[3rd Update]WCry ransomwsre has possible links to Lazarus Group & PRNK

[mynameisjuan]

4 minutes ago, LAwLz said:

Windows has waaaay more privilege escalation exploits than GNU/Linux and OS X.

I would be very surprised if it Windows was actually well written in terms of security (or most things for that matter).

Exploits that a still patched. Its like everyone thinks these exploits just sit out there and nothing is ever done to them.

 

I was director of IT for two companies both with 2000+ pcs. First one, everyone had admin rights and we had to clean/reimage 2-4 pcs a day(not my choice to allow it). Second company I revoked admin rights alone and we scanned/reimaged 2-4 pcs a YEAR, and most those we because of Java because our legacy apps. 

 

Yes security exploits exist, but removing admin rights makes it exponentially harder to infect the system. Saying windows is not well written in terms of security is just ignorant as servers and properly configured pcs have proven their security.

 

 

[Bleedingyamato]

27 minutes ago, LAwLz said:

Windows has waaaay more privilege escalation exploits than GNU/Linux and OS X.

I would be very surprised if it Windows was actually well written in terms of security (or most things for that matter).

Does the march security update for this issue fix all 3 versions of this ransomware?

 

I heard Bitdefender also protects against it but again I'm curious is it only sound or all 3 versions?

[mark_cameron]

6 minutes ago, Bleedingyamato said:

Does the march security update for this issue fix all 3 versions of this ransomware?

 

I heard Bitdefender also protects against it but again I'm curious is it only sound or all 3 versions?

Yes. The mechanism of attack is not changed in all three versions. Just a kill switch internal to it.

 

Others might modify this Worm in the longer term however, now the exploit was closed (after patching) it will be a fundamentally different piece of malware with a different vector.

[Zodiark1593]

... Goddamn, Windows update downloaded more than 8 GB of data, and still hasn't finished!!!

[Mira Yurizaki]

30 minutes ago, mynameisjuan said:

Yes security exploits exist, but removing admin rights makes it exponentially harder to infect the system. Saying windows is not well written in terms of security is just ignorant as servers and properly configured pcs have proven their security.

And I would wager a lot of problems are pressure from business who are customers of Microsoft to continue perpetuating odd behavior or quirks.  Sure Microsoft could put their foot down and say "lrn2code scrub". And then they would find themselves with a lot fewer customers. Though I would like them to put their foot down more. But I guess some companies just see "well I don't feel like spending $10 million now on IT costs" even though it may cost them $100 million down the road when poop hits the fan.

 

Too many people think this is some easy problem to fix and Microsoft is just some airheaded software company that can't do anything right.

[RadiatingLight]

48 minutes ago, ObscureMammal said:

 

 

That's all?

 

Damn, I thought it would be at least 500,000, but I guess not since they lowball $300

[Fetzie]

1 hour ago, LAwLz said:

Windows has waaaay more privilege escalation exploits than GNU/Linux and OS X.

I would be very surprised if it Windows was actually well written in terms of security (or most things for that matter).

Windows has so much "red area" legacy code that nobody wants to touch with a 30 foot pole that I'm sometimes amazed it works at all. I mean, the SMBv1 implementation is at least 30 years old.

 

It would be interesting to know if CIFS has a similar issue though (given that it is supported by SMBv1 clients).

[ObscureMammal]

11 minutes ago, RadiatingLight said:

That's all?

 

Damn, I thought it would be at least 500,000, but I guess not since they lowball $300

Most people didn't pay

[mynameisjuan]

19 minutes ago, M.Yurizaki said:

And I would wager a lot of problems are pressure from business who are customers of Microsoft to continue perpetuating odd behavior or quirks.  Sure Microsoft could put their foot down and say "lrn2code scrub". And then they would find themselves with a lot fewer customers. Though I would like them to put their foot down more. But I guess some companies just see "well I don't feel like spending $10 million now on IT costs" even though it may cost them $100 million down the road when poop hits the fan.

 

Too many people think this is some easy problem to fix and Microsoft is just some airheaded software company that can't do anything right.

Exactly. I mean look at what shit storm UAC caused with vista....OMG PEOPLE NEEDED TO SAY YES TO INSTALL!!!

 

Seriously, shit hit the fan and microsoft allowed for people to disable it even though its a critical security feature. Its a feature that UNIX has that no one complains about. 

 

People are the problem, not microsoft. They try to make new software and upgrade their security but people bitch and whine and microsoft has to make them happy because if they dont they lose customers. 

 

On top of that you have ignorant people who think they understand security or how easy it is just to "fix" a bug or problem or how they should of caught the bug before, that make the whole situation worse.

[Eaglerino]

2 minutes ago, mynameisjuan said:

Exactly. I mean look at what shit storm UAC caused with vista....OMG PEOPLE NEEDED TO SAY YES TO INSTALL!!!

