GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year.
That is so like Microsoft! Blame everyone else but themselves! Yes, of course the NSA has behaved badly in this, but they could not have "stockpiled vulnerabilities" unless the vulnerabilities were there to begin with. And who put them there? Incompetent Windows software designers, that's who.
They say they already had a patch for this. Why didn't they make sure it was applied? We already know that Microsoft have ways of forcing updates, which they're happy to use to stuff new releases down people's throats, to make more money for themselves. Why don't they use them to make their existing software self-patching?
Only if they're in the extradition zones for the countries affected. Otherwise they'll get away with it or be hired by their government.
Since many countries have been affected, there must either be very few or no countries that do not extradite to any of them. Even if there was one, and the person or people had moved there, then they would one ordinary day be jostled by a small group of people and then wake up in a prison cell thousands of miles away.
I expect any countries that do not have any extradition treaties would be unpleasant places to live which you would try to leave if you possibly could.
Last edited by grumpyskeptic; 05-15-2017 at 05:30 AM.
The trouble is that IT has become so ubiquitous and people don't realise how open Windows still is. It is a bit of a rude awakening, but it's my sincere hope that ordinary working people start to recognise that computing is much more than the on/off switch on the box.
I'm afraid it won't change a thing. This kind of thing has happened before and it will happen again - and it will happen on Linux embedded IoT and omnipresent Android devices as well.
The average person wants speed, performance and "easy", security is something someone else takes care of or an "app" they install and this knocks on to the "IT guy", security is something he pays a subscription for and installs and it takes care of itself... which in turn leads to the "security" firms; where security is usually about some *BSD or Linux powered hardware which someone else writes the software for. Who? They don't really know, but it "just works"... Eventually they are left with a device which is no longer supported, so they take the hit and go out and buy a new one (or maybe not).
The issue of people not updating/upgrading remains, it's not a windows specific problem - in fact it's getting worse and has the potential to be much worse than it ever was in windows.
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 425
Rep:
My question is very simple: How can a computer reach an unregistered domain name on the internet? If it's unregistered (the domain), how could relay servers know where to send your computer's signals?
If you mean, how could the propagation of the worm be stopped? Presumably when the originators wanted to stop it, they would register the domain and then the phoning home would work. Only the "accidental hero" got there first.
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 425
Rep:
Quote:
Originally Posted by hazel
If you mean, how could the propagation of the worm be stopped? Presumably when the originators wanted to stop it, they would register the domain and then the phoning home would work. Only the "accidental hero" got there first.
No, I mean exactly what I said: How can a computer reach an unregistered domain name on the internet? If it's unregistered (the domain), how could relay servers know where to send your computer's signals?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by moxieman99
No, I mean exactly what I said: How can a computer reach an unregistered domain name on the internet? If it's unregistered (the domain), how could relay servers know where to send your computer's signals?
Why would they need to? How does this relate to the matter at hand?
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 425
Rep:
Quote:
Originally Posted by 273
Why would they need to? How does this relate to the matter at hand?
The ransomware originally communicated with "an unregistered domain" and that was integral to the process of spreading itself. The domain name was registered, and that stopped the spread of the original malware version. My question is, how could the malware send a message to an internet domain that is unregistered in the first place?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by moxieman99
The ransomware originally communicated with "an unregistered domain" and that was integral to the process of spreading itself. The domain name was registered, and that stopped the spread of the original malware version. My question is, how could the malware send a message to an internet domain that is unregistered in the first place?
I think either hazel and myself are misunderstanding how this was stopped or you are. The reports are that once th domain was registered (in other words: could be connected to) the infection stopped.
The ransomware originally communicated with "an unregistered domain" and that was integral to the process of spreading itself. The domain name was registered, and that stopped the spread of the original malware version. My question is, how could the malware send a message to an internet domain that is unregistered in the first place?
The ransomware tried to find an unregistered domain. If the attempt failed then the ransomware tried to spread to other machines. If the attempt to reach the domain in question succeeded that was the signal to the ransomware to not try to spread.
So to answer your question the ransomware did not communicate with an unregistered domain. The ransomware merely looked for the domain name in question.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.