SoylentNews is people
SoylentNews
from the not-just-for-breakfast-anymore dept.
https://www.reuters.com/article/us-cyber-attack-idUSKBN19I1TD
A ransomware attack hit computers across the world on Tuesday, taking out servers at Russia's biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.
Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch.
"It's like WannaCry all over again," said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.
He said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. "This could hit the U.S.A. pretty bad," he said.
The U.S. Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.
The first reports of organizations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain.
Many recent outages/attacks have a pattern and a UK power grid outage is anticipated.
(Score: 2) by kaszz on Wednesday June 28 2017, @12:06PM (15 children)
UK energy industry cyber-attack fears are 'off the scale' [theguardian.com]:
Time for the ignorant crowd to be disconnected from any important if they can't stay off Microsoft and crap IoT.
Maersk says global IT breakdown caused by cyber attack [reuters.com]:
Can't someone ask them on Twitter why they don't use something like BSD or Linux for their production environment and why they don't backup their systems??
Einstein is right. Human stupidity is infinite!
It's not like that the vulnerability of Microsoft software is unknown. Thus it shall be considered reckless endangerment to have it anywhere near sensitive systems.
(Score: 2, Insightful) by zeptic on Wednesday June 28 2017, @12:13PM (7 children)
It doesn't matter what OS they use if they don't patch critical flaws.
(Score: 3, Insightful) by kaszz on Wednesday June 28 2017, @12:23PM (5 children)
Correct. But Microsoft have a occurrence of serious bugs that is approximately 10 times worse than anything else. And the Unix security model is better than the Microsoft Windows one.
(Score: 2) by c0lo on Wednesday June 28 2017, @12:28PM (4 children)
Who the heck is using Windows one today? Didn't they release Win10 for some time?
(grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 2, Touché) by Anonymous Coward on Wednesday June 28 2017, @12:37PM (3 children)
Actually Windows 1 was perfectly secure against network attacks, as it didn't have any network functionality. :-)
(Score: 2) by butthurt on Wednesday June 28 2017, @05:46PM (2 children)
-- https://en.wikipedia.org/wiki/Windows_1.0#Features [wikipedia.org]
Networking could be added to DOS through third-party software.
(Score: 1, Flamebait) by kaszz on Thursday June 29 2017, @01:00AM (1 child)
What would Microstuffed be without Trumpet Winsock? ;-)
That shit could not even handle multiple terminal sessions without freezing. Pile of shit, not that it's any news.
(Score: 2) by kaszz on Friday June 30 2017, @05:21AM
Seems someone mistaken the name for a piece of software written in 1992 for a president of much later date. Trumpet Winsock [wikipedia.org] is actually a software. Obviously some people won't rise above if( /Trump/ ) { anger_attack(); }.
(Score: 1, Insightful) by Anonymous Coward on Wednesday June 28 2017, @12:35PM
Yes, and it doesn't matter what lock you use when you leave the door wide open. Therefore there's nothing wrong with using a weak lock, right?
(Score: 2, Insightful) by Anonymous Coward on Wednesday June 28 2017, @01:04PM (6 children)
Here in the Netherlands, we are cheapskates. People mostly use Windows based PCs at home, because it is cheaper than the ridiculously overpriced apple stuff, and is -despite its flaws- still easier to use than any Linux distribution. Also pretty much all commercial software runs on Windows, like Office, Photoshop and AAA games. People are familiar with Windows. It is largely a self perpetuating cycle.
Companies do not want to train people. Period. They definitely do not want to train idiots (Why hire expensive experts when you can hire cheap idiots) to work with some strange operating system where the buttons are located in slightly different places. Again because they are cheapskates. So when they ask for some custom business software to be developed, chances are high that it will be developed for Windows, or at least the user facing PCs connecting to the system will be running windows.
And to be honest: A lot of that stuff goes for myself too. I hold no great love for Windows, but it is the only system which runs Every Single piece of software that I care about. Not just most of it, supplemented with alternatives. All of it.
And I'm not an average user. I've played around with various linux flavors over the years. Recently I've been playing around with NixOS in VirtualBox, which has some interesting ideas. But I just can not switch to it as my daily use system for the above reasons. I love my games too much. I also make games myself. Linux also still frequently suffers from driver related problems in the 3d graphics acceleration department. Both virtualization and dual-booting still have performance and usability flaws that are unacceptable for me.
