Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday May 15 2017, @12:43AM   Printer-friendly
from the mouse-and-cat dept.

[Update at 20170515_022452 UTC: Instructions for what to do on each affected version of Windows can be found at: https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wannacrywannacrypt/ -- I've had excellent luck in the past following his advice on when and how to update Windows. Clear, hands-on instructions are a big win in my book. --martyb]

Previously: "Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS.

tl;dr: If you have not already patched your Windows computer(s), you may be at risk from a new variant of the WannaCrypt ransomware worm which lacks a kill switch and was seen over the weekend. Sysadmins are preparing for a busy Monday when countless other users return to work and boot up their PC.

WannaCrypt (aka WCry), is a ransomware worm that wreaked havoc across the internet this past weekend. It disabled Windows computers at hospitals, telecoms, FedEx, and banks (among many others). Files on user's machines were encrypted and the worm demanded $300 or $600 worth of Bitcoin to decrypt (depending on how quickly you responded). Reports first surfaced Friday night and were stopped only because a researcher discovered a domain name in the code, which when registered, caused the malware to stop infecting new machines.

We're not out of the woods on this one. Not surprisingly, a variant has been seen in the wild over the weekend which has removed the domain check. Just because you may not have been hit in the initial wave of attacks does not necessarily mean you are immune.

Back in March, Microsoft released updates to Windows to patch vaguely-described vulnerabilities. Approximately one month later, a dump of purported NSA (National Security Agency) hacking tools were posted to the web. The WannaCrypt ransomware appears to be based on one of those tools. Surprisingly, the Microsoft patches blocked the vulnerability that was employed by WannaCrypt.

In a surprising move, Microsoft has just released emergency patches for out-of-mainstream-support versions of Windows (XP, 8, and Server 2003) to address this vulnerability.

Sources: Our previous coverage linked above as well as reports from the BBC Ransomware cyber-attack threat escalating - Europol, Motherboard Round Two: WannaCrypt Ransomware That Struck the Globe Is Back, and Ars Technica WCry is so mean Microsoft issues patch for 3 unsupported Windows versions.

What actions, if any, have you taken to protect your Windows machine(s) from this threat? How up-to-date are your backups? Have you tested them? If you are a sysadmin, how concerned are you about what you will be facing at work on Monday?


Original Submission

Related Stories

"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS 88 comments

NSA-created cyber tool spawns global ransomware attacks

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

Decryption Utility for WannaCry is Released 19 comments

Various news outlets report the release of
Wannakey, a decryption utility for files encrypted by the WannaCry ransomware. According to the author of the software, it "has only been tested and known to work under Windows XP."

From the Wired article noted below:

Now one French researcher says he's found at least a hint of a very limited remedy. The fix still seems too buggy, and far from the panacea WannaCry victims have hoped for. But if Adrien Guinet's claims hold up, his tool could unlock some infected computers running Windows XP, the aging, largely unsupported version of Microsoft's operating system, which analysts believe accounts for some portion of the WannaCry plague.

[...] Guinet says he's successfully used the decryption tool several times on test XP machines he's infected with WannaCry. But he cautions that, because those traces are stored in volatile memory, the trick fails if the malware or any other process happened to overwrite the lingering decryption key, or if the computer rebooted any time after infection.

Coverage:

Previous stories:
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]


Original Submission

WannaCry Ransomware Attack Linked to North Korea by Symantec 23 comments

Symantec and FireEye have linked the recent WannaCry ransomware attacks to North Korea:

Cybersecurity researchers at Symantec Corp. and FireEye Inc. have uncovered more evidence tying this month's WannaCry global ransomware attacks to North Korea.

The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said. The software used was virtually identical to versions employed in attacks earlier this year attributed to the same agency, the company said in a report late Monday. FireEye on Tuesday agreed WannaCry shared unique code with malware previously linked to North Korea. "The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators," Ben Read, a FireEye analyst, said in an emailed statement.

