Agreed. I gave my son a 4TB portable drive and introduced him to various free online storage options (sorry, MS - OneDrive is just too annoying for us) and it’s been a revelation for him.
*sigh*. This was two years ago.
Though that’s very bad, I wouldn’t throw them under the bus. IT and support contracts are outrageously expensive. Especially so when things go past their support lifetime.
And since IT seems to be the collection bucket of expensive projects, as things generally happen, the “new thing” or “new application” is where big budget spend goes. Then operational expenses go up in the next year, and you get stuff like this, organizations killing support for an aging product still in use. Three years ago when they went on life support for XP I’m sure it was a good move and within budget to extend things so they had breathing room to do upgrades. But then that next big thing was needed the next year and then the one after and suddenly they are 10, 20, or 50% over budget.
Lifecycle management of IT products/services/infrastructure is extremely important, but so often, not even a blip on the radar for management in most organizations.
It’s not so much the ending of the support payments (though in retrospect, d’oh!). It’s the fact that they had so much forewarning that they were going to lose support and still didn’t upgrade.
Yep. You know this is still going to land on someone who will be the fall guy when things fail, and they will.
Just watch any episode of The Thick of It and you’ve got the inner machinations of Her Makesty’s Government.
The pursuit continues
Seriously, it’s the same vulnerability that was patched in March. If Wannacry didn’t put the fear of God into those IT departments, then you can’t help stupid.
Most have patched, yep. One issue here is the new wrinkle of exploiting a third party which then sends updates for it’s software. Imagine if this had been something with a higher infection radius, like say, Steam. It exploits auto-updates, immediately placing wariness on anything you have that auto-updates.
We all have a ton of shit that gets patched automatically. In many cases, those updates are even allowed via security rules because they are trusted.
Apparently that’s only one avenue that this new version uses to spread itself.
Good news - if you’re not part of a large enterprise network and your machine is patched, you’re probably fine. Bad news - on large enterprise networks, there’s almost always one unpatched machine somewhere, and this worm is smart enough to spread from that one entry point.
Hadn’t heard about this until today
Travelex (which is I think the biggest retail foreign exchange firm in the UK) have been subject to a ransomware attack since New Year’s Eve. Sounds like even if they recover, they’re going to be getting a massive GDPR fine, because the preparedness and response sounds terrible.
Same old shit. Upgrading is expensive, budget denied by board who have to tick boxes marked “efficiencies” in their performance plan this year. The cost of the fuck up should be less than the long term costs of upgrading from Windows Server 2008 R2 and .NET 4.0.30319 and whatever other antiques they had running.
Laughs in Windows 2000
Brexit dividend, or will they still have to pay?
GDPR will become UK domestic law on exit (and indeed there is a statute implementing the areas of national competence already).