Cyber attack spreads worldwide

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: Cyber attack spreads worldwide

Postby Lysander » 2017-05-13 22:47



Just read about this, so somebody somewhere is developing this.

dasein wrote:Anyone who (a) isn't infected and (b) hasn't backed up in the last 24 hours, is, simply put, an idiot.


Just updated my wife's computer this afternoon [W7], hadn't been updated for months. Will get the backups going. Yes I know it's daft but so many people find updating boring, intrusive and a waste of time on Windows. I can see how so many people got done over.
User avatar
Lysander
 
Posts: 287
Joined: 2017-02-23 10:07
Location: London

Re: Cyber attack spreads worldwide

Postby dasein » 2017-05-13 22:51

Lysander wrote:One question, if it's old, how has it reappeared?

Every report I've read says that the specific vulnerability it exploits was reported relatively recently (March 2017). However, the underlying vulnerability itself actually resides in SMBv1, which is old, old, old. That's why XP is affected.

One of the more interesting things about this malware is that it deploys as a delivery mechanism, rather than as a specific payload. By all accounts, the actual attack vector is a "weaponized" version of a technique created by the US NSA and released to the world by ShadowBrokers. (More info here: https://en.wikipedia.org/wiki/EternalBlue)

That explains it was so easy for the bad guys to come up with a V 2.0 in less than a day. By implication, any arbitrary payload could be deployed.

These are not random script kiddies. Someone put some thought into this.

Hmmm... Apparently Russia is the hardest-hit nation. Maybe that's just a coincidence.
User avatar
dasein
 
Posts: 7774
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Cyber attack spreads worldwide

Postby bester69 » 2017-05-14 03:59

VentGrey wrote:Apparently Linux systems are vulnerable too, in my compulsive paranoia I disabled root acc and set all my firewalls to high, and im scanning every 2 hours, I really don't want some ransomware here :shock:

Linux has no virus, no malware, stop bullshit, there is more chance an atomic bomb explode in Paris than get infected by a linux virus. See Android Phones, Millons of users, installing thousands of Apps, and that system is unbrokeable. For sure, if you give root access then you lost it, but thats all.

By the way,for more that i try i wasnt able to root my android, they are doing really well..
User avatar
bester69
 
Posts: 865
Joined: 2015-04-02 13:15

Re: Cyber attack spreads worldwide

Postby VentGrey » 2017-05-14 04:03

If we look it in a good way I managed to convince 5 friends to start using Debian XD who would have thought that Ransomware helps Linux :mrgreen:
“I felt myself on the edge of the world; peering over the rim into a fathomless chaos of eternal night.”
― H.P. Lovecraft after trying Debian SidImage
User avatar
VentGrey
 
Posts: 131
Joined: 2016-04-26 23:57
Location: /dev/friends

Re: Cyber attack spreads worldwide

Postby alan stone » 2017-05-14 05:25

The NSA-created disaster explained and how to protect yourself.

All paid with U.S. tax dollars. :roll:

Meanwhile...

Microsoft has NOTHING on its home page to advise its customers. Only self-congratulatory bullshit.

Samewise for the NSA. Oh wait... there's a section "How We Protect the Nation". :lol:

But by all means, let's go to a cashless, all-digital society.
Last edited by alan stone on 2017-05-14 09:31, edited 1 time in total.
Debian GNU/Linux 8.9 (jessie)- 32 bit
wm: openbox

If you initiate coercion, force, violence to enforce your idea or theory, or if every single time it is applied to the real world it fails completely, your idea or theory sucks and is worthless.
User avatar
alan stone
 
Posts: 157
Joined: 2011-10-22 14:08
Location: In my body.

Re: Cyber attack spreads worldwide

Postby phenest » 2017-05-14 07:59

Lysander wrote:One question, if it's old, how has it reappeared?

