Update: Amazon Italia, più Italia che Amazon (anche grazie ad SDA)

Update (30 Dec 2015):

 

finalmente SDA si è degnata di venire a ritirare il collo e la presa è stata effettuata alle 3 (non come indicato da amazon la mattina, ma insomma non siamo troppo pignoli). Almeno questo è stato fatto.

Amazon o non Amazon?

Non avrei mai creduto di scrivere un post come questo, ma non averei mai creduto neanche di vivere una simile esperienza con Amazon Italia.

Sono un cliente Amazon da lunga data, e cliente amazon era mia moglie prima di conoscermi. Abbiamo sperimentato Amazon in tutte le sue forme, da piccola startup americana, alle prime branch in europa.

L’azienda si era sempre distinta per un impeccabile servizio alla clientela, una attenzione che la poneva a livelli impensabili in italia. Un po come IKEA aveva rotto un circolo vizioso che in questo paese porta a considerare il cliente un po come colpevole a prescidere.

Servizio clienti ed attenzione sono fondamentali nel mercato online, fanno parte della credibilità di una azienda.

Il mio rapporto con Amazon ha iniziato ad avere i primi scricchiolii con la apertura di Amazon Italia. Intendiamoci non si tratta di Amazon per se, all’inizio, ma alcuni sfortunati incidenti di consena che coinvlgevano i corrieri locali. casualmente i problme piu grossi avvenivano quando il corriere in questione era SDA. Un caso? Mah … In ogni caso il servizio clienti aveva sempre prontamente risolto spesso reinviando la merce quando spariva “misteriosamente”.

Arriviamo a quest’anno.

Si dice una volta, un caso, due volte una coincidenza, tre volte ….

 

come in ogni Natale Amazon è il nostro provider preferito, efficenti, ottimo rapporto qualità prezzo, e quindi ci affidiamo sempre volentieri, salvo che quest’anno non tutto è andato come pianificato.

 

Prima volta (un caso…): I piatti

capita talvolta di voler regalarsi un piccolo sfizio a tavola, noi lo volevamo fare un un simpatico set di piatti natalizi. una cosa carina da usare in casa al posto del solito servizio di tutto l’anno. Troviamo su amazon un economico servizio natalizio e lo ordiniamo.

peccato che questo arrivi in un imballo quantomeno fantasioso. la scatola originale viene messa in una scatola grande circa il doppio, come imballaggio protettivo interno un pezzo di carta da pacchi abbastanza aprossimativo. Il collo originale si trovava quindi a navigare allegramente all’interno della scatola, senza nessuna indicazione del tipo “fragile”.

Capisco che sotto natale non si voglia limitare la lbertà di movimento di alcuni poveri piatti, ma il prezzo di tale libertà è larrivo di un servizio di cocci al posto dei piatti. dal momento che sono piatti natalizi e li vorremmo sotto natale avvertiamo subito il servizio clienti.

Il servizio clienti amazon italia è gentile, tutti ti danno del tu (?) e ci concordano subito una nuova spedizione. Purtroppo i piatti non sono in quel momento disponibili, ma l’operatore ci dice che se ne occupa lui, termine il 21 se ci sono li manda se no ci avverte.

Tutto fantastico, amazon che servizio…. certo l’imballaggio faceva schifo, ma un errore ci stà…. comunque l’operatore ci dice che verrà fatto presente al dipetimento di competenza il problema di imballo.

In effetti un nuovo invio avviene prima del 21 … peccato che …

Seconda volta (una coincidenza) regali consegnati?

Fare i regali sotto natale è un lavoro a tempo pieno, sopratutto trovare quello corretto per i ragazzibimbi. andiamo natale deve essere anche il momento delle sorprese, e cosa c’è di megio di un regalo inaspettato e gradito? Caso vuole che troviamo anche un regalo per un nipote. Luogo di spedizione, Cinisello Balsamo, provincia di milano. Persona destinata al ritiro la mia mamma, ottantenne e depositaria dei regali per la nipotanza, dal momento che vive in un condominio con portineria.

Dal tracking risulta il realo consegnato, vettore SDA, ma guarda un po nessuna traccia del pacchetto in questione. Eppure il vettore dice che il pacchetto è stato ritirato con tanto di firma, peccato che il ritiro sembra avvenuto non a Cinisello…. Se fossi uno sospettoso direi che qualcuno ha pensato bene di fr sparire un pacchetto, nel enorme numero di pacchi natalizi che girano, chi si accorge di uno piu o in meno.

