Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Saturday May 13 2017, @01:26PM   Printer-friendly
from the shadow-brokers-strike-back dept.

NSA-created cyber tool spawns global ransomware attacks

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

UK National Health Service Paralysed by Windows Ransomware Attack

The Guardian and the BBC report respectively about a large-scale ransomware attack on its Microsoft Windows computer systems in England and Scotland. This particular piece of malware is called "WanaCryp0r 2.0" or WannaCry and encrypts the PC's hard disk and demands bitcoin to decrypt it.

About 40 hospitals, GP surgeries and other NHS organisations are affected. Patients have had operations cancelled, ambulances have been diverted and wards have been closed.

From one of the Guardian reports:

According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. "However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine."

The NHS has stressed that patients' electronic medical records have not been compromised.

From InfoSecurity, FastCompany and elsewhere:

A major ransomware attack has been reported, with targets including banks and NHS Trusts all being hit.

According to Russia Today, a number of NHS employees have been reported as being hit by the ransomware, while one user posted on Twitter a screenshot of the ransomware which asks for "$300 worth of Bitcoin".

Australian Brodcast Corporation reports:

'Biggest ransomware outbreak in history' hits nearly 100 countries with data held for ransom

A global cyberattack has hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.

The ransomware attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms with related attacks also reported in Spain, Portugal and Russia. [...] [the attack] is believed to have exploited a vulnerability purportedly identified for use by the US National Security Agency (NSA) and later leaked to the internet. [...] Private security firms identified the ransomware as a new variant of "WannaCry"[pt] that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.
[...] Leading international shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails.

[...] Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said. By the time they turned their attention to US organisations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Vikram Thakur said.

Also at WLTX: Massive, Fast-moving Cyberattack Hits 74 Countries

Shadow Brokers Flaw Used in Ransomware

The Los Angeles Times reports that a security bug in Microsoft Windows, made public when the Shadow Brokers released exploits claimed to have been taken from the NSA, is being used in ransomware. According to the story, a patch for the bug was released by Microsoft in March.

The Spanish government said several companies, including Telefonica, were targeted [...] a message that was purportedly sent to workers at Telefonica carried a subject line referencing a wire transfer and asked them to check a website for more details. That link — when launched on a Windows computer suffering from the vulnerability discovered by the NSA — unleashed the program that rendered files inaccessible.

As recently as last week, about 1.7 million computers connected to the Internet were susceptible to such an attack [...]

Among the organisations compromised by the ransomware were the UK's National Health Service and Russia's Interior Ministry.

Related: Windows Servers at Risk [UPDATED]
"Shadow Brokers" Release the Rest of Their NSA Hacking Tools
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's `Mistake'
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
NSA `Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
"The Shadow Brokers" Claim to Have Hacked NSA

Extra: 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
Threat seen fading for now


Original Submission #1Original Submission #2Original Submission #3Original Submission #4Original Submission #5Original Submission #6Original Submission #7

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by The Mighty Buzzard on Saturday May 13 2017, @01:34PM (13 children)

    I hope the shit admins and beancounters who command them end up having to explain paying millions for not giving a flying fuck about securing some of our most sensitive personal information. It's never going to change until their pockets get hit.

    --
    My rights don't end where your fear begins.
    • (Score: 2) by takyon on Saturday May 13 2017, @01:39PM (1 child)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Saturday May 13 2017, @01:39PM (#509138) Journal

      Judging by turgid's bit, it will become apparent soon if anybody died as a result of this. That's what we need: cyber deaths in hospitals. Long predicted, now delivered to you courtesy of the NSA's competing and counterproductive missions.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @04:31PM

        by Anonymous Coward on Saturday May 13 2017, @04:31PM (#509200)

        It'll only be a reason for jacking up healthcare costs even more.

    • (Score: 1, Insightful) by Anonymous Coward on Saturday May 13 2017, @02:00PM

      by Anonymous Coward on Saturday May 13 2017, @02:00PM (#509144)

      They'll just use it as a new excuse to curtail internet freedoms.

    • (Score: 3, Informative) by c0lo on Saturday May 13 2017, @02:05PM (2 children)

      by c0lo (156) Subscriber Badge on Saturday May 13 2017, @02:05PM (#509147) Journal

      Jeremy Cunt 'ignored warning signs' before cyber-attack hit NHS [theguardian.com]

      Jeremy Hunt has been accused of ignoring “extensive warning signs” that could have an unprecedented global cyber-attack that plunged the NHS into chaos this weekend.
      ...
      The shadow health secretary, Jonathan Ashworth, said concerns had been flagged repeatedly about the NHS’s outdated computer systems, which he said had left it vulnerable to the virus. In a letter to Hunt on Saturday, he wrote: “As secretary of state, I urge you to publicly outline the immediate steps you’ll be taking to significantly improve cybersecurity in our NHS.

      ---

      "Nobody was fired for buying Microsoft". I think there will be some heads to roll for not buying Microsoft [mirror.co.uk] (don't go there if you can avoid it).

      The Tories cut security support for the NHS’s outdated computer system a year ago, despite warnings it would leave hospitals open to hackers , it was claimed.

      The Government Digital Service, set up by David Cameron , decided not to extend a £5.5million one-year support deal with Microsoft for Windows XP.

      NHS bosses were told to replace the 14-year-old system or take out a separate deal with Microsoft.

      An April 2014 letter from the Cabinet Office and Department of Health to health­care chiefs read: “It is imperative your organisation understands the risk placed on it should the decision be not to take out a [new Microsoft deal].
      ...
      GDS said at the time: “All departments have had seven years’ warning of the 2014 end of normal support and this one-year agreement was put together... to give everyone a chance to get off XP.”
      ...
      A Sky News probe found seven NHS trusts spent nothing on cyber security in 2015.

      ---

      It's not only an IT related disease [theguardian.com]

      Somewhere in the UK there is a warehouse stuffed full of GPs’ referral letters and blood test results diagnosing the health secretary with terminal incompetence. But as it has yet to be found, Jeremy Hunt had to limit his scope to the 700,000 NHS documents that have just turned up after going missing in action for five years in answer to Labour’s urgent question in the Commons.