I came across this exact same ransomware 4 years ago on a friends computer. I decided to research it and discovered that it was already quite old then. How old, I'm not sure exactly. I also discovered that the BitCoin account had been closed for some time back then, so you couldn't pay the ransom even if you wanted to.

My guess on how it reappeared is that someone, with an infected computer they haven't used for a while, connected it to the internet and now it's widespread again. Given how many computer are running out of date versions of Windows explains why it's so widespread. Perhaps it was me with my friends computer! :lol:
Lysander wrote:I've read that it's a bad idea to pay ransomware since there's no guarantee you'll get your data. I take it that's the case here then.

Actually, if the BitCoin account was still open, and you paid the money, you DID get the decryption tool. I read posts from people asking if they should pay, and others saying they had and now their data is back.
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS Sabertooth P67 i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1571
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Cyber attack spreads worldwide

Postby alan stone » 2017-05-14 12:17

Debian GNU/Linux 8.9 (jessie)- 32 bit
wm: openbox

If you initiate coercion, force, violence to enforce your idea or theory, or if every single time it is applied to the real world it fails completely, your idea or theory sucks and is worthless.
User avatar
alan stone
 
Posts: 157
Joined: 2011-10-22 14:08
Location: In my body.

Re: Cyber attack spreads worldwide

Postby Lysander » 2017-05-14 12:28



From the above article

Why the hell do you need "antivirus" software on a system unless it fundamentally blows big fat ones to start with?


Is this not how OSs end up getting commodified? In order to sell them, the code is closed and only has a small percentage of people working on it as opposed to open source, which creates security issues. Even though both Windows and Mac can get viruses, I don't quite understand why Windows has a whole load more. Is it because it's more exploitable, and if so, why?
User avatar
Lysander
 
Posts: 287
Joined: 2017-02-23 10:07
Location: London

Re: Cyber attack spreads worldwide

Postby acewiza » 2017-05-14 12:57

Lysander wrote:I don't quite understand why Windows has a whole load more. Is it because it's more exploitable, and if so, why?

No. It's just because there is more of it (BIG - probably BIGGEST attack surface). And the people using it tend to be more amenable to things like clicking on malware links and subsequently paying the ransom because wait for it...

They also don't have a data backup. :roll:
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 224
Joined: 2013-05-28 12:38
Location: Out West

Re: Cyber attack spreads worldwide

Postby phenest » 2017-05-14 13:25

Lysander wrote:Even though both Windows and Mac can get viruses

Mac OSX is in the same boat as Linux and BSD. They don't use antivirus either.
Lysander wrote: I don't quite understand why Windows has a whole load more.

Lysander wrote: Is it because it's more exploitable, and if so, why?

To start with, all users in Windows have (by default) administrative rights. And no one bothers to change that.
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS Sabertooth P67 i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1571
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Cyber attack spreads worldwide

Postby Thorny » 2017-05-14 13:44

Lysander wrote:... In order to sell them, the code is closed and only has a small percentage of people working on it as opposed to open source, which creates security issues. Even though both Windows and Mac can get viruses, I don't quite understand why Windows has a whole load more. Is it because it's more exploitable, and if so, why?

I see a couple of posters answered while I was composing and this states again what they have suggested.

I believe it is because Windows was not designed to be a secure, multi-user operating system from the beginning. It was designed to be easy to use, and that included easy to use by near brain dead morons who don't understand authentication nor see any need for it, because it gets in the way of them using their computer. For a long time we've seen people starting to use GNU/Linux distros after using Windows who complain about having to authenticate in order to do "things". Less of that now and modern versions of Windows do have better security but it still has more people who are basically clueless about security and don't even want to learn.

-Offer me something free and I'll click on it, send me an enticing email and I'll follow the link or open the attachment. Just tell me what keys to press. Upgrade, I don't have time to upgrade, I have to do my Facebook posts and check my twitter feeds. Why does Linux have to be so hard?-

There is a wealth of information on the Internet regarding the topic and lots of opinions. Some may even go into some of the technical reasons.

