Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

Sledgehead

Parliament Hit by Cyber Attack

Recommended Posts

Parliament Hit by Cyber Attack

 

Quote

A Commons spokeswoman said the lack of email access was a result of the steps being taken to manage the issue.

The spokeswoman said: "The Houses of Parliament have discovered unauthorised attempts to access parliamentary user accounts.

 

Looks like they have isolated the houses of parliament LAN (basically unplugged the router) in an attempt to prevent (further?) in/ex-filtration.

It's the kinds thing you do in the fog of panic when you haven't a clue what else to do.

 

 

Share this post


Link to post
Share on other sites

Most parliamentarians don't give the impression they are very computer literate (even the younger ones).  

 

Probably not too hard for a state cyber organisation to spear fish them.

 

 

Share this post


Link to post
Share on other sites
17 hours ago, reddog said:

Most parliamentarians don't give the impression they are very computer literate (even the younger ones).  

 

Probably not too hard for a state cyber organisation to spear fish them.

 

 

Digital network technologies have always been brittle, unsecure and full of holes. It's the extent to which we've surrendered control of our lives, our economy and our culture to them that's truly shocking. Internet evangelists promised many things when they began promoting the networked economy twenty years ago, absolutely none of which have been realised. Rather than an abudance of democracy and choice so far all we've got from the digital revolution is fewer jobs, fake news, ubiquitous pornography, an infestation of piracy and a coterie of billionaire monopolists (Zuckerberg, Bezos et al) running rough-shod over our tax and employment laws.

Share this post


Link to post
Share on other sites
57 minutes ago, zugzwang said:

Digital network technologies have always been brittle, unsecure and full of holes. It's the extent to which we've surrendered control of our lives, our economy and our culture to them that's truly shocking. Internet evangelists promised many things when they began promoting the networked economy twenty years ago, absolutely none of which have been realised. Rather than an abudance of democracy and choice so far all we've got from the digital revolution is fewer jobs, fake news, ubiquitous pornography, an infestation of piracy and a coterie of billionaire monopolists (Zuckerberg, Bezos et al) running rough-shod over our tax and employment laws.

Right on ZZ. It's the saddest thing and a testament to greed destroys everything. Wall Street and its friends now rides the internet, whipping it to go ever faster and supply more and more gold for its cellars.

It is very difficult for the individualist or small business to even get a whiff of interest from the enslaved and manipulated masses. Truly disturbing and I never thought it would happen so easily.

Share this post


Link to post
Share on other sites
1 hour ago, zugzwang said:

Digital network technologies have always been brittle, unsecure and full of holes. It's the extent to which we've surrendered control of our lives, our economy and our culture to them that's truly shocking. Internet evangelists promised many things when they began promoting the networked economy twenty years ago, absolutely none of which have been realised. Rather than an abudance of democracy and choice so far all we've got from the digital revolution is fewer jobs, fake news, ubiquitous pornography, an infestation of piracy and a coterie of billionaire monopolists (Zuckerberg, Bezos et al) running rough-shod over our tax and employment laws.

Chang Ha Joon writes that the rise of the Internet has  failed to reveal itself in productivity figures, although everyone seems to think it has revolutionized his world. In contrast, the advent of the telegraph and washing machine have been monumentally productive. This doesn't seem to prevent CEOs announcing their latest (and expensive) digital initiatives for their companies as if they will radically change fortunes; Dilbert often manages to nail this.

Share this post


Link to post
Share on other sites
5 hours ago, zugzwang said:

Digital network technologies have always been brittle, unsecure and full of holes. It's the extent to which we've surrendered control of our lives, our economy and our culture to them that's truly shocking. Internet evangelists promised many things when they began promoting the networked economy twenty years ago, absolutely none of which have been realised. Rather than an abudance of democracy and choice so far all we've got from the digital revolution is fewer jobs, fake news, ubiquitous pornography, an infestation of piracy and a coterie of billionaire monopolists (Zuckerberg, Bezos et al) running rough-shod over our tax and employment laws.

Sorry but I can't agree with this. I am developing an Android app which relies on client-server networking, there ARE opportunities out there for people who take the time to learn a platform. 

Though I generally agree with the premise that in Western countries business opportunities are far fewer than abroad. In some countries, you can open a shop for as little as 20,000 pounds startup costs and be earning a few thousand a month profit without having to work as hard as you would in a day job. Whereas here brick and mortar businesses are very expensive. 