[...] The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn't or didn't download a security patch released in March labeled "critical."

Also at NYT, Reuters, Ars Technica, and The Hill. Symantec blog (appears scriptwalled).

Here's a screenshot of Wana Decrypt0r 2.0. Note the Wikipedia licensing section.

Previously: Security In 2017: Ransomware Will Remain King
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]
Decryption Utility for WannaCry is Released


Original Submission

Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con 42 comments

Marcus Hutchins, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak in its tracks by discovering a hidden "kill switch" for the malware, has been arrested by the FBI over his alleged involvement in another malicious software targeting bank accounts.

According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015.

The Kronos malware was spread through emails with malicious attachments such as compromised Microsoft word documents, and hijacks credentials like internet banking passwords to let its user steal money with ease.

[...] Hutchins, better known online by his handle MalwareTech, had been in Las Vegas for the annual Def Con hacking conference, the largest of its kind in the world. He was at the airport preparing to leave the country when he was arrested, after more than a week in the the city without incident.

Grauniad source: Briton who stopped WannaCry attack arrested over separate malware claims

Also covered by the BBC: NHS cyber-defender Marcus Hutchins charged in US.

Update: Detention quickly turned to arrest and indictment. Also at NPR, Motherboard, and the L.A. Times.

Previously: "Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]


Original Submission #1   Original Submission #2

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by MichaelDavidCrawford on Monday May 15 2017, @12:55AM (11 children)

    this is a common problem: when I tell windows update to do its thing, it says "Checking for Updates" then never finishes checking.

    I've tried several of the reported workarounds.

    I figure I'll have to reinstall windows anyway, so I'll just wait until some manner of ransomware 0wnz0r5 me.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 3, Informative) by butthurt on Monday May 15 2017, @01:18AM (5 children)

      by butthurt (6141) on Monday May 15 2017, @01:18AM (#509668) Journal

      Back in the days of Windows XP, it used to be possible to run Microsoft Baseline Security Analyzer, get from that a list of missing patches, then download and install them (most came in the form of self-installing executables) without running Windows Update.

      In November 2013 MBSA 2.3 was released. This release adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 2000 will no longer be supported [...]

      -- https://en.wikipedia.org/wiki/Microsoft_Baseline_Security_Analyzer [wikipedia.org]

      Did you try WSUS Offline Update?

      Using WSUS Offline Update, you can update any computer running Microsoft Windows safely, quickly and without an Internet connection.

      -- http://www.wsusoffline.net/ [wsusoffline.net]

      • (Score: 2) by acharax on Monday May 15 2017, @04:44AM (4 children)

        by acharax (4264) on Monday May 15 2017, @04:44AM (#509765)

        I second WSUS Offline. It might be a bit clunky but it works.

        • (Score: 1) by butthurt on Monday May 15 2017, @06:15AM

          by butthurt (6141) on Monday May 15 2017, @06:15AM (#509806) Journal

          Thanks for weighing in. I don't have any actual experience with that myself.

        • (Score: 2) by TheB on Monday May 15 2017, @11:50AM (2 children)

          by TheB (1538) on Monday May 15 2017, @11:50AM (#509948)

          After a failed update corrupted parts of my win 7 install, it was WSUS Offline that finally saved it.
          If anyone is having troubles with Windows Update they should definitely give WSUS Offline a try.
          Windows Update works again after WSUS fixed the system.

          • (Score: 2) by kaszz on Monday May 15 2017, @10:12PM (1 child)

            by kaszz (4211) on Monday May 15 2017, @10:12PM (#510252) Journal

            How did you get the files and bootmedia for WSUS if the system was corrupted?

            • (Score: 2) by TheB on Tuesday May 16 2017, @08:23PM

              by TheB (1538) on Tuesday May 16 2017, @08:23PM (#510725)

              The OS still ran.

