Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: 1 2 [3] 4

Author Topic: Update ALL THE THINGS. [WPA2 Vulnerability] [Infosec Thread]  (Read 5541 times)

scriver

  • Bay Watcher
  • City streets ain't got much pity
    • View Profile

So just to be clear, when people say update windows, they mean like just use windows update, right?

...Asking for a friend.
Logged
Love, scriver~

Silverthrone

  • Bay Watcher
  • Mad Old Geat
    • View Profile

Right, Windows updated and work that I care for backed up. I can now put hard-drive and life in God's hand. Now, we shall see.

(I mean, what was it? Three hundred odd dollars? I simply cannot shake that sort of money out of a sock, for goodness' sake. Further, what little data I have is not worth that much, even for me.)
Logged

martinuzz

  • Bay Watcher
  • High dwarf
    • View Profile

Apparently the attackers did not make much money out of this. Only about 20000 dollars worth in bitcoins. Which is really nothing, considering the amount of infections
Makes some sense.
Usually ransomware targets individual users, for about 50 dollars, which for a fair amount of people is affordable, for a single computer.
However this attack targeted hospitals and other large organisations.
A hospital that has 10000 infected devices is just not gonna cough up 10000*300 = 3 million. Hospitals don't have that kind of money, even if they would consider giving in to the extortion in the first place. Either the attackers set their price too high, or they're not in it for the money in the first place.

And yeah, I hear ya Silverthrone. I wouldn't be able to afford unlocking it either. Not even if it was just 50 dollars. :P
« Last Edit: May 14, 2017, 06:16:58 pm by martinuzz »
Logged
Friendly and polite reminder for optimists: Hope is a finite resource

We can ­disagree and still love each other, ­unless your disagreement is rooted in my oppression and denial of my humanity and right to exist - James Baldwin

http://www.bay12forums.com/smf/index.php?topic=73719.msg1830479#msg1830479

DeKaFu

  • Bay Watcher
    • View Profile

Impressed they actually released a Windows XP patch for this. Still have a couple XP machines in this house.

One of them (not mine) was hit by an unrelated ransomware last year (Cryptowall, I think), and that was traumatic enough... It wasn't backed up, and the only reason any files remained untouched was that I noticed the hard drive access light acting funny while passing by and decided to reboot it, which interrupted the encryption process.

...Which I think also disabled the mechanism that would've let us pay to unlock it if we had wanted to. Good thing we wouldn't have anyway. :P
Logged

TheBiggerFish

  • Bay Watcher
  • Somewhere around here.
    • View Profile

I think that is too easy an out.

Instead, you have government that is addicted to ripping through people's personal correspondence, suddenly seeing that there are serious consequences to NOT DOING THEIR DAMNED JOBS. (The NSA's job is to safeguard americans. They failed, bigtime, by enabling this cockup. How? Not by somehow not preventing the breach that resulted in the leak, no-- that is and was inevitable. NO-- they cocked up by hoarding a shitload of nuclear-grade exploits, which then all got introduced to the malware and scamware community *ALL AT ONCE*, resulting in a shitstorm that no-one could have prepared for properly. Why? Because they need to keep track of "The terrorists!" and the like. Never mind that the US was perfectly capable of tracking "Terrorists" (even freaking actual SPIES!) long before "the internet", and before "Mass surveillance". They are just addicted to having everyone's communications poured into their troughs, and addicted to being able to do whatever the fuck they want, without consequences. Well-- Natural consequences like this one are hard to keep down, M'kay?)

How many times does this need to happen before people stop listening to their horseshit excuses, and take away their secret court, and take away their precious mass surveillance power, and hold them accountable again?

That is to say-- the congress critters know full well about how the internet works-- they dont really care. They consider having hospitals shut down, massive disruptions of the banking industry, and cyber criminals making use of military grade zero days in massive quantities to be "Perfectly OK!" as long as it allows them to exercise absurd power, and be bossy, manipulative assholes all over the globe.

I think we should stop treating them like ignorant old fools, and treat them like the sociopathic tyrants they actually are-- personally.
Ron Wyden for President 2020?
Logged
Sigtext

It has been determined that Trump is an average unladen swallow travelling northbound at his maximum sustainable speed of -3 Obama-cubits per second in the middle of a class 3 hurricane.

helmacon

  • Bay Watcher
  • Just a smol Angel
    • View Profile

Can I just drop a holy shit WTF PTW here?
Logged
Science is Meta gaming IRL. Humans are cheating fucks.

martinuzz

  • Bay Watcher
  • High dwarf
    • View Profile

Microsoft opens attack on US government and security services and strongly urges them to wake up.
Quote
Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.

Quote
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem
https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.000112t6qipu5fm1rp72bk9wg204a
« Last Edit: May 15, 2017, 05:02:24 am by martinuzz »
Logged
Friendly and polite reminder for optimists: Hope is a finite resource

We can ­disagree and still love each other, ­unless your disagreement is rooted in my oppression and denial of my humanity and right to exist - James Baldwin

http://www.bay12forums.com/smf/index.php?topic=73719.msg1830479#msg1830479

misko27

  • Bay Watcher
  • Lawful Neutral; Prophet of Pestilence
    • View Profile

Questions for people who know things or know where to find out: What has been made of the fact that Russia apparently was one of the hardest hit areas? Particularly Russian ministries (although not sensitive Rusian computers, apparently since they run some sort of voodoo bullshit that makes them immune). Was the original attack in Russia?