Peccato il pacchetto arrivasse da UK, e il servizio clienti amazon ci avverte che no ci sono i tempi tecnici per poter riordinare ed avere il pacco in tempo per natale.

vabbeh, incidenti….

vediamo se arriva in ritardo, ma arriva…

Terza volta (finite le coincidenze ed il caso rimane ….) il laptop …

la fortuna è cieca ma la sfiga ci vede benissmo

proprio sotto natale si rompe un laptop, che serve per lavoro. Occorre una sostituzione rapida, andiamo su Amazon facciamo una rapida ricerca come windows 10 e troviamo un modello di HP economico nell’elenco che sembra fare al caso nostro.

OK è nostro,click e compra….

arriva persino in anticipo, e li ci accorgiamo ….

che il laptop è dotato di freedos (dannazzione nella descrizione mi era sfuggito), e che dopo un giro rapido su internet non è nemmeno compatibile con windows10. Uff probabilmente un problema nei filtri di ricerca, capita che i prodotti in elenco non siano compatibili con quello che cerchi… avrei dovuto stare piu attento (?).

Ok nessun problema, basta chiamare il servizio clienti ed esercitare la opzione di recesso…. un diritto in fondo.

Chiamiamo e non ci venfgono fatte osservazioni, ma immediatamente organzzato il ritiro della merce.

All’arrivo in Amazon ci verrà restituito l’importo pagato.

Corriere indicato SDA.

Quarta volta (oramai sospetto ci sia del dolo …) i piatti 2 la vendetta

Arriva il nuovo pacco con i piatti, vettore SDA.

Il pacchetto è piu piccolo ed appare danneggiato, siccome non c’è scritto il contenuto lo ritiro. Dentro ci sono ancora i piatti, rotti…. l’imballo piu piccolo è stato fatto con la medesima cura del primo invio, ma in una scatola di dimensioni inferiori. cosi i piatti viaggiavano meno, ed in effetti non sono tutti rotti come nel primo caso. Incomincio a sospettare che si tratti di una cosa voluta, come i marron glaces in pezzi… forse l’idea è avere un puzzle di piatti da montare….

Non sto neanche a chiedere il rimborso o il cambio, mi limito a notificare ad Amazon Italia che non comprerò mai piu piatti o cose fragili da loro. altri negozi online sono in grado di fare imballaggi seri, evidentemente inAmazon Italia il corso di imballaggio di colli fragili non è ancora stato istituito.

Quinta volta (ma io imperterrito mi fido, non posso far altro …) Il ritiro del laptop…

io aspetto il ritiro, ma nessuno si fa vivo, ne avverte. passati i termini chiamo amazon per speigazioni …

ci scusi non abbiamo ricevuto notifica dal corriere, che faccio?

nessun problema rischedulimao la presa 

…

Sesta, settima, ottava volta e ancora aspetto ….

Ancora soo qui che aspetto, a distana di u mese, che venga SDA a ritirare il collo. si sempre SDA. Siamo a 5 tentativi (il prossimo è scedulato per il 30).

Ovviamente il fatto che si continui a reitare un meccanismo che non funziona appare del tutto normale ad Amazon Italia, che stolidamente continua a utilizzarlo, incurante dei risultati, ed io devo aspettare un corriere che non passa. Del resto cosa vuoi che sia, io vivo per aspettare SDA (sempre loro), e secondo le regole di Amazon per ogni presa devi aspettare il giorno concordato e, se non avviene, il girono successivo, doppo di che loro capiscono che il corriere non è passato.

SDA, del resto, evita accuratamente di dare false speranze dicendo che passa, semplicemente non chiamano, salvo poi vedere sul sito di Amazon che il ritiro è avvenuto …. (?). un po come le consegne fantasma … ci sono anche i ritiri fantasma….

Ogni richiesta di spiegazione o lamentela è stata abilmente rimbalzata da Amazon Italia, con i gentilissimi ma inutili operatori del servizio clienti, e la assoluta ed assordante assenza di presa di responsabilità da parte del management di Amazon Italia, che si dimostra veramente italiana nello spirito del servizio al cliente.