              Windows Update had crashed the system during an update, leaving corrupted files in the WU cash, missing files in "C:\Windows\Servicing\", garbled DISM log, and left bugs in the registry.
              The system was otherwise stable.

    • (Score: 0) by Anonymous Coward on Monday May 15 2017, @01:36AM

      by Anonymous Coward on Monday May 15 2017, @01:36AM (#509674)

      It's probably because there are so many updates that have been installed. I had the same problem for the first one of these stupid monthly security updates. I had to use WSUS offline update to install enough of the patches that the official installer would work.

    • (Score: 2) by physicsmajor on Monday May 15 2017, @02:08AM

      by physicsmajor (1471) on Monday May 15 2017, @02:08AM (#509688)

      There are standalone installers for this patch. You only need the Windows Update service running, and only while the patch is being installed - you can disable it afterward, before restarting.

    • (Score: 1) by toddestan on Monday May 15 2017, @03:13AM (1 child)

      by toddestan (4982) on Monday May 15 2017, @03:13AM (#509731)

      If you've got Windows 7, reinstalling won't help you. You'll be OK to SP1, and then it'll be an endless update check after that.

      It's not actually endless though, it will generally finish after a day or two if you just let it sit and keep running.

      • (Score: 2) by tynin on Monday May 15 2017, @03:58PM

        by tynin (2013) on Monday May 15 2017, @03:58PM (#510077) Journal

        I've found the process to be very RAM intensive as it catalogs and checks what version of everything you are running so it can give you the correct patch list. The more RAM you have, the faster it'll finish, otherwise the list it creates has to keep spilling to disk, then read back in later, etc etc. After nearly a week, I was able to get an older computer with 2GB of RAM to finish patching, but I'll never go through that again. The computer was my Grandma's and I've successfully got her running on a Raspi 3b running Raspian with MATE, with a nice 27" monitor running in 720p so the fonts are nice and big for her. She has been using it for nearly a year and is quite happy with it.

    • (Score: 0) by Anonymous Coward on Monday May 15 2017, @03:48AM

      by Anonymous Coward on Monday May 15 2017, @03:48AM (#509747)

      http://download.wsusoffline.net/ [wsusoffline.net]

      Waiting for Windows Update to function is a waste of time.

  • (Score: 3, Interesting) by butthurt on Monday May 15 2017, @01:28AM (5 children)

    by butthurt (6141) on Monday May 15 2017, @01:28AM (#509670) Journal

    What does it say about the NSA, if [a] lone security researcher finds and activates a kill switch before they do?

    -- divec

    • (Score: 1, Insightful) by Anonymous Coward on Monday May 15 2017, @01:34AM

      by Anonymous Coward on Monday May 15 2017, @01:34AM (#509673)

      What does it say about the NSA, if [a] lone security researcher finds and activates a kill switch before they do?

      Hmm ... you know, that guy sure sounds like he had some inside information. I bet he's guilty ... let's hack into his system.

    • (Score: 2) by Dunbal on Monday May 15 2017, @03:45AM (3 children)

      by Dunbal (3515) on Monday May 15 2017, @03:45AM (#509744)

      Why would the NSA shut down its own back-door?

      • (Score: 2) by frojack on Monday May 15 2017, @04:27AM (1 child)

        by frojack (1554) on Monday May 15 2017, @04:27AM (#509758) Journal

        Maybe they put in that back door in case THIS VERY THING happened?

        --
        No, you are mistaken. I've always had this sig.
        • (Score: 3, Insightful) by Dunbal on Monday May 15 2017, @05:07AM

          by Dunbal (3515) on Monday May 15 2017, @05:07AM (#509776)

          Nahh. It's must easier just to blame Russia, and then wait until Microsoft issues a "patch" with a new undocumented backdoor and they're in business again.

      • (Score: 4, Interesting) by butthurt on Monday May 15 2017, @05:35AM

        by butthurt (6141) on Monday May 15 2017, @05:35AM (#509786) Journal

        I hear a sussuration, as though a joke were passing high overhead. I shall ignore it.

