Page 2 of 5 FirstFirst 1 2 3 4 ... LastLast
Results 31 to 60 of 122

Thread: Cyber Security

  1. #31
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)

    Cyber Security

    The NSA did, basically. lol.
    It's basically copy/paste of the NSA code plus really shitty ransomware and worm code. It will be unsurprising if we learn that a 15yo did this.

    But it doesn't matter. There will almost certainly be variants rolled out. I'm surprised someone hasn't already rolled out a copy with the "kill switch" removed and point it at their bitcoin wallet. Guaranteed money with no effort.

  2. #32
    Join Date
    Dec 2011
    Location
    Los Angeles
    Posts
    5,199
    Mentioned
    329 Post(s)
    this is part of the reason I'm glad that the Mac computing market is shrinking back out of the mainstream market... It's a bummer to see the industry I'm working in make a shift that will exclude me if I stay on the mac ship (even as it heads towards its own iceberg), but at least its flagging popularity makes it less of a target for compromise.
    Last edited by Jinsai; 05-13-2017 at 11:24 PM.

  3. #33
    Join Date
    Nov 2011
    Posts
    9,126
    Mentioned
    718 Post(s)
    Quote Originally Posted by Jinsai View Post
    this is part of the reason I'm glad that the Mac computing market is shrinking back out of the mainstream market... It's a bummer to see the industry I'm working in make a shift that will exclude me if I stay on the mac ship (even as it heads towards its own iceberg), but at least its flagging popularity makes it less of a target for compromise.
    It isn't as vulnerable to hacking -- not because it isn't and never has been "mainstream" (mostly due to cost and the target market being people and academia that can afford it) -- due to this:

    https://www.lifewire.com/mac-os-x-is...bution-2204744
    Last edited by allegro; 05-13-2017 at 11:49 PM.

  4. #34
    Join Date
    Dec 2011
    Location
    Los Angeles
    Posts
    5,199
    Mentioned
    329 Post(s)
    Quote Originally Posted by allegro View Post
    It isn't as vulnerable to hacking -- not because it isn't and never has been "mainstream" (mostly due to cost and the target market being people and academia that can afford it) -- due to this:

    https://www.lifewire.com/mac-os-x-is...bution-2204744
    It's a combination of both of these things, and a variety of other factors. The unix base separates it from the core code of its more mainstream competition, but the whole "why would I bother writing a virus for this?" logic is a strong factor. We could say it's untested, but it was recently tested... and as we saw the beginnings of Mac's reemergence into mainstream computer markets (and a brief dominance in the laptop world), it's no coincidence that we saw the emergence of the "first Mac viruses."

    Any system is potentially vulnerable, especially one that relies upon keychains as convenience, or updates that are so comprehensive that they simultaneously introduce new security flaws as they become incompatible with newer programs that cannot run on previous iterations.

    I'm always glad to hear that the Mac computer market is taking a backseat in popular usage... no matter what it means for my stock investments

  5. #35
    Join Date
    Nov 2011
    Posts
    9,126
    Mentioned
    718 Post(s)
    The difference is that UNIX viruses without root access to revise file permissions don't get very far.

    Macs have never been computer hobbyist machines and they've never been affordable. They never targeted the corporate markets. They have a niche market.
    Last edited by allegro; 05-14-2017 at 12:42 AM.

  6. #36
    Join Date
    Dec 2011
    Location
    Los Angeles
    Posts
    5,199
    Mentioned
    329 Post(s)
    Quote Originally Posted by allegro View Post
    The difference is that UNIX viruses without root access to revise file permissions don't get very far.
    I've been assured that this is more of a "yet/why?" situation than anything else.

    And that Apple has been pretty much about including anti-virus protections into its OS more than relying on 3rd party protection.

  7. #37
    Join Date
    Nov 2011
    Posts
    9,126
    Mentioned
    718 Post(s)
    Quote Originally Posted by Jinsai View Post
    I've been assured that this is more of a "yet/why?" situation than anything else.

    And that Apple has been pretty much about including anti-virus protections into its OS more than relying on 3rd party protection.
    The UNIX infrastructure is far more stable than Windows anything. Particularly with viruses.

    Windows only needs 3rd party because 3rd parties constantly update all of the viruses in the protection.