      “Absolutely nothing went missing,” he reassured MPs. All that had happened was that hundreds of thousands of confidential pieces of medical information had accidentally been sent to the wrong place without anyone noticing. But it was no biggy. As far as he knew, no one had died – or if they had, their death certificates had also gone AWOL, so it was much the same thing. And what it really proved was how many unnecessary tests the NHS were conducting each year. Just think of the potential savings. A couple of avoidable deaths had to be a price worth paying for not bothering with 700,000 bits of paperwork.

      Hunt was rather less cavalier with his own reputation. “I was made aware of the situation in March last year,” he sobbed. And he had begged and begged his departmental officials to let him tell the country. But they had said to him: “You mustn’t do that, Jeremy, because otherwise every hypochondriac in the country will be ringing up their GP to find out if they’ve got cancer after all and we’ll never get round to finding out just how big a cock-up you’ve made. Not that you have made a cock-up, of course.”

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 2) by kaszz on Sunday May 14 2017, @05:56AM (1 child)

        by kaszz (4211) on Sunday May 14 2017, @05:56AM (#509371) Journal

        The Government Digital Service, set up by David Cameron , decided not to extend a £5.5million one-year support deal with Microsoft for Windows XP.

        Amber Rudd, minister of interior says it's a prioritized questions to find out who's responsible and put them to justice. Britain were hit hard when IT-systems in hospitals went inoperable.

        Hypocrites?
        That 5.5 million GBP could have saved a lot of trouble. Not to mention a program to transform all Microsoft Windows usage everywhere in hospitals into solid Unix platforms. Perhaps even ReactOS or Wine is a alternative.

        I can really see when the military get the same kind of infection. They will just sue the enemy! ;-)
        It's a way to operate that just won't work.

        • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @09:16AM

          by Anonymous Coward on Sunday May 14 2017, @09:16AM (#509400)

          Amber Rudd, minister of interior says it's a prioritized questions to find out who's responsible and put them to justice.

          I mean... the person who blocked the support deal with Microsoft?
          Oh, sorry, silly me.

    • (Score: 5, Insightful) by bradley13 on Saturday May 13 2017, @02:55PM (6 children)

      by bradley13 (3053) on Saturday May 13 2017, @02:55PM (#509170) Homepage Journal

      Well, yes, the admins who were running insecure networks carry some fault. So does the government, that failed to disclose a weakness so that it could be repaired. This ought to be a lesson (but won't be) for all those clueless politicians who think that backdoors in encryption algorithms are a good idea. Backdoors never stay hidden, period.

      But you know what strikes me? This is where international agencies like the NSA should be earning their keep. If they, and their counterparts in other affected countries, cannot trace the people behind this, then WTF are we paying their salaries for?

      The people behind these ransomware attacks are certainly all part of an extended community. If their members were to start...disappearing...one after another, the community might just decide that the risk isn't worth the payday.

      --
      Everyone is somebody else's weirdo.
      • (Score: 3, Insightful) by AthanasiusKircher on Saturday May 13 2017, @06:03PM (3 children)

        by AthanasiusKircher (5291) on Saturday May 13 2017, @06:03PM (#509217) Journal

        This is where international agencies like the NSA should be earning their keep. If they, and their counterparts in other affected countries, cannot trace the people behind this, then WTF are we paying their salaries for?

        Uh, to spy on citizens, thereby increasing and consolidating governmental power, with the ultimate aim of producing a "benign" police state.

        I thought that was their obvious purpose. The only thing more nefarious-sounding than "National Security Agency" is the term "Homeland Security."

        • (Score: 3, Insightful) by kaszz on Sunday May 14 2017, @05:59AM (2 children)

          by kaszz (4211) on Sunday May 14 2017, @05:59AM (#509372) Journal

          You always has to ask yourself who's security against whom. There's no such thing as a universal security that makes all bad things go away.

          • (Score: 3, Informative) by mcgrew on Sunday May 14 2017, @03:04PM (1 child)

            by mcgrew (701) <publish@mcgrewbooks.com> on Sunday May 14 2017, @03:04PM (#509469) Homepage Journal

            I'm offtopic here, but "Who's" is a contraction for "who is". The word you want is whose.

            I see this far too often on the internet.

            --
            mcgrewbooks.com mcgrew.info nooze.org
      • (Score: 2) by Runaway1956 on Sunday May 14 2017, @12:42AM (1 child)

        by Runaway1956 (2926) Subscriber Badge on Sunday May 14 2017, @12:42AM (#509302) Journal

        "If their members were to start...disappearing..."

        I kinda like that idea - but if they start on one community, who is to say they won't start on another community? They came for the Jews, and I didn't speak up . . . .

        But, you're right. The NSA has all those resources available, which are wasted on silly crap. Make a phone call, so that Grandma can talk to her distant cousin in Fuckistan, and the NSA starts tracking all your phone calls? FFS, what a waste.

        • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @03:53PM

          by Anonymous Coward on Sunday May 14 2017, @03:53PM (#509498)

          oh, it's not wasted on silly crap. it's spent on exactly what they mean to spend it on. a supranational surveillance state. has nothing to do with national defense.

  • (Score: 2) by turgid on Saturday May 13 2017, @01:34PM (19 children)

    by turgid (4318) Subscriber Badge on Saturday May 13 2017, @01:34PM (#509136) Journal

    It's expensive. You get what you pay for.

    /me ducks.

    • (Score: 2) by Geezer on Saturday May 13 2017, @01:56PM (17 children)

      by Geezer (511) on Saturday May 13 2017, @01:56PM (#509143)

      Issue here has nothing to do with closed/open architecture, and everything to do with bad original design (Microsoft), bad internal security (NSA), idiot users (who open phishing emails), rent-seeking MBA's/PHB's who don't budget for adequate security, and lazy/incompetent sysadmins who forego/delay security patches.

      Obviously the whole world needs to run FreeBSD with pfSense and without systemd, right?

      OSS: The guaranteed panacea for every computing need!

      /sarcasm

      • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @03:48PM (4 children)

        by Anonymous Coward on Saturday May 13 2017, @03:48PM (#509185)

        As an admin in a large 3 letter computer company in a previous life, updates had to be agreed on with all stakeholders via a change control process. The end result was that updates were applied twice a year, on a Sunday morning at 4am.