To be fair there is not all that much that the Linux and Open Source community can do to change that situation. Most of these issues are simple consequences of the larger technology and software ecosystem and can not easily be fixed. A stable driver API/ABI however is one thing that could at least finally improve the driver situation, but of course such a thing will never happen.
(Score: 3, Interesting) by Grishnakh on Wednesday June 28 2017, @03:29PM (5 children)
Your argument is bullshit, and you're a liar.
still easier to use than any Linux distribution.
Companies do not want to train people. Period. They definitely do not want to train idiots ... to work with some strange operating system where the buttons are located in slightly different places.
These are lies, as proven by the existence of Windows 8/10 Metro.
You can't have it both ways: either companies had to retrain all their employees to use Metro when it came out, or they don't need to retrain them for Linux.
(Score: 0) by Anonymous Coward on Wednesday June 28 2017, @04:01PM (1 child)
I think it's unfair to call the GP a lier. I fully agree that training is roughly equivalent between upgrading to WIN8/10 and linux. But companies do not. It would also likely mean more changes in the network infrastructure to switch from win->linux to win->win. Admittedly, it would almost certainly be cheaper in the long run to switch to linux. Being able to simplifying the licensing alone would a big advantage. But Western business culture is currently structured to be short-sighted and stupid both for the companies themselves and even more so for our society. Short sigted and stuped generally is going to mean Windows.
(Score: 4, Insightful) by Grishnakh on Wednesday June 28 2017, @06:30PM
I think it's unfair to call the GP a lier.
I don't think so. I've been hearing that argument for years, but when the Metro UI came out and they kept repeating it, it was obvious that it was just lies. Metro is far more different from what came before (the old NT/XP/7 UI) than any of the typical Linux UIs, even the crappy Gnome3.
I fully agree that training is roughly equivalent between upgrading to WIN8/10 and linux. But companies do not.
Then they're either liars or stupid. If someone disagrees that the Earth is round, I don't need to polite in my disagreement with that person for being so incredibly stupid, I feel perfectly justified in treating him uncivilly. Denying plain reality should never be met with anything but pure scorn and contempt. It's either done because the person is incredibly stupid, or a liar trying to push an agenda.
I'm not even addressing the other factors of Linux vs. Windows, just the training argument I keep seeing over and over. Other factors are actually debatable: software availability, for instance, is a valid argument. The software "ecosystem" Windows offers (Outlook etc.) for corporate use is another valid argument. The training argument for the UI simply is not. It's bullshit. It was a poor argument even back in the XP days (how much trouble did office workers have when going from MS-DOS to Win3.x or Win95?), but it completely ceased to be a valid argument the moment the Metro UI was released in Win8. Why aren't companies spending tons of money "retraining" all their office workers for Win8/10? Because that "training" argument is total bullshit, that's why. As I said before, LIES.
(Score: 0) by Anonymous Coward on Wednesday June 28 2017, @04:48PM
Except for those organisations still running ancient software. Because YOLO! Who cares about software updates or security patches...right? At least until they get hacked. ¯\_(ツ)_/¯
(Score: 2) by butthurt on Wednesday June 28 2017, @06:54PM (1 child)
According to one Web analytics company, Windows 7 accounts for 49% of Web page views:
-- https://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0 [netmarketshare.com]
According to another, it accounted for 48% at the end of last year:
-- http://www.pagestart.com/win10marketshare011217.html [pagestart.com]
I'm guessing that corporate PCs may be under-represented in those figures, because I assume that home users spend a greater proportion of their time browsing the Web. My impression is that, outside Microsoft, there isn't much enthusiasm for Windows 8 or 10, and that companies, more than individuals, have tended to remain with Windows 7. I would assume that most of them would rather not have radical changes to Windows. I would expect them to "jump ship" when there's something stable, easy to use and maintain, that runs their specialised software. For some it already exists.
(Score: 2) by Grishnakh on Wednesday June 28 2017, @10:06PM
...have tended to remain with Windows 7. I would assume that most of them would rather not have radical changes to Windows.
What users want is completely irrelevant. They're going to use Windows 10 with the Metro UI whether they like it or not, it's just a question of when. MS doesn't sell 7 any more, and they're ending support for it in a couple of years. They're even making it so 7 doesn't run on the latest CPUs. Sure, a bunch of companies have held back their Win10 upgrades, but they did that with XP too, and eventually moved to 7, and the same will happen with 10.
I would expect them to "jump ship" when there's something stable, easy to use and maintain, that runs their specialised software.
The specialized software is always going to run on Windows, so they're going to stick with Windows (10), regardless of how shitty it is. And it's not just the specialized software, it's the rest of the ecosystem for corporate computing: Outlook/Exchange, Sharepoint, MS Office, etc. In short, moving away from Windows requires too much short-term pain, and companies simply aren't willing to do that. Any upper manager who tries to push such a project is assuming a huge amount of risk, whereas a manager just going along with the MS treadmill can feel secure in his corporate position, no matter how badly the new MS software performs or how many ransomware attacks it suffers: "No one ever got fired for buying Microsoft". People have been predicting the demise of MS for over 15 years now and it hasn't happened, and in fact MS is more profitable than ever.
(Score: 0) by Anonymous Coward on Wednesday June 28 2017, @12:54PM
This will get worse for companies in the Ukraine tomorrow. Today is a national holiday so most business and government agencies are closed. This ransomware does its dirty work on startup so the morning could be bleak.
(Score: 2) by Wootery on Wednesday June 28 2017, @01:02PM (9 children)
This ransomware apparently [theguardian.com] spreads through the EternalBlue exploit, which was patched by Microsoft several months ago.
For some reason no-one seems to want to talk about this. There's no need for a 'vaccine' [bbc.co.uk], just patch your goddamn Windows machines, and verify [eset.com] you're not vulnerable to EternalBlue. There's absolutely no excuse for there being unpatched systems out there so soon after WannaCry.
Also worth noting that if you're affected, paying the criminals behind this ransomware won't help you get your files back. [bbc.co.uk]
(Score: 0) by Anonymous Coward on Wednesday June 28 2017, @01:12PM (7 children)
According to Kaspersky [securelist.com] this virus only needs to get a toehold in a single computer on the network. It can then spread to any computers that have the MS17-010 patch. So unless you've patched everything you're still vulnerable.
(Score: 2) by Wootery on Wednesday June 28 2017, @01:19PM (3 children)
I don't see that in your linked article. As far as I can tell, a fully patched Windows 10 machine is safe.
(Score: 2, Informative) by Anonymous Coward on Wednesday June 28 2017, @01:22PM
From the linked article:
(Score: 2) by butthurt on Wednesday June 28 2017, @06:59PM (1 child)
The linked article says:
It's evident from the last sentence in the grandparent post that the poster meant to write "any computers that don't have the MS17-010 patch."
(Score: 2) by Wootery on Wednesday June 28 2017, @08:15PM
Yes, I think that's right.
(Score: 0) by Anonymous Coward on Wednesday June 28 2017, @01:58PM (2 children)
Your buisness machines should *really* be properly configured and not execute arbitrary shit. Windows can be set up to only execute code and scripts that are manually whitelisted, but nobody seems to do that.
(Score: 0) by Anonymous Coward on Wednesday June 28 2017, @06:05PM (1 child)
Yes, lets blame the victims. They're all idiots who shouldn't bet let near a computer. Microsoft and the Windows team have done an awesome job.
(Score: 3, Funny) by bob_super on Wednesday June 28 2017, @07:26PM
No.
We all know that Windows "security" is lacking (to put it in the mildest of terms).
So if you have to run Windows, you should go through every possible extra step to protect yourself from the known issues and the likely but unknown ones.
Oblig car analogy: It's like wearing a fireproof suit in a Pinto, because somehow you got stuck having to take a Pinto to work.
(Score: 2) by stormreaver on Wednesday June 28 2017, @01:22PM
And don't forget test for the other tens of thousands of known Windows vulnerabilities while you're at it. And don't forget, Windows' security is uniquely bad among major operating systems; so even if you're fully patched, your Windows installations are orders of magnitude more vulnerable than any other major operating system, and that can't be fixed.
If you're running Windows, you're already screwed.
(Score: 2) by BenJeremy on Wednesday June 28 2017, @02:39PM (1 child)
Most of the time, this is due to some idiot CEO who insisted they have absolute access to the networks and, of course, clicked on the link in their e-mail to get discount erection pills along with a low-interest business loan to help pay off the lasik surgery.
Once they get infected, the attackers have authentication to spread everywhere in a company.
(Score: 2) by kaszz on Thursday June 29 2017, @01:31AM
Rig the network such that if the CEO computer or any other tries to do what viruses does it will shut down their network access. That way the CEO gets the illusion of open access but gets "IT-problems" whenever his own computer is compromised. It could be as simple as ban-me.corporate.com with open SMB ports.