sGerli

I have a few updates now that some weeks have passed since the incident: A few local governments were compromised (Garabito, Alajuela) The Ministry of Treasury hasn't been able to restore any of their critical services and has launched a completely new website. Which is giving some weight to reports that said that they allegedly didn't have any backups of their data. Those critical services have been restored using the old ways (paper and banks). On sunday the new president as one of his first official acts declared the country on state of emergency due to the cyberattacks. News articles: The Washington Post: https://www.washingtonpost.com/politics/2022/05/10/costa-rica-shows-damage-ransomware-can-do-country/ Time: https://time.com/6169890/cyber-attack-chaos-costa-rica/ Reuters: https://www.reuters.com/world/americas/costa-ricas-alvarado-says-cyberattacks-seek-destabilize-country-government-2022-04-21/

Wednesdays update: More government institutions have been compromised, now also the Ministry of Labor and Social Security (MTSS) and the Social Development Fund and Family Allowances (FODESAF). It looks like most if not all of these government institutions had their servers in a datacenter run by RACSA that didn't had proper networking isolation between servers, that helped the ransomware to spread easily. After the hackers offered a discount on their ransom the president published a statement saying that they wont pay the hackers anything. The hackers have started publishing large collections of sensitive data at an increasing pace.

Yes they probably do have information that Intel has reported to them from all their imports and transactions. Apart from that this is probably impacting Intel’s operations (imports and exports) to some degree as customs has been closed for a few days as one of the systems that was attacked is the one that’s used for that. I don’t think Intel has posted any statement and I don’t think they will unless they get involved in helping fix this whole situation. Or it escalates to a point where it really affects their whole business. In other news the CCSS (social security) HR portal has been confirmed as compromised. And the US, Spain, and Israel governments just got involved in the situation to help where possible.

Tuesdays updates: The government has shut down the system in charge of paying public employees and all pensions (that were supposed to be paid tomorrow). They said that those would be paid once the systems are back up. The hackers claim that the government doesn’t have backups other than the ones they encrypted (which in my opinion could be possible). And they have started leaking data from the attack. The attacks have continues targeting governmental entities, the latest targets are the meteorologic institute and RACSA, a telecom and server infrastructure provider. Hackers claim to have access to RACSA’s email service (which is used by many people and small businesses in the country) The hackers claim to have access to many other government entities and even some private companies, and they said that they’ll continue the attack until the government pays the ransom. They have categorized the attack as a beta version of a global attack.

A few updates as the situation has evolved: The Ministry of Science and Technology Micitt was also affected by the attack, and the hackers left a message in the website. After it was discovered the site was taken down. In a related attack the Twitter account of CR's Social Security entity CCSS was compromised and started twitting about a bitcoin giveaway. Since then the community managers have regained access to the account and have deleted the posts.

Summary The digital systems of Costa Rica’s ministry of treasury “Ministerio de Hacienda” we’re hit on Monday by the Conti Ransomware. This took down all of the countries tax reporting and payment systems on tax pay day. The hackers claim to have obtained 1tb of data that might include financial data from all organizations that operate in the country. The countries tax systems were digitalized and centralized a few years ago, so this data could include digital receipts for all reported transactions, and identifiable info from the parties involved in them, contact info, addresses and tax reports from all taxpayers. After denying the attack all day the Minister admitted the attack during a live interview with the local tv news channel Noticias Repretel at the end of the day. He confirmed that currently all systems are down and the ministry of treasury is assessing the situation and working in getting the systems back up. Quotes My thoughts Cyber security and tech in general has always been an afterthought for government entities (specially here in CR). The info that could be leaked from this attack is really sensitive as it could even include individual receipts. And during the live interview referenced in the summary, the Minister said that he doesn’t think of this as a real issue because he doesn’t consider any of this information as sensitive. Sources News articles (in spanish, sadly I couldn’t find one in english yet) https://www.crhoy.com/economia/presunto-hackeo-en-hacienda-plataformas-de-atv-y-tica-fuera-de-servicio/ (Interview) https://www.repretel.com/noticia/ministro-de-hacienda-advierte-que-no-pagaran-a-hackers/ News article in english: https://ticotimes.net/2022/04/19/costa-ricas-ministry-of-finance-website-was-hacked

No need to download an extra client like Putty if you are on Windows 10 1809+. Windows now includes OpenSSH, just open a cmd or powershell and type ssh hostname or ssh user@hostname

Better for development use than Windows, development tools mostly just work, no need to fight with weird windows errors or permissions. Very light, so it can run on old hardware or in a VM easily Package managers are awesome. Easy to use, easy to manage updates. Customizability: you can do almost anything you can imagine with all the available options of DMs, and DEs. You can have no GUI if you don’t need it. It’s free.

Is there a size table available? I want to buy one but I'm not sure which size should I buy, and I would prefer not to pay almost $30 (including shipping) on a shirt that may not be the right size for me.

Yesterday on the Wan Show @BlueChinchillaEatingDorito and others found this on Linus' computer. So I think we'll find out soon.

To upload videos longer than 15 min you just have to verify your account, and that’s really easy: https://support.google.com/youtube/answer/71673?co=GENIE.Platform=Android&hl=en

I think there's no upload limit, what can limit you is that your videos can be flagged as copyrighted content and you can get an unwanted advertisement on them or you might get strikes even if they are unlisted or private.

I have ErP disabled.

Today (or maybe it was yesterday) I got to play 3.0 with a kind of decent framerate (3-30fps but mostly 20-30fps) and Crusader is starting to be more playable in terms of gameplay. So it looks like 2018 is going to be an exciting year.

Today I tried it in mine, it does work after changing that setting in the bios, but only in the type-c and normal USB 3.1 ports on the back.