        I expect the NHS to be just as conservative, if not more so. All an admin can do is complain and then clean up the mess when the shit hits the fan.

        • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @04:14PM (1 child)

          by Anonymous Coward on Saturday May 13 2017, @04:14PM (#509192)

          I too was in such a situation, and always giggled with sadistic glee when we got hit with childishly preventable problems. As the business twisted in the wind while we "cleaned up the mess", it was positively fascinating watching the blizzard of company-wide memos from horror-stricken C-levels trying to do damage control on something they brought on themselves.

          Any CIO/CTO who agrees to an update regimen as you describe is a boob, and deserves the outcome. Minions, meanwhile, can hopefully soak up the overtime pay and enjoy the new shop jokes to tell over a beer.

          There's a bright side to everything. :-)

        • (Score: 2) by sjames on Sunday May 14 2017, @05:56PM

          by sjames (2882) on Sunday May 14 2017, @05:56PM (#509561) Journal

          Just remember, most stake holders think progress is a vampire.

        • (Score: 2) by kaszz on Monday May 15 2017, @02:46AM

          by kaszz (4211) on Monday May 15 2017, @02:46AM (#509714) Journal

          Why not a Saturday morning such that you would have two days of margin instead of one?

      • (Score: 5, Insightful) by sjames on Saturday May 13 2017, @05:12PM (11 children)

        by sjames (2882) on Saturday May 13 2017, @05:12PM (#509205) Journal

        Let's narrow it down a bit. Don't blame the sysadmins this time, they can't apply patches that don't exist. Those rent seeking MBAs didn't renew the extended support contract nor did they provide a budget to migrate away from XP.

        And let's not forget that MS perfected the email virus. Way back in the olden days, in spite of persistent hoaxes, jokes, and paranoid ramblings, you couldn't get a virus from email or any other text document. We all had a good laugh about the honor system virus and, of course the good times virus. It took the dumbest (and possibly most expensive) series of design decisions in the history of computing on the part of MS to bring all of this to life. It's not as if they weren't warned and strenuously urged to reverse their decision to make email and documents executable. They were also warned that blurring the line between opening something and running something was a very bad idea. Then just to make sure to enable the coming avalanche of email horrors, they hid the distinction between an executable and a file that executable might open.

        Yes, the NSA gets it's share of the blame for developing a cyberweapon and then leaking it to the world. Imagine if Los Alamos had accidentally published everything you needed to build an atomic bomb shortly after Hiroshima.

        The users aren't blameless provided they have received training about the dangers of clicking on emails, but they were set up by MS's series of blunders.

        • (Score: 3, Insightful) by kaszz on Saturday May 13 2017, @05:17PM (10 children)

          by kaszz (4211) on Saturday May 13 2017, @05:17PM (#509206) Journal

          Email using html is a scourge and to top it of Microsoft leaves open SMB ports, which is buggy of course.

          ASCII is the right way (minus some esc codes that still may get into the open-execute-paradigm)

          • (Score: 1) by anubi on Sunday May 14 2017, @09:07AM (9 children)

            by anubi (2828) on Sunday May 14 2017, @09:07AM (#509399) Journal

            Now that you mention it, the only files I feel perfectly safe opening in my computer are .txt files in notepad.

            Just like I used to open .BAT files perfectly safely with my EDT editor. No matter what they were.... perfectly safe.

            These "business-grade" systems I use these days have me on edge every time I have to open a file. Especially email attachments.

            --
            "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
            • (Score: 2) by kaszz on Sunday May 14 2017, @11:20AM (8 children)

              by kaszz (4211) on Sunday May 14 2017, @11:20AM (#509427) Journal

              If they have such weaknesses, they are certainly not "business-grade". It's only something marketdroids will use.
              Why do you use a Microsoft environment to get work done?

              • (Score: 2) by mcgrew on Sunday May 14 2017, @03:11PM (7 children)

                by mcgrew (701) <publish@mcgrewbooks.com> on Sunday May 14 2017, @03:11PM (#509477) Homepage Journal

                Well DUH, you use the equipment the company you work for buys.

                --
                mcgrewbooks.com mcgrew.info nooze.org
                • (Score: 2) by kaszz on Sunday May 14 2017, @03:28PM (6 children)

                  by kaszz (4211) on Sunday May 14 2017, @03:28PM (#509485) Journal

                  Well that is true. But maybe you could ask for a machine where you can install Unix to work?
                  Of course that depends on the micromanagement degree of the workplace gods..

                  • (Score: 2) by mcgrew on Thursday May 18 2017, @05:32PM (5 children)

                    by mcgrew (701) <publish@mcgrewbooks.com> on Thursday May 18 2017, @05:32PM (#511751) Homepage Journal

                    I'm retired now, but using your own device or software at work was strictly forbidden. I need MS Office now because magazines demand stories be in .doc format. I write in Lo and Oo but need MS Word to make sure it will open the files. Business (most businesses, anyway, there are exceptions, like Ball) and governments have mostly standardized on the decidedly non-standard Microsoft.

                    I find it amusing when people ask when the "year of Linux on the desktop" will be, because if you lay your phone on a desk, you already have either Linux or BSD on the desktop depending on whether it's an iPhone or Android.

                    I've been using Linux at home since Mandrake. I hate what they've done to KDE. I'm really glad Lo will now usually write .doc files all right. It didn't used to, Oo still won't AFAIK.

                    --
                    mcgrewbooks.com mcgrew.info nooze.org
                    • (Score: 2) by kaszz on Thursday May 18 2017, @05:47PM (4 children)

                      by kaszz (4211) on Thursday May 18 2017, @05:47PM (#511757) Journal

                      Guess switching job is the thing to get rid of MS in the loop. Anyway, standardizing on any Microsoft product seems like an oxymoron ;)

                      • (Score: 2) by mcgrew on Friday May 19 2017, @03:02PM (3 children)

                        by mcgrew (701) <publish@mcgrewbooks.com> on Friday May 19 2017, @03:02PM (#512206) Homepage Journal

                        Retirement is even better!

                        --
                        mcgrewbooks.com mcgrew.info nooze.org
                        • (Score: 2) by kaszz on Friday May 19 2017, @03:13PM (2 children)

                          by kaszz (4211) on Friday May 19 2017, @03:13PM (#512216) Journal

                          Provided there are funds..