By the way, open source with more eyes on it that are not involved with the writing of the code isn't less secure, because more eyes on it generally means faults are noticed more quickly. That's my opinion.
Thorny
 
Posts: 310
Joined: 2011-02-27 13:40

Re: Cyber attack spreads worldwide

Postby dasein » 2017-05-14 14:07

Lysander wrote:Even though both Windows and Mac can get viruses, I don't quite understand why Windows has a whole load more.

Bigger "bang for the buck," pure and simple.

Windows' installed user base for desktop machines is 3x the size of all other OSes combined.

There's a famous quote misattibuted to bank robber Willie Sutton. When asked why he robbed banks, Sutton supposedly replied, "Because that's where the money is."
User avatar
dasein
 
Posts: 7774
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Cyber attack spreads worldwide

Postby Lysander » 2017-05-14 14:12

Thorny wrote:
-Offer me something free and I'll click on it, send me an enticing email and I'll follow the link or open the attachment. Just tell me what keys to press. Upgrade, I don't have time to upgrade, I have to do my Facebook posts and check my twitter feeds. Why does Linux have to be so hard?-


Yes, this reminds me of a recent post over on another forum whereby a new Linux user [who shortly after decided on going back to Windows] wanted the forum to talk her through how to install her Linux system by "just pointing out the steps". She also said she ignored any pages in the install manual with "computer code" because it looked like Japanese. While I do sympathise to an extent, it does say something about the mindset of many Windows users who have become accustomed to just pressing buttons to accomplish tasks rather than taking the time to learn anything about the software or processes they are interacting with. I would imagine Windows intentionally encourages such a mindset since the more users know about their Windows computers and software, the more likely they are to realise how bad it is. How many Linuxites are disgruntled ex-Windows users?

Thorny wrote:By the way, open source with more eyes on it that are not involved with the writing of the code isn't less secure, because more eyes on it generally means faults are noticed more quickly. That's my opinion.


My sentence was worded badly, I meant to say that having closed source software creates more security issues. I am in agreement with you. I think this is something that Raymond called "given enough eyeballs, all bugs are shallow".
User avatar
Lysander
 
Posts: 287
Joined: 2017-02-23 10:07
Location: London

Re: Cyber attack spreads worldwide

Postby phenest » 2017-05-14 14:30

dasein wrote:Windows' installed user base for desktop machines is 3x the size of all other OSes combined.

What if it was the other way round. What if 3 quarters (or higher) of the world's userbase was using Linux and BSD, the remaining being Windows users. Linux and BSD would be a bigger target, but would these viruses/malware/ransomware succeed in the same way they have with Windows users?
I guess that's a 2 part question:
1. Would it succeed with the OS?
2. If Linux and BSD was dumbed down more to reduce the learning curve, would it succeed with the users too?
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS Sabertooth P67 i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1571
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Cyber attack spreads worldwide

Postby alan stone » 2017-05-14 16:08

Lysander wrote:... the code is closed and only has a small percentage of people working on it... Even though both Windows and Mac can get viruses, I don't quite understand why Windows has a whole load more. Is it because it's more exploitable, and if so, why?

Not so closed as one might think and more to answer you questions.

dasein wrote:Windows' installed user base for desktop machines is 3x the size of all other OSes combined.
There's a famous quote misattibuted to bank robber Willie Sutton. When asked why he robbed banks, Sutton supposedly replied, "Because that's where the money is."

QED.
Debian GNU/Linux 8.9 (jessie)- 32 bit
wm: openbox

If you initiate coercion, force, violence to enforce your idea or theory, or if every single time it is applied to the real world it fails completely, your idea or theory sucks and is worthless.
User avatar
alan stone
 
Posts: 157
Joined: 2011-10-22 14:08
Location: In my body.

PreviousNext

Return to Offtopic

Who is online

Users browsing this forum: None1975 and 1 guest

fashionable