[Linto988]

What you think about BlackBerry role in protecting these kind of threats in future ?

Posted via CB10

[yasmar]

With BlackBerry's transition to a software company with a focus on security, I think they are in a great position. As more high-profile hacks/security lapses occur, I think interest in BlackBerry's products will grow quickly (especially since John Chen stopped the bleeding and the company no longer looks like it is dying).

Posted via CB10

[bakron1]

This does put Blackberry in a great position as a security software related company. But, as long as people download and open attachments they shouldn't be, these types of hacks while always be around.

[Emaderton3]

Wasn't this due to a Windows vulnerability though? How would BlackBerry be in a position to help with this? It wasn't a rogue attachment on a mobile device.

Posted via CB10

[sorinv]

These things happen all the time now.
This one being the biggest yet, apparently.
It just proves what a catastrophe the software industry is. They pride themselves in shipping buggy software to be fixed with new bugs later.

Let's not forget that the NSA is to blame for this particular one (first because they wrote it and second because they allowed themselves to be hacked), along with Microsoft for not spotting the bugs themselves.

According to BBC, this one is not of the click-bait type.


http://www.bbc.com/news/technology-39896393

The software companies should stop blaming the user, who pays for their software, for their own incompetence, cheapness (more verification costs money) and malpractices.

Posted via CB10

[sorinv]

These things happen all the time now.
This one being the biggest yet, apparently.
It just proves what a catastrophe the software industry is. They pride themselves in shipping buggy software to be fixed with new bugs later.

Let's not forget that the NSA is to blame for this particular one (first because they wrote it and second because they allowed themselves to be hacked), along with Microsoft for not spotting the bugs themselves.

According to BBC, this one is not of the click-bait type.


http://www.bbc.com/news/technology-39896393

The software companies should stop blaming the user, who pays for their software, for their own incompetence, cheapness (more verification costs money) and malpractices.

In a normal economy, Microsoft should be held accountable and asked to pay the ransoms back.

You can't expect your clients to purchase a product and then to switch to a new one simply because you have made mistakes.
These changes, especially for big organizations, cost a lot of money.
Many programs don't work as they used to after a patch or update.
They need to be verified inside each company.
We know from Google, Apple, BlackBerry, Microsoft that updates usually cause other problems and they need to be thoroughly verified.

Posted via CB10

Posted via CB10

[MikeX74]

Wasn't this due to a Windows vulnerability though? How would BlackBerry be in a position to help with this? It wasn't a rogue attachment on a mobile device.

Posted via CB10

Yes, it was due to a vulnerability in Windows. To answer your other question, they wouldn't be in a position to help. I'm guessing this is another "random security thing happened, maybe BB can take advantage somehow" post.

https://www.theverge.com/2017/5/13/1...somware-attack

[howarmat]

until BB gets into something other than mobile security they have nothing that will help with this stuff really.

[anon(9721108)]

Let's not forget that the NSA is to blame for this particular one (first because they wrote it and second because they allowed themselves to be hacked), along with Microsoft for not spotting the bugs themselves.

There is still a lot they don't know. It's not over yet.

This happened again 2 months ago.

https://arstechnica.com/information-...es-worries-us/

[Akure4Life]

It begs the question. Why are important organisations still using outdated software?

Windows XP is no longer supported my Microsoft. If my memory serves me right.

Posted Via CB10 from Z30 OS 10.3..3.1463 

[Troy Tiscareno]

It begs the question. Why are important organisations still using outdated software?

Windows XP is no longer supported my Microsoft. If my memory serves me right.

Simple: hospitals, like other businesses, want to make money. Unlike a lot of other businesses, they have a lot of government interference that forces them to do things that lose them a lot of money (such as providing care whether or not the patients can pay for it, knowing that they'll never collect for a lot of it).

By putting off big investments in IT, they bet that they could put off the spending of a lot of money - especially during a recession - and that helped make their bottom line look good.

