Information is developing faster than we can keep up, but, the UK health system was hit by a huge wave of Ransomware today. The WannaCry campaign has devastated hospitals and trauma centers. Patients are being refused. Records are inaccessible. The only work being done is high level emergency work to save life and limb.
Ongoing information can be found here:
Hospitals across England hit by large-scale cyber-attack from worldnews
Some language, some frustration, but this is real life. There is every expectation that life will be lost due to this ridiculous cyber attack.
If it turns out to be a pissed off kid who couldn’t get some vicodin from his doctor, heaven help him.
This is a good time to point out that the Emerging Threats Pro rule set apparently will trigger on the traffic that caused the exploit:
ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response
I won’t make any money if you buy an ET Pro license, but, I recommend it.
Patch your systems! This is information about the exploit found in Windows… fixed a few weeks back.. Hospitals are notorious for having old and unpatched devices..
I recently had a conversation with an old friend of mine. There were some awesome things about his job. He loved the day to day, hands on field work.
He didn’t love the office politics, lack of career growth, etc.
I asked him: “how can you make 500k / year in your field?”
What do you think. Is that a valid question? Is that a valid goal for everyone?
My intention was to inspire thought beyond the traditional career path in his field. Not to imply his field or career was bad/wrong.
Can you earn 500k a year using the skills and passions you have? Are you stuck at 35k/year? 100k/year?
Do you need to earn more to feel fulfilled?
Quick note, and it’s not too hard, but took a few minutes to remember.
Amazon Linux comes with Java 1.7.0 installed. I wanted to upgrade to 1.8.0 for Elasticsearch 5.3
sudo yum -y install java-1.8.0-openjdk
$ java -version
java version "1.7.0_131"
Just yank out 1.7.0
$ sudo yum remove java-1.7.0-openjdk
If you need both installed, maybe an old piece of code needs 1.7.0 and all your other stuff can deal with a global default of 1.8.0, update your legacy apps to specify the JAVA_HOME environment variables to the real location of java-1.7.0, and update the global system like this:
$ which java
$ ls -altr /usr/bin/java
lrwxrwxrwx 1 root root 22 Apr 20 17:00 /usr/bin/java -> /etc/alternatives/java
$ ls -latr /etc/alternatives/java
lrwxrwxrwx 1 root root 46 Apr 20 17:00 /etc/alternatives/java -> /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java
$ sudo update-alternatives --config java
There is 1 program that provides 'java'.
*+ 1 /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java
Enter to keep the current selection[+], or type selection number: 1
Had I not removed Java 1.7 already, I’d have 1.7 and 1.8 in that list to choose from.
I spy on you, it’s my job.
I build tools that monitor your computer network.
They will get installed at your employer and because of that, we have 100% visibility into what you’re doing on your network…. and you should be glad!
Cybersecurity is a hard ‘thing’. It’s a constant arms race for new exploits, new tool kits to take advantage of those exploits and new defenses on how to stop those exploits. It’s not a new game, and the game will never go away. The rules are pretty simple. There are people out there who want to impact your computer network. Then, there are people who try to defend your network. Pretty straight forward eh?
The attackers have various reasons they want to attack.
- Personal education, figuring out how to break things
- Bragging rights, so they can seem cool in their dark circles
- Theft, stealing your personal/customer/employee data
- Reward, getting paid to attack, corrupt, encrypt, etc
Why I need to Spy on You
In order to understand what’s going on, we need 100% visibility into a network. We need to see how data flows. Need to see how address lookup (DNS) works. Need to see what web sites are visited, URLs and files are loaded. Is your computer talking to a known bad web site? A known exploited file got downloaded? We need to log everything. It’s like CSI.. but network forensics.
… just remember, I don’t care how much time you spend on Facebook. I don’t care about your, eh, OTHER online browsing habits, as long as they don’t infect your computer!