    But avoiding Trojan horses, time bombs, etc. is the same as avoiding viruses: watch your behavior, only use secure networks, etc.

    See this: https://unix.stackexchange.com/quest...-in-unix-linux
    Last edited by allegro; 05-14-2017 at 01:13 AM.

  8. #38
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)

    Cyber Security

    The 3rd party windows antivirus recently stopped being a thing. The built in is far superior to 3rd party now. So it's a lot like OS X in that sense. I'm actually having the 3rd party stuff removed from all the windows machines at my company. I'm a bit behind on that curve because I had to get my head over the historical idea. It still feels really weird.


    Also, Win10 is a big jump for security (let's ignore the privacy issues for this discussion). This current worm doesn't impact win10 at all.


    But I'm still going to be using OS X as my daily driver for the foreseeable future at work and home.
    Last edited by DigitalChaos; 05-14-2017 at 02:17 AM.

  9. #39
    Join Date
    Nov 2011
    Posts
    9,126
    Mentioned
    718 Post(s)
    I wish I could upgrade to Win 10, ugh.

  10. #40
    Join Date
    Dec 2011
    Location
    UK
    Posts
    2,788
    Mentioned
    29 Post(s)
    My husband always whines when Windows 10 updates because it takes a while to boot up. This has shut him up on that front, take as long as you want windows. I'm also relieved I upgraded my mum's old laptop to Windows 10 a while back. It was so slow I was up till 2am waiting but it was worth it in the end

  11. #41
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)
    lmao. This manual redemption process is so fucked. Goddamned amateurs. After the victim pays they have to sit around and wait for a human (the attacker) to initiate the decryption process. No wonder these idiots have made so little money despite getting such rapid spread. These guys are so bad.


    Meanwhile, there are new variants being seen. It's all really shitty adjustments of the original. Stuff like one letter be changed in the "kill switch" URL. The one that managed to fully remove that "kill switch" managed to corrupt the chain so it resulted in a functioning worm but the ransom process would never initiate. It sure feels like random researchers editing the worm with a hex editor. Then running it in a lab and forgetting to keep the lab fully isolated from the internet.

  12. #42
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)
    Picture time!

    Russian transit system being hit. Sounds like Russia got some of the brunt of this worm so far.



    Meanwhile, the Sophos marketing team decided it was time to stop exaggerating the capabilities of their product.

    They went from this:



    To this:

  13. #43
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    830
    Mentioned
    30 Post(s)
    if patch is unavialable download to usb https://www.renditioninfosec.com/201...h-tearst0pper/
    -louie

  14. #44
    Join Date
    Nov 2011
    Posts
    9,126
    Mentioned
    718 Post(s)
    So Ed Snowden shared this via Twitter:

    https://blogs.microsoft.com/on-the-i...h0tvdd5kmffuqa\

    From the Microsoft Memo:

    Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

    The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world.

    We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to help answer this call, and Microsoft is committed to doing its part.
    Last edited by allegro; 05-14-2017 at 11:24 PM.

  15. #45
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    830
    Mentioned
    30 Post(s)
    metasploit cheat sheet if your curious about this sort of thing https://blogs.sans.org/pen-testing/f...atsheet2.0.pdf
    -Louie

  16. #46
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)
    Quote Originally Posted by allegro View Post
    So Ed Snowden shared this via Twitter:

    https://blogs.microsoft.com/on-the-i...h0tvdd5kmffuqa
    yeah, Snowden has been a big proponent of "NSA should have informed microsoft when they found the vulnerability instead of when they lost control of it"
    like... that's a nice concept but it doesn't really make sense. If the NSA shares that stuff it hamstrings their SIGINT work. It runs counter to their goals. Now, there is something to be said about having the NSA work much more on defense. As in, their job would be primarily to look for these kinds of vulns and get them patched. I'm not sure a setup like that could ever really pan out within govt though. Both from a general pragmatic approach of "would it work" and from an incentive/corruption angle where you would expect various vulns to be suppressed so they can be weaponized. Google's Project Zero operates in a way that is purely about finding vulns and they are always producing amazing results. Could govt do that too??

    I am going back and forth with an ex-sigint guy about this who think's the "inform the public about vulns" push is just crazy.