Non cito il servizio clienti SDA perchè non esiste, non c’era e se c’era dormiva….. del resto se dovessi scegliere un corriere mai userei SDA, data la qualità del servizio offerto.

io continuo ad aspettare che ritirino l’oggetto sperando di ottener eun rimborso che, in teoria, sarebbe nei miei diritti.

nel frattempo non posso non fare alcune considerazioni:

1. Alla fine della esperienza devo dire che la mia opinione su Amazon è molto cambiata, e non in meglio
2. Dopo un giro di chiacchiere con conoscenti, parenti ed amici devo riscontrare che l’esperienza Amazon + SDA è traumatica per molti, e quando SDA è coinvolta il numero di problemi si moltiplica
3. un salto su forums, blog e cose del genere conferma questa “eccellenza” in negativo di SDA
4. ancora aspetto che ritirono il laptop

Concludendo

Vediamo come finiranno le cose, ma devo dire che un mito mi si è sbriciolato sotto gli occhi. Spero che non tutti abbiano lo stessa esperienza che ho avuto io.

Continuerò a fare acquisti su Amazon, anche amazon Italia, ma il livello di fiducia si è notevolmente abbassato, e non so quanto tempo occorrerà per vederlo tornare ai livelli precedenti.

Continuerò a non usare SDA se mi serve un corriere, va bene tutto ma sarebbe autolesionistico fare altrimenti.

Mi spiace per il regalo che non è arrivato per tempo, un bimbo ha pagato una inefficienza altrui (per fortuna è abbastanza grande e non crede più a Babbo Natale)

Buon Natale e Buon anno anche a Amazon ed SDA

Antonio.

 

I'm at Riyadh | الرياض! huawei days November 30, 2015 at 09:34AM

http://4sq.com/GC6exk
via IFTTT

Global Cooperation in Cyberspace Initiative

Dear Colleagues,

 

The EastWest Institute is leading a Global Cooperation in Cyberspace Initiative to help make cyberspace more secure and predictable. As part of that initiative, EWI has established a “breakthrough group” that is working to enhance cybersecurity for governments and enterprises globally by enabling the availability and use of more secure information and communication technology (ICT) products and services.

 

For providers in the ICT supply chain, the group is promoting the use of recognized and proven international standards and best practices that improve product and service integrity. For buyers of ICT, the group is working to foster the use of procurement practices that are founded on recognized and proven standards and best practices for secure ICT.

 

This request for input asks you to evaluate a set of principles, relevant and appropriate standards and best practices, and a set of questions for buyers and providers that will provide practical guideposts for evaluating and enhancing the security of ICT products and services.

 

Please complete the following request for input by December 7^th.

 

The link for the request for input is: 

 

Sincerely,

Related articles

• This graphic shows all the ways your car can be hacked
• Supply Chain – Term of the Day – Sep 23, 2015
• Intel Announces Creation Of Automotive Security Review Board (ASRB)
• North America has largest growth rate of ISO 27001 registrations
• Events for the week of Sep 27-Oct 3, 2015

Terrorism, religion and us

Recent events in Paris raised once again out attention on terrorism, and fueled once again the trumpet of hate and rage.

It is horrible what happened, it is horrible because innocent people died, it is horrible because a God and a Religion have been used once again to justify what is only the pleasure of killing from sick animals, it is horrible because will bring a long chain of sufferance again even between muslins.

It is easy to see now people claiming we don’t have to accept Syrian refugee: at the end they are muslin too, and therefore terrorist.

Such an easy equation, you can hear it in the far right parties in Europe, between republican in USA…. nobody stop thinking that those terrorist never arrive as those poor people, they usually arrive in airplanes or train, do not put at stake their mission to cross the border on a sinking boat. they are trained and have money not as those poor desperate.

But those kind of arguments are useless to the truth holders. It is the same approach that ISIS use to justify their actions: they hold the truth. and when you hold the truth you do not need to analyze or listen to anything else than yourself.

So the result of ISIS actions are fuelling the voice of rage and racism against Muslim, and again this will lead to make those people isolated and not integrated, making more field to religious fundamentalism and other terrorism.

A perfect cycle that empower all the extremist form one side to the other.

And sure will be war, ISIS is a state, although not recognized, so will be sooner or later a traditional war. And probably USA and Russia and China and turkey will take part, so they will have the chance to solve also their internal problems with the Muslim or Buddhist or  Kurds communities with the consensus of the public opinion. because they will fight terrorism.

And Probably Iran will move too, with good reasons since ISIS theology consider Iranian as heretic or even worse, since they are not sunny.

And all have interests in that area, that is more useful to all in a never-ending state of turmoil because nobody want to give up its influence. as simple as that.

