quote:

Originally posted by Sig2340:
I've asked that of several admins who didn't even understand the question.

Which goes a long way to explaining why many "admins" think things that are manifestly unsafe are safe and and why things like we've seen happen in the last 24 hours are such a danger.

Mind you: The only "safe" system is one that's in a locked room, un-networked, running on a resident power source, said locked room being a Faraday Cage. And, even then, note the "s. So when I write "safe," it's a relative thing. (As the Iranians found out the hard way.)

The only secure computer sits in a doorless, windowless concrete Faraday cage, with no power, no hard drive, no keyboard, no monitor, and one 9" floppy drive that is not connected to the motherboard.

And someone will still try to hack it.

quote:

Originally posted by ensigmatic:

quote:

Originally posted by Sig2340:
I've asked that of several admins who didn't even understand the question.

Which goes a long way to explaining why many "admins" think things that are manifestly unsafe are safe and and why things like we've seen happen in the last 24 hours are such a danger.

Mind you: The only "safe" system is one that's in a locked room, un-networked, running on a resident power source, said locked room being a Faraday Cage. And, even then, note the "s. So when I write "safe," it's a relative thing. (As the Iranians found out the hard way.)

Years ago when I worked for a router manufacturer we got a call from a customer at No Such Agency about a problem they were having with a router. An engineer was dispatched and he had a very interesting story. He was taken to a room that was indeed a Faraday cage with filtered power, and a wide awake, clearly switched on Marine guarding the door with an apparently loaded M-16. After considerable checking he was allowed into the room and soon discovered a problem with a processor board. He was of course carefully supervised the entire time. When he told the customer what the problem was and that we'd easily fix it through an advance replacement, he got another surprise. The customer asked what an advance replacement was (we send you a new part, you install it and send the old one back), then said, "NOPE. You see that pile of disk drives and boards over in that corner? Nothing that has had any data on it leaves this room. You can sell us a new board, we are not shipping anything back."

Real security is a pain in the neck and makes it harder to do most things. Left to their own devices many users will ignore or work around security policies to make it easier to get their job done. This can turn out spectacularly unwell...

quote:

Originally posted by Sig2340:

quote:

Originally posted by ensigmatic:
< snip >
I don't know of that happening. Yet.

As always, we have the knowledgeable "guy."

I've asked that of several admins who didn't even understand the question.

It did happen yet.
(but the damage was limited in scope)

Microsoft update dot com

Years ago, it was 0wNd and MS had to kill the TLDs records and redirect to a safe sight.

That lead to the whole WSUS instances being run on local domains and then that became a PITA as well as "too late for 0 days crap.

Ensigmatic is correct in the laziness of developers, and the greed or failure to business cost model the creation, testing, deployment, maintenance and EOL to applications and embedded or otherwise "smart" products.

And then end users who cannot, will not be bothered with the fundamentals of operating their tools.

As an example, one may have a vehicle and delegate all maintenance to someone else, but the driver still needs to be aware of unsafe tires, if it is "acting right", not to put diesel in a gas tank, or gas in a diesel tank, water does not go in the oil fill, and oil does not go in the washer bottle, and simple "end user" things.

The "IT/MIS/all things computer, is still in the toddler stage, and the new and up and coming folks in the IT world are woefully inept, unskilled and ignorant of the history and fundamentals of how computing got where it is today.

And are somewhat hostile to the "old guys" who are still in the scene.

It may well get much worse before it gets much better.

Watching MS fall flat on it's face in the past four releases of OS, is one area that many people can see and understand, but it is the very tip of a great iceburg as the SS ITanic, steams on at petabit speed.

"Hey, why are these deckchairs all crooked...?"

quote:

Originally posted by sigmonkey:
The "IT/MIS/all things computer, is still in the toddler stage, and the new and up and coming folks in the IT world are woefully inept, unskilled and ignorant of the history and fundamentals of how computing got where it is today.

*sigh* It's every bit as bad as the monkey says, too.