I'm also virtually certain that they have a number of custom applications that are in daily use that were developed in the early 2000's - probably that require IE6, which means XP - and that will be a multi-year project to update - an expense they've been putting off as long as possible.

So, the problem wasn't Microsoft (who issued fixes to supported platforms several months back that would have prevented this), but poor IT-related decisions from the C-suite of these hospital groups. They knowingly pushed their luck, and they got burned. It's a very old story, even if the tech angle is fairly new.

After the Sony hack, no CEO or CIO of any substantial organization can claim ignorance of threats, and running XP in 2017 is pure incompetence.

[kvndoom]

Simple: hospitals, like other businesses, want to make money. Unlike a lot of other businesses, they have a lot of government interference that forces them to do things that lose them a lot of money (such as providing care whether or not the patients can pay for it, knowing that they'll never collect for a lot of it).

By putting off big investments in IT, they bet that they could put off the spending of a lot of money - especially during a recession - and that helped make their bottom line look good.

I'm also virtually certain that they have a number of custom applications that are in daily use that were developed in the early 2000's - probably that require IE6, which means XP - and that will be a multi-year project to update - an expense they've been putting off as long as possible.

So, the problem wasn't Microsoft (who issued fixes to supported platforms several months back that would have prevented this), but poor IT-related decisions from the C-suite of these hospital groups. They knowingly pushed their luck, and they got burned. It's a very old story, even if the tech angle is fairly new.

After the Sony hack, no CEO or CIO of any substantial organization can claim ignorance of threats, and running XP in 2017 is pure incompetence.

What annoys the crap out of me is that they allow these XP computers to be internet facing. Anything that outdated should be completely isolated from the rest of the world.

We used mission-critical software that could only run on XP up until November 2016. But our IT department cut XP off from the internet in summer of 2015. Then in May 2016 they cut off email access on those machines (I still don't get that one). I was sooooo glad when we finally got our Windows 7 software into production mode!

I wouldn't be surprised if we see a repeat of this in 2020 though...

[johnny_bravo72]

That's one serious hack. Microsoft was even forced to release a patch for Windows XP.
https://www.engadget.com/2017/05/13/...ource=Facebook

[cgk]

Simple: hospitals, like other businesses, want to make money. Unlike a lot of other businesses, they have a lot of government interference that forces them to do things that lose them a lot of money (such as providing care whether or not the patients can pay for it, knowing that they'll never collect for a lot of it).
.

That analysis is about an American health care model - The NHS doesn't work like that.

It's do with the political context and underfunding not a profit motivation.

[thurask]

BlackBerry put out a blog article, but it's all fluff anyway. It's as groundbreaking as BB is relevant to this particular attack.

Microsoft patched this in March, to be vulnerable requires unpatched or unsupported software. Unfortunately, the lumbering beast that is enterprise software is too slow to get things updated on a wide scale. Awful vendor apps that require one to use ancient versions of Windows/use features that should have been removed long ago (this particular attack uses SMBv1 to spread), or bureaucratic indolence getting in the way of deploying updates ("it works, why fix it?"), those are endemic to the field and contributed greatly to why this worm spread like it did.

[anon(9721108)]

Yesterday it was 100 countries and today I just saw a headline that said it is 150.

As of yesterday supposedly Canada was not hit but I wonder if that has changed.

[u4ria]

What you think about BlackBerry role in protecting these kind of threats in future ?

Posted via CB10

BlackBerry would have no role. They can't even figure their way out of a wet paper bag.

Just look at how long they've been touting the security mantra yet with every earnings report, do you ever see them reporting big sales of anything security related? If they do, they only tell you vague details. Never giving you any dollar value of the deal. The only time you get dollar amounts is when they win a lawsuit.

VW replaced BlackBerry devices and BlackBerry couldn't even sell them on their MDM or whatever acronym they're calling it now.

These attacks are due to outdated OS's like XP, which is unrelated to BlackBerry.