We cry for innocents slaughtered by filthy bastards, but we should also cry for the ones will die because of this ignominious act and because of the ones are fuelling this hate.

And now  it will also be easy to pass unnoticed more controls and less privacy, more unpleasant restrictions and trade barrier…all in the name of security.

But I want to be clear, the Muslin community everywhere can’t keep being silent. If they will not raise the voice against terrorism loud and clear, if they will not stop covering by keeping their mouth shout those corrupted members inside their people, they will fuel this rage and be s well responsible.

It is time to take responsibility, from all the part or will never be a solution. The only way to shut up the mouth of hate is to stand with proud against those atrocity and not be afraid to call them as they should be: heretics with only interest in blood and power, enjoying the  taste of blood, drunk by the power to give death, unable to create but only to destroy.

 

 

 

 

Related articles

• The Soft Underbelly of Europe
• Report: China Sending Military Personnel And Air Assets To Syria
• Pomp and poverty: Pope Francis sees two sides of Washington
• Turkish-Uyghur Terror Inc. – America’s Other Al Qaeda
• Outburst of compassion in Europe puts lid on far right -for now
• No sign of ISIS infiltration of European refugees: Dutch Govt
• Isis: German police raid Berlin mosque in anti-terror investigation
• Muslim Terrorist Prepares To Throw Grenade At Jews – Doesn’t Go As Planned
• Fox News censured for Muslim claim
• Muslim schoolboy quizzed about ISIS after raising ‘eco-terrorism’ in French class

I'm at Hong Kong International Airport 香港國際機場 (HKG)! November 13, 2015 at 01:10PM

http://4sq.com/5pc0U0
via IFTTT

I'm at Chicago O'Hare International Airport (ORD)! November 12, 2015 at 06:44PM

http://4sq.com/1ToZTm
via IFTTT

I'm at City of Chicago! November 12, 2015 at 06:44PM

http://4sq.com/a8QcNf
via IFTTT

I'm at Hartsfield-Jackson Atlanta International Airport (ATL)! to hong kong November 12, 2015 at 02:38PM

http://4sq.com/2lnQUl
via IFTTT

The sunrise of hate and the sunset of reason

Statistics on political violence (Photo credit: Wikipedia)

I am a vivid LinkedIn user, I post on LinkedIn and read posts. Is a great way to understand and know the world outside. but lately I have seen a rise of hate comments and speeches that I find disturbing.

Mostly are related to political issues (quite understandable USA election are rising the bar of intolerance and violence between the contenders) but also ethnic and religious ones are present. The most deplorable are the ones related to the never ending war between Israel and Palestine and the reaction to muslin radicalism.

I am not a religious guy, I am agnostic, and I find revolting people using religion to justify their action of hate and violence, both side. I find revolting when people claim a land for “god’s” will, i find revolting when people distort history to justify that “right”, I find revolting when people call for violence against the other, all in the name of god, country, truth or freedom.

No matter if come from ISIS, some “questionable” government, far rights xenophobic parties, Christian, Muslin or Jews  fundamentalism, radical Zionism, or revolutionary communism … nothing good could come from not respecting the counterpart, and respect means to admit that the counterpart has its reason.

you will be hero or terrorist, depending if you will win or loose

Both contenders have their heroes, martyr that are seen as evil bringer of death from the other one. And this justify the chain of reactions. So you can kill because of a strip (charlie hebdo) and be considered an hero because of your god, or you can kill a kid on the sea and be considered a patriot because of another god.

Funny more the positions are radical more the contenders use to present “facts” in their distorted way, and I am almost sure most of them does not even realize that the truth is somewhere else, and they are just covering their need to be in the right spot, and the few ones that try to rise a bit of analysis or moderation are immediately attacked, more than the ones in the opposite side.

“…there are none so deaf as those who do not want to hear, there are none so blind as those who will not see…”

Alas in a world that keep considering the other an “enemy” and so ontologically evil it is hard to find hears and eyes open. at the end if your “truth” comes from god it is indisputable that the other one is wrong, and since the truth is there if they do not get it is because are evil.

So we keep seeing the right (or conservative) named fascist, the leftist communists as the Russian and Chinese (and for some USA people also the Europeans) , the muslin terrorist as most of the the middle eastern people, the Christian crusaders murderers of Muslims and so on. In a never-ending dualism where the other has no reason because the reason is all in one side. Above all there is the absolute ignorance of what most of those terms means: communism, democracy, fascism, free market (I am so sorry for Adam Smith) and so on,  are all used in a distorted way, that not even resemble the original meaning.