        The "kill switch," I gather, refers to a feature of the ransomware:

        [...] a researcher discovered a domain name in the code, which when registered, caused the malware to stop infecting new machines.

        As I understand it, the ransomware was not entirely coded by the NSA. I'm unsure, but it may even be true that no NSA code was included directly: that the ransomware authors used information about vulnerabilities in Windows. That information came from the Shadow Brokers, who say it originally came from the NSA; the NSA has not confirmed that. Hence the "kill switch" wasn't necessarily the NSA's creation.

        If it isn't obvious, what the Slashdot commenter seems to have meant is that the NSA is charged with advancing information security and has immense resources and expertise. The implication is that they should have registered gwea.com and used it to (temporarily) halt the spread of the malware. Instead that was done by a private person:

        http://www.thedailybeast.com/articles/2017/05/12/stolen-nsa-tech-shuts-down-hospitals [thedailybeast.com]

        In March, Microsoft issued patches for three of the vulnerabilities that were later disclosed by the Shadow Brokers. Microsoft didn't credit anyone for disclosing those bugs. There's been speculation that the NSA informed Microsoft about them. If that happened, it could be described as closing their own backdoor.

  • (Score: 1, Funny) by Anonymous Coward on Monday May 15 2017, @01:28AM (4 children)

    by Anonymous Coward on Monday May 15 2017, @01:28AM (#509671)

    I've hired a man with a backhoe to dig a hole in the backyard, and tomorrow morning we'll drop all the Windows machines in there. This is not the same side of the yard where I've hidden all the bodies, so I won't have to kill the backhoe operator.

    • (Score: -1, Redundant) by Anonymous Coward on Monday May 15 2017, @01:48AM (2 children)

      by Anonymous Coward on Monday May 15 2017, @01:48AM (#509676)

      For completeness you should rape the backhoe operator to death.

      • (Score: 0) by Anonymous Coward on Monday May 15 2017, @01:58AM (1 child)

        by Anonymous Coward on Monday May 15 2017, @01:58AM (#509682)

        In his back hole.

        • (Score: 0) by Anonymous Coward on Monday May 15 2017, @08:21AM

          by Anonymous Coward on Monday May 15 2017, @08:21AM (#509844)

          With his backhoe.

    • (Score: 2) by Dunbal on Monday May 15 2017, @03:48AM

      by Dunbal (3515) on Monday May 15 2017, @03:48AM (#509746)

      Is that the side of the yard you didn't dig before because of the gas lines? Good luck. Here, take this kerosene lamp with you I'm all out of batteries for my flash light.

  • (Score: 0) by Anonymous Coward on Monday May 15 2017, @01:50AM

    by Anonymous Coward on Monday May 15 2017, @01:50AM (#509677)

    I disabled SMB1 (client+server) just in case.

  • (Score: 2) by Appalbarry on Monday May 15 2017, @01:51AM (3 children)

    by Appalbarry (66) on Monday May 15 2017, @01:51AM (#509678) Journal

    I tend to assume that, even with updates auto-installing, the one Windows 10 machine in the house is vulnerable. I opt for regular backups, with yesterday being the most recent.

    Expect the worst, and act accordingly.

    (I blithely, and no doubt eventually foolishly, continue to assume that my Linux boxes will not have problems like this.)
    (And assume that my Android phone is total loss security-wise)

    • (Score: 2) by HiThere on Monday May 15 2017, @03:29PM (2 children)

      by HiThere (866) Subscriber Badge on Monday May 15 2017, @03:29PM (#510058) Journal

      How long do you keep your backups? You won't necessarily notice files being encrypted until you try to use them.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
      • (Score: 2) by Appalbarry on Tuesday May 16 2017, @01:12AM

        by Appalbarry (66) on Tuesday May 16 2017, @01:12AM (#510321) Journal

        That had actually occurred to me. I did check the backup and they are still readable.