Oh man, of all the issues with Vista I somehow managed to never have (I actually liked it more than XP at the time) I never understood why that was ever a problem

[Mira Yurizaki]

4 minutes ago, Eaglerino said:

Oh man, of all the issues with Vista I somehow managed to never have (I actually liked it more than XP at the time) I never understood why that was ever a problem

"WHY ARE YOU ASKING ME IF I WANT TO DO THIS? OF COURSE I WANT TO DO THIS. IF I DIDN'T WANT TO DO THIS I WOULDN'T HAVE DONE IT" And then I look at Linux/macOS when they need permissions to be elevated, they require your password on top of permission (though at least your elevated status lasts until you stop using it for 10 minutes). However, on the other side of the coin, this is a usability issue. People lose confidence if the system asks them a question about what they did.

 

The problem with a lot of computer users is they want to believe they're in complete control of their system. That they can manage it better than the developers who wrote the OS. To which I say "okay, good luck."

 

(One person wanted to turn off a bunch of memory management things that were good because they felt they were better at managing memory than their OS)

[Master Disaster]

6 minutes ago, Eaglerino said:

Oh man, of all the issues with Vista I somehow managed to never have (I actually liked it more than XP at the time) I never understood why that was ever a problem

I thought I was the only one, I bought it day 0 (got it a week early because I worked in a PC shop at the time) and ran it until the day 7 came out, it never caused me a major issue at all, the worst thing I remember was a few EA games not working with it (NFS Carbon was one of them) but other than that it was IMO a great OS.

[cj09beira]

9 minutes ago, mynameisjuan said:

 

 

27 minutes ago, M.Yurizaki said:

 

Microsoft does have fault in this, they fired their entire Bug finding department, which use to search for exactly this kind of vulnerabilities and other general bus, Barnacules said they use to find hundreds of problems in the code every day and now there is no one looking for them,(at least not in the level that they used to) Barnacules also talked about this in one of its streams in the past few days,

[Mira Yurizaki]

1 minute ago, cj09beira said:

 

Microsoft does have fault in this, they fired their entire Bug finding department, which use to search for exactly this kind of vulnerabilities and other general bus, Barnacules said they use to find hundreds of problems in the code every day and now there is no one looking for them,(at least not in the level that they used to) Barnacules also talked about this in one of its streams in the past few days,

Do you have a source for this?

[Zodiark1593]

On 5/13/2017 at 11:34 PM, Ryan_Vickers said:

What's important to remember here is that if at any time, all your copies of your data are accessible at once in one place, you're not safe.  Leaving your backup plugged in at all times is of course unwise, but plugging it in only occasionally to do a backup is not really any better.  I've heard some of these viruses are designed to lay dormant until they detect you're running a backup, at which point they trigger and take everything.  You must treat your backup strategy like an airlock - have at least 2 separate backups and never connect both at once.  Run one, then separate it and run the other.  You can't lose it all if it's never all connected at once.

I had a professor once told me that data doesn't truly exist unless it is on no less than three different mediums. 

 

I tend to agree. Much of my media is spread across two drives, some on my Keychain flash drive, and the really important, hard to replace stuff also gets put onto my Keychain drive. 

 

My very important stuff doesn't require much space, so 2 drives, a flash drive, and my One drive should be suitable. My media files will be time consuming to get back/reencode, but not insurmountable, and can be automated. Given the space required as well, I can afford to be a bit more lenient with this type of files. 

[cj09beira]

1 minute ago, M.Yurizaki said:

Do you have a source for this?

Barnacules was one of them, he has talked about it here and there, but in the last streams he was very vocal about it

[Mira Yurizaki]

1 minute ago, cj09beira said:

Barnacules was one of them, he has talked about it here and there, but in the last streams he was very vocal about it

If it's https://www.youtube.com/user/barnacules1, then I can't really take your word with any more than a grain of salt.

[cj09beira]

Just now, M.Yurizaki said:

If it's https://www.youtube.com/user/barnacules1, then I can't really take your word with any more than a grain of salt.

:-| why?

[Mira Yurizaki]

3 minutes ago, cj09beira said:

:-| why?

I mean, unless it was during his time with Microsoft, anything he says about the company between when he was canned to now that also seems grossly negligent for a software company (like firing their "entire bug finding department") feels like it's just there to generate sensationalism and views.

 

Sure it's moving the goal posts, but something a little more professional would be nice to have.

[Bleedingyamato]

43 minutes ago, mark_cameron said:

Yes. The mechanism of attack is not changed in all three versions. Just a kill switch internal to it.

 

Others might modify this Worm in the longer term however, now the exploit was closed (after patching) it will be a fundamentally different piece of malware with a different vector.

That's a relief.  Between Windows update saying I'm up to date (except for the crearor's update which STILL hasn't shown up to download despite being a day past a week since I did a clean install of Windows 10) and running Bitdefender I'm double protected but I was worried for a sec that this third version might've changed that.  

