Westministenders: Before the Fire Alarm of Rome goes off

[RedToothBrush]

I’m going to keep this one very simple.

THE DEADLINE TO REGISTER TO VOTE IS 22ND MAY.
www.gov.uk/register-to-vote

Postal votes start to go out on 23rd May.

Your challenge is to persuade someone to register to vote or to get someone who is considering not to, to get their arse to the polling station.

Go forth and harass. Especially women and the young.

That’s it. No frills OP.

Ron - it was bit evangelical! But as someone once said to me, "If Cook sense were so common, why is there so little of it about?"

I do remember when we were going through the ISO9000 process thinking that you needed to have done TQM first: there was no point quality controlling/measuring if you were making the wrong thing in the first place All that it would mean is that you knew where the fault happened As long as you had a TQM mindset (whether formally or informally ) then ISO9000 could be a good thing. If not, then it could just entrench poor product.

I absolutely saw the point in terms of ops processes and indeed continuous process improvement generally but in marketing and strategic planning the main aim did seem to be to recruit you to the religion rather than to be able to actually achieve much in the way of process improvement. It was followed not long after with a strategy called Customer First and the creation of internal markets which had a similar evangelical approach and a similar feeling that as a marketer I really did not need anyone to focus me on the customer, even if they were internal!

This is all reminding me why my enthusiasm for working in big business waned with each cycle of organisational change as a result of the evangelism of the latest management guru reinventing the wheel......

I suppose the proven benefits of those strategies motivating people through exploiting emotion rather than appealing to sense is exactly what Banks et al are implementing.....

If they're on the internet, they are

Not quite sure what you inferred from my comment, I wasn't implying the NHS systems are not interconnected, but that they're unlikely now only to be connected to each other, as there are private companies operating within NHS. Virgin is one example but there are others.

If this had been a deliberate attack to cripple the NHS in the UK, it would only have targeted the NHS and it would have introduced malware to crash systems irrevocably. It didn't.

It was clearly not an attack intended to cripple anything - it caused chaos and got a lot of attention, but there aren't reports thus far of irrevocable damage and whole systems crashing irreparably. Tho tbf work is still going on to see if data has been lost and whether the systems are safe. Nor do I think this was a genuine attempt to extort money - if so why target academic institutions such as those in China, which are prestigious but not necessarily wealthy, as the NHS, and why not include easy payment gateways, which were missing, according to the Vice President of IBM, unusually for ransomware attacks.

Given that Nissan was targeted in Japan, it may be that the Sunderland plant was affected via the Japanese software rather than being specifically targeted here.

Don't have any answers, just find the whole thing very odd.

Well, by yesterday the hackers had got around $50,000 worth of bitcoin.

Once again, organisations and companies were not targeted because of who they are.

The hackers, or "scum" as the IT site The Register describes them, just sent phishing emails in a scattergun approach in the hope that some recipients would let the ransomware into systems that were insufficiently protected.

In thousands of cases the phishing emails will have been stopped by security measures or reached recipients who didn't react to them.

Not quite sure what you inferred from my comment, I wasn't implying the NHS systems are not interconnected, but that they're unlikely now only to be connected to each other, as there are private companies operating within NHS. Virgin is one example but there are others.

Even organisations that operate a private WAN are going to do so over the internet (although I am quite prepared to accept there will be a few oddities that have private leased lines). They may be using a PPTP solution to provide a VPN to make it look private, but the reality is the traffic is being routed over the internet.

Any system that is receiving and sending email (including your smartphone, if you use it for email) is "on the internet".

Well, by yesterday the hackers had got around $50,000 worth of bitcoin

If they have any sense, they won't be touching those ever ...

Big thing in Labour Manifesto is it is explicit about ending FoM.

I don't think the ransomware attack is odd, ransomware attacks happen all the time, this one just made the news as it exploited a vulnerability that meant once it was on one machine, it could spread to any other un-patched machine on the network, which made it way more effective than normal.

Marking place. Thanks Red!

LH - we seem to be talking at cross purposes.

Your original point was:

I have a feeling any oddaties in distribution are a function of the fact it was NHS systems that were first hit - they are probably much more interconnected with each other (thus spreading it "internally") than with 3rd parties.

To which I responded that, given that private companies now operate within the NHS, I'd think NHS systems would be connected to those, not solely to each other.

Not disputing that NHS systems use the internet (nor that the internet is required for emails )

Ah ..

my sloppiness. When I used the work "interconnected" I meant that the vast majority of NHS systems emails are to/from other NHS systems.

Hence the rapid spread of the infection within the NHS - making it look targeted.

If you or I had been infected, it might have taken an awful lot longer for it to have spread.

Well, by yesterday the hackers had got around $50,000 worth of bitcoin.

Oh come on

The hackers, or "scum" as the IT site The Register describes them, just sent phishing emails in a scattergun approach in the hope that some recipients would let the ransomware into systems that were insufficiently protected.

The latest evidence indicates that these attacks did not start with phishing emails. Security companies have reported that scans of email networks showed no evidence the malware came from phishing. See also BiglyBadgers post above.