I've hardly contacted a "colleague" at a vendor or customer site; or somebody unrelated, as a professional courtesy, to tell them of a problem they have with their mail server, their domain registration, their DNS, their what-have-you and gotten anybody truly clueful at the other end, for some years.

It's depressing

I appraised the Powers That Be of this situation, and cautioned them I was retiring, starting two years ago. They haven't managed to find a candidate even remotely qualified, yet, and they've been on an intense search for at least six months--maybe more.

Last guy, when I described our border router, firewall, DMZ (which is not what many "Network Admins" think a "DMZ" is, btw) and what I call our "unsafe" network, which is where the external web server, outside-accessible mail server, 'net connection for the guest WLAN and various other stuff lives, asks "You don't NAT that stuff?" ("Say what?" I thought to myself.) "Um, no. Why would I do that?" I asked. "For security," he replied.

Oh boy

Fascinating story, re: The MS update system, sigmonkey. Obviously I was not aware that had happened. (I'm really not much of a "Windows guy." It's possible I heard about it, at the time, laughed, and forgot about it, too .)

quote:

Originally posted by chongosuerte:

quote:

Originally posted by jehzsa:

quote:

if I don't click

Some work by merely opening the email.

I guess that's what I mean. If I get an email from someone I don't know and am not expecting, it gets deleted before being opened.

For whatever reason, there are a lot of hot locals that just want to screw in my area? Or at least I get three emails a day in my Hotmail account telling me that?

My advice: learn what carbonite or idrive is and spend the 5 bucks a month to backup your stuff.

I use a service where I can encrypt before uploading which I suggest as well.

 
My advice, set your email client to view emails in plain text only. If you have vetted the email, then turn on the html version. But still be aware of clicking on any links. Even viewing your email in "html" vs "plain text" can render you vulnerable to this and other exploits.

You may say don't open emails from unknown sources, but the hackers can easily spoof the source, looks like someone you know, but it is not.
 

http://money.cnn.com/2017/05/1...k-threat-escalating/

The biggest cyberattack the world has ever seen is still claiming victims and threatens to create even more havoc on Monday when people return to work.

The head of the European Union's law enforcement agency Europol, speaking on British TV on Sunday, said Friday's attack was "unprecedented" in its reach, with more than 200,000 victims in at least 150 countries.

Cybersecurity experts have said the majority of the attacks targeted Russia, Ukraine and Taiwan. But U.K. hospitals, Chinese universities and global firms like Fedex (FDX) also reported they had come under assault.

Security experts said the spread of the virus had been inadvertently stopped late Friday. The ransomware was designed to repeatedly contact an unregistered domain in its code. A 22-year-old security researcher in the U.K, who goes by MalwareTech, registered that domain to analyze the attack, but it turned out the ransomware needed it to remain unregistered to keep spreading.

However, a hacker could change the code to remove the domain and try the ransomware attack again. And it has potential to create much more damage because it's likely to be lurking on computers in offices around the world that haven't been used since Friday. Copycat attacks could follow.

 
Also, turn off/disable your email client's "preview pane", where the message appears in a separate window as soon as you highlight it. The preview pane is a mini-browser, and can execute any code that a browser can.
 

Or view the message on your android tablet -- which is another thing I do.

https://www.yahoo.com/tech/lat...rtion-094803226.html

Chinese state media say more than 29,000 institutions across China have been infected by the global "ransomware" cyberattack.

Xinhua News Agency reports that by Saturday evening, 29,372 institutions had been infected along with hundreds of thousands of devices.

Microsoft's top lawyer is laying some of the blame for Friday's massive cyberattack at the feet of the U.S. government.

Brad Smith criticized U.S. intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend's "ransomware" attacks used a vulnerability that was exposed in NSA documents leaked online.

In a post on Microsoft's blog, Smith says: "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."

Microsoft's lawyer says governments should "report vulnerabilities" that they discover to software companies, "rather than stockpile, sell, or exploit them."

It is believed to be the biggest online extortion ever, hitting British hospitals, German rail and companies and government agencies.

We may have gotten a short reprieve with the kill switch. Thus, it'll be back this week "fixed".

