Author: Mike Meredith

WannaCrypt Makes Other Malware Authors WannaCry

It may not be very funny, but the funny thing about WannaCrypt is that it is somewhat of a failure! Unless the authors are spectacularly stupid (not entirely impossible incidentally), they have no way to recover their ill-gotten gains. The pile of looted bitcoins they have acquired is fully visible, so any attempt to use those coins will almost certainly result in them being tracked down – they have attracted too much attention.

Which is another aspect of the WannCrypt malware – it has highlighted the vulnerability (MS17-010) and caused a huge vulnerability hunt. Which is causing those who wrote other malware (such as Adylkuzz) to gnash their teeth, because otherwise their malware would have quietly worked away in the background. The malware authors behind Adylkuzz have probably made more money than the WannaCrypt malware authors … and may well get away with their loot too.

Which is why other malware authors “wannacry” – the attention that WannaCrypt has gotten has ruined MS17-010 for them.

2017-05-17
When Windows Update Lies
It seems rather strange when you discover it, but Windows Update sometimes lies about what updates have been installed. I am not sure how often this happens, but it does happen from time to time. Which with WannaCrypt rampaging around is somewhat unfortunate.

What seems to happen is that Windows Update gets confused about what patches it has installed – it’s internal database gets corrupt. One possible fix for this is to remove the database :-
```
net stop wuauserv
cd %systemroot%
ren SoftwareDistribution SoftwareDistribution.old
net start wuauserv
rd /s/q SoftwareDistribution.old
```
When using Windows 10, you may well have to start (net start wuauserv) Windows Update services before stopping them. Once you have removed the directory, the next time you run Windows Update in the gooey, it will spend some time rebuilding it’s database and hopefully will then pick up the missing updates. No promises but this worked on at least one server that had unacknowledged missing patches.

Of course without a proper vulnerability scanner it may be tricky to determine when Windows is lying about being fully patched. The best bet is to assume it is lying whenever something like WannaCrypt comes along.

The other possibility is to look into something like Autopatcher which is intended for offline updates – you can download the Microsoft updates and use the tool to patch Windows computers from the downloads.
2017-05-17
Canute, The Tide, and The Church

Many of us know about the story of King Canute (or probably Cnut) and his attempt to hold back the tides. Although we English typically only give one king the suffix “the Great” (Alfred), Cnut himself is also known as “the Great” (perhaps more for his non-English endeavours). So it seems a touch unlikely that such a king would imagine he could control the waves by verbal command; if anything he might want to make fun of his courtiers by trying the impossible to indicate he was human.

It is a popular tale with the Church too – it’s a great example of over-weaning pride which is one of the seven deadly sins. And Cnut as a Dane, probably was not the most popular king with the church, as Danes had only recently given up going viking and pillaging churches and monasteries (in the words of a fictional viking: “they gather all their gold and silver into one building. And then so conveniently mark those buildings with crosses.¨).

But there is a far more prosaic explanation for the tale in which the Church uses a human disaster to laugh at people’s efforts to improve themselves.

Before the raw sewage pollution in the 19th century put an end to it, the South coast was home to a massive oyster fishing industry that existed in the region for at least two thousand years. Indeed, oysters were one of the staple food sources for the poor until the 19th century.

One of the ways that shallow water oyster fisheries can be improved is by building dyke-like structures that allow the high tide in, but keep some of the tide from escaping at low tide. As it happens, a place in West Sussex called Bosham happens to be ideal for this, and there is supposedly much archaeological evidence to show that these “dykes” had been built there repeatedly over the centuries.

As anyone who lives by the sea knows, to build sea structures, you have to over-build and even then, exceptional storms will cause damage, and there is also archaeological evidence to show that the “dykes” at Bosham were washed away in exceptional storms every few hundred years.

As it happens, Bosham was a royal estate in the time of Cnut (one of his daughters is supposedly buried at the pictured church), and it is all too likely that an exceptional storm would have destroyed the oyster beds whilst Cnut was holding Bosham. Thus the Church had an opportunity to use an economic disaster to poke fun at king they were probably not too fond of.

2017-05-08
A Dummies Guide To Tactical Voting

With an election coming up it is time to try and persuade those who do not vote to get out there and vote. One of the main reasons people give for not voting is because none of the candidates are inspiring enough. Well it is all very well waiting for a candidate that inspires you, but you could well be waiting for a very long time.

Probably the second biggest reason for not voting is that with the first past the post system, there are places where voting for anyone other than the leading candidate is seen as a wasted vote. Nothing could be further from the truth! In almost every “safe” seat, if everyone who didn’t vote for the leading candidate all voted for an agreed alternative, then the seat could easily go to that alternative candidate. For example, the Arundel and South Downs constituency was won with 32 thousand votes in a constituency of nearly 100,000 – easily enough to overturn the Tory majority.

As to tactical voting: It can be summed up by selecting the candidate you would most like to lose (such as the Tory candidate), and picking the candidate most likely to defeat them.

Anyone can find out the last few election results (and a whole lot more) at http://www.electoralcalculus.co.uk/. Just look at the last few elections and vote for the second placed candidate (providing that’s not a Tory or a UKIP candidate of course!). And don’t keep punishing the Liberals for breaking their promises; they don’t break their promises any more than the others.

Of course this may mean you are not voting for the candidate you want, but under the present voting system it makes more sense to vote against the candidate you dislike the most. Yes this is crazy, but so is using a voting system first used in the medieval era!

2017-05-01
Are Final Salary Pension Schemes Generous?

Short answer: NO!

One of the infuriating things I come across is the notion that final salary pension schemes are generous; it seems that a generation of Tory propaganda has persuaded people that such schemes were wildly over-generous and completely affordable. Of course many of those doing the persuading are taking advantage of those “generous” pension schemes.

What it is easy to forget is that many of those final salary pension schemes collapsed because successive governments turned a blind eye to the private sector looting pension scheme surpluses and panicking when the surpluses turned into deficits. In other words when pensions were profitable they were affordable, but whenever a company suddenly had to contribute more than it expected they were suddenly too expensive.

Now don’t get me wrong – with increasing life expectancy there are problems with funding pension schemes, and we can decide that they are too expensive, or not. But if a pension scheme was perfectly reasonable in the 1970s, it doesn’t suddenly become overly generous in the 21st century.

As it is, we have “decided” that rather than share wealth out amongst the working-class, it should be kept in the hands of the already wealthy.

Of course we could always decide to revisit that decision and spend more time thinking about it.

2017-04-30