                          • (Score: 2) by mcgrew on Thursday May 25 2017, @06:17PM (1 child)

                            by mcgrew (701) <publish@mcgrewbooks.com> on Thursday May 25 2017, @06:17PM (#515591) Homepage Journal

                            Kind of hard to survive without them...

                            --
                            mcgrewbooks.com mcgrew.info nooze.org
                            • (Score: 2) by kaszz on Thursday May 25 2017, @06:27PM

                              by kaszz (4211) on Thursday May 25 2017, @06:27PM (#515604) Journal

                              Retirement tend to happen regardless of available funds..

    • (Score: 3, Insightful) by mcgrew on Sunday May 14 2017, @03:08PM

      by mcgrew (701) <publish@mcgrewbooks.com> on Sunday May 14 2017, @03:08PM (#509475) Homepage Journal

      You get what you pay for.

      I suspect your tongue is firmly in your cheek, but want to point out to others that the statement is a salesman's lie. For instance, Alieve is identical to generic naproxin sodium, but costs three times as much.

      You do usually pay for what you get, and often pay more than what you get.

      --
      mcgrewbooks.com mcgrew.info nooze.org
  • (Score: 3, Informative) by kaszz on Saturday May 13 2017, @01:49PM (16 children)

    by kaszz (4211) on Saturday May 13 2017, @01:49PM (#509141) Journal

    According to Avast 99 countries are affected. Worst affected is Russia, Ukraine and Taiwan. Also British hospitals, Spanish telephone operator Telefónica, and US transportation company Fedex has been disrupted.

    The French car manufacturer Renault has been forced to stop the manufacturing in Slovenia and at facilities in France, after being hit according to AFP. In Russia banks and departments has been affected.

    This is the largest ransomware attack says Rich Barger at the IT-company Splunk, to Reuters

    Unlocking cost circa 300–600 US$.

    The used hole had a patch in 2017-03-14. (but then who trusts Microsoft to fix more than they screw up)

    When will Microsoft addicts take the hint that what they are using is digital poison?

    • (Score: 4, Insightful) by takyon on Saturday May 13 2017, @02:02PM (15 children)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Saturday May 13 2017, @02:02PM (#509145) Journal

      If people start running Linux and BSD on hospital/FedEx/etc. computers, then that's what the next generation of ransomware will target.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 2) by kaszz on Saturday May 13 2017, @02:12PM (3 children)

        by kaszz (4211) on Saturday May 13 2017, @02:12PM (#509154) Journal

        Sure, but it's also more straightforward to protect those systems.

        Perhaps you are on to something, use as a obscure system you can live with.

        • (Score: 2) by looorg on Saturday May 13 2017, @02:20PM (2 children)

          by looorg (578) on Saturday May 13 2017, @02:20PM (#509159)

          Perhaps you are on to something, use as a obscure system you can live with.

          It's a bit hard to try and use security by obscurity when you are running a nation wide healthcare system like the NHS. After all people have to use and interact with the system daily.

          • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @04:16PM

            by Anonymous Coward on Saturday May 13 2017, @04:16PM (#509194)

            Training. It's a thing. Really.

          • (Score: 2) by kaszz on Saturday May 13 2017, @04:27PM

            by kaszz (4211) on Saturday May 13 2017, @04:27PM (#509197) Journal

            I was thinking more about small business and the alike.

      • (Score: 5, Insightful) by Runaway1956 on Saturday May 13 2017, @02:19PM (8 children)

        by Runaway1956 (2926) Subscriber Badge on Saturday May 13 2017, @02:19PM (#509158) Journal

        Correct. But, there's a difference between targeting Microsoft and Linux. With Microsoft, you wait, and wait, and wait, hoping that Microsoft might offer a patch for the hole in their system. With open source software, there will probably be a patch pretty soon. If the patch is not forthcoming, you can get on the mailing lists, to see WTF is taking so long. And, if it appears that the patch isn't coming, or not coming quickly enough, you can take mitigating actions. Worst case scenario, you can make the patch yourself. Or, worst-worst-case scenario, everyone says, "Fuck it, this shit's to hard, let's just make a new application that does something similar, but works differently."

        • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @11:19PM

          by Anonymous Coward on Saturday May 13 2017, @11:19PM (#509282)

          How many times have we seen Google's boffins go ahead and make public a hole in Redmond's ecosystem after waiting 90 days for MICROS~1 to patch that?

          ...and any time that an exploit has a logo, that's MSFT fanboys' work.
          Those guys like to make a big deal of every flaw in Linux.
          Just imagine how busy they'd be if they did the same thing for every MICROS~1-specific flaw.

          ...better still, how about putting that manpower into fixing their own bugs?

          With open source software, there will probably be a patch pretty soon

          Heartbleed [googleusercontent.com] (orig) [wikipedia.org]

          Bodo Moeller and Adam Langley of Google prepared the fix for Heartbleed. The resulting patch was added to Red Hat's issue tracker on March 21, 2014
          [...]
          Neel Mehta of Google's security team secretly reported Heartbleed [to OpenSSL, its maintainer] on April 1, 2014
          [...]
          Stephen N. Henson applied the fix to OpenSSL's version control system on 7 April

          -- OriginalOwner_ [soylentnews.org]

        • (Score: 2) by Lester on Sunday May 14 2017, @09:52AM (6 children)

          by Lester (6231) on Sunday May 14 2017, @09:52AM (#509405) Journal

          As Anonymous has posted, Heartbleed probes that the thousands eyes is a myth.

          There are four reasons why OSS syztems are safer than microsoft.

          1. OSS users are more advanced. There is no secure system when to the message "This program demands to bypass security and change the system" user clicks yes. Microsoft average user is more likely to click yes than Linux or freebsd average user.
          2. A OSS user doesn't usually run as root. Many microsoft workstations are run with adminitrator powers, even nowadays, let alone old XP. Windows comes from domestic world, where user was alone so he had to be almighty, and also was not a technician, so they couldn't bother him with security complexities and tough security policías.
          3. Target windows, target 95% of world. Target linux, freebsd, target 5%. Which system are criminals going to devote more time to investigate how to crack?
          4. I looks like NSA works closely with Microsoft to keep software hackeable
          • (Score: 2) by mcgrew on Sunday May 14 2017, @03:16PM (4 children)

            by mcgrew (701) <publish@mcgrewbooks.com> on Sunday May 14 2017, @03:16PM (#509478) Homepage Journal

            You seem to forget that there are probably more Linux machines than Windows machines; most phones and tablets use Android, which uses the Linux kernel.

