator:
There's a reason for the BOFH... (Barsteward Operator from Hell). Think an admin version of Dilbert from a first person perspective..
Thanks for that - I just took a look. I'll investigate further tomorrow. Might be this is what I have to do
My online investment outfit asks for a login via an 8-figure code word that I should have received when setting up the account.
No idea what they are talking about.
But I found that if I wait 2 minutes, it says 'doesn't work? try this'. Clicking 'this' they send me a 4 figure text over my phone and I type that in.
So what's the value of the 8-figure code??
Jan
No idea what they are talking about.
But I found that if I wait 2 minutes, it says 'doesn't work? try this'. Clicking 'this' they send me a 4 figure text over my phone and I type that in.
So what's the value of the 8-figure code??
Jan
40 years ago, viruses traveled on floppy-disks, "Elk Cloner".
It is speculated that the Stuxnet virus, or similar, may have got into secret facilities by dropping infected thumbdrives in tea-rooms and parking lots.
Just to add to the 'stories' of ransomware attacks, one of my personal computers was attacked back in late 2016 with the "cerber3" a-hole malware. It encrypted all of my JPGs. Fortunately, I have multiple copies of all of my JPGs. I contacted 'the authorities', and got a call back from the FBI, which was looking into that malware. I don't know what their success has been in finding the a-holes or a solution to recovering encrypted files. If somebody knows, let us know!
Interesting thing about those floppy viri was that some people in the UNIX community thought they were immune since they were targeting windows systems. In the late 80s (87 IIRC) there was one that was dubbed the Monkey Virus. It was a partition modifying virus which would create a new maping of the hard drive partition during the initial formatting. TI Manufacturing shut down at one of their manufacturing sites when it hit their TISTAR system builds which were VME bus 68000 based systems running a UNIX variant.
Aha, found it "Stoned.Monkey" 1991. Later than I thought.
Aha, found it "Stoned.Monkey" 1991. Later than I thought.
The Indian Post Office, and some banks, have fingerprint scanners for employees, connected to a USB port at their computers, set to a short time of no activity, they have to verify again if they go for a drink or whatever.
Security level as per responsibility, a counter clerk cannot access higher levels than allowed, for example.
Captcha in place for customers who need to track consignments. Only one can be tracked at a time.
That prevents multiple probing attacks, which is a method used at times by hackers.
Multiple security and dual redundant servers in different locations, it is considered vital, so security is tough.
Railways as well, that is a huge system for booking tickets. Most customers with accounts have a single use password sent by SMS to log in. Service is slow at peak hours, further deterrent.
There are regular attempts by hackers from Pakistan, China and Russia, among others, to get through, so the people who manage the servers are kept on their toes.
I think an IP tracing system is also in place, so unfamiliar IPs are kept in a sandbox. IP spoofing may be detected, I suppose.
I wonder if the Royal Mail has been privatized, and has been subjected to cost cutting, for example by sourcing the upkeep of its system to third parties.
Or is using a less secure system, out of familiarity, or saving costs.
Security level as per responsibility, a counter clerk cannot access higher levels than allowed, for example.
Captcha in place for customers who need to track consignments. Only one can be tracked at a time.
That prevents multiple probing attacks, which is a method used at times by hackers.
Multiple security and dual redundant servers in different locations, it is considered vital, so security is tough.
Railways as well, that is a huge system for booking tickets. Most customers with accounts have a single use password sent by SMS to log in. Service is slow at peak hours, further deterrent.
There are regular attempts by hackers from Pakistan, China and Russia, among others, to get through, so the people who manage the servers are kept on their toes.
I think an IP tracing system is also in place, so unfamiliar IPs are kept in a sandbox. IP spoofing may be detected, I suppose.
I wonder if the Royal Mail has been privatized, and has been subjected to cost cutting, for example by sourcing the upkeep of its system to third parties.
Or is using a less secure system, out of familiarity, or saving costs.
Last edited:
One of the large Telecom companies over here was recently hacked pretty badly. Apparently the devs had been lazy and copied the production database into the not-so-secure test environment rather than use a database filled with dummy-data.
Why that had ever been allowed is anyones guess, but goes to show that even the best security systems can be defeated by a lazy person propping the back door open.
Why that had ever been allowed is anyones guess, but goes to show that even the best security systems can be defeated by a lazy person propping the back door open.
You shouldn't put any data on the system OS partition. So, you can just wipe the system if you have to. But a lot of software uses the OS partition by default, like LTC spice putting files under the user account. I finally let MS "upgrade" this laptop from W10 to W11 and lost nothing so far (touch wood). Using a little common sense avoids a lot of trouble. Worse is looking for free software that may have malware. I once needed to convert a PDF to word, and I think that is where I got a malware that routed all my internet through a relay somewhere. I discovered it when I used the MS network monitor. It was legal because it was not ~hidden, but it blocked Malwarebytes updates until I "uninstalled" it in the control panel. Many people blame their old computers when what a new machine does is dump the garbage they have collected. Having high speed internet and machine hides malware. Back when I used DVDs, the best burner software was Imageburn, except it soon came with malware, "open candy" I think. Over time, ripping CDs, burning CDs, media players, file conversion, these things get replaced by built into the OS. I have an old Ubuntu machine (8300+4G) which Ubuntu 22 will not install. I hoped Linux would be a safe place to find useful utilities, but no. The problem is most freeware is just crude and useless, and a lot of not-free stuff too. So I have a list of good free/shareware:
1. Irfanview great for most photo and PDF use. Limited but easy to do most things.
2. MP3tag is best tag editor because it uses macros to do the whole album in a single command.
3 Total commander great for synchronizing external and internal media libraries.
4. Scripting including batch files in the sendto directory. I have batch files in sendto that clean up spice files, compare files, remove empty folders, run a command line and pause so I can read any error report, etc.
5. Office libre has issues but reads Mac files as well as Word.
...
1. Irfanview great for most photo and PDF use. Limited but easy to do most things.
2. MP3tag is best tag editor because it uses macros to do the whole album in a single command.
3 Total commander great for synchronizing external and internal media libraries.
4. Scripting including batch files in the sendto directory. I have batch files in sendto that clean up spice files, compare files, remove empty folders, run a command line and pause so I can read any error report, etc.
5. Office libre has issues but reads Mac files as well as Word.
...
Royal Mail was privatised a few years ago. I do not have the facts, but would be very surprised if they were not using offshore contractors or devs. Lots of ways it seems then for ransom gangs to find an entry point.