About TQM. It was pointed out by our guide that the Parthenon was a classical example of this.. Pericles was the big daddy of TQM.

I was just wondering about the issue of redress if purchasing something which is defective or have a problem with an item after Brexit. At the moment, say someone from France buys something from fellow member state UK. ATM there is legislation in place to guarantee your rights. Buying something from post Brexit UK will be a different matter. It won't be bound by the EU legislation. There may be something similar set up (not holding my breath when), but it may just be a lot of hassle to pursue if you are not in the UK.

europa.eu/youreurope/citizens/consumers/shopping/guarantees-returns/index_en.htm

Probably a diversion. But then I forget DD says he has planned for every possible eventuality.

There is talk about the supply chains and the quarter who are looking ahead to still source their stuff from within the EU. But there are smaller purchases too. Everyday things which add up in the overall scheme of things.

No worries LH, sorry if my point wasn't clear.

When I used the work "interconnected" I meant that the vast majority of NHS systems emails are to/from other NHS systems

I understood that and I agree. But I think there must now also be IT interface with other companies such as Virgin providing services within the NHS.

Everyone is saying all the evidence points to N Korea

Which is where the discussion started last night when it was first reported, as I just don't think it's that likely. If in doubt, blame N.Korea.

But I think there must now also be IT interface with other companies such as Virgin providing services within the NHS.

I would suspect Virgin (Healthcare) would have outsourced their IT to the lowest bidder which may or may not have insulated them.

I have been saying for years now that large organisations should really wake up and smell the coffee. If you cannot continue functioning without your IT running normally then - like it or not - you my friend are an IT company that happens to do something else (banking, healthcare, government) on the side. Once you start with that approach, you suddenly realise the numptiness of outsourcing one of your business-critical functions.

It can be a hard point to get across, but the simplest way is to ask how long could we continue to work without our IT ? - it's illuminating to compare that with any stated recovery times. Last place I worked the answer was "zero seconds", but "3 days". There was also the worrying fact that losing IT wouldn't create a backlog, as there was no practicable manual system to capture the volumes of data that would accumulate in the interim.

This from The Register

"Criminals behind WannaCrypt piggybacked on publicly dumped Equation Group exploits – originally stolen from the NSA before they were leaked in April – as the distribution vehicle for the WannaCrypt ransomware.

WannaCrypt initially infects endpoints via a phishing campaign or compromised RDP (remote desktop protocol). Once the ransomware gets into a network, it spreads quickly onto any unpatched Windows computers."

Also this from El Reg
"Indications are that the attack is the work of profit-motivated cybercriminals rather than a nation state-sponsored hacking crew.

Three Bitcoin wallets associated with WannaCrypt have received almost $55,000 in transfers since the beginning of the outbreak, a pitifully small sum considering the scope of damage. It is understood the decryption keys are issued manually, too, meaning it's unlikely you'll get a key from the malware's masterminds. Essentially, don't pay the ransom.

"We have confirmation that some of the 200+ ‪WannaCry‬pt victims who have paid the ransom have gotten their files back. Still, not recommended," said Mikko Hypponnen, chief research officer at security firm F-Secure, in a Twitter update."

I'll believe experts * before I believe the Telegraph.

*Yes, I know I'm not supposed to.

It can be a hard point to get across, but the simplest way is to ask how long could we continue to work without our IT ? - it's illuminating to compare that with any stated recovery times. Last place I worked the answer was "zero seconds", but "3 days". There was also the worrying fact that losing IT wouldn't create a backlog, as there was no practicable manual system to capture the volumes of data that would accumulate in the interim.

This. You'd be shocked if you knew the reality of the IT Security of even the biggest banks...

Its only a matter of time with that one too. Too many sloppy practices and people too comfortable in their jobs who don't want to take full responsibility for something and are happy to say well iits not my department, its not my problem"

I've had a leaflet through the door!
It's for the local Tory wankbadger so it's in the bin.
I do hope labour gets its act together re canvassing...never see anyone round here...
I like at lot of what's in the labour manifesto

You'd be shocked if you knew the reality of the IT Security of even the biggest banks.

With 30 years in IT ? Unlikely. A lot of security theatre (wonder where they got that idea), but nothing that really impacts on the bottom line.

What's slightly more worrying is the sheer volume of code that no-one ... and I mean no-one - has any clue about. Starting from the small: "I wonder why that function is called in this procedure ?", up to : "I wonder what that box does in the corner ?".

I once had to fix - as a support call - a "fault" in an Oracle stored procedure. When I loaded the source, it was blank ... successive BAs (all of whom had since left, along with the original contractor) had signed it off. It was only when the customer took delivery of the "upgrade" that was supposed to deliver the functionality, that the "fault" was logged. It had to be a support call, as we daren't let on the truth.

Then there was the mission-critical software component that had been built entirely on an unsupported Microsoft MSDN sample which died at NT SP4 (someone forgot that even number service packs are evil ...)

Anyway, enough nerd talk. Back to Brexit .

Jack Maidment‏ @jrmaidment
I asked the Prime Minister which Harry Potter character she is most similar to. Didn't go well.

We all know its Dolores Umbridge right?