            If your phone is laying on your desk, you have Linux (or BSD if iPhone) on the desktop.

            --
            mcgrewbooks.com mcgrew.info nooze.org
            • (Score: 2) by Lester on Sunday May 14 2017, @09:02PM (3 children)

              by Lester (6231) on Sunday May 14 2017, @09:02PM (#509607) Journal

              A) Aren't smartphones hacked? Yes, and a lot.

              B) Android is not Linux, it has a linux kernel. But an operating system is much more than its kernel.

              • (Score: 2) by mcgrew on Thursday May 18 2017, @05:38PM (2 children)

                by mcgrew (701) <publish@mcgrewbooks.com> on Thursday May 18 2017, @05:38PM (#511754) Homepage Journal

                A. They're hackable, any computer is, but they're far harder to crack than Windows. My guess is Android is easier than Android, since you don't have to jailbreak it to install software; you could get a dodgy APK file from the internet.

                B. Correct, Linux is not an OS, it's a kernel. Ubuntu, Red Hat, Android ar OSes. Android on the desktop is no different than Red Hat on the desktop; Linus is the kernel for both.

                --
                mcgrewbooks.com mcgrew.info nooze.org
                • (Score: 2) by kaszz on Thursday May 18 2017, @05:49PM (1 child)

                  by kaszz (4211) on Thursday May 18 2017, @05:49PM (#511758) Journal

                  My guess is Android is easier than Android,

                  Hmm? ;)

                  • (Score: 2) by mcgrew on Friday May 19 2017, @03:04PM

                    by mcgrew (701) <publish@mcgrewbooks.com> on Friday May 19 2017, @03:04PM (#512209) Homepage Journal

                    What young folks call a "brain fart" and my mom calls a "senior moment". It should read "Android is easier than iPhone" since you have to jailbreak an iPhone to sideload apps.

                    --
                    mcgrewbooks.com mcgrew.info nooze.org
          • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @04:11PM

            by Anonymous Coward on Sunday May 14 2017, @04:11PM (#509502)

            just because it doesn't apply equally to every piece of software under the sun doesn't mean it's a myth. you're either an idiot or a liar or both.

      • (Score: 2, Informative) by butthurt on Saturday May 13 2017, @03:24PM

        by butthurt (6141) on Saturday May 13 2017, @03:24PM (#509174) Journal

        > [...] that's what the next generation of ransomware will target.

        As a criminological concept, target hardening has some serious deficiences. For one, it only works against opportunistic or amateurish criminals. A determined, clever criminal would probably not be deterred, and some cleverer ones might even be attracted to hardened targets. [...] Some targets are relatively unhardened, or not hardened in depth. Other, unhardened targets (ones you might never think of) become targets. Displacement effects are, of course, quite common in crime prevention, but they occur in numerous ways with target hardening. Potential offenders simply go elsewhere.

        -- https://web.archive.org/web/20070712144216/http://www.apsu.edu/oconnort/3440/3440lect06a.htm [archive.org]

      • (Score: 2) by stormreaver on Sunday May 14 2017, @02:31AM

        by stormreaver (5101) on Sunday May 14 2017, @02:31AM (#509322)

        If people start running Linux and BSD on hospital/FedEx/etc. computers, then that's what the next generation of ransomware will target.

        Except that getting it to spread will be much, much, Much, MUCH harder because Linux systems have much, much, Much, MUCH better internals and externals.

  • (Score: 1, Informative) by Anonymous Coward on Saturday May 13 2017, @02:14PM (10 children)

    by Anonymous Coward on Saturday May 13 2017, @02:14PM (#509155)

    Microsoft has issued a patch for the SMB hole, including versions for legacy OSes including Windows XP SP3 x86:

    https://technet.microsoft.com/library/security/MS17-010 [microsoft.com]

    You can use Windows Update mechanism to apply the patch.

    Alternatively, you can download the patch from Microsoft Update Catalog - search for KB4012598:

    http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 [microsoft.com]

    NOTE: I downloaded the patches but haven't applied them yet. How was your luck with them? :)

    • (Score: 2) by takyon on Saturday May 13 2017, @02:51PM (7 children)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Saturday May 13 2017, @02:51PM (#509168) Journal

      With Microsoft, you wait, and wait, and wait, hoping that Microsoft might offer a patch for the hole in their system.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 2) by butthurt on Saturday May 13 2017, @11:32PM (6 children)

        by butthurt (6141) on Saturday May 13 2017, @11:32PM (#509285) Journal

        That happens. However it didn't in this instance:

        Microsoft claims it addressed Windows exploits, released last week in a Shadow Brokers dump, in patches ahead of the leak.

        -- http://www.darkreading.com/attacks-breaches/microsoft-fixed-windows-vulns-before-shadow-brokers-dump/d/d-id/1328643 [darkreading.com]

        Those patches were only for their supported versions of Windows. On 12 May they issued patches for Windows XP, Windows 8 and Windows 2003:

        https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ [microsoft.com]

        Windows 8 is nearly five years old and has been out of support since January 2016.

        https://redmondmag.com/articles/2016/01/13/windows-8-loss-of-support.aspx [redmondmag.com]

        People still running it have only themselves to blame!

        • (Score: 3, Insightful) by Runaway1956 on Sunday May 14 2017, @12:57AM (5 children)

          by Runaway1956 (2926) Subscriber Badge on Sunday May 14 2017, @12:57AM (#509305) Journal

          "Windows 8 is nearly five years old and has been out of support since January 2016.

          https://redmondmag.com/articles/2016/01/13/windows-8-loss-of-support.aspx [redmondmag.com] [redmondmag.com]

          People still running it have only themselves to blame!"

