LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 05-24-2017, 10:38 AM   #76
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 1,967
Blog Entries: 5

Rep: Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006

Turbocapitalist pointed this out in post #24. The media were also wheeling out the usual "experts", who were also blaming XP and urging users to upgrade windows, upgrade their virus programmes, etc... If the Kapersky stats are in any way accurate, XP hardly registered on the scale.

Last edited by cynwulf; 05-24-2017 at 10:57 AM.
 
Old 06-06-2017, 11:06 PM   #77
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,386
Blog Entries: 3

Rep: Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051
Some new information about the scope of the problem: It turns out that all versions of Windoze are vulnerable to the remote exploit, including their current flagship version, Vista10:

Quote:
The NSA’s EternalBlue exploit has been ported to Windows 10 by white hats, meaning that every unpatched version of the Microsoft operating system back to Windows XP—and likely earlier—can be affected by one of the most powerful attacks ever made public.

https://threatpost.com/nsas-eternalb...ows-10/126087/
Again, the press' repeated, intentional mishandling of problems like "wannacry" which is built on "eternalblue" follow M$ usual modus operandi:

Step 1, admit the problem only with the oldest versions and blame users for not buying the latest version. Step 2, later, quietly, admit that newer versions are vulnerable too, and blame users for not buying the latest version. Step 3, much later, quietly admit that even the latest version is vulnerable as well, but still admonish users to buy the latest version anyway.

Because these steps are spread out over time and most people have the attention spans of goldfish for things outside their one or two areas of interest, it works and has worked for 17+ years. Allowing anyone to plug M$ products anywhere into the network always has been unsafe and always will be. Doing so amounts to an attack on the infrastructure the rest of us rely on and should be countered.
 
Old 06-07-2017, 05:07 PM   #78
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,062

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Apology for the long and rambling post.... I let this go too far before replying.

Quote:
Originally Posted by Soadyheid View Post
I think that for "medical records" you can just read "records" Does the ransomeware search out for records from some particular database to encrypt? Dunno.
As I understand it, it goes for the areas where Windows users store data and encrypts everything that is there. Doesn't care what's there just encrypts it.

Quote:
Originally Posted by hazel View Post
Apparently the NHS has for years been using old, unpatched, vulnerable software, so an attack like this was very much on the cards.
They probably have close to no alternative about that. Once you buy a Brambleweeny Mk 47 Ultrasonic scanner you can only use it with the software that it works with, and if the vendor doesn't support later versions it all gets a bit difficult. Although there is a certain level of amelioration that you can do with firewalling, etc. (and that was probably absent, too).

Of course you can always throw away your old Mk 47 and buy a new Mk 52 and start the whole thing a bit further down the road... and millions worse off.

Vendor lock in...

It is worth mentioning in passing that there doesn't seem to be any evidence that this was a targeted attack at the NHS etc.

Quote:
Originally Posted by syg00 View Post
Probably not specific data at all - makes more sense to attack the system. And while you're at it, go looking for other systems.
When will people learn not to open email attachments.
My guesstimate is that if ordinary users, if they haven't had recent training, will open this stuff (if attractive-seeming) 50% of the time...and if they have had recent training it is closer to 5%. So training probably is quite worthwhile but it really doesn't do as much as you would like. The 'ARS' reference suggests that links had nothing to do with it, but other people have said the opposite, but the 'ARS' thing is more recent, so probably more likely to be correct.

Quote:
Originally Posted by rknichols View Post
Apparently we got lucky here in the US. The "Accidental Hero" stopped the spread before it got very far here.
One of the factors...it turns out that there was another piece of malware doing the rounds earlier in the same week and that blocked some of the SMB ports that 'WannaCRY' used and that blocked its progress.

Quote:
Originally Posted by jailbait View Post
Microsoft has announced that they are fixing the vulnerable versions of Windows including some versions that they have already dropped support for. The vulnerable versions that Microsoft intends to fix are Windows 10, Windows 8, Windows 7, Windows Vista, and Windows XP.
Apparently MS had already prepared patches for this vuln, but the XP one didn't get issued because 'XP was no longer supported'. MS seemed to have thought about that again. Which is nice, but they could have got it right first time.

Quote:
Originally Posted by Turbocapitalist View Post
Or Vista 10 or Vista 11 or whatever the "current" version will be at the time of the next attack.

From reading the last few weeks, it looks like all versions of Vista were affected for a long time, even Vista 10 which is the latest. It was so long a period that the NSA had time to develop and deploy malware to exploit that specific hole, with M$ knowledge. The problem there is that the malware got loose. Only recently did M$ patch the newer editions of Vista so that they could then steer the press into blaming old XP and take the heat off of Vista 10. I wonder if it was the Wikileaks reports that forced their hand and got them to patch Vista 10 and how long M$ would have left things unpatched had Wikileaks not reported on the problem(s).