    Quote Originally Posted by Louie_Cypher View Post
    metasploit cheat sheet if your curious about this sort of thing https://blogs.sans.org/pen-testing/f...atsheet2.0.pdf
    -Louie
    probably of little value for ETS... buuut since you posted this ill raise you a shitload of infosec related cheatsheets:
    https://www.peerlyst.com/posts/the-c...s-claus-cramon

  17. #47
    Join Date
    Nov 2011
    Posts
    9,126
    Mentioned
    718 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    yeah, Snowden has been a big proponent of "NSA should have informed microsoft when they found the vulnerability instead of when they lost control of it"
    like... that's a nice concept but it doesn't really make sense. If the NSA shares that stuff it hamstrings their SIGINT work. It runs counter to their goals. Now, there is something to be said about having the NSA work much more on defense. As in, their job would be primarily to look for these kinds of vulns and get them patched. I'm not sure a setup like that could ever really pan out within govt though. Both from a general pragmatic approach of "would it work" and from an incentive/corruption angle where you would expect various vulns to be suppressed so they can be weaponized. Google's Project Zero operates in a way that is purely about finding vulns and they are always producing amazing results. Could govt do that too??

    The paragraph I quoted above is FROM MICROSOFT. They are blaming the NSA for developing this "tool" and then not securing it (and other "tools") enough and these "tools" get out there to be used by criminals, leaving Microsoft and the business world, etc., to scramble to undo the NSA's MESS. Microsoft (quoted above) likens it to the Government losing a few Tomahawk missiles. Microsoft is blaming the U.S. GOVERNMENT for this ENTIRE MESS.

    "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action." - See notice posted May 14, 2017 by Brad Smith - President and Chief Legal Officer of Microsoft

    They aren't saying "inform the public." They're saying IF YOU'RE GONNA DEVELOP THESE CYBER WEAPONS, THEN SECURE THE FUCKING THINGS. And inform the VENDORS so that they can prevent these "tools" from affecting users should the NSA fuck up and get hacked.

    I don't think that's an unreasonable request.
    Last edited by allegro; 05-14-2017 at 11:30 PM.

  18. #48
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)
    Quote Originally Posted by allegro View Post
    The paragraph I quoted above is FROM MICROSOFT. They are blaming the NSA for developing this "tool" and then not securing it (and other "tools") enough and these "tools" get out there to be used by criminals, leaving Microsoft and the business world, etc., to scramble to undo the NSA's MESS. Microsoft (quoted above) likens it to the Government losing a few Tomahawk warheads.

    They aren't saying "inform the public." They're saying IF YOU'RE GONNA DEVELOP THESE CYBER WEAPONS, THEN SECURE THE FUCKING THINGS.

    I don't think that's an unreasonable request.
    I was focusing on this bit:
    "This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. "

    But yes, the request that the gov actually secures their goddamned weapons is totally correct. It's just MUCH harder to do. Actual munitions blow up on impact, destroying the weapon. With "cyber weapons" they go out to the internet and it's impossible to ensure destruction. Most of them actually live in dormancy in the public. It's a recipe for leaks. That's actually why the CIA's kind of fucked themselves because they had to declassify all their cyber weapons to actually be allowed to deploy them.

    meanwhile, United just exposed the cockpit access codes to all their flights. http://www.cbsnews.com/news/united-a...n-made-public/
    nobody can keep any secret these days, doesn't even matter if it's associated with a computer.

  19. #49
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)
    Man. The British press are a bunch of shitbags. They doxed the guy who stopped the first wave of WannaCry. For absolutely no reason. https://thenextweb.com/insider/2017/...#.tnw_9gxn6d5g

  20. #50
    Join Date
    Dec 2016
    Location
    London
    Posts
    424
    Mentioned
    3 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Man. The British press are a bunch of shitbags. They doxed the guy who stopped the first wave of WannaCry. For absolutely no reason. https://thenextweb.com/insider/2017/...#.tnw_9gxn6d5g
    Can confirm the British press, for the most part, are complete bum nuggets! The sooner printed media goes under over here the better (with any luck the people with actual morals working at these places will have left long before then)

  21. #51
    Join Date
    Nov 2011
    Posts
    9,126
    Mentioned
    718 Post(s)
    Quote Originally Posted by DigitalChaos View Post
    Man. The British press are a bunch of shitbags. They doxed the guy who stopped the first wave of WannaCry. For absolutely no reason. https://thenextweb.com/insider/2017/...#.tnw_9gxn6d5g
    Wtf. I have seen so much crazy Chicken Little shit in ALL the press, lately, I now think they ALL suck. Unbiased journalism in this corporate age of profits is gone.

