[LINK] British researcher finds a 'kill switch' for global cyber attack

Roger Clarke Roger.Clarke at xamax.com.au
Mon May 15 12:26:01 AEST 2017

At 11:32 +1000 15/5/17, David Lochrin wrote:

Thanks David!

It's dated 14 Mar 2017.

So I wonder how many times sites have been bitten by bad patches, and have decided to always wait x patch-releases or y weeks before implementing.

If x > 3 or y > 9, the patch wasn't due to be applied yet.

>On 15/05/17 11:08, Roger Clarke wrote:
>> ... You'd hope that individual IT Directors / CSOs did some homework by
>> Sunday evening at the latest ...

At 11:35 +1000 15/5/17, Tom Worthington wrote:
>I would hope that IT directors do not have old, un-patched copies of Windows as part of their infrastructure. If they do, then the organization needs to replace their IT director, and whoever appointed them.

So which magic wand do you wave to get rid of legacy applications that don't run on up-to-date versions of OS, not to mention BYOD?

At 11:32 +1000 15/5/17, David Lochrin wrote:
> ... "The service is unavailable.".
>I suppose several billion people are all trying to do the same thing.

For years, my P2P lecture contained a segment on 'apart from music, what *else* would be really good to distribute using P2P rather than client-server (even regionally distributed client-server)?'.

The main examples I used were natural disaster emergency messages, and software patches.  Each time I raised this with anyone involved with distributing security patches, all I got was a glazed look.


>On 15/05/2017 11:08, Roger Clarke wrote:
>> And it doesn't include information on which patch-package, of which date, affecting which software, is the one that matters

At 11:32 +1000 15/5/17, David Lochrin wrote:
>A bulletin from CERT was waiting in my inbox on Sunday morning.  I'm not at my usual computer now and so can't forward it, but the relevant Microsoft reference is "Microsoft Security Bulletin MS17-010 - Critical" at
>This gives links to the relevant updates for various MS O/S.
>The relevant updates for 32-bit Windows-7 are "KB4012212 (security only)" and KB4012215.  I gather the former is a subset of the latter (?).  But attempting to download it this morning from http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212 gives "The service is unavailable.".
>I suppose several billion people are all trying to do the same thing.
>David L.

Roger Clarke                                 http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/ 

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list