 

33 minutes ago, Zodiark1593 said:

... Goddamn, Windows update downloaded more than 8 GB of data, and still hasn't finished!!!

Yikes...  How many GBs is your data plan?

 

 

14 minutes ago, Fetzie said:

Windows has so much "red area" legacy code that nobody wants to touch with a 30 foot pole that I'm sometimes amazed it works at all. I mean, the SMBv1 implementation is at least 30 years old.

 

It would be interesting to know if CIFS has a similar issue though (given that it is supported by SMBv1 clients).

Red area legacy code?    What's that?

 

14 minutes ago, mynameisjuan said:

Exactly. I mean look at what shit storm UAC caused with vista....OMG PEOPLE NEEDED TO SAY YES TO INSTALL!!!

 

Seriously, shit hit the fan and microsoft allowed for people to disable it even though its a critical security feature. Its a feature that UNIX has that no one complains about. 

 

People are the problem, not microsoft. They try to make new software and upgrade their security but people bitch and whine and microsoft has to make them happy because if they dont they lose customers. 

 

On top of that you have ignorant people who think they understand security or how easy it is just to "fix" a bug or problem or how they should of caught the bug before, that make the whole situation worse.

That's because the default setting of the UAC is overly naggy for users who aren't "granny please stop clicking on every link you see" level naive about safe Internet/computer use.  

 

I'm not pretending to be infallible but I'm not an idiot.  

 

Example: If I download the iTunes installer from apple's site I don't need my computer whining about running it.

 

One problem is UAC doesn't have (or this may not be possible) a way to distinguish between stuff that should be safe to do vs stuff that's 4000% shady.  

 

6 minutes ago, M.Yurizaki said:

"WHY ARE YOU ASKING ME IF I WANT TO DO THIS? OF COURSE I WANT TO DO THIS. IF I DIDN'T WANT TO DO THIS I WOULDN'T HAVE DONE IT" And then I look at Linux/macOS when they need permissions to be elevated, they require your password on top of permission (though at least your elevated status lasts until you stop using it for 10 minutes). However, on the other side of the coin, this is a usability issue. People lose confidence if the system asks them a question about what they did.

 

The problem with a lot of computer users is they want to believe they're in complete control of their system. That they can manage it better than the developers who wrote the OS. To which I say "okay, good luck."

 

(One person wanted to turn off a bunch of memory management things that were good because they felt they were better at managing memory than their OS)

That's pretty much the problem: I hate having UAC nag me every 2 seconds sometimes when I'm trying to do things.  (That's why I turn it off.)  

 

Though I have Bitfender and Malwarebytes Premium to protect against accidents hopefully so it's not like I'm ignoring common sense.  

[Mira Yurizaki]

Just now, Bleedingyamato said:

That's pretty much the problem: I hate having UAC nag me every 2 seconds sometimes when I'm trying to do things.  (That's why I turn it off.)  

 

Though I have Bitfender and Malwarebytes Premium to protect against accidents hopefully so it's not like I'm ignoring common sense.  

If you have UAC nagging you a lot, then you're doing something wrong. You should not be using your computer in such a way that requires constant elevated permissions to use normally.

[cj09beira]

2 minutes ago, M.Yurizaki said:

I mean, unless it was during his time with Microsoft, anything he says about the company between when he was canned to now that also seems grossly negligent for a software company (like firing their "entire bug finding department") feels like it's just there to generate sensationalism and views.

 

Sure it's moving the goal posts, but something a little more professional would be nice to have.

it was stupid to fire the department, but the new ms ceo wants profits at expense of every thing, look at the way ms is acting after he joined vs before, forcing people into win 10, collecting all the data they can from the consumers, ending the win 7 support early, he only cares about profits no matter the costs 

[mynameisjuan]

5 minutes ago, Bleedingyamato said:

That's because the default setting of the UAC is overly naggy for users who aren't "granny please stop clicking on every link you see" level naive about safe Internet/computer use.  

 

I'm not pretending to be infallible but I'm not an idiot.  

 

Example: If I download the iTunes installer from apple's site I don't need my computer whining about running it.

 

One problem is UAC doesn't have (or this may not be possible) a way to distinguish between stuff that should be safe to do vs stuff that's 4000% shady.

You wouldnt last 1 min on linux or mac where you need to enter your password instead of pressing just yes or no, even when installing for the App store or repository.

 

Its a prompt for a reason. Admin rights should never be used unless absolutely needed. 

[Bleedingyamato]

3 minutes ago, M.Yurizaki said:

If you have UAC nagging you a lot, then you're doing something wrong. You should not be using your computer in such a way that requires constant elevated permissions to use normally.

It might've been when I was first setting up my Windows 7 laptop years ago and installing lots of things one after another. (iTunes, antivirus, etc.) 

 

Either way it was annoying.  

 

 

[mark_cameron]