Windoze has never been secure and always been a magnet for malware even back before it had a TCP/IP stack. The more things change the more they stay the same. What needs to happen now is a staff audit. Who allowed deployment of Windoze inside NHS?
Don't get over confident. In the aftermath of this affair the Samba guys issued some patches (whch may just be a coincidence...or not). I suspect (but don't know and don't currently need to do the research) that the Samba guys reviewed their code in the light of this exploit and decided there was a possibility of a similar exploit. At least the Samba guys did the rght thing once they figured it out unlike MS who were driven by some kind of warped commercial imperative.

Of course if people actually applied the MS patches, then that would be better from a security point of view. But then
i) you've got to hope MS has got it right this time and they don't break stuff this time out
ii) in a professional environment you'll have to test stuff;MS won't have tested the Brambleweeny interface
iii) and no one has an infinite amount of time for this and there is an avalanche of patches at times

Quote: Originally Posted by Turbocapitalist
It was so long a period that the NSA had time to develop and deploy malware to exploit that specific hole, with M$ knowledge. The problem there is that the malware got loose.


Quote:
Originally Posted by hazel View Post
I was going to ask if that story was true. If it is, it just illustrates the point I made before: you can't have a system that is secure against criminals, and at the same time insecure against the government (e.g. for the purpose of catching terrorists). Theresa May and Amber Rudd think that's possible and seemingly the NSA thought so too, but the laws of arithmetic don't allow it.

A back door is a back door is a back door!
I have certainly heard that, too. Which is how MS got the patches prepared and then decided not to issue the XP one. However the 'exploit kit' is only a part of 'WannaCry' but if you stop any part of it working you stop it working.

It is a good point about 'back doors'; I heard Amber Rudd refer to the 'Window Platform' (not Windows) and that makes you sound like a dummy who shouldn't be allowed anywhere near the power switch, never mind setting rules for stuff that you clearly don't understand. At all.

Quote:
Originally Posted by grumpyskeptic View Post
I expect that the person or persons who did it will get caught sooner or later and spend a very very long time in prison. So far it appears they have only made a comparatively small amount of money out of it.
It has been suggested that this was 'targeted' - in as much as it was targeted at all - at ordinary end users and it took the miscreants by surprise that they caught 'big orgs' in their net. It also may be that the miscreants just thought of this as 'a nice little earner' but now they realise that they will come under more sustained scrutiny and that's a bit of an embarrassment.

Quote:
Originally Posted by hazel View Post
Well, it's unlikely to be the Russians this time. Apparently Russia was the country worst hit, and some think it was the real target. What happened to everyone else was just collateral damage.

The problem is that the online world is now so hyperconnected that any spreading malware "puts a girdle round the earth in 90 minutes".
There has been some analysis done on this.

The suggestion is that the North Koreans are most likely, but the Chinese have also been mentioned as a possibility in some quarters. But the evidence seems rather more solid for the Koreans.

'Researchers said on Sunday a variant called Uiwix without a kill switch had already been released, but officials said a feared second wave of disruption as the week began hadn’t materialised.'

Regarding the kill switch, the strongest possibility seems to be that the authors wanted some way to distinguish between running under a virtualised environment and on the metal. The first thing a security researcher is likely to do is to try running the sample code in a safe (virtual) and instrumented environment and the authors probably would not want to give all of its tricks away. Alternatively they might just want a way to keep it under control on their own network.

Quote:
Originally Posted by hazel View Post
That is so like Microsoft! Blame everyone else but themselves! Yes, of course the NSA has behaved badly in this, but they could not have "stockpiled vulnerabilities" unless the vulnerabilities were there to begin with. And who put them there? Incompetent Windows software designers, that's who.

They say they already had a patch for this. Why didn't they make sure it was applied? We already know that Microsoft have ways of forcing updates, which they're happy to use to stuff new releases down people's throats, to make more money for themselves. Why don't they use them to make their existing software self-patching?
Windows patches break stuff. The MS that is complaining about the moral turpitude of stockpiling of vulns is the same one that has been stockpiling patches. I don't now where the moral high ground is, but I know they aren't on it.

Quote:
Originally Posted by moxieman99 View Post
My question is very simple: How can a computer reach an unregistered domain name on the internet? If it's unregistered (the domain), how could relay servers know where to send your computer's signals?
They are looking for the error. The point is that it doesn't work.

Quote:
Originally Posted by 273 View Post
It may well be it's just a debugging tool let in there by it's NSA creators which the current bunch of criminals using it hadn't realised was there.
I don't think this was in the NSA part of the exploit.