That kill switch is such an incredible oversight that it makes me wonder if this is somehow meant as a lesson, and to push us to finish off XP and invest more in automated file oversight tools like Varonis.

To say InfoSec is a challenge in most modern enterprise environments is a gross understatement. I.T. growth driven by business requirements has wildly outpaced infosec investment at many layers from product development, through organizational strategy to operational employment.

quote:

Originally posted by sdy:
Microsoft's top lawyer is laying some of the blame for Friday's massive cyberattack at the feet of the U.S. government.

Deflection. Microsoft doesn't want to take the hit all on its own. I don't blame them, but, it's a next-door neighbour to "blaming the victim."

While I agree that the responsible thing for "our" government to have done, upon discovering those vulnerabilities, would've been to have reported them to Microsoft and put pressure on MS to fix them, pronto, let us not lose track of how those vulnerabilities got there in the first place: Either poor software design, poor coding, or both.

That's purely on Microsoft.

quote:

Originally posted by ensigmatic:
let us not lose track of how those vulnerabilities got there in the first place: Either poor software design, poor coding, or both.

That's purely on Microsoft.

I'll disagree a little bit. If you write any appreciable amount of code you *will* have bugs. You can minimize them by carefully thinking through as many corner cases as possible, but you will have bugs. If you want to release code that is as bug free as possible, what you need is two things, 1) an engineering culture that puts more value on clean code than speed to market, and 2) a test department that takes great pleasure in busting the software engineers' balls.

This may not actually be the case, but it has appeared for many years that Microsoft does not have a test department, they have users for that.

If true, this isn't going to help matters at all.

The Daily Mail
BREAKING NEWS: North Korean hacking group is thought to be behind cyber attack which wreaked havoc across the globe Read more: http://www.dailymail.co.uk/new...c.html#ixzz4hBaLRMJJ Follow us: @MailOnline on Twitter | DailyMail on Facebook

quote:

Originally posted by radioman:
Or view the message on your android tablet -- which is another thing I do.

Since the Android tablet is already compromised
 

https://www.theguardian.com/te...hero-marcus-hutchins

WannaCry hackers still trying to revive attack says accidental hero

The “accidental hero” who registered a web address that became the so-called kill switch for WannaCry has said hackers are trying to overwhelm the site to resurrect the ransomware that plagued the NHS and companies around the world.

The web address acts as a beacon for the malware, which if contactable tells WannaCry to cease and desist. In registering the domain name, a self-trained 22-year-old security expert from south-west England called Marcus Hutchins halted the spread of WannaCry by activating its kill switch.

Hackers are now trying to make Hutchins’ domain unreachable using a distributed denial of service (DDoS) attack – overwhelming it with traffic so that attempts to contact the domain by WannaCry go unanswered, thus de-activating the kill switch.

Hutchins has taken precautions to protect the domain from the DDoS attacks, which are using the Mirai botnet, switching to a cached version of the site that is capable of dealing with much higher traffic loads than the live site.

So far, the kill switch remains in operation, Hutchins says, which should help any computer systems that have not been updated or secured yet from falling foul of this strain of the WannaCry attack.

A week after the WannaCry outbreak, analytics have revealed that, despite Windows XP grabbing the headlines due to its use in the NHS and other institutions, it was Windows 7 that was the worst affected by the ransomware.

According to data from cybersecurity firm Kaspersky, Windows 7 accounted for more than 98% of WannaCry infections, with Windows XP accounting for an “insignificant” volume of infections globally. The estimates are based on computers running the Kaspersky’s security software, while data from BitSight indicated the number was lower but still significantly skewed towards Windows 7, with 67% of infections.

That Windows 7 accounted for the majority of WannaCry infections is not that surprising. Windows 7 is the most popular version of Microsoft’s operating system, accounting for 46.23% of Windows computers globally, according to data from analytics firm Statcounter. Windows 10 accounts for 35.53% of PCs, while Windows 8.1 accounts for 9.56%. Windows XP accounts for only 5.36% of Windows computers globally.