[thurask]

Yesterday it was 100 countries and today I just saw a headline that said it is 150.

As of yesterday supposedly Canada was not hit but I wonder if that has changed.

http://www.ctvnews.ca/mobile/sci-tec...tack-1.3412532

[southlander]

What you think about BlackBerry role in protecting these kind of threats in future ?

Posted via CB10

Zero other than the fact that this is a Windows pc issue only. Using any smartphone instead of a pc would protect you.

[anon(9721108)]

http://www.ctvnews.ca/mobile/sci-tec...tack-1.3412532

I'm thinking the fact that they were asked for almost no ransom or peanuts indicates it IS an act of political sabotage.

Possibly testing the waters to see the reaction to a major hack. They are testing to see how far they can go. Next might be nuclear power plants or power companies.

[southlander]

I'm thinking the fact that they were asked for almost no ransom or peanuts indicates it IS an act of political sabotage.

Possibly testing the waters to see the reaction to a major hack. They are testing to see how far they can go. Next might be nuclear power plants or power companies.

Any org dumb enough to have open exposed to the Internet ports leading to machines with SMB enabled on that interface deserves to learn that hard lesson once.

[Prem WatsApp]

This does put Blackberry in a great position as a security software related company. But, as long as people download and open attachments they shouldn't be, these types of hacks while always be around.

It's a social / "people" problem, mainly. Check email self-phishing trial platforms, such as knowbe4.com

On the technical side, I'd say, the problem is outdated email clients combined with typical, convenience focused user behaviour. Users should NOT be able to click links in emails directly. Links should be intercepted, forwarded and verified by a third party application or a built-in mechanism by default. There should be at least a five or ten seconds delay between the click and the opening of an email link in A PROTECTED, SANDBOXED browser!!!

Also, I recommend to ALWAYS download attachments and opening them in the downloads folder, never directly in the email client (Thunderbird, MS Office Outlook, etc.)... right-click and scan before opening!

Just imho... :-D


•   Long live the SPARK! * ... the evil N shall not priv-ail...!!!   •

[Prem WatsApp]

These things happen all the time now.
This one being the biggest yet, apparently.
It just proves what a catastrophe the software industry is. They pride themselves in shipping buggy software to be fixed with new bugs later.

Let's not forget that the NSA is to blame for this particular one (first because they wrote it and second because they allowed themselves to be hacked), along with Microsoft for not spotting the bugs themselves.

According to BBC, this one is not of the click-bait type.


http://www.bbc.com/news/technology-39896393

The software companies should stop blaming the user, who pays for their software, for their own incompetence, cheapness (more verification costs money) and malpractices.

Posted via CB10

Agreed. You will not fix the user. Software needs to be designed to mitigate that weakness. Don't blame him(/her).

So software companies need to own up, and so does corporate management not willing to invest in up-to-date systems... :-)

•   Long live the SPARK! * ... the evil N shall not priv-ail...!!!   •

[thurask]

I'm thinking the fact that they were asked for almost no ransom or peanuts indicates it IS an act of political sabotage.

Possibly testing the waters to see the reaction to a major hack. They are testing to see how far they can go. Next might be nuclear power plants or power companies.

It's too random. This feels like malware gone horribly right, which has happened before.

[sorinv]

I'm thinking the fact that they were asked for almost no ransom or peanuts indicates it IS an act of political sabotage.

Possibly testing the waters to see the reaction to a major hack. They are testing to see how far they can go. Next might be nuclear power plants or power companies.

BBC estimated yesterday that they will make at least 1B dollars in bitcoin.
That's not peanuts.
They applied the software industry approach: charge many users a tiny amount that they think they can afford.

Microsoft clearly blames the NSA for this and this BBC article blames both Microsoft and the NSA, not the victims, as I wrote yesterday.

http://www.bbc.com/news/technology-39915440

And a new version of the virus is already out...


Posted via CB10