          I strongly disagree. 1- Given that most people aren't nerdy enough to upgrade to a unix-like. 2- Given that many people "can't afford" Mac. 3- Given that people are "trapped" on Microsoft 4- Given that Windows X sucks more ass than anything Microsoft has ever published in the past.

          Might we not place the blame squarely on Microsoft? The corporation that worked so very hard to create one of the biggest monopolies in history bears responsibility for the results of that monopoly.

          Think what life MIGHT be like, had Microsoft not built such a strong monopoly. Digital Research might still be around, with it's own operating system, and Windows could be just a window manager which could be installed on DrDos. More people would still be savvy enough to actually install a window manager on top of an operating system. And, as a result, a vulnerability which affected all Microsoft OS's might only affect 20, or 40% of computers, instead of virtually all computers.

          How many other commercial operating systems folded, and/or never came to exist, because of Microsoft? OS/2 is still around, kinda, but it enjoys an insignificant percentage of the market.

          And, let's be clear about one thing: Microsoft solutions are NOT the "best" by any stretch of the imagination. Microsoft was stuffed down our throats (or up our asses) by force. That IS the nature of a monopoly.

          • (Score: 1) by butthurt on Sunday May 14 2017, @01:59AM (1 child)

            by butthurt (6141) on Sunday May 14 2017, @01:59AM (#509319) Journal

            Windows 10 was offered as a free upgrade from Windows 8. All people had to do was click "OK" or click on the little "X" and it would install itself...

            • (Score: 2) by Runaway1956 on Sunday May 14 2017, @03:58AM

              by Runaway1956 (2926) Subscriber Badge on Sunday May 14 2017, @03:58AM (#509338) Journal

              You make that sound like a "good thing". Windows 10 telemetry and ad serving is a "bad thing". Windows 10 is not an upgrade at all, it's a serious downgrade. Why would anyone in their right mind compromise the security of their system, by effectively giving Microsoft permission to read (and write) anything on their computer?

          • (Score: 2) by kaszz on Sunday May 14 2017, @06:47AM (2 children)

            by kaszz (4211) on Sunday May 14 2017, @06:47AM (#509380) Journal

            I strongly disagree. 1- Given that most people aren't nerdy enough to upgrade to a unix-like.

            We are also talking government run hospitals and large corporations. They both have the money and the competence.

            • (Score: 3, Insightful) by Runaway1956 on Sunday May 14 2017, @08:55AM (1 child)

              by Runaway1956 (2926) Subscriber Badge on Sunday May 14 2017, @08:55AM (#509397) Journal

              Point taken. Now, if only one of the *nixes could offer the purchasing agent a $50,000 rebate, and a time share condo in Bermuda . . .

              • (Score: 2) by kaszz on Sunday May 14 2017, @10:46AM

                by kaszz (4211) on Sunday May 14 2017, @10:46AM (#509422) Journal

                We could offer a $5 pitch fork and a time sharing presence on it. No need to fly around the world to experience it either .. :-)
                If incentives is the way. I'm sure we can adapt to it.. :p

    • (Score: 2) by mcgrew on Sunday May 14 2017, @03:19PM

      by mcgrew (701) <publish@mcgrewbooks.com> on Sunday May 14 2017, @03:19PM (#509480) Homepage Journal

      Tried and failed to DL that on my Linux box to install on an old XP laptop that I do NOT want on my network. I guess I'll have to shut the other computers off and plug it in for a while...

      --
      mcgrewbooks.com mcgrew.info nooze.org
    • (Score: 2) by kaszz on Monday May 15 2017, @03:01AM

      by kaszz (4211) on Monday May 15 2017, @03:01AM (#509722) Journal

      I'll bet that patch comes with free NSA backdoor.

  • (Score: 2) by looorg on Saturday May 13 2017, @02:17PM (10 children)

    by looorg (578) on Saturday May 13 2017, @02:17PM (#509156)

    Isn't it a bit misleading to try and pin this on the NSA? I might have misunderstood the entire news story but from what I can tell it's not the NSA that developed the Malware, they found the feature - I'm certain they exploited it for something - they even gave it a cool name (eternalblue). But this isn't or wasn't some fast way to increase some black budget post. If someone should be blamed for this it would be the Shadow Brokers that released it after their blackmail scheme backfired (as I recall they wanted to sell it, didnt work - so they just released parts of it). Microsoft for writing shitty code. Whomever wrote the Malware. So there is enough blame to go around really. I just don't see any of it landing on the NSA. Do we blame other people that find faults (or bugs) in software (and possibly exploit it -- possibly some blame in that particular case)? Normally we don't. So to blame the NSA for this seems a bit of a stretch to me, even tho it's apparently the popular thing to do.

    Interesting parts in the story is the lax attitude towards patches, updating and security in several large organizations and companies. But then it costs a lot of money. Like this won't. If they are not working around the clock now it's going to be an interesting Monday at the office when this thing start to spread like wildfire again as people come back to work.

    • (Score: 2) by kaszz on Saturday May 13 2017, @02:21PM

      by kaszz (4211) on Saturday May 13 2017, @02:21PM (#509160) Journal

      Patches and updates too often make software needed in production to stop working. And security in several large organizations is decided by people that lack insight (MBA, PHB the kit).

    • (Score: 5, Insightful) by c0lo on Saturday May 13 2017, @02:41PM (8 children)

      by c0lo (156) Subscriber Badge on Saturday May 13 2017, @02:41PM (#509163) Journal

      Isn't it a bit misleading to try and pin this on the NSA? I might have misunderstood the entire news story but from what I can tell it's not the NSA that developed the Malware, they found the feature - I'm certain they exploited it for something

      Hold right there... because there is why NSA bears responsibility.
      If you, a governmental agency find a vulnerability, the best way to protect your citizens is not to exploit/weaponize it but to responsibly disclose it to the author to have it plugged ASAP.
      No ifs, no buts... any other ways will expose the people you sworn to protect to risks like this.

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @03:35PM

        by Anonymous Coward on Saturday May 13 2017, @03:35PM (#509181)

        The thing is, if you don't do it then somebody else will.

        Yes, fix the holes. But yes, also try and hack the fuck out of them so you know what is possible.

      • (Score: 5, Insightful) by Thexalon on Saturday May 13 2017, @04:10PM (5 children)

        by Thexalon (636) on Saturday May 13 2017, @04:10PM (#509191)

        Regardless of appearances, the US national security state isn't really interested in defense of anybody but themselves. Their idea of defense is "kill them before they kill us", which means their real interest is in offense, and that is why they keep any and all vulnerabilities they discover to themselves. Not disclosing leaves citizens vulnerable, of course, but that helps out the portion of the national security state that treats the citizens as a potential enemy because they are outside of the national security state.

        Why oh why didn't we listen to Ike back in 1960?

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.
        • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @11:30PM

          by Anonymous Coward on Saturday May 13 2017, @11:30PM (#509284)

          Ike's farewell address was on January 17, 1961 [google.com]

          -- OriginalOwner_ [soylentnews.org]

        • (Score: 2) by butthurt on Sunday May 14 2017, @12:27AM (1 child)

          by butthurt (6141) on Sunday May 14 2017, @12:27AM (#509294) Journal

          > Why oh why didn't we listen to Ike back in 1960?

          Do you mean 1960 or 1961?

          1960:

          The nations of the world have recently united in declaring the continent of Antarctica "off limits" to military preparations. We could extend this principle to an even more important sphere. National vested interests have not yet been developed in space or in celestial bodies.

          -- http://www.presidency.ucsb.edu/ws/?pid=11954 [ucsb.edu]

          1961:

          IN THE COUNCILS of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex.

          The potential for the disastrous rise of misplaced power exists and will persist.

          -- https://en.wikisource.org/wiki/Eisenhower's_farewell_address_%28reading_copy%29 [wikisource.org]

          • (Score: 2) by Thexalon on Sunday May 14 2017, @03:22PM

            by Thexalon (636) on Sunday May 14 2017, @03:22PM (#509482)

            You are quite correct: I meant 1961.

            --
            The only thing that stops a bad guy with a compiler is a good guy with a compiler.
        • (Score: 2) by kaszz on Sunday May 14 2017, @06:15AM (1 child)

          by kaszz (4211) on Sunday May 14 2017, @06:15AM (#509374) Journal

          Here's the Ike Eisenhowers (1890 - 1969) farewell message [youtube.com] in 1961. He were president in 1953 - 1961. In 1942 he became a major general, so he also had hands on military experience.

          (at 8:50 the speech heats up)

          • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @08:16AM

            by Anonymous Coward on Sunday May 14 2017, @08:16AM (#509391)

            That's 2 stars.
            Ike was one of a handful of 5-star general officers.
            Other places called those field marshals but that would have given us Field Marshal Marshall (the Marshall Plan guy).

            -- OriginalOwner_ [soylentnews.org]

      • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @05:31PM

        by Anonymous Coward on Saturday May 13 2017, @05:31PM (#509210)
        The big mess here is that the other half of the NSA’s mission is actually to help protect the United States from cyberattack. Here they have not only failed utterly, but are in fact guilty of all but betraying that mission. But I suppose whatever military-type in charge here might well quip the way some Vietnam War major quipped about it becoming necessary to destroy the town in order to save it.
  • (Score: 1, Offtopic) by number6 on Saturday May 13 2017, @06:11PM (1 child)

    by number6 (1831) on Saturday May 13 2017, @06:11PM (#509223) Journal

     
    Read this: https://twitter.com/GossiTheDog/status/863339558364229634 [twitter.com]
     
     
    Having said that .........

    I highly recommend all Win XP users to run this simple one-click program: Seconfig XP [sytes.net]

    It is a fantastic little tool for quickly hardening your network security settings.

    Really simple to use... just start it, check all the boxes and click the "Apply" button.

    If you want a (very nice) informative read of exactly what this prog does to your system and why, click the "Help" button.

    If you click the "Apply" button, it will open a dialog box "Apply changed settings and restart computer [Yes] [No]".

    If you want to revert your system back to previous state, run the prog again and click the "Restore" button; the prog has backed up your previous settings to some registry keys.

     
    To test if Seconfig XP actually does its job .........

    Run Seconfig XP and click its "Status" button causing it to open a "Current status" message window  ...and leave it open
    also open a CMD window and run this command: 'netstat -a -n'  ...and leave it open
    Place the "Current status" and "CMD" windows side-by-side and save a screenshot of them to your desktop.

    Run Seconfig XP and apply the settings.

    After reboot, run a new instance of "Seconfig XP status" and "CMD netstat" windows

    Compare to your screenshot.
     

    • (Score: 1) by anubi on Sunday May 14 2017, @09:33AM

      by anubi (2828) on Sunday May 14 2017, @09:33AM (#509404) Journal

      Could someone please tell me why my parent is modded offtopic?

      I am a bit ignorant here and there may be more to this than I am seeing. It looks more like "informative" to me, but I am out of modpoints.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 2, Informative) by pnkwarhall on Saturday May 13 2017, @06:41PM (2 children)

    by pnkwarhall (4558) on Saturday May 13 2017, @06:41PM (#509227)

    I am a Neal Stephenson fan, and I wholeheartedly agree. It was one of the worst books I've ever read; I think i managed to finish it solely based on hope it would somehow eventually get better.

    --
    Lift Yr Skinny Fists Like Antennas to Heaven
    • (Score: 3, Funny) by Gaaark on Saturday May 13 2017, @07:50PM (1 child)

      by Gaaark (41) on Saturday May 13 2017, @07:50PM (#509240) Journal

      Now try Adolf Hitler's 'Mein Kampf'.

      'My Struggle' is a good title for that book, as you will STRUGGLE to read it the whole way through, lol.

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
      • (Score: 2) by Runaway1956 on Sunday May 14 2017, @01:02AM

        by Runaway1956 (2926) Subscriber Badge on Sunday May 14 2017, @01:02AM (#509307) Journal

        You're exactly right. And, in fact, I didn't make it all the way through. Which is a little embarrassing, because I've read so much other crap about Hitler that was difficult to read. Ehhh . . .

  • (Score: 2) by FunkyLich on Saturday May 13 2017, @09:15PM (1 child)

    by FunkyLich (4689) on Saturday May 13 2017, @09:15PM (#509259)

    Reading the article - to be entirely correct, the summary of the article - I just thought of these two pieces of dialogue in the original "Ghost In The Shell" movie of 1995.

