back to article Canadian shipping company Canpar gets an unwanted delivery – ransomware

It has not been a good week for major Canadian shipping company Canpar Express. The Canuck parcel-mover's website fell offline for days as it tackled a ransomware outbreak on its internal systems. We are also told by readers who reside in America's Hat that deliveries have been negatively affected – things like package …

  1. sitta_europea

    "Google rushes to patch 'confused mailman' bug in Gmail"

    But I've been dropping all port 25 connections from Google for years...

  2. dvd

    I wonder if they'll ever fix the bug that means that I occasionally receive mail intended for someone in the South of England with a similar name to me.

    1. WolfFan Silver badge

      No, they won’t. As seen above, I know someone who has had a gmail account since 2004 and who is considering bailing because he’s getting mail for people in North Carolina, South Carolina, Oregon, California, Texas, New York, and Nigeria (no, not a prince, an actual person...). All have addresses similar to his. He’s got bills from utilities and department stores and collection agencies, notes from doctors and churches and car dealerships, and a lot more. The guy in Nigeria is an Englishman who works for Shell in Port Harcourt. Guess how we know. I suspect that all kinds of data protection laws are being broken; good luck getting any action from Google or any of the ‘authorities’.

  3. WolfFan Silver badge

    Gmail has been very confused for over a decade

    I no longer have Gmail accounts, as Google decided that it could not determine that I was actually me, despite my attempting to use accounts I’ve had for over a decade using my normal passwords and from my normal IPs. Gee, could it have been because I insisted on using ‘less secure’ apps like MS Outlook and Mozilla Thunderbird instead of using Google spyware?

    In any case, I know people who do still use Gmail, though not necessarily for much longer. They get mail addressed to [theirnamexxx] at gmail, and, worse, they _don’t_ get all of the mail addressed to their actual account, [theirname] at gmail. One person I know has got repeated mail from some idiot collection agency in Ohio about a person with an email address quite similar to his who is in Oregon. He’s in Florida. He had to actually get lawyers involved to convince the collection agency that they had the wrong guy. Google was of no help whatsoever. He’s seriously considering getting his own domain specifically to get away from gmail.

    1. Anonymous Coward
      Anonymous Coward

      Re: Gmail has been very confused for over a decade

      “ could it have been because I insisted on using ‘less secure’ apps like MS Outlook and Mozilla Thunderbird instead of using Google spyware?”

      Regardless of what client you use if google is your email host they will see whatever you send or receive through them.

      The only option is to not use google in your email solution.

      In my opinion Hotmail is worse, seeing ads influenced by the content of my email is why I ditched them for google ~15 years ago.

      I prefer non relevant ads and click on them more, mainly out of interest.

  4. Mike 137 Silver badge

    "you_name_it takes our obligation to protect customer information seriously"

    Obviously not quite seriously enough. No organisation that did would configure their network so ransomware (or any other malware) could spread uncontrolled from the typical point of entry - a user workstation - to their data repositories.

    The reality is that most "network security" runs on a wing, a prayer and Active Directory, and is consequently wide open. Nobody seems to make use of either appliance-based network segregation or application white (sorry - "allow") listing these days.

    1. Anonymous Coward
      Anonymous Coward

      Re: "you_name_it takes our obligation to protect customer information seriously"

      “ The reality is that most "network security" runs on a wing, a prayer and Active Directory, and is consequently wide open. Nobody seems to make use of either appliance-based network segregation or application white (sorry - "allow") listing these days.”

      IP based security is largely flawed, works ok ish for hosts you know should only talk to each other like server to server but is really ineffective when you need varying clients to talk to servers.

      AD / LDAP / certificate etc based controls are far better as access can be centrally rescinded while ip based controls can linger far longer, yes AD / LDAP / auto renewal cert controls can become a lingering mess too but having a central place to rescind can prove to be easier to sanitise with the proviso that it has the power to break more things faster if everything is not controlled properly to start with and continually after, of course network segmentation is still needed but not relied on as the absolute and more for performance.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022