Also, it seems like this attack has thoroughly spooked the world. Where does this stand in terms of historical cyberattacks? I'm familiar with things like Stuxnet, but has there been anything on this scale done by cybercriminals? And I wonder if we'll start getting international treaties on cybercrime soon (what a world!)
Logged
The Age of Man is over. It is the Fire's turn now

wierd

  • Bay Watcher
  • I like to eat small children.
    • View Profile

A few. a famous one of the early internet world was the CIH1019 and pals virus.  It would spread over unprotected windows shares, would attack any EXE that was run, (it was an older EXE infecter), and would attempt to flash the BIOS with garbage.

https://en.wikipedia.org/wiki/CIH_(computer_virus)

It caused a LOT of damage.  However, it was NOT created by a state government, with the intention to be deployed for political gains, unlike the core of this worm.
Logged

martinuzz

  • Bay Watcher
  • High dwarf
    • View Profile

Questions for people who know things or know where to find out: What has been made of the fact that Russia apparently was one of the hardest hit areas? Particularly Russian ministries (although not sensitive Rusian computers, apparently since they run some sort of voodoo bullshit that makes them immune). Was the original attack in Russia?
Well, Obama did promise that the US would retaliate for the Russian cyberattacks at some undetermined point in the future. Could be that this attack was US government based and mainly aimed at Russia, with the collateral damages around the world as a cover.
I doubt it though. I think that if it was a US coordinated attack, there would have been more damage in Russia. Unless it's just a warning 'don't mess with us in cyberspace, 'cause this is what you can expect back x1000'.
« Last Edit: May 15, 2017, 09:16:08 am by martinuzz »
Logged
Friendly and polite reminder for optimists: Hope is a finite resource

We can ­disagree and still love each other, ­unless your disagreement is rooted in my oppression and denial of my humanity and right to exist - James Baldwin

http://www.bay12forums.com/smf/index.php?topic=73719.msg1830479#msg1830479

Sheb

  • Bay Watcher
  • You Are An Avatar
    • View Profile

Questions for people who know things or know where to find out: What has been made of the fact that Russia apparently was one of the hardest hit areas? Particularly Russian ministries (although not sensitive Rusian computers, apparently since they run some sort of voodoo bullshit that makes them immune). Was the original attack in Russia?

Also, it seems like this attack has thoroughly spooked the world. Where does this stand in terms of historical cyberattacks? I'm familiar with things like Stuxnet, but has there been anything on this scale done by cybercriminals? And I wonder if we'll start getting international treaties on cybercrime soon (what a world!)

Shooting in the dark, but what if Russia got a higher amount of pirated software, which is harder to update and so had more compute vulnerable?
Logged

Quote from: Paul-Henry Spaak
Europe consists only of small countries, some of which know it and some of which don’t yet.

Starver

  • Bay Watcher
    • View Profile

My first impressions is that it's just a 'standard' ransomware attempt using vastly overkilling tools. I imagine that whoever set it off is going to lie low from everybody...  Governments of all stripes will instruct their various 'proactive' departments to hunt for them, and with varying intentions once found.

Bad news for ransom-payers, who might not even get anything back for their bitcoin payment, even if the culprits had originally intended to honour such requests.. Connecting up to send the key to unlock could find you revealing yourself to those with the resources to get behind your normal scamee-resistant anonimisations.


(But it's early days. I'm just going by how surprised various people like Robert Morris (trying to map the Internet, apparently) and the German kid who made a variant on Melissa (I think it was) to help his mother's local computer repair business, both causing effects far beyond their (stated) intentions.  I can't see government actors being so bad at subtlety, and seeming to have no internationl limitations on the chaos it causes.  Unless it's a huge double-bluff beyond my mere mortal wit...)
Logged

Folly

  • Bay Watcher
  • Steam Profile: 76561197996956175
    • View Profile
Logged

wierd

  • Bay Watcher
  • I like to eat small children.
    • View Profile

Everyone is so upset by this, but I look at it and say "wow, plausible deniability for torrenting again!" (right along side "oh neat, I can easily get on the hotel's network now when traveling, even when the desk people are total tools!")

Besides, not all devices will be easily updated.  This attack focuses on clients, not access points.  The thing is, some things are both client, AND access point. Take for instance, range extenders.  These play the role of client (for your existing network), and as Access Point (in the extended range.)  Unless you think Netgear (who does not take security at all seriously) is going to rush out and patch that shit, there will be plenty of vulnerable networks, even when all the "clients" are patched. (the idea that you need to patch the range extender, which likely uses the VERY VULNERABLE wpa_supplicant daemon that is vulnerable to creating all zero nonces when the handshake 3 is repeated), needs to be updated too will often be overlooked.)

Logged
Pages: 1 2 [3] 4