Even for IT services it's much more competitive here than abroad, I am not even targeting this country with my app.

Share this post


Link to post
Share on other sites
3 hours ago, Errol said:

The basic rule is that if it's connected to a network it is not secure.

That's what VLAN's are for, problem is how many government employees are going to be smart enough to have a dedicated non-Windows laptop running a properly locked down Linux distribution that they use for work purposes, making sure all connections go through the VLAN? That's what it would take to be secure.

Share this post


Link to post
Share on other sites

 

On 25/06/2017 at 4:03 PM, developer said:

That's what VLAN's are for, problem is how many government employees are going to be smart enough to have a dedicated non-Windows laptop running a properly locked down Linux distribution that they use for work purposes, making sure all connections go through the VLAN? That's what it would take to be secure.

Don't they have a VDI system, much easier to secure?

Share this post


Link to post
Share on other sites
On 6/25/2017 at 10:52 AM, zugzwang said:

... we've got ... fake news, ...

I think the Telegraph got it right at the weekend with their front page, leading story headline:

Blackmail fears after Parliament hit by 'sustained and determined' cyber attack on MPs' email network

The Evening Standard followed suit:

Quote

Saturday’s incident gave rise to blackmail fears ...

revealing that up to 90 MPs accounts could have been compromised.

 

Remember how Hilary Clinton became easy prey after it became known she was running a private mail server (and therefore one that could be compromised)? Suddenly people - including some here - gave credence to all manner of off-colour accusations.

The fact is, if you let me into your home, anything I say about you afterwards is given an air of credibility; I could, it may then be reasoned, have chanced upon something incriminating during my stay.

And MPs, being people who live or die by reputation, will be only too aware of this. They know that all it now takes is an accusation, 'corroborated' by some falsified email, and their career will be over, period. They know members of the public will readily give credence to such accusations, because we now all know that an accuser could easily have got access to the data from compromised accounts.

It has most certainly exposed our MPs to blackmail. We couldn't trust them before. Now what?

And Downing St remains silent.

Again.

 

Share this post


Link to post
Share on other sites
2 hours ago, Mikhail Liebenstein said:

 

Don't they have a VDI system, much easier to secure?

Sorry but I feel like I need to correct you here. It doesn't matter what kind of 'system' they use to manage data. If the client is compromised the data is compromised, period.

The two weakest points are the client to server connection and the client machine itself. The way to address these issues is to use a VLAN for connections as usually a VLAN is encrypted with a strong encryption key, more specifically the VLAN traffic will be encapsulated and become an encrypted payload.


Then in terms of the machine itself, if the client runs a locked down secure Linux distro, that is properly firewalled, no local services running to exploit and very strict file permissions. With full disk encryption. Now that would be secure.

You are right that with a VDI system the client is less likely to cache data on their local machine, but that isn't really the issue. The issue is how an attacker can exploit a client's access details such as passwords, cookies, fingerprinting- information that will be readily available to them after they compromise a client machine. Or hell the attacker could just override the client's active login in real-time without them noticing.

Share this post


Link to post
Share on other sites

 

You can lock a VDI system down as much or as little as you like. I've seen machines with all the USB ports removed, configured to not allow the user to run Executables/Macros and with all incoming traffic firewalled, virus scanned and with an IDS running all the server end not at the desktop and with all the connections from the desktop to the server and between the servers using VLANs and with or without external access. When external access is allowed the browser via a proxy running a well defined blacklist/whitelist. And for the uber paranoid there is always Greenhill's Integrity Multivisor.

When I said VDI, I wasn't referring to thin client, but rather the whole system.

Share this post


Link to post
Share on other sites
2 hours ago, Errol said:

Could Navy's new warship be hacked?Fears HMS Elizabeth 'running outdated Windows XP' leaves it open to cyber attack

Not your usual XP though Errol.

Typical media sensationalist misunderstanding of anything vaguely complicated. It's a rebuilt codebase and because it has the Windows moniker it's presumed to be able to run solitaire for bored sailors and work out missile targeting using Excel :-)

Share this post


Link to post
Share on other sites

Yes, I would imagine it's been reworked etc. Hopefully, anyway.

Still, given the total lack of competence and budget restrictions, let's hope they haven't skimped on anything.

Share this post


Link to post
Share on other sites
23 hours ago, jonb2 said:

Not your usual XP though Errol.

