Author Topic: World Wide Cyber Attack get's people's p@nties in a twist  (Read 647 times)

Raistlin

  • Member
  • ***
  • Posts: 259
Here we go again,

so South Africa also fell victim to the attack - thus my interest. World wide exploit of a known vulnerability.
Ransom-ware all over the show... and everyone is blaming Microsoft, which promptly wants an additional
agenda item at a meeting with governments and affiliates to discuss a way forward at the Geneva convention.

http://www.telegraph.co.uk/news/2017/05/15/australia-new-zealand-largely-escape-global-cyber-attack/

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000q93mgwt8uf5dw3a189ai0mlsf


jj2007

  • Member
  • *****
  • Posts: 7757
  • Assembler is fun ;-)
    • MasmBasic
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #1 on: May 15, 2017, 04:46:48 PM »
Nice link :P
Quote
We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.
...
we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4934
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #2 on: May 15, 2017, 05:38:23 PM »
He he, nothing can beat a disk image.  :P
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

anta40

  • Member
  • ***
  • Posts: 293
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #3 on: May 15, 2017, 05:48:55 PM »
Linux users,

Please note that this time, you are not invulnerable of this kind of attack:
https://twitter.com/hackerfantastic/status/863359375787925505

:P

caballero

  • Member
  • ****
  • Posts: 784
    • Abre Ojos Ensamblador
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #4 on: May 15, 2017, 08:30:20 PM »
There is nothing invulnerable or impossible. If Windows suffers more attacks it must be because there is more to win.

On the other hand, as Hutch says, today it seems best to save a disk image, which is not infallible either. It was commented that even though today the antivius are updated daily, whereas previously they did it every several months, they are still ineffective. More than that, they commonly attack harmless files, and overload the system with their processes, growing more and more in size.
En un lugar de la Mancha de cuyo nombre no quiero acordarme

anunitu

  • Member
  • ****
  • Posts: 919
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #5 on: May 15, 2017, 10:54:19 PM »
From the news and what I have read,this is delivered as an email attachment. They mentioned a fake email from banks and such. So,it seems the weak point is people clicking without thinking. What they also said is it spreads fast once a system(business) is infected. Reminds me of those old spam virus's that would grab a mailing list to send the package to others,using known names to trick people.

From Microsoft:
How crypto ransomware spreads... is it decryptable...should I pay the ransom

https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/how-crypto-ransomware-spreads-is-it/50b629d8-060c-4004-a1e9-d99571062773


Raistlin

  • Member
  • ***
  • Posts: 259
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #7 on: May 16, 2017, 03:31:16 PM »
OK, so the main vulnerability is exposed within the SMB v1 protocol
(Microsoft Server Message Block protocol version 1). The protocol is
used for inter-server-, printer- communication and network share propagation.

Any public network facing SMB v1 share running on port 445 is currently susceptible.
Although the bait and hook method via email is not excluded using the same vulnerability <- targeted attack.
Primarily Win XP, Server 2000, Server 2003 & older versions of Linux/MAC SAMBA - type operating systems.

Microsoft has made patching available free of charge to combat current attacks (previously paid for extended SLA required).

Remedy: Immediate firewall block and patch. Complete security assessment/audit across ALL (everything) computing resource assets.
               Revisit and update security policy document suite. Enforce security policy without compromise. Be vigilant. Trust but audit.
 
The problem in hindsight however is: that IT managers had been lax in determining corporate infrastructure/OS footprints.
The result: inadequate patch management and configuration documentation persists in industry at large.

Recommendation: Organisations can ill afford a bad IT management function - as this WILL result in large scale tangible
LOSS of data assets, reputation and open possibility of legal consequence.  This shouldn't have happened.................

Magnum

  • Member
  • *****
  • Posts: 2242
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #8 on: May 17, 2017, 05:48:02 AM »
Linux users,

Please note that this time, you are not invulnerable of this kind of attack:
https://twitter.com/hackerfantastic/status/863359375787925505

:P

The article is slim on details.

I assume that if you run Windows under Wine, it could get infected ?

I do not use Wine.

Take care,
                   Andy

Ubuntu-mate-16.04-desktop-amd64

http://www.goodnewsnetwork.org

anunitu

  • Member
  • ****
  • Posts: 919
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #9 on: May 17, 2017, 05:55:33 AM »
Read somewhere that this can infect Linux..do a search on it.

Raistlin

  • Member
  • ***
  • Posts: 259
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #10 on: May 18, 2017, 03:35:16 PM »
As mentioned it's the SMB v1 causing the vulnerability.

Thus Linux/MAC/etc would be susceptible if you are supporting
any form of SAMBA (cross platform file/print share) which must use
the SMB protocol. Again it's only SMB version 1 you need to look out for.

On a side note: The topic of "Wine" might be incidental, as it typically
goes hand in hand with some form of Windows share via SAMBA.

anta40

  • Member
  • ***
  • Posts: 293
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #11 on: May 18, 2017, 04:03:50 PM »
The article is slim on details.

I assume that if you run Windows under Wine, it could get infected ?

I do not use Wine.

That's just a joke. WannaCry won't run on Linux, and thus you need "Windows compatibiliy" by
running it with Wine. :P

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4934
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #12 on: May 18, 2017, 09:17:41 PM »
Some interesting reads but the basics still apply, never ever run something that you don't know what it is. Don't be curious about unsolicited emails, delete them. Set up your email client so it never auto runs anything and remember the greatest weakness in terms of computer security is YOU.

Next trick is to have a proper disk image of important data areas and a boot disk that will run it. Store the disk images elsewhere, on an external can, on another computer that normally does not get switched on. You absolutely cannot get infections/trojans etc ... from a machine that is not turned on.

Next trick is if you get stung, stand in front of a mirror and call yourself a "phuking moron" for being stupid enough to get stung with crap like this.  :P
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

K_F

  • Member
  • *****
  • Posts: 1294
  • Anybody out there?
Re: World Wide Cyber Attack get's people's p@nties in a twist
« Reply #13 on: May 21, 2017, 05:52:00 AM »
My take on this bollocks.

I think the Key thing is that it works on more than one OS, which suggests to me that it's a script of sorts.
If so then it'll rely on certain OS services (or plain JAVA run time ) to be active in order to do it's dirty work.

So would a minimal service system just be invulnerable to script viruses.
Thinking  ;)
'Sire, Sire!... the peasants are Revolting !!!'
'Yes, they are.. aren't they....'