History is distorted as well, with the most recent facts but also ancient and consolidated, omitting or denying, no more or less as the revisionists deny the mass murdering done by the Nazis during the second world war. But we are all Bonaparte’s sons: it is not the map in error, is the battlefield that is wrong ….

And this allow us to make the sweetest generalization because if you don’t agree with me you are against me, and so your objections are not real but vicious lies.

We are so deep into this kind of thinking that if you care about environmental problems or climate change you are a communist…the earth is not changing its climate because of mankind…. come on really? Does history teach anything to any of us? Again science is under suspicion? And believing in climate change makes you left or right? And if I believe in the theory of strings what am I?

On the other end, people happily believe in creationism, why they should even go further…they know the truth…

(and yes evolutionism is a theory, as everything else in science, as the dinosaurs extinction because of a meteor and the other 5 big extinctions on hearth … this is what science is about)

Yes we made also science (again) a matter of left and right, good or evil. Even science has been caught in this loop, like if physics of our universe does really care about our silly disputes. Seems that the age of enlightenment has passed away with no trace, and we are turned back to the darkest middle age: age of slaughtering and crusades although, we should remember, of technical innovations. would be funny if, in the meanwhile, people die.

There are voices that try to call to reason; funny enough, the head of the catholic church, pope Francis, who would be supposedly on one side, is continuously asking for a more open approach, even about relationships between religions, may be for this reason has been called “communists”, quite funny i have to say.

But in a world that cherish violence and hate speech against moderation and real talking what could we expect.

I will keep reading post on LinkedIn, sometimes makes comment. And I will keep listening to tv news and politics making fun of reality to present their vision of the world, and I will keep trying to teach my daughter that there is never one reason and one truth, and only keeping an open mind, listening and watching some sparks of the truth could be seen.

Prove me wrong, I will listen.

cheers

Antonio

 

Related articles

• Pope’s Washington visit has some uncomfortable messages for the White House
• Shep Smith: Pope’s Compassion is Not ‘Political’
• Pope Francis: We Must Combat All Types Of Religious ‘Fundamentalism’
• Fox News’s Shepard Smith has the perfect response to Pope Francis’s conservative critics
• That’s Not How Religion Works, Ben Carson
• Civil liberties groups address tension between religion and civil rights
• Pope calls for action on climate change
• Eight Ways To Be Rude And Unprofessional On LinkedIn
• A Global Response to the Mediterranean Migration Crisis
• Analysis: Pope chose subtle over blunt critique in Cuba

I'm at Hotel District! isf coference November 07, 2015 at 10:17PM

http://4sq.com/1dYLLQp
via IFTTT

I'm at Hotel District! November 07, 2015 at 01:04AM

http://4sq.com/1dYLLQp
via IFTTT

I'm at Gus's Fried Chicken! November 07, 2015 at 01:27AM

http://4sq.com/1Jry15J
via IFTTT

I'm at San Francisco International Airport (SFO)! to atlanta for isf conference November 06, 2015 at 04:32PM

http://4sq.com/MTivk
via IFTTT

I'm at Motel 6 Santa Clara! November 06, 2015 at 01:25AM

http://4sq.com/dhTQBy
via IFTTT

I'm at The Towers! November 06, 2015 at 12:11AM

http://4sq.com/bwnkfK
via IFTTT

I'm at City of Cupertino! November 04, 2015 at 09:30PM

http://4sq.com/9x6p3K
via IFTTT

I'm at Motel 6 Santa Clara! November 03, 2015 at 07:20PM

http://4sq.com/dhTQBy
via IFTTT

I'm at Yeşilköy! going to sf November 02, 2015 at 12:22PM

http://4sq.com/cNcVmE
via IFTTT

I'm at İstanbul Atatürk Airport (IST)! November 02, 2015 at 12:23PM

http://4sq.com/5m1ekw
via IFTTT

ransomware again, really?

Malware logo Crystal 128. (Photo credit: Wikipedia)

Some days ago a friend of mine reported me that his company has been affected by a ransomware cryptoloker style. I keep hearing people infected by this kind of infection and I am starting to wonder if people has really understood what a cryptomalware really is and how it works.

 

here from Wikipedia:

”

Ransomware is a type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restriction.

Some forms of ransomware systematically encrypt files on the system’s hard drive (cryptoviral extortion, a threat originally envisioned by Adam Young and Moti Yung) using a large key that may be technologically infeasible to breach without paying the ransom, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.”