      • (Score: 3, Interesting) by edIII on Tuesday May 16 2017, @02:25AM

        by edIII (791) on Tuesday May 16 2017, @02:25AM (#510354)

        Good catch. Best way to defeat this is having weekly copies made.

        Some zero knowledge backup companies out there offer version control and can give you a different copy for each day going back as much as you want to pay for. I would imagine something like this wouldn't stay hidden for more than 3 weeks.

        --
        Technically, lunchtime is at any moment. It's just a wave function.
  • (Score: 0) by Anonymous Coward on Monday May 15 2017, @01:56AM (3 children)

    by Anonymous Coward on Monday May 15 2017, @01:56AM (#509680)

    Block all incoming, every box is an island.

  • (Score: -1, Disagree) by Anonymous Coward on Monday May 15 2017, @01:58AM (4 children)

    by Anonymous Coward on Monday May 15 2017, @01:58AM (#509683)

    This is perfect proof of why low level programming languages needs to be illegal without a license and other oversight.

    • (Score: 0) by Anonymous Coward on Monday May 15 2017, @02:08AM

      by Anonymous Coward on Monday May 15 2017, @02:08AM (#509687)

      Only H1B coders will be licensed to do the needful. Open source will be outlawed. Debuggers will be illegal since they could be used for reverse engineering.

    • (Score: 2) by kaszz on Monday May 15 2017, @02:34AM (1 child)

      by kaszz (4211) on Monday May 15 2017, @02:34AM (#509708) Journal

      I have an even better suggestion: Don't let people with sales and marketing backgrounds make technical developer decisions. And have a QA worth its name. What you suggest is a nanny state. It won't work. Guns, drugs and murder is also forbidden (in some places). So the ones to be shoot, be addicted and die is law abiding citizens.

      • (Score: 1) by butthurt on Monday May 15 2017, @05:54AM

        by butthurt (6141) on Monday May 15 2017, @05:54AM (#509793) Journal

        "When foo {is|are} outlawed, only outlaws will have foo" is the usual idiom.

    • (Score: 0) by Anonymous Coward on Monday May 15 2017, @05:15AM

      by Anonymous Coward on Monday May 15 2017, @05:15AM (#509780)

      What pray tell is your high level hipster language written in backend-wise and by whom? Oh... Wait...

  • (Score: 1) by corey on Monday May 15 2017, @02:09AM (13 children)

    by corey (2202) on Monday May 15 2017, @02:09AM (#509690)

    I don't click links or open attachments blindly.

    I also run Linux at home.

    • (Score: -1, Troll) by Anonymous Coward on Monday May 15 2017, @02:12AM (12 children)

      by Anonymous Coward on Monday May 15 2017, @02:12AM (#509694)

      I also run Linux at home.

      "I run Linux!" Such a cliche. Keep beating that dead horse.

      • (Score: 3, Funny) by aristarchus on Monday May 15 2017, @02:22AM (11 children)

        by aristarchus (2645) on Monday May 15 2017, @02:22AM (#509702) Journal

        I run Linux, too. And you know, since this attack is taking advantage of vulnerabilities in Windows, I am not all that worried! Do you have a problem with that, Micro-softie AC? You know you are destroying the internets for all the rest of us, by even existing? Come to the free software side! It is your destiny, AC! And, we have Freedom (and the ability to block cookies, and updates, and malware, and ransomware, and web-ads, and extortion, and much, much more;(!) Horse alive, and kicking, bro!

        • (Score: 2) by kaszz on Monday May 15 2017, @02:42AM

          by kaszz (4211) on Monday May 15 2017, @02:42AM (#509710) Journal

          Ohh, you evil non-conformist for not being ass-raped by ransomware, virus, broken patches, worms etc just like the rest of us zombies! :-)

        • (Score: 0) by Anonymous Coward on Monday May 15 2017, @02:43AM (5 children)

          by Anonymous Coward on Monday May 15 2017, @02:43AM (#509711)

          Unclosed parentheses POST IS VULNERABLE.

