Posted on 05/12/2017 4:12:56 PM PDT by monkapotamus
NEW YORK (AP) — Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.
It was believed to the biggest attack of its kind ever recorded.
The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.
(Excerpt) Read more at apnews.com ...
So let me get this straight - the dimwits at the NSA created a gateway into Microsoft program, then published the gateway such that any teenager living in his mom’s basement could hack any PC.
that’s the government for you
Mat those who put this threat out be terminated/erased
I wouldn’t be surprised if its a concerted attack by North Korea and Iran.
for Bill Gates to be secure,
you have to be insecure.
there will always be backdoors
in Microsoft products
Your government at work for you!
At least AP got that line in for the 3rd paragraph, and not buried 14 paragraphs down...
Note that I am getting messages on MANY sites (including AP) about invalid security certificates. Not sure what that (so many such warnings) mean. They are a pain, too -- sometimes hard to close out and escape (close) the original website window.
Bring Edward Snowden back as a consultant and exile the NSA! (Source of the hack).
When I get those calls, and they tell me that my MS Windows machine is corrupted / has a virus / etc.... I tell them, that is interesting, I only run Linux.
At which point they usually hang up.
If I want to play with them, I will ask them “Which one?” Is it the downstairs, or loft or the two laptops? And after a while I start to use my tech background to really mess with them.
Sorry that is naive thinking. Even if it was legal (it’s not) there are all kinds of ways for these guys to hide who they are.
I do penetration tests as part of my job. Our attack method starts in stealth mode, then works up via a series of “escalations” to basically stomping around inside of someone’s environment. I have NEVER been detected in stealth mode, and only a couple times have I been detected and the next level up.
George Soros again.
You couldn’t get to Defender?
How about have a backup of your data and software and just give the extorters the finger and wipe the drive and restore? I know it will take some work, but it's certainly cheaper than $80,000. Of course if you are a Hollywood liberal which by definition means you are stupid, you probably don't do backups.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Well, yes it is Microsoft's fault. Overwhelmingly, but not entirely. I'll give you that.
Ironic that you mention the Windows 10 built-in module ("Windows Defender / MSE") that allegedly blocks ransomware in this of all days, since just a few days ago they had to patch a zero day exploit in Windows Defender affecting basically every operating system they support. The exploit was discovered by Google engineers, namely, competitors of Microsoft. That's just nuts.
Here's the story:
ZD Net: Microsoft releases emergency patch for 'crazy bad' Windows zero-day bug
Here's the NIST.gov background on it:
NIST.gov: CVE-2017-0290 -- Microsoft Malware Protection Engine Remote Code Execution Vulnerability
The exploit Google uncovered is that a security hole allows specially-crafted Javascript to easily trick the Windows Defender / MSE scanning engine to actually run the script it's scanning. It works because Windows Defender malware scanner has some kind of Javascript interpreter built into the framework. Who in their right mind at Microsoft decided a kernel-level, unsandboxed Javascript interpreter baked into their malware scanner was a brilliant idea? It actually has the proven potential to delivers worms and viruses to the entire installed user base.
And just today, the world's largest ransomware cyberjacking in history affecting only Microsoft products was caused by an exploit discovered months ago by the NSA.
Here's the most hilariously miserable part of the story: The private individual who stopped the global replication of the WannaCry cyber attack did it by spending $10.69 out of his own pocket.
But hey, Microsoft blames their users for not regularly updating their systems with security patches to plug exploits that even Microsoft can't identify without outside help from their market competitors, the US Federal government, and some guy in the UK named Darien who spent just over ten bucks of his own money. Wow.
I think Congress ought to investigate Microsoft at this point. This is several levels of magnitude worse than anything Volkswagen did with their diesel smog control devices. I hope you agree.
"... Hectoring people on the OS that is run on their system is like blaming the gun for someone’s death. It is who pulled the trigger that is to blame."
Eddie, read the explanation above and understand that the gun manufacturer in this case, Microsoft, marketed firearms that have no internal or external safety and when dropped are likely to not only discharge but also spin around on the ground like a 'Chinese Ground Bloom Flower' holiday firework firing bullets wildly until the magazine is empty. Might even reload itself and keep on firing. Moreover, the system the gun manufacturer put in place to assist you from dropping their gun actually increases the chance that you drop the gun.
Today was a really bad day for Microsoft. All over the planet. The hits just kept on coming.
“Windows 10 has automatic updates of an anti-virus app that blocks ransomeware.”
I had a share that was left open to anyone on the network. It held useless information. It got ransomed. I blew it away and re-created it.
Funny how that works huh? ;-)
“Backup”
HAHAHAHAHA!!!! Users don’t do backups. They expect some nameless faceless entity somewhere to do that for them. If backups do occur, they work tirelessly to turn them off.
This sort of thing is why I just bought a Raspberry Pi this week. I’ll be doing all my finance stuff, and nothing else, on it. $100 for the Pi kit plus a Logitech keyboard and mouse, and a free surplus Dell monitor my son scarfed up for me, and I’m good to go. Running Raspian.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.