 

now let first try to understand what this means in practical words:

“a ransomware is a malware“, this should make clear that this is something bad.

“that restricts access to a computer system” , this clearly means that the aim of this kind of malware is to make you hard to log in to your computer andor data.

those days the most common form of this malware type is the cryptomalware, a malware that specifically deal with your data encrypting them. this basically means that your data are not deleted or moved but, simply, the malware make them unreadable. if you want to get access to your data again it requires of a ransom to be paid , if you are lucky.

now let us try to understand why this kind of malware is so popular, the reason are basically 2:

1. it is easy to get infected
2. it allow a quick access to money

let try to understand why it is easy to get infected by a cryptomalware:

To Crypt or not to Crypt.

Unlike we commonly think, encrypting a file is really easy and need really low permissions: you just need the right to edit the file.

you don’t really need to create special algorithm all you need is deeply documented in literature, beside crypto API are present everywhere and it’s an easy job to reach needed libraries.

So the encryption technique is still hard to be understood by IT managers, not for bad people.

if encryption is easy likewise is easy to have enough right to encrypt a file, you just need your ordinary rights on a file. you do not need administrator right, privilege escalation or esoteric techniques, your right to edit (Write) is enough.

Just remember:

If you can save it, then you can change it

Now this kind of rights are common for any user in any O.S. Even in the most security savvy organization if you can’t open a file or edit you can’t work on it.

On the other end the number of applications, programs, apps or whatever that are able to read and write with your same rights are simply almost all the one present in your system.

this means that a ransomware has:

• consolidated technology to rely on

• greatest attack surface (basically any app, browser)

• low rights needed

a heaven.

another interesting aspect of the ransomware is that the activities it does are almost standard inside the OS, does not open weird ports, does not change configuration settings, does not create users…it just write… as an ordinary user or app.

This makes the identification quite difficult for any antimalware system, since the operation is a normal one, and there are thousands of write operation on file every moment.

A good cryptomalware, moreover, does not need to target sensitive system files, that can require specific access permissions. due to its aim (allow the attacker to make money) it just need to target normal documents: .PDF, .DOC, .XLS, .PST …..

and those are the documents you commonly use, edit and save.

I want you to understand a critical point:

if your antivirusantimalware didn’t detected the ransomware on the infected machine, there is no way that other AVAM can detect the operation against normal readwrite operation on files, since a good ransomware just access what the user can access and do what the user usually do.

So what you need to be infected? All you need is your browser or the access to an infected application and you have an open windows to the world of encryption.

But I have antivirus on servers…..

good for you, good security practice to avoid infection spreads across your networks, almost useless against cryptomalware activities coming from an infected machine.

Got infected, and now?

It is easy to get infected, it is a different story to get rid of it.

Basically you need the key and the algorithm used to encrypt the file to decrypt it. This can be done usually in two ways, but neither of the two gives guaranties:

1. you pay the ransom
2. you ask support to an antivirus company

let try to understand option 1.

there is no guarantees that once the ransom has been paid you got your key. the reason can be different, and not necessarily related to the “ethic” of your attacker (please feel some irony in the previous statement).

there are a lot of old ransomware in the wild coming from old attack campaigns that are no longer monitored, and may be there is no one ready to accept your payment in bitcoin or any other virtual currency.

this is a more common issue than you think, a ransomware attack is not meant to last for ever, but the infected sources can remain infected for a lot of time even after the attack.

the attacker can been already been arrested or simply consider to risky to accept the payment.

and I didn’t mentions other unlucky condition, like been a collateral damage of a target attack to someone else, just so unlucky to find a test code to prepare an attack ……

so pay is an option but without guaranties…

let consider option 2

If nobody gives you the code you can try to analyze the encrypted files to find out if there are “fingerprints” resembling some known attack, in this case you can try to guess the encryption key somehow once you understand what is the cryptoware that makes the damage. luckily to avoid too much resource consumption usually keys and algorithm are not the most resource intensive, so some reverse engineering is still possible.

antivirus companies have samples and technology to try to save your data… try is the key.

there are no guaranties.

The problem is how much time you need to free your data form this unwanted encryption. it is a matter of time or, if you like more, processor power. even if well equipped even antimalware companies have limitation in terms of resources, so it is not always possible to encrypt your data.

I am sorry but this is the sad truth, in a world with unlimited resources we would not be affected, but we are not in this kind of world.

What should we do?

