MS windows

Rum, beer, movies, nice websites, gaming, etc., without interrupting the flow of martial threads.

MS windows

Postby windwalker on Mon May 15, 2017 1:01 am

Image
Microsoft Windows users, brace yourselves. People are worried a second wave of cyberattacks could strike around the world on Monday as employees return to their desks and log onto their computers.

Security experts say the unprecedented ransomware attack that on Friday locked up computers across the globe including UK hospital, FedEx, train systems in Germany among other institutions in exchange for payment, could cause even more trouble as the work week begins. On top of that, copycat versions of the malicious software have already started to spread.

https://www.yahoo.com/tech/ready-possib ... 18489.html

Might be a good time to make sure ones pc is updated.
Microsoft's top lawyer is laying some of the blame for Friday's massive cyberattack at the feet of the U.S. government.

Brad Smith criticized U.S. intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend's "ransomware" attacks used a vulnerability that was exposed in NSA documents leaked online.

https://www.yahoo.com/tech/latest-chine ... 03226.html

wow, not good.

What is very troubling about this is that in general the NSA will not reveal the vulnerabilities it finds to the software companies that it finds them in. This is so they can exploit them at a later date.

If this information gets out as apparently it has , it creates a major problem for software makers not understanding what vulnerabilities their code has they cannot issue patches or defend against them until after the fact.
Last edited by windwalker on Mon May 15, 2017 2:07 am, edited 3 times in total.
windwalker
Wuji
 
Posts: 10548
Joined: Sun Mar 25, 2012 4:08 am

Re: MS windows

Postby RobB on Mon May 15, 2017 5:05 am

RobB
Mingjing
 
Posts: 94
Joined: Tue May 13, 2008 1:47 am
Location: Cambridge, UK

Re: MS windows

Postby windwalker on Mon May 15, 2017 5:23 am

Once again, this reinforces why we should not allow backdoors to encryption or any other such vulnerability. Over and over again, the proponents of backdooring encryption have insisted that it can be built in a "safe" way, where only government will get the backdoor access to encryption. The fact that some of the NSA's most powerful hacking tools have not only been leaked but are now wreaking havoc around the world, should put a complete end to the "going dark" debate. But it won't. It's not safe, but many in the law enforcement community, in particular, are in denial about this.


yep :P

Some how the gov agencies seem to think or feel that the ones who want the encryption "bad guys" can not develop
it themselves who find others who can, this they can not regulate. I would expect as many other countries do, in the US
net access will start to be more controlled at all access points. Free wify will be free but they will know who is using it...
Last edited by windwalker on Mon May 15, 2017 5:26 am, edited 1 time in total.
windwalker
Wuji
 
Posts: 10548
Joined: Sun Mar 25, 2012 4:08 am

Re: MS windows

Postby Steve James on Mon May 15, 2017 5:30 am

Specifically, it appears that the ransomware is using an NSA tool called ETERNALBLUE, which was leaked in April by Shadow Brokers. This was among those that were quietly patched by Microsoft back in March, but not everyone installs security patches in a timely manner. Indeed, as some are reporting, some of the victims -- including the National Health Service Hospitals in the UK -- are running ancient Windows XP, an operating system that is not even remotely secure, and is no longer supported.


That is the reason why the attack worked. Many organizations are using legacy software that goes unpatched because they are no longer actively supported. Windows 7 is still used at my college. I've told them for a decade that they should develop their own linux software. It's a school of technology, ffs. They won't allow me to install my own os on my school machine; so, I don't use it.

The problem here, as in hospitals and other large institutions is simple inertia. It takes an effort to change, even if it doesn't cost anything. Yeah, we can blame the NSA for creating the tool, but they aren't the only ones trying to create hacking tools. The NSA hires them. We can blame criminals, but crime is nothing new.
"A man is rich when he has time and freewill. How he chooses to invest both will determine the return on his investment."
User avatar
Steve James
Great Old One
 
Posts: 21137
Joined: Tue May 13, 2008 8:20 am

Re: MS windows

Postby Steve James on Mon May 15, 2017 6:26 am

What should I do to protect myself?

Authorities in the U.S. and U.K. have issued guidance on what to do.

Individuals and small businesses should:

Run Windows Update to get the latest software updates
Make sure any anti-virus product is up-to-date and scan your computer for any malicious programs. It's also worth setting up regular auto-scans
Back up important data on your computer in case it gets held for ransom

Large organizations should:

Apply the latest Microsoft security patches for this particular flaw
Backup key data
Ensure all outgoing and incoming emails are scanned for malicious attachments
Ensure anti-virus is up-to-date and conducting regular scans
Educate employees on identifying scams, malicious links, and emails that may contain viruses
Make sure to run "penetration tests" against your network's security, no less than once a year, according to the Department of Homeland Security
What if I've already been attacked?

Do not pay the ransom demanded by the WannaCry ransomware, cybersecurity firm Check Point warned in a blog post on Sunday. The company said there is no evidence of the hackers giving people files back
For individuals, it might be worth contacting local IT support services
Businesses should contact law enforcement and provide as much information as possible
Restore back-ups of data
How can I prevent ransomware attacks?

