[LINK] British researcher finds a 'kill switch' for global cyber attack

Roger Clarke Roger.Clarke at xamax.com.au
Mon May 15 11:08:52 AEST 2017

At 12:25 +1200 15/5/17, Paul Bolger wrote:
>Also interesting over here (NZ) that the media spent the weekend reporting
>the attack, but didn't bother to tell people how to avoid being attacked
>themselves when they returned to work this morning.

The only Staysmart Alert that's arrived so far (dated Sun, 14 May 2017 07:48:57 +1000) is valueless ('something's going on ... be careful').  The reasonable expectation of an ACORN is that it will actually grow;  but this service seems as juvenile now as when it was launched.

You'd hope that individual IT Directors / CSOs did some homework by Sunday evening at the latest, and had an urgent email in every employee and contractor's mailbox before BoB today.  And is there enough information available to have detection running on enterprise front-ends?

Below is a rather late one, which arrived c. 10:30 Monday, which is not BoB even for university academics.

And it doesn't include information on which patch-package, of which date, affecting which software, is the one that matters

That's too detailed to be in the body of such emails.  But surely a sufficient proportion of people have someone nearby who 'knows more than the rest of us', and is a reference-point who can take some load off the central services area?


From: ITU Service Management Office <SMO at unsw.edu.au>
To: #All Staff <All.Staff2 at unsw.edu.au>, #All Students
	<all.students at unsw.edu.au>
Subject: UNSW IT Security Alert: Ransomware "WannaCry"
Date: Mon, 15 May 2017 00:17:37 +0000
What is happening?
There has been widespread media reports of an IT security ransomware threat called "WannaCry" over the weekend. This software targets Windows based PCs by exploiting a security limitation for which protection measures have been published for quite some time.
This ransomware does not target Apple or Linux PCs.
Am I affected?
UNSW has not yet seen any evidence of WannaCry targeting University systems and our IT security teams remain on high alert as the situation continues to evolve.
We have put into place measures that protect UNSW owned PCs and individual personal windows computers whilst they are using the UNSW data networks. We cannot protect personal windows computers on home or public networks.
UNSW is continually updating our security protection systems to reduce the possibility of attacks such as these upon systems within the UNSW technology networks.
What should I do if I think I have been affected?
If you believe your device has been targeted please contact the IT Service Centre via phone (+612 9385 1333) or email <mailto:ITServiceCentre at unsw.edu.au>ITServiceCentre at unsw.edu.au.
How can I minimise the chance of an attack on my computer?
Whilst this ransomware attack is well publicised, there are cyber security threats every day.
The most common threats target email accounts, system login accounts and simple passwords. Ensure you have a secure password. Passwords must be changed every 6 months, be at least 8 characters long and include a combination of Upper and Lowercase letters, and Non-alphanumeric and Unicode character (e.g: !@#$%^).
To change your current zPass, please visit the UNSW Identity Manager website. This can be accessed by visiting the UNSW IT website and selecting 'Manage your zPass & UniPass'.
Other good security IT practices are to:
-   keep the operating system up to date,
-   apply Microsoft security updates when they are released and utilise a reputable Anti-Virus package.

 Service Management Office | UNSW IT | <mailto:SMO at unsw.edu.au>SMO at unsw.edu.au

Roger Clarke                                 http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list