My Best Teaching Is One-on-One

一対一が僕のベスト

Of course, I team teach and do special lessons, etc.

当然、先生方と共同レッスンも、特別レッスンの指導もします。

But my best work in the classroom is after the lesson is over --
going one-on-one,
helping individual students with their assignments.

しかし、僕の一番意味あると思っている仕事は、講義が終わってから、
一対一と
個人的にその課題の勉強を応援することです。

It's kind of like with computer programs, walking the client through hands-on.
The job isn't really done until the customer is using the program.

まあ、コンピュータプログラムにすると、得意先の方に出来上がった製品を体験させるようなことと思います。
役に立たない製品はまだ製品になっていないと同様です。

Monday, May 15, 2017

Do Not Pay the Modern Danegeld! -- Ransomware

Yesterday, I read in the paper how ransomware has been spreading.

It would be easy to waste electrons castigating Microsoft for leading the establishment of impossible-to-secure software as industry standards.

(The words "unsafe at any speed" make me wonder why Nader has been mostly silent about the current computer industry.)

It is true that software, including operating systems, is not exempt from the mathematical principle that absolute security is an internally inconsistent concept.

But the habit of the industry has been to rely on lack of education rather than actual prevention.

This combined with excessive competition for the market has led to unsafe practices built on unsafe features built on unsafe practices.

We all know that our information devices are unsafe -- impossible to secure. (Or, if you do not, you have been deliberately closing you eyes. Perhaps you think there is nothing to do about it.)

So, now someone you know is looking at a message on his or her screen:

Pay up or lose your precious data!
You seriously can't be thinking
$300 is cheaper than losing my mail archives and address book!
Let me put the real costs in front of you:

Every dollar you give in ransom is the price of one bomb or landmine, small enough to hide, large enough to kill and maim humans and animals, large enough to destroy or disable cars, trucks, roads, communication lines, etc.

Every bitcoin paid in ransom is 1,700 such bombs.

And if you pay it now, you will be faced with paying it again.

What should we do?


Step back, take a deep breath, let common sense flood back into your brain.

  • Do you have backups?

If not, now is the time to start planning.

  • Can you reconstruct the data?

Re-constructing the data may take time, but if you can't reconstruct your data, it was never yous in the first place.

("Big Data" is a comfortable illusion with some substantial features, but you really should be honest with yourself about that. Money doesn't really grow on data trees, whether binary, b-star or otherwise.)

  • Okay, you have partial backups -- USBs, dropboxes, cloud services, etc. 
  • And you can reconstruct the most important data, if you are willing to take the time. 

So, no, the data that has been locked away from you is not worth continuing to arm the enemy.

  • First step, shut that computer off. 

If you have reason to believe that the ransomware will try to delete data on shutdown or some such stupidity, pull the plug and the batteries.

Your local geek may be worried about data loss on shutdown, but the converse is also a problem. Hiding is easy, but encryption takes time.

Remove all hard disks, SDs, and USB storage devices that were attached when the malware showed up, and collect all external storage that has been attached to the infected device in the past week, at least.

Learn something about security. Do not depend on books with names like "Security for Dummies." Dummies are soon chumps, and that's how you got in this mess.

Yes, I should write a book. Somebody front me the money. Oh, well, that's not happening very soon.

Two of my blogs, free is not free, and defining computers have some useful information, but some of it is old, and both mix rants, daydreams, and parable with practical advice.

So use your own brain. Here's a start:
  1. Think about what secrets are. 
  2. Think about what computer data is.
  3. Think about walls and locks
  4. Think about protocol.
Think about what the limits of the above are without computers. Then convince yourself that computers are not magic. Fast and re-writable, but not magic.

I'll list a few really relevant rants:

Back to practical steps:

  • Re-flash the BIOS of the infected device. 

If you don't do that, you're likely to get re-infected. BIOS attacks are becoming commonplace, and the ransomware attacks are at that level.

(And, yes, there are indeed huge problems in the new BIOSses. Reflash or buy new, but buying new is a problem, too.)

  • Install new boot and other internal media (new hard disk or SD for boot and data) and install a new, safer OS.

I'd recommend a Linux OS such as Debian, Ubuntu, or Red Hat Linux, but, really, the marketplace has been infecting those with unsafe applications, practices, and features for the last fifteen years.

Eventually, I want to recommend installing a Linux or BSD OS and installing MSWindows in a VM on top of that, but that is not yet ready for prime time, and Microsoft and Intel seem to think they have financial incentives in working behind the scenes to make that not happen.

If you have to use a Microsoft OS, just don't keep important data on it, especially not without backup.

  • Make a plan about where to store your data.

As much as it galls me to say so, yes, I'm suggesting NAS and cloud if you have any really valuable data.

At bare minimum, keep copies on USB drives that you properly unmount before removing. (Click the "remove" button and wait until the OS says it's okay.) And do not keep the USB drive inserted in the computer while you work.

Do not keep any valuable data on your workstation. (I say, but I can't afford to do otherwise right now. I'll have to take my own advice and collect my data onto an external device, as soon as I get some résumés sent out. But I'm using an OS I'm fairly confident I can still trust.)

  • Take a little time to review what you think you know about computers on a regular basis. Learn an alternative OS.
And
  • Take time to understand your data, what you have, and what it's worth.
Now that we have that out of the way, now is the time to think about recovering that locked-up data.

  • First, mount the media device (hard disk, SD, USB) on a known-safe machine. 
  • Then look around and see what was actually encrypted and what was just moved somewhere.
  • Then go look for tools for un-erasing data. The attackers may not have encrypted the partitions, and probably has not tried to find deleted files to encrypt. So you will likely be able to recover up until the last save, even if the encryption really is unbreakable.
  • Finally, if you still have data that is highly valuable and not recovered, now you know how much you will be willing to pay a legitimate professional to try to get it back by brute-forcing the encryption keys.
That last list is the one you wanted me to tell you first. But that would not be helping you to be secure the next time, and the next time is already waiting for you.

No comments:

Post a Comment

Courtesy is courteous.