    And THIS?? Dangerous and criminally irresponsible.

  22. #52
    Join Date
    Dec 2011
    Location
    san fransisco
    Posts
    830
    Mentioned
    30 Post(s)
    when news became entertainment and we had 24 hour news cycles all bets were off I feel very skeptical theses days i research and read a lot during a day and I would say only trust out 10% of what I take in unless I can do or see it myself
    -Louie
    Last edited by Louie_Cypher; 05-15-2017 at 11:37 AM.

  23. #53
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)

    Cyber Security

    Interesting. An older version of this worm has some identical code in this compared to some malware that DPRK (LazarusGroup) released. Lots more digging must happen, but I'm sure the press will run with "North Korea behind biggest ransomware attack in history" as soon as they catch wind of it.


    Edit: Andy Greenberg kicks it off via Wired: https://www.wired.com/2017/05/wannac...orean-hackers/

    Andy rarely get tech wrong. We gotta wait for the general press for that.
    Last edited by DigitalChaos; 05-15-2017 at 04:42 PM.

  24. #54
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)

    Cyber Security

    ... and then Trump nukes NK after seeing it on FoxNews

  25. #55
    Join Date
    May 2012
    Location
    WA
    Posts
    550
    Mentioned
    43 Post(s)
    "So I know there's this ransomware thing floating around, what could we do - security-wise - to make things safer?"

    "I know! Let's block all of the online email services."

    "Genius."

    That would be our IT team last night.

  26. #56
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)
    Quote Originally Posted by allegate View Post
    "So I know there's this ransomware thing floating around, what could we do - security-wise - to make things safer?"

    "I know! Let's block all of the online email services."

    "Genius."

    That would be our IT team last night.
    man, SO many were focusing on the completely nonexistent "email phishing delivery" and ignoring the worming aspect of this.

    Everyone who helped save us from this was an independent researcher. A huge amount of the entities in charge of our safety were the ones fucking things up more than if they just stayed the fuck out.

    The guy who setup the "kill switch" sites got multiple law enforcement takedown requests too. Luckily, he know how to obey the requests while maintaining uptime of the sites. Add that on top of all the antivirus, security vendors, ISPs, and governments who were outright blocking access to this site... <this is where I would normally inject something about why I lean anarchist & libertarian... lol>


    Anyway, here is a graph of the spread. This was detected infection attempts by anything running Symantec Endpoint Protection (so the left column only represents a fractional sampling)
    You can see exactly where the "kill switch" site was spun up and how the exponential growth was massively cut to a plateau. This would have continued to rise otherwise.


    The recently updated the graph. You can see how monday rolled around and infections started spiking for 2 reasons: 1- people started bringing their infected machines into company networks and infecting them. 2 - some new variants started coming out with new kill switches that were able to spread a bit before being caught.

  27. #57
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)
    Meanwhile, ShadowBrokers (the ones who leaked these NSA tools... NOT wikileaks as many incorrectly are saying) is active again. They are saying that they will be leaking more tools next month. Stuff that will even impact Windows 10.

  28. #58
    Join Date
    Jul 2013
    Location
    In your underpants.
    Posts
    643
    Mentioned
    21 Post(s)
    Change your passwords frequently: https://lifehacker.com/change-your-p...ium=socialflow

  29. #59
    Join Date
    Dec 2011
    Posts
    4,963
    Mentioned
    159 Post(s)

    Cyber Security

    NSA linked WannaCry to North Korea. It's actually believable considering how incredibly amateur and buggy the implementation was. There has been hints at the NK connection for weeks, so it's interesting seeing the NSA throw in.

    https://www.washingtonpost.com/world...=.8d0c4f2fb959

  30. #60
    Join Date
    Jul 2013
    Location
    In your underpants.
    Posts
    643
    Mentioned
    21 Post(s)

Posting Permissions