        • (Score: 2) by HiThere on Monday May 15 2017, @03:38PM

          by HiThere (866) Subscriber Badge on Monday May 15 2017, @03:38PM (#510062) Journal

          *THIS* attack is focused on MSWind. Even so it doesn't attack most home systems. There have been attacks focused on Linux. There have certainly been attacks focused on Android. There have even been attacks focused on BSD...though they weren't usually very successful.

          The problem with attacks focused on MSWind is that there are lots of embedded systems that will never be updated. The Linux equivalent is routers using Linux that will never be updated, but the MSWind embedded systems tend to be things like airport display terminals, but also include hospital XRay machines, etc. Some of them cannot legally be either updated or patched.

          MS is certainly guilty of careless software maintenance with little care for security, but this isn't the only thing that enables attacks. Heartbeat attacks penetrated a large number of Linux systems, and that it wasn't explicitly a Linux system vulnerability was little enough consolation.

          --
          Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
        • (Score: 2) by edIII on Tuesday May 16 2017, @02:18AM (2 children)

          by edIII (791) on Tuesday May 16 2017, @02:18AM (#510353)

          You can interpret that differently. We really should stop beating that dead horse.

          Linux is not an instant cure. Most of the protection is just because the most popular attack surface is in M$ Land. You really think that will last?

          There have been some revelations lately that throw the whole peer reviewed code model out the window, and that was, that nobody was really reviewing the code. I still agree with the principles, but the actual performance of the code review that has happened thus far could be termed "piss poor". SystemD only makes this worse because we haven't actually established security or a good foundation, before laying out huge amounts of new work for review.

          We need good and open hardware without blobs and binaries first, and then we need to establish a base system for reference that specifically has passed peer review and a large amount of testing. Yeah, that ain't happening with SystemD's bloated ass laying on top of it.

          Otherwise, as Microsoft dies, watch Linux have all it's faults shown. Although, Linux will be able to react much better and faster to it. No telemetry in the updates means you can trust them, even after passing the appropriate hash and verification checks.

          --
          Technically, lunchtime is at any moment. It's just a wave function.
          • (Score: 3, Insightful) by aristarchus on Tuesday May 16 2017, @02:39AM (1 child)

            by aristarchus (2645) on Tuesday May 16 2017, @02:39AM (#510358) Journal

            Linux is not an instant cure. Most of the protection is just because the most popular attack surface is in M$ Land. You really think that will last?

            Yes? Now, why do I think that? Should I stay on my high horse? Unix is a networked operating system, by design, from the beginning. That means security. Not perfect security, no one is saying that, but much better than a toy operating system that had networking capability cobbled onto it with disastrous results.

              As for the "attack surface" argument, I want to point out that I have a charm in my pocket that wards off tiger attacks. Works like a charm! Why? Because it is one! What would happen if I were to go out, and forgot to bring my anti-tiger attack charm with me? Well, obviously I would be attacked by a tiger! Of course, there are no tigers where I live, or even anywhere even remotely nearby, but it is the charm that does the trick!

              Do I need to make the analogy transparent, without going automotive? Going out without my charm is the equivalent of Linux becoming the dominant operating system, being attacked by a tiger is equivalent to something like WannaCry doing as much damage as it has done by means of Windows. So once again, the horse is not dead, because there is no tiger! (Well, there is one in the zoo, but usually he does not escape, and if he does, you just throw a Windows user in the tiger's path before he gets to you. But again, low odds. Linux is structurally superior to Windows.)

            • (Score: 2) by edIII on Tuesday May 16 2017, @02:57AM

              by edIII (791) on Tuesday May 16 2017, @02:57AM (#510368)

              Linux is structurally superior to Windows

              The Death Star was structurally superior to a Star Destroyer, and even the Millenium Falcon (it really was a hunk of junk), but those pesky Bothans still found a fatal flaw :)

              Don't be too proud of that technological terror you've constructed aristarchus :)

              --
              Technically, lunchtime is at any moment. It's just a wave function.
  • (Score: 3, Informative) by Snotnose on Monday May 15 2017, @02:16AM (9 children)

    by Snotnose (1623) on Monday May 15 2017, @02:16AM (#509695)

    So, get the notice Windows wants to update, pick a time, any time. I hit snooze. When I'm done with the computer I hit "reboot", that does the update stuff.

    Except this time it doesn't.

    Couple days later, get the notice Windows wants to update. Kinda busy, hit snooze, when done I "reboot". Nothing. Go searching for update options, find nothing. I mean, I'm done with the computer for a good 12 hours, now would be a great time to update. Nope, can't get it to update.

    This morning get the notice Windows wants to update. Having just rebooted from the previous hoped for update I said, "sure, fine, knock yourself out". 2 1/2 hours later I get my login screen. During that 2.5 hours I can't play online games due to my laptop sucking up all my bandwidth and making games lag hell. I can't use my laptop. Did I mention I'd planned to go to sleep during the previous update window, hence would not care how long the upgrade took? Yeah, thought so.

    Get the login screen. A good 5 minutes to actually login.

    It's now 1-2 minutes from me logging in to actually being able to use my laptop. Thank you Microsoft for making my computing experience so much better.

    --
    Bad decisions, great stories
    • (Score: 2) by Nerdfest on Monday May 15 2017, @02:27AM (2 children)

      by Nerdfest (80) on Monday May 15 2017, @02:27AM (#509705)

      I see people at work suffering through that as well. It amazes me that that sort of performance is tolerated. The cost for business must be in the billions per year. Well , perhaps not that much as a good of the developers where I work that actually get work done run Linux.

      • (Score: 2) by LoRdTAW on Monday May 15 2017, @12:53PM (1 child)

        by LoRdTAW (3755) on Monday May 15 2017, @12:53PM (#509983) Journal

        https://xkcd.com/303/ [xkcd.com]
        Just change "Compiling" to "Updating".

        • (Score: 2) by kaszz on Monday May 15 2017, @10:16PM

          by kaszz (4211) on Monday May 15 2017, @10:16PM (#510255) Journal

          That XKCD should be made into a short movie. Dramatic Star Wars music and the chairs imagined as battle ships ;-)
          And the boss is the dark side calling..

    • (Score: 2) by Dunbal on Monday May 15 2017, @05:14AM (3 children)

      by Dunbal (3515) on Monday May 15 2017, @05:14AM (#509779)

      Windows update off.

      Pay attention to the world.

      Download the security patch you need when something like this happens. I downloaded MS17-010 a month ago. Windows update still off.

    • (Score: 2) by butthurt on Monday May 15 2017, @06:07AM (1 child)

      by butthurt (6141) on Monday May 15 2017, @06:07AM (#509797) Journal

      > Nope, can't get it to update.

      You're saying the same thing MichaelDavidCrawford did:

      https://soylentnews.org/comments.pl?noupdate=1&sid=19514&page=1&cid=509661#commentwrap [soylentnews.org]

      I asked him whether he'd tried WSUS Offline Update.

      http://www.wsusoffline.net/ [wsusoffline.net]

      • (Score: 0) by Anonymous Coward on Monday May 15 2017, @04:32PM

        by Anonymous Coward on Monday May 15 2017, @04:32PM (#510094)

        My Win10 machines wouldn't update. There is a setting in updates to allow it download the updates from other local machines. Unselected that, updates work again.

  • (Score: 3, Insightful) by kaszz on Monday May 15 2017, @02:52AM (4 children)

    by kaszz (4211) on Monday May 15 2017, @02:52AM (#509716) Journal

    Now Microsoft Chief Legal Officer wants a Digital Geneva Convention [microsoft.com] to protect (their) computer systems. No mention of their own idiotic engineering or rather total lack of it. In addition to their slimy juridical dealings using "audits" to blackmail corporations. The problem is partly spelled that the people in power of decisions have a background in sales and marketing.

    • (Score: 3, Insightful) by Dunbal on Monday May 15 2017, @05:16AM (3 children)

      by Dunbal (3515) on Monday May 15 2017, @05:16AM (#509781)

      Because the actual Geneva Convention is so darned effective at preventing stuff in real wars, let's make one for computers too. That way everyone can run around like dickheads accusing each other of violating the Geneva Convention without ever being able to prove it let alone enforce it. The world does not need more laws, rules and regulations. It needs smarter people.

      • (Score: 2) by c0lo on Monday May 15 2017, @12:36PM (2 children)

        by c0lo (156) Subscriber Badge on Monday May 15 2017, @12:36PM (#509975) Journal

        It needs smarter people.

        Some say the amount of intelligence in this world is constant. If they're right...

        --
        https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
        • (Score: 2) by tangomargarine on Monday May 15 2017, @03:45PM (1 child)

          by tangomargarine (667) on Monday May 15 2017, @03:45PM (#510065)

          ...the solution is to start killing people? Who has the list of nominations?

          --
          "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
          • (Score: 2) by c0lo on Monday May 15 2017, @07:13PM

            by c0lo (156) Subscriber Badge on Monday May 15 2017, @07:13PM (#510186) Journal

            Who has the list of nominations?

            I don't know... how about starting with the upper echelons of Microsoft’s and NSA's management?
            Or politicians maybe?

            --
            https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
  • (Score: 4, Insightful) by boltronics on Monday May 15 2017, @03:24AM (2 children)

    by boltronics (580) on Monday May 15 2017, @03:24AM (#509736) Homepage Journal

    If you are a sysadmin, how concerned are you about what you will be facing at work on Monday?

    Noone in my workplace run Windows. Thanks for yet another reason to keep it that way. :)

    --
    It's GNU/Linux dammit!
    • (Score: 2) by nobu_the_bard on Monday May 15 2017, @04:54PM (1 child)

      by nobu_the_bard (6373) on Monday May 15 2017, @04:54PM (#510107)

      It's nice that you get to live in a reality where that's an option. Unfortunately many of us do not.

      • (Score: 2) by boltronics on Monday May 15 2017, @10:57PM

        by boltronics (580) on Monday May 15 2017, @10:57PM (#510279) Homepage Journal

        Not a reality in all work places maybe, but you do get to choose where you work. If you don't live anywhere near your ideal job, just move.

        If you can't move, that's usually because of previous choices you made in your life that didn't focus on your current goals. For example, an ideal workplace environment is sometimes just a lesser priority for people over other concerns, such as wage or location preference. Maybe you had kids instead of spending your spare time improving your skill set. Countless decisions over your life put you were you are now, and it's okay if you focused in other areas - but it's not fair to then say you don't have the option.

        I can't claim to understand your circumstances, but often I find it's not a matter not being a possibility in your life, but rather it's a matter of how badly you want it.

        --
        It's GNU/Linux dammit!
  • (Score: 2) by kaszz on Tuesday May 16 2017, @10:23AM

    by kaszz (4211) on Tuesday May 16 2017, @10:23AM (#510470) Journal

    Apperantly [reuters.com] anti-virus providers [reuters.com] Symantec and Kaspersky Lab now suggest the blame is on North Korea. Of course the answer could never be found in their own backyard ;-)

  • (Score: 2) by KritonK on Tuesday May 16 2017, @11:26AM

    by KritonK (465) on Tuesday May 16 2017, @11:26AM (#510487)

    What actions, if any, have you taken to protect your Windows machine(s) from this threat?

    I installed Linux on them.

(1)