    * * * Dialogue 1 * * *
    Puppet Master: I refer to myself as an intelligent life form because I am sentient and I am able to recognize my own existence, but in my present state I am still incomplete. I lack the most basic processes inherent in all living organisms: reproducing and dying.

    Major Kusanagi: But you can copy yourself.

    Puppet Master: A copy is just an identical image. There is the possibility that a single virus could destroy an entire set of systems and copies do not give rise to variety and originality. Life perpetuates itself through diversity and this includes the ability to sacrifice itself when necessary. Cells repeat the process of degeneration and regeneration until one day they die, obliterating an entire set of memory and information. Only genes remain. Why continually repeat this cycle? Simply to survive by avoiding the weaknesses of an unchanging system.

    * * * Dialogue 2 * * *
    Togusa: There's something I've wanted to ask ever since I started. Why did you transfer a guy like me from the police force?

    Major Kusanagi: Because we need a guy like you.

    Togusa: Huh?

    Major Kusanagi: Number one: You're an honest cop. Number two: You've never stepped out of line. Three: You're a family man. And, except for the slight brain augmentation, your body's almost completely human. If we all reacted the same way, we'd be predictable. And there's always more than one way to view a situation. What's true for the group is also true for the individual. It's simple. Overspecialise and you breed in weakness. It's slow death.
    * * *

    And immediately I thought: Why should everything be so vulnerable to this latest ransomware attack? Because after all, all the affected machines are nothing more than the same system copied and replicated over and over and over again.

    • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @05:15PM

      by Anonymous Coward on Sunday May 14 2017, @05:15PM (#509529)

      Indeed. https://en.wikipedia.org/wiki/Monoculture#Disease [wikipedia.org]

      While I kinda liked the original GitS, I hear some many bad things about the new remake I don't think I'll watch it any time soon.

  • (Score: 3, Interesting) by NotSanguine on Saturday May 13 2017, @09:43PM (3 children)

    US-CERT posted Advisory TA17-132A [us-cert.gov] which gives significant technical detail as to the workings of WannaCrypt, as well as detection and mediation information.

    I found one of the bits from the advisory of particular interest:

    The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry”. The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.

    The newly loaded DLL immediately begins encrypting files on the victim’s system and encrypts the user’s files with 128-bit AES. A random key is generated for the encryption of each file.
    [emphasis added]

    Given that the tool uses random (or more likely, pseudo-random) keys to encrypt each file, it's highly unlikely that paying the ransom would (even if the miscreants wanted to do so) allow decryption.

    I imagine that these attacks could serve as a competency test, both for users (don't click on links in email), and for IT administrators (have quality, well-tested, frequent back ups).

    I'm glossing over the SMB vulnerability [microsoft.com], since a fix has been available for almost two months. I would say that since Microsoft has bundled its updates in an attempt to force its spying^W telemetry code down everyone's throat, it wouldn't surprise me if this update wasn't as widely implemented as it should be.

    Microsoft continues to make decisions that compromise the security of their users and products. As a former MS employee, this doesn't surprise me. Microsoft is, and has always been, run by the folks with sales and marketing backgrounds. I could elucidate, but I think my point is clear.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    • (Score: 1) by Empyrean on Saturday May 13 2017, @10:27PM (1 child)

      by Empyrean (5241) on Saturday May 13 2017, @10:27PM (#509274)

      If it is using pseudo-random numbers (most probably) and the seed is known to the attackers (or victims) then it would be possible to decrypt all the files.

      • (Score: 2) by kaszz on Sunday May 14 2017, @06:44AM

        by kaszz (4211) on Sunday May 14 2017, @06:44AM (#509379) Journal

        Wouldn't that require some kind of information to be sent back to the ransomware writers in order for them to be able to provide the un-encrypt code?
        And the question then becomes, how is that return channel setup.

    • (Score: 2) by kaszz on Monday May 15 2017, @02:27AM

      by kaszz (4211) on Monday May 15 2017, @02:27AM (#509706) Journal

      Now Microsoft President and Chief Legal Officer wants a Digital Geneva Convention [microsoft.com] to protect computer systems. No mention of their own idiotic engineering or rather total lack of it. In addition to their slimy juridical dealings using "audits" to blackmail corporations.

  • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @05:20PM

    by Anonymous Coward on Sunday May 14 2017, @05:20PM (#509531)

    Running this path will fix all your problems. real-trustworthy-winders-pathcv-from-migrosoftie.png.exe [malwarrrrre.ru]

    (Apologies to russia for attribution, I just wanted to make it as sleazy and disgusting as possible.)

  • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @05:23PM (1 child)

    by Anonymous Coward on Sunday May 14 2017, @05:23PM (#509534)

    Are all those infected really being so amazingly negligent to either

    1) run software in production that's more than a month unpatched
    2) run windoze xp

    If so, it's really REALLY hard to feel even a little bit sorry for them.

    • (Score: 2) by kaszz on Monday May 15 2017, @02:16AM

      by kaszz (4211) on Monday May 15 2017, @02:16AM (#509697) Journal

      It's often the case of equipment in laboratories. Think machines doing blood analysis at (British?) hospitals. Where the many million of dollars machine runs on a particular version of Microsoft.. XP? anyway, patching it will make it stop working or at least risk just that. Obviously if you try to change the operating system, it will no longer work. This could be because a combination of userland software that needs a specific software infrastructure and kernel drivers needing a specific Windows kernel.

      On top of that, the machine may need to be networked with other Windows machines to report results. Because the program to handle patient journals is only available for that shit platform. And of course that program also have issues with patches.

      People should demand other operating systems for lab equipment than a proprietary one. Because those can't be sufficiently be maintained. But that requires people to make the PHB and MBAs to follow professional advice and also admitting this is something they lack knowledge in. Which snowflake VIP just can't take with their grandiose personality disorder.

      Nor will even a competent developer be allowed near such machine to try to develop a free driver and software such that the machine may continue to be used after official support from Microsoft has ended. Because it may be the only one that facility have and needs to run daily business and certification may be lost on unauthorized software.

  • (Score: 2) by kaszz on Monday May 15 2017, @03:08AM

    by kaszz (4211) on Monday May 15 2017, @03:08AM (#509728) Journal
(1)