SoylentNews is people
SoylentNews
Submitted via IRC for BoyceMagooglyMonkey
Malicious hackers are mass exploiting a critical vulnerability in D-Link DSL routers in an attempt to make them part of Satori, the potent Internet-of-things botnet that is used to take down websites and mine digital coins, researchers said.
[...] Over the past five days, researchers said, Satori has started mass exploiting a critical vulnerability in the D-Link DSL 2750B, a combination router and DSL modem that's used by subscribers of Verizon and other ISPs. Attack code exploiting the two-year-old remote code-execution vulnerability was published last month, although Satori's customized payload delivers a worm. That means infections can spread from device to device with no end-user interaction required. D-Link's website doesn't show a patch being available for the unindexed vulnerability, and D-Link representatives didn't respond to an email seeking comment for this post.
[...] It's not immediately clear what people with a vulnerable D-Link device can do to protect themselves from these attacks. Ars has asked both D-Link and Radware to provide guidance. In the meantime, people using one should strongly consider replacing it.
(Score: 4, Interesting) by RS3 on Thursday June 21 2018, @04:10PM (5 children)
I know (too) many people who refuse to update software. I hate it too, but you have to. Please don't misunderstand me- I get the frustration. It's tedious, time-consuming, and too often cripples or breaks something. But often you get performance fixes, so yay.
Many (most?) of these gateways ("routers") are being updated automagically by the ISP.
I'm the employee who the bosses / beancounters grumble about because I don't want to ship a product with known problems. Many people have made analogies to how no company would stay in business selling physical products, including cars, planes, etc., with the number and severity of flaws in most of today's software.
Sadly we live in a world where software bugs and updates are the accepted norm, so it's a self-perpetuating cycle.
Also sadly I think the only way the cycle could ever be broken, and I'm not holding my breath, is for govt. to get involved and hold companies responsible, including criminally, for negligence. Admittedly it would be a huge mess.
But another frustration is with companies saying "oh, that's old and unsupported", you must upgrade. How about just fixing the thing in the first place? Please give me a complete product that I paid for.
I'm not done but I'll stop ranting now. :)
(Score: 3, Interesting) by MichaelDavidCrawford on Thursday June 21 2018, @05:26PM (3 children)
However whenever a new update ships I download it into a neatly catagorized archive folder that I reduntantly and offsitely back up, then keep that archive around until the heat death of the Universe with one of those offsites being on an external hard drive in a safe deposit box.
I'm happy to install each major release on a partition as that's how I can regress bugs while also supporting the past two or three major releases so my client's customers don't need to upgrade just to run my code.
Minor releases I only install if QA reports a bug specifically against one of those minor releases. I never install security updates unless I have good reason to believe I'd get pwned if I didn't. I also unstall cryptolock patching updates.
For both the OS - and I run macOS, Windows, Linux and sometimes BSD, once I find a major release that satisfies, I never install any updates of any kind.
Aunt Peggy was on dialup. I asked her once if she ever ran Software Update. "Yes but it ran and ran and ran so I turned my computer off"
Mom was also on dialup. While she wanted the updates they were all orders of magnitudes to big to download. Dialup is common throughout the entire developing world, I expect if they do patch they handle it the same way I did:
Software Update will tell you which specific patches need to be installed. I'd walk to a wifi spot with my laptop then download them onto a stick from:
http://www.apple.com/support/downloads/ [apple.com]
Apple's support downloads are a little fiddly but every patch that has ever Walked The Earth can be had there.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Informative) by RS3 on Thursday June 21 2018, @06:12PM (2 children)
I have an Aunt Peggy too! Well, she doesn't know we call her that; she's self-conscious about that dowel prosthesis.
But seriously, I laud your caution and approach wrt updates. I've found, generally, that software updates are a Good Thing, and I find them tedious enough without doing much extra work. My thick-sculled lazy approach is to have several computers, and I'll try a new update on one I can live without. It did bite me in the butt a few months ago: an update worked on 3 machines, so I ran it on this laptop, arguably my most important computer, and it blue-screened, un-bootable. Pulled the hd, plugged it in as an external on a good machine, found some complicated cryptic m$ command procedure to remove the patch, and miraculously, it lives. Whew.
Being a long-time staunch Linux freak, you'd think I would use Linux for most of my desktops. Well, it's complicated, and mostly that I get to really like a particular desktop / tools / etc., but the "updates" end up mangling it enough to force me back to Windoze. And Linus decreed "thou shalt not break userland", but the people heeded not, and the land is smitten.
(Score: 2) by MichaelDavidCrawford on Thursday June 21 2018, @07:45PM (1 child)
But I can enjoy my workday only on Macintosh.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Insightful) by RS3 on Thursday June 21 2018, @09:05PM
Yes, Macontosh, sigh. I'm sure you've seen one of my favorite vids: https://www.youtube.com/watch?v=ks-N4rI_1RU [youtube.com]
I love MacOS but I hate Apple for not "supporting" older OSes.
While I'm ranting, wouldn't it be peachy to have just 1 OS that gets refined until it's right? Oh no, that wouldn't keep selling new OS versions to people who already own an OS.
(Score: 0) by Anonymous Coward on Thursday June 21 2018, @06:01PM
I haven't updated the firmware on my Atari 800 in 38 years