I wrote about this in the past (same subject actually). the very first step should be:

1. isolate the infected machine
2. report the incident to the local authorities
3. report the incident to your antivirus software company
4. start a recovery and mitigation activity.

1. isolate the infected machine

a ransomware can encrypt easily so it can spread easily: shared folders on servers are an easy target. before you can realize it your user can have create a lot of more damage. and if your antivirus didn’t catch it and you use the same antivirus on the servers there are no reason to expect a different behavior on your fileservers.

2. report the incident to the local authorities

believe it or not, police enforcement units can be of great support, you can be victim of a running ransomware attack that they are already monitoring or simply they can track down the attacker and get the key. Keep in mind that a ransom, unless is organized by a government in form of taxes, is never legal.

 3. report the incident to your antivirus software company

like for the previous point you can be lucky enough and they have a solution, as I wrote before it is not sure but is a possibility. beside reporting an attack that has not be detected makes possible to write protection signatures. don’t even think for a moment that since you got hit ones you are safe for the rest of your life. this is not like “chicken pots”  , you can’t be immunized.

4. start a recovery and mitigation activity.

this is the harsh point right?

what means recovery and mitigation?

well let be clear: till you do not have forensic proofs on how the infection strikes you, you can’t say you are safe. the malware that fucked you once can be still there lurking in the dark inside your network.

you should take all the needed precautions rising up the level of monitoring, checking for unusual write activity and alert your users on what are the steps to follow.

the target is to lower the kind of damage the ransomware can do again till you are not sure you are clean, and the incident is solved.

about recovery, well it is clear here that the king of the lab is a good backup policy. This means to have a system that can allow you to recover your data to a previous state, when data were not affected. this will lower the amount of damage you are going to face.

there are thousands of articles on how to manage correctly backup so I will not spend time here. just if you think backup is obsolete you probably didn’t understood what backup means (and what are the current available technologies).

just want to mention a couple of things:

disaster recovery and backup are two different things, so do not think you can use one instead of the other

some vaulting system, versioning , journaling and other technologies can be useful to mitigate and recover from this kind of accidents.

sometimes would be enough to plan correctly what you already have in your OS to survive this kind of problem, versioning and journaling of files are technologies present in windows and Linux, you just have to carry out them knowing what you are doing (possibly).

 

to the next, cheers.

Related articles

• Ransomware pushers up their game against small businesses
• Canadian Imperial Bank of Commerce You have received a secure e-mail – word doc malware
• Ransomware pushers up their game against small businesses
• Watch out small business owners: There’s a new threat to your point of sale system
• Danish Post Office Now Delivers Ransomware, Sort Of
• To Catch Ransomware Suspects, Dutch Police Relied on a Russian Security Firm
• Another day. Another Ransomware.
• TeslaCrypt 2.0: Cyber Crime Malware Behavior, Capabilities and Communications
• Hacker Lexicon: A Guide to Ransomware, the Scary Hack That’s on the Rise
• Encryption Software

I'm at Lacchiarella! October 11, 2015 at 05:31PM

http://4sq.com/hyYzZX
via IFTTT

I'm at via g d'annunzio 29,vistarino! October 10, 2015 at 10:53PM

http://4sq.com/HdQWvE
via IFTTT

Type of Managers

Managers and Problems solving

Managers

Managers role, leaders and VW

One of the things that make me think about the Volkswagen Diesel gate is the role of the management inside a company. All Diesel gate is a demonstration of how dangerous is to have bad managers in a company. It is supposed that managers have the responsibility to take decision and drive the company to reach the goals, this is the justification for their paycheck at the end a manager have to

• take decisions
• take responsibility

but is this actually the truth?

My experience as trainer, consultant and coach alas told me that the truth is quite different, and we can find clear example everywhere. Every time something goes wrong there are always good excuses (laws, government, economical outlook, competition, price …) great justifications (I didn’t know, I can’t look at every detail, my people should have dealt with this…) but seldom sincere apologies and acts of responsibility.

Take as an example the Volkswagen affair. Volkswagen CEO resign, with a millionaire paycheck, after making such a mess of the company. But the rest of the managers? In a hierarchical structure there should be a mix of direct responsibility and delegation, 11 million cars not compliant can’t be done without anyone knows.

Someone has approved some bad choices, and someone has to be responsible. The CEO and at least all the management chain that deal with the production share a big part of this responsibility, and so they should pay part of the costs. And believe me the magnitude of the damage is big, and it will be clear in the next years. Once you lose the trust of the people you loose one of the most important asset of your company, something that a lot of managers are not able to understand. Alas it is easier to talk how to rise RoI through savings than how to keep value trough brand, company and personal ethics.