Typical media sensationalist misunderstanding of anything vaguely complicated. It's a rebuilt codebase and because it has the Windows moniker it's presumed to be able to run solitaire for bored sailors and work out missile targeting using Excel :-)

Why even call it XP if it is so very different?

Okay, so we have a rebuilt codebase. What remains of xp? The answer has to be: enough for it to be considered xp.

It's like buying a fixer-upper. You have two choices:

- extensive remodeling (akin to a rebuilt codebase);

- level the site and buy in a recently engineered modular solution.

With the second option you know and have documentation and specifications for every tie, every nut, every panel.

With the first, the house you walk into has many secrets. Maybe there is even a back door the remodellers missed ...

Remind me: how many lines of code make up xp?

Share this post


Link to post
Share on other sites
On 25/06/2017 at 10:52 AM, zugzwang said:

Digital network technologies have always been brittle, unsecure and full of holes. It's the extent to which we've surrendered control of our lives, our economy and our culture to them that's truly shocking. Internet evangelists promised many things when they began promoting the networked economy twenty years ago, absolutely none of which have been realised. Rather than an abudance of democracy and choice so far all we've got from the digital revolution is fewer jobs, fake news, ubiquitous pornography, an infestation of piracy and a coterie of billionaire monopolists (Zuckerberg, Bezos et al) running rough-shod over our tax and employment laws.

Seems a bit pessimistic.

As well as fake news, you have real news which shows up the fact some of what the MSM print is in fact fake news.

Its quite something you can communicate on here with anyone the world to discuss things. You can also find out anything you want rather easily with wikipedia, which in quite a number of topic domains is not too inaccurate.

You can learn anything you want with all kinds of free websites helping you learn languages, computer programming. You can look up how to fix your car on youtube or how to do diy. I find seeing someone do it far superior to reading instructions with badly drawn diagrams bearing little relation to what you can see!

 

 

Share this post


Link to post
Share on other sites

All software can be hacked.

Id be more worried about a lack of aircraft.

Share this post


Link to post
Share on other sites
10 minutes ago, Sledgehead said:

Why even call it XP if it is so very different?

Okay, so we have a rebuilt codebase. What remains of xp? The answer has to be: enough for it to be considered xp.

It's like buying a fixer-upper. You have two choices:

- extensive remodeling (akin to a rebuilt codebase);

- level the site and buy in a recently engineered modular solution.

With the second option you know and have documentation and specifications for every tie, every nut, every panel.

With the first, the house you walk into has many secrets. Maybe there is even a back door the remodellers missed ...

Remind me: how many lines of code make up xp?

In battlestar galactica they solved this problem by banning spaceships from being hooked up to the internet! Though I guess a usb assault is still possible (but harder, because you need physical access).

Share this post


Link to post
Share on other sites
1 hour ago, Bloo Loo said:

All software can be hacked.

Id be more worried about a lack of aircraft.

And there's me thinking all those North Korean missile failures were just bad luck...

Share this post


Link to post
Share on other sites
5 minutes ago, zugzwang said:

TNT parcels says its unable to deliver or collect today, can't say when services will resume!

Cyber attack?

Looks like it - 

 

TNT Express facing interference with some of its systems

http://www.reuters.com/article/us-cyber-attack-tnt-idUSKBN19I2DF?il=0

 

 

Courier delivery firm TNT hit by cyber attack at its warehouses in Kent

http://www.kentonline.co.uk/dartford/news/delivery-firm-hit-by-cyber-127956/

 

Share this post


Link to post
Share on other sites

This is all very depressing, all too predictable and extremely worrying.

If I were now to post an article under an assumed id on a trading platform forum, claiming I was privy to insider info on any of the affected companies, and that I had taken large short positions as a result, who would have the confidence to sit out the itchy trigger finger sales of the nervous?

Companies are laying themselves open to widespread blackmail, and I don't mean of the ransomware kind. They should have been more proactive and got ahead of this. That means not only doing the right thing before the calamities, but making a case for doing it to investors, and publicizing it. Instead we have another Grenfell on our hands. Companies will soon need to make such publicly grandiose plans for security to assuage investors, it will be akin to rehousing the Grenfell survivors in Buck house and No10.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • The Prime Minister stated that there were three Brexit options available to the UK:   26 members have voted

    1. 1. Which of the Prime Minister's options would you choose?


      • Leave with the negotiated deal
      • Remain
      • Leave with no deal

    Please sign in or register to vote in this poll. View topic


×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.