There are also steps that can be taken to protect against ransomware more generally. These include:

Making sure anti-virus is up-to-date and updating all software
Back up copies of data
Scrutinize links and files contained in emails
Only download software from trusted sources
"A man is rich when he has time and freewill. How he chooses to invest both will determine the return on his investment."
User avatar
Steve James
Great Old One
 
Posts: 21137
Joined: Tue May 13, 2008 8:20 am

Re: MS windows

Postby everything on Mon May 15, 2017 7:38 am

On a tangent, for 99% of cases/people, I'd really recommend getting a Chromebook. It's essentially a computer designed by Google with an OS that only runs the Chrome browser. For people who aren't doing heavy coding or creative design work (99% of all people probably), it's mostly all you need. For light editing of documents, you can use Google Drive instead of Microsoft Office (doesn't work for me at work, but more than adequate for personal docs). There are some "apps" in the browser, and some Chromebooks can run Android apps.

It's self-updating with security updates in the background. It has two copies of the OS so when you apply updates or turn off/on (pretty much boots in 3 seconds), it instantly has the updates by swapping out the OS (the other one is then a backup for a while). Everything is "sandboxed" and you can't install anything on the machine other than "apps", so it isn't directly vulnerable to bad things that have to install on Windows or Mac. Nearly all of the storage is in Google Drive or other cloud sources (there is some little bit of local storage, too, but not much).

I have Linux, Mac, and Windows machines, plus iOS and Android devices, but 99% of the time I use the Chromebook. All around it's easier for web stuff such as RSF. The device itself is fairly fast for web surfing including videos (like your favorite tai chi vs X videos ;D ). Oh, the price is pretty good, too. I picked one up for less than $300, but you can get some for under 200. I'd get the highest RAM available though.
Last edited by everything on Mon May 15, 2017 7:39 am, edited 1 time in total.
amateur practices til gets right pro til can't get wrong
/ better approx answer to right q than exact answer to wrong q which can be made precise /
“most beautiful thing we can experience is the mysterious. Source of all true art & science
User avatar
everything
Wuji
 
Posts: 8262
Joined: Tue May 13, 2008 7:22 pm
Location: USA

Re: MS windows

Postby Snork on Wed May 17, 2017 8:31 am

Charles Stross has a funny take on it: http://www.antipope.org/charlie/blog-static/2017/05/rejection-letter.html

One is supposed to believe that evil genius hackers (unidentified) using code stolen from the most secretive of espionage organizations by some third party (also unidentified) and released for free on the internet, took someone else's poor quality malware (author unidentified) and turned it into a cyber first-strike weapon that causes carnage worldwide because millions of responsible computer operators fail to apply vital software security patches for months after they're released? This beggars plausibility.


It's a very curious situation. Government agencies with knowledge of vulnerabilities refuse to use their knowledge to help protect their own nation's infrastructure against attacks. There's a disregard there, but more deeply, a possessiveness, even fear. At some point the powers-that-be have figured out that technology in the hands of the people is fundamentally hostile to the exercise of government power, that it poses a kind of existential threat to government itself. The internet transcends national boundaries, treats censorship as damage and routes around it, enables communication between people in radically different regimes, and encryption denies visibility on all this to even top-level intelligence agencies. Without visibility, how can a government exercise its function of control? The consequence is that the struggle becomes not between nations and attackers, but between governments and the governed. The situation is worsened by the lack of technology competence in governments themselves. The majority of tech know-how is concentrated in intelligence agencies, to the point where they are dictating tech policy to mainstream government who are legislating it verbatim (certainly in the UK, not sure about the US). Intelligence agencies already have shadowy mandates, and are certainly not going to advocate for anything that opposes their function. As technology continues to develop and become an ever-more encompassing component of our lives, mainstream government will be increasingly out-of-their-depth and the real seat of power will continue to shift to these agencies - they are the only organs of government actively provisioning for this future.

everything wrote:Chromebooks


Chromebooks, and other devices like it, have interesting implications in this context. An unforeseen consequence of high-availability high-bandwidth internet connections is the emergence of these "thin clients" which rely on the "cloud" for storage and increasingly CPU. They are, of course, convenient and easy-to-use. The danger is that the cloud is basically just a rack of servers in a datacentre somewhere, where everyone's data and internet activity is centralised. This makes the data easy to monitor: by government agencies, for terrorist material, illegal porn, copyright violations, embarrassing intel etc.; and by companies, to build up a psychological profile for targeted advertising. It is so convenient and useful, and developing so quickly, that there is likely to come a time fairly soon where hard drives/local storage is quietly phased out, and then unavailable to purchase altogether, except perhaps for some large companies that really need it. Thin clients will always require some local store but users will not be able to access it, except to decide what apps to download. And even if apps claim to offer encryption, it will already have been back-doored by every intelligence agency in the country it was developed in. The majority of people will not know or care about this.
Snork
Anjing
 
Posts: 156
Joined: Wed Sep 01, 2010 9:17 am
Location: London, UK

Re: MS windows

Postby everything on Wed May 17, 2017 8:47 am

The majority of people will not know or care about this.


Definitely they are in the 99% of use cases I mentioned (things like browsing RSF).
amateur practices til gets right pro til can't get wrong
/ better approx answer to right q than exact answer to wrong q which can be made precise /
“most beautiful thing we can experience is the mysterious. Source of all true art & science
User avatar
everything
Wuji
 
Posts: 8262
Joined: Tue May 13, 2008 7:22 pm
Location: USA


Return to Off the Topic

Who is online

Users browsing this forum: No registered users and 22 guests