I am sorry but big paycheck means also you have to pay the price for your mistakes. Alas this is not what happen in today big infrastructures. Higher level often means the less responsibility for the bad performances. The responsibility is always pushed down till the lower levels.

This is something that is quite clear to anyone worked in a Big Company. The problems are always someone else ones,  and when managers take “difficult” and “painful” decision, as large layoffs, they, basically, turn the problem and the cost of their bad choices to the lower level,  but you know:

someone has to pay.

When I train managers I usually try to explain them that their role is not to give orders but take responsibility.

Unlike personal contributors a manager inside the company has responsibility towards the lower levels and towards the upper level, being a manager means to manage resources in the proper way to meet the result the company need.

There are a lot of good reasons to want a manager do this.

If a manager is just a mere executor is actually  useless for the company: a paycheck without a brain is not something I would bet my money on. So what a manager should do?

Towards lower level a good manager should try to remove obstacle in order to allow them to reach their goals, and not expecting that the obstacle being remove by hisher people. This should be reflected in hisher KPI. If the team does not reach the goal all the company suffer, and a manager is the primary responsible.

I always criticize managers that told me that they want solutions and not problems from their team. If they are not a part, proactive part, of the solution they are, basically, part of the problem.

Being part of the solution does not means to tell someone “do it” but means to analyze the steps required to solve the problem and use all the instrument available to solve it. This could means asking for new resources, change plans and escalate to upper levels the problem if resources are not available.

If the management structure is flat this means a manager couldshould share the resource request directly with hisher peer, in a more hierarchical structure the manager have to ask resource to hisher upper level who will find the correct way.

Of course all those activities should be done inside a framework of policies and indications that allow the correct monitoring and managing of the resources.

If in Volkswagen there was anyone who approved the actions that caused this mess then, heshe is the responsible. But also the rest of the management chain share the responsibility, since they didn’t put in place the correct procedures to avoid this.

Mistake or not this is anyway a management problem, and management should take the responsibility for that, not only the CEO.

All this has nothing to do with leadership but is related to management. there is always a big confusion between the two roles: a leader and a manager are not the same thing,

of course a good manager should have also some leadership skills, but mainly it has to be a good manager.

of course a leader should have also some management skills, but a leader can be just a personal contributor inside a company, not necessarily a manager.

Alas there are roles that need both, a CEO is one of them. As CEO of a company you should prove great management skills as well as leadership ones, same request for the board level.

But where a leader and a manager differs?

Well a leader should be able to inspire people, track new paths, being an example of ethics. A leader should be able to do that “step more” that managers can avoid to do.

But a leader can’t be necessarily a manager or highly successful entrepreneur, we should be wise enough to know the difference.

If you think to the nowadays industrial world there are some “leaders” that are able to inspire: people like Steve Jobs, Bill Gates, Warren Buffet, Richard Branson, Jeff Bezos to name a few well-known names.

Are they perfect? I don’t think so

Are they leader? yes they are

 

Why they are leader? The simplest answer is because people recognize their leadership and … have you noticed that all those examples “create” their company and brand?

There are also other leaders, may be not under the media’s spotlights, but those should be known mostly by everyone (well may be my mum would have some problem).

Then there are great managers and great entrepreneurs that are important as well, but are a completely different thing.

There are also a lot of companies that lives (or sometimes survive) without leadership but just with good management (sorry for the great management, leadership is needed).

Just to be clear there are also companies that lives also without leadership and good management may be because of the past glories but sooner or later have to pay the price (and I have some example in mind now).

What kind of company was VW in your mind?

Related articles

• Volkswagen’s $7.3 billion diesel deception is a blessing in disguise
• Volkswagen emissions glitch were behind the brand’s recall letters from April
• Volkswagen’s recall letters in April warned of an emissions glitch
• Once Upon A Crisis At Volkswagen
• Volkswagen warned of emission glitch in April
• Volkswagen Admits ‘Defeat Device’ On 11 Million Engines Worldwide, Sets Aside $7.2B
• Volkswagen CEO is ‘deeply sorry’ to break public trust
• Volkswagen ‘to name and shame’ emission scandal culprits
• Board member expects further resignations at Volkswagen
• Volkswagen Chief Resigns; More Heads To Roll In Diesel Tailpipe Scam