Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[feelotraveller]

Looks like the biggest Infosec threat is the CIA.  No great surprises there, but for a change we can read about (some of) it...  Seriously it's pretty big but I'm a bit too tired to summarize it succintly.

https://wikileaks.org/ciav7p1/index.html

And yes, it is pretty certain once you have visited the link/site that you will be on the watched list.  But it's pretty unlikely that you aren't already.

[MetalSlimeHunt]

If you are running Windows and have not updated since March, do so immediately. As you might have heard, the NHS database (among others) recently got hit with an incredibly effective ransomware program, this program is making use of an exploit in Windows to spread between networked computers without user action. The recent Windows update patch will prevent this.

[TheBiggerFish]

Well that's not good.

Ars Technica article, thanks Empiricist.

https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/

[Folly]

http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/

Just updated my Windows for the first time in over 8 months.

[martinuzz]

Menwhile, the Dutch government is wondering why the Netherlands was spared. Only 4 incidents were reported, none in vital services or industry.
Their best guess so far is that 'we Dutch have a better update culture'.

Apart from that, it's kinda impossible to get a computer with anything other than windows 10 over here. The day win 10 came out, all computer retailers removed their shelf stock of computers with win7 and win8 pre-installed and switched them out / updated them to come pre-installed with win10.

[McTraveller]

Too many more of these incidents and I think we're going to start seeing legislation regulating internet-facing software and OSs.  Think FDA or FAA regs, but for computing.  I'm still not sure if that would be a good or bad thing.

EDIT: This is coming from the standpoint that this is very clearly a public safety issue.

[smjjames]

Too many more of these incidents and I think we're going to start seeing legislation regulating internet-facing software and OSs.  Think FDA or FAA regs, but for computing.  I'm still not sure if that would be a good or bad thing.

EDIT: This is coming from the standpoint that this is very clearly a public safety issue.

It would help if we had politicians who understood the internet and computers, for a start.

[wierd]

I think that is too easy an out.

Instead, you have government that is addicted to ripping through people's personal correspondence, suddenly seeing that there are serious consequences to NOT DOING THEIR DAMNED JOBS. (The NSA's job is to safeguard americans. They failed, bigtime, by enabling this cockup. How? Not by somehow not preventing the breach that resulted in the leak, no-- that is and was inevitable. NO-- they cocked up by hoarding a shitload of nuclear-grade exploits, which then all got introduced to the malware and scamware community *ALL AT ONCE*, resulting in a shitstorm that no-one could have prepared for properly. Why? Because they need to keep track of "The terrorists!" and the like. Never mind that the US was perfectly capable of tracking "Terrorists" (even freaking actual SPIES!) long before "the internet", and before "Mass surveillance". They are just addicted to having everyone's communications poured into their troughs, and addicted to being able to do whatever the fuck they want, without consequences. Well-- Natural consequences like this one are hard to keep down, M'kay?)

How many times does this need to happen before people stop listening to their horseshit excuses, and take away their secret court, and take away their precious mass surveillance power, and hold them accountable again?

That is to say-- the congress critters know full well about how the internet works-- they dont really care. They consider having hospitals shut down, massive disruptions of the banking industry, and cyber criminals making use of military grade zero days in massive quantities to be "Perfectly OK!" as long as it allows them to exercise absurd power, and be bossy, manipulative assholes all over the globe.

I think we should stop treating them like ignorant old fools, and treat them like the sociopathic tyrants they actually are-- personally.

[SalmonGod]

I think we should stop treating them like ignorant old fools, and treat them like the sociopathic tyrants they actually are-- personally.

Yes.  That old phrase "Never attribute to malice what could be attributed to ignorance" is given far, far too much credibility.  It makes us easy victims.  Even though the saying has some merit as a consideration, not an absolute, I've seen it so heavily abused for so long that my immediate response whenever it's cited anymore is revulsion.

[hector13]

This is probably a wise ptw.

[MaximumZero]

This is probably a wise ptw.

Agreed.

[Levi]

I keep my windows NT server behind a firewall, so its probably fine, haha.

[scriver]

Posting to watch here too.

[Starver]

Some interesting information (apart from the typical politician stuff) in this article... Also P(ing)TW

[martinuzz]

Europol reports that already, a new variant of the ransom worm using WannaCry has been detected, unleashed by hackers. This one does not have a killswitch, at least not of the type that the previous one had. Europol warns that there will probably be another escalation of infections this monday, when banks and business resume work week schedule.

Already, 200 thousand new infections have been reported, mainly in Russia and in the UK.

http://www.volkskrant.nl/media/nieuwe-variant-ransomware-duikt-op-zonder-noodknop-europol-waarschuwt-voor-nieuwe-uitbraken~a4494681/

http://www.bbc.co.uk/news/technology-39913630

EDIT: I think my newspaper meant the total infections since the first attack are 200 thousand, not 200 thousand new ones already. Just that throughout the weekend, the number has risen to 200 thousand.