Also:
http://www.silicon.co.uk/security/ka...rticle_1_title

“If you were infected with WannaCry ransomware there is a good possibility that you will be able to restore a lot of the files on the affected computer. To restore files, you can use the free utilities available for file recovery,” Kaspersky Lab researchers explained.
 
Old 06-08-2017, 02:25 AM   #79
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,386
Blog Entries: 3

Rep: Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051Reputation: 1051
Quote:
Originally Posted by salasi View Post
Don't get over confident. In the aftermath of this affair the Samba guys issued some patches (whch may just be a coincidence...or not). I suspect (but don't know and don't currently need to do the research) that the Samba guys reviewed their code in the light of this exploit and decided there was a possibility of a similar exploit.
Wot? Let's just sit tight another 25 years just in case the last 30 years have turned out to be an anomaly in regards to M$ true nature and true quality? "Let's just give them a second chance" has been part of their marketing for that long.

About Samba, it seems that SMB is from top to bottom an M$ protocol / problem. Use an M$ protocol and, like with any other M$ product, you will get burned.

And the only reason to use SMB would be if you have allowed Windoze computers onto your LAN. See where that got the NHS.

Quote:
Originally Posted by salasi View Post
At least the Samba guys did the rght thing once they figured it out unlike MS who were driven by some kind of warped commercial imperative.
Yes, the Samba team has done great work, within the scope of their project.

However, for what it's worth, M$ is not about making money. Their decisions show that repeatedly. Take a fluffy example, like their killing off Minecraft for the sum of around $2.5 billion. They paid that sum for a game that was already peaking in popularity. Mojang's top staff walked as part of that "deal", so whatever M$ may have purchased it wasn't purchasing an opportunity to bring in $2.5 billion + ROI

Anyway, the point in the previous post, that Vista10 is also vulnerable, shows that decision makers are either completely ignorant or complicit or both when allowing M$ products to be deployed in production environments. These collapses have happened every few years. If they signed off on the wrong kind of construction methods and materials, causing a large hospital building to collapse once in use, they would be held accountable. Windoze is just another case of bad engineering, causing hospital ICT to collapse.

Last edited by Turbocapitalist; 06-08-2017 at 02:27 AM.
 
Old 06-08-2017, 02:35 AM   #80
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,062

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Quote:
Originally Posted by Turbocapitalist View Post
Wot? Let's just sit tight another 25 years just in case the last 30 years have turned out to be an anomaly in regards to M$ true nature and true quality? "Let's just give them a second chance" has been part of their marketing for that long.
Not what I said and not what I meant.
 
Old 06-08-2017, 08:25 AM   #81
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 1,967
Blog Entries: 5

Rep: Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006Reputation: 1006
Sadly in the real world, the MS crapware dominates and it's not simple to avoid it. The NHS in the UK has been squeezed and starved of funding for decades and especially since 2010 and "austerity", so developing new medical hardware/software based on non Windows technology just isn't feasible. The NHS has to buy in and use whatever does the job, from what are after all profit oriented suppliers like any other.

For home desktop users it can be a chore to avoid MS products, for any kind of business or organisation it's almost impossible. Very little, if any, commercial software for accounting/CRM is written for Linux.

As an example ADP are a Linux Foundation silver member, but much of their actual client software still only runs in MS IE...

MS Windows continues to flourish as a de facto standard in the same way that faecebook has flourished as a "social network": To use something else puts you out on a limb in unsupported/isolated territory. And this is what many are not prepared to accept.

I remember when "Linux" was the butt of many jokes and regarded as unusable, geek domain software for basement dweller types. To sit down to explain to someone about GNU and free software invited ridicule. Very little has changed.

Despite all the malware scares, back doors and security holes, etc, people just accept it and use it because it runs the programmes they want to run. It's accepted that windows is insecure and needs "scanner" style software to keep malware at bay. The solution from the experts will always be "update windows, update your anti-virus", that has worked for at least two decades and will probably continue to work fo the foreseeable future.

Free software has it's place, but for the time being it's in the background or in embedded. In the realm of corporate workstations it's made very little headway and to move into healthcare market, it needs to get there first.
 
Old 06-08-2017, 08:48 AM   #82
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,276
Blog Entries: 1

Original Poster
Rep: Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578
I love your spelling of "faecebook"! Was that deliberate or a happy accident?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Locky Ransomware Spreading in Massive Spam Attack LXer Syndicated Linux News 0 03-17-2016 06:32 PM
Hackers warn NHS over security Jeebizz Linux - News 1 06-10-2011 08:57 AM
LXer: Schools and the NHS: does Linux even get a look in? LXer Syndicated Linux News 0 07-21-2010 02:00 PM
Microsoft to keep our NHS records? sycamorex General 1 08-10-2009 07:17 PM
LXer: Novell starts work on NHS contract LXer Syndicated Linux News 0 12-19-2005 05:16 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 02:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration