Skip to content

The Isoblog. Posts

Microsoft fixed Wannacrypt on XP in February, didn’t release

The Register reports:

[O]ur analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt.

Here’s the dates in the patches:

  • Windows 8 RT (64-bit x86): Feb 13, 2017
  • Windows 8 RT (32-bit x86): Feb 13, 2017
  • Windows Server 2003 (64-bit x86): Feb 11, 2017
  • Windows Server 2003 (32-bit x86): Feb 11, 2017
  • Windows XP: Feb 11, 2017
  • Windows XP Embedded: Feb 17, 2017

This is bad.

7 Comments

Gemini Offshore Wind Park opens in the Netherlands

The Gemini Offshore Wind Park opens in the Netherlands:

With 150 wind turbines spanning 68 square kilometers, Gemini is one of the largest offshore wind parks in the world. Located 85 kilometers off the coast of Groningen in the North Sea, the Gemini is invisible from land. The project chose the location due to its high, constant wind speeds […] Management and maintenance headquarters for the wind park are in Eemshaven.

The park features 4MW turbines, so about 600 MW best case capacity (Wikipedia, Van Oord building this, 4C offshore, official website)

Leave a Comment

Albert Heijn electric delivery vehicles

AH has the first two electric delivery vehicles

Nederlands newspaper Het Parool reports that Nederlands supermarket chain Albert Heijn put the first two electric trucks into service to deliver wares to Amsterdam supermarkets. The trucks are running five to six runs between the AH distribution hub in Zaandam and Amsterdam centrum. They are charged while loading/unloading and can hence ride continuously.

Amsterdam aims to ban all ICE inside the A10 ring by 2025, if at all possible.

Leave a Comment

WSJ on Government Backdoors, intentional and unintentional

The episode underscores the folly of the U.S. law enforcement demand that tech companies install backdoors into their devices and services.

the WSJ comments. This time the leak is an unintentional backdoor the NSA used to get onto devices. The NSA used the Vulnerabilities Equities Process to determine that ETERNALBLUE is burnt and informed Microsoft, which then promptly generated an urgent critical patch, which did not make it out to systems in the field fast enough.

There is little difference according to the WSJ between flaws being used as government backdoors, and intentional government backdoors, which may be detected and abused, or leaked. So this whole Wannacry(pt) thing is a very good example of what will happen with Government mandated backdoors in systems.

Leave a Comment

Rittal sends USB sticks that act as keyboards – as advertisement

Holger Köpke got a USB stick (article in German) that supposedly is from data center equipment maker Rittal, unsolicited, in the mail. Of course he did not plug it into a device, it could be anything.

He then (from his first comment in the same article) set up a test VM on a scratch device, inserted the USB stick there and the stick identified not as USB memory, but as a USB HID, a keyboard. Seemed that he was right not to trust it. Sends a mail to Rittal explaining them why he thinks this is dangerous, and asks if this is indeed legit.

Gets a response (another article in German), a letter as a PDF sent by email.

1 Comment

Language Pitch

Erik Bern did a fun exercise and analyzed the pitch of speakers in various languages: Apparently Dutch is substantially deeper than German (it is also louder, but he did not analyze that).

There was a very definite point when I realized that I had to change my voice to get to the next level with my accent. Oddly enough it was actually while studying German (my third language). It felt awkward at first to alter my voice to the point where I didn’t feel like it was myself talking. But on the other hand I could hear myself sounding so much more German (if you know what I mean). Having been through this transformation I decided to change my “English voice” as well.

 

4 Comments

Handling Wannacrypt – a few words about technical debt

So Microsoft had a bug in their systems. Many of their sytems. For many years. That happens. People write code. These people write bugs

Microsoft over the years has become decently good with fixing bugs and rolling out upgrades, quickly. That’s apparently important, because we all are not good enough at not writing bugs. So if we cannot prevent them, we need to be able to fix them and then bring these fixes to the people. All of them.

The NSA found a bug. They called it ETERNALBLUE and they have been using it for many years to compromise systems.

In order to be able to continue doing that they kept the bug secret. That did not work. The bug is now MS17-010 or a whole list of CVE-entries.

The NSA told MS about the bug when they learned that it had leaked, but not before. Microsoft patched the bug in March 2017, even for systems as old as Windows XP (which lost all support in 2014), but many people did not install the patch.

The result is “the largest cyberattack in the world”.

8 Comments