Cyber attack, as someone once said 'be careful out there'

Anything goes in The Snug, the GD's rebellious little brother. An off-topic den of iniquity for non-football/news related musings.

Moderators: bristolhammerfc, sicknote, -DL-, Rio, Gnome, chalks, the pink palermo

Cyber attack, as someone once said 'be careful out there'

Postby freelander on Sat May 13, 2017 3:14 pm

It's a bit of a read admittedly but for those interested whether you are 'techy' or not have a look at this and take a minute or two to consider your personal internet security

https://www.malwaretech.com/2017/05/how ... tacks.html" onclick="window.open(this.href);return false;" onclick="window.open(this.href);return false;
User avatar
freelander
 
Posts: 290
Joined: Wed Feb 08, 2017 7:29 pm

Re: Cyber attack, as someone once said 'be careful out there'

Postby Iron-worx on Sat May 13, 2017 9:22 pm

The answer is actually very simple...

Don't use Windows.

I use Debian so not the slightest possibility of WannaCrypt affecting me.

There is Linux malware but the chances of being affected by it are slim.

https://en.wikipedia.org/wiki/Linux_malware
User avatar
Iron-worx
 
Posts: 4809
Joined: Tue Aug 16, 2011 12:44 pm
Location: Rebuilding Lady Garrets Tower

Re: Cyber attack, as someone once said 'be careful out there'

Postby alkali on Sat May 13, 2017 9:56 pm

or a mac
User avatar
alkali
 
Posts: 1080
Joined: Wed Feb 04, 2009 4:43 pm

Re: Cyber attack, as someone once said 'be careful out there'

Postby sendô on Sat May 13, 2017 9:59 pm

Or avoid computers.
User avatar
sendô
 
Posts: 22858
Joined: Thu Nov 10, 2005 1:41 pm
Location: in the pessimistically optimistic camp.

Re: Cyber attack, as someone once said 'be careful out there'

Postby Greatest Cockney Rip Off on Sun May 14, 2017 12:04 am

A word to the wise ... apparently there's an even worse version fo this virus going around which origniates from Ireland, They send via an email and the body of the email is something like this ...

Please delete all the files on your hard drive manually and if ya could forward this Virus to everyone on your mailing list dat would be grand.

Thank you for your cooperation.
User avatar
Greatest Cockney Rip Off
 
Posts: 12305
Joined: Tue Dec 02, 2003 1:29 am
Location: The oil drum in the Garden of England

Re: Cyber attack, as someone once said 'be careful out there'

Postby Hampshire Hammer on Mon May 15, 2017 10:22 am

^^^ImageImageImageImage
User avatar
Hampshire Hammer
 
Posts: 8417
Joined: Mon Jul 14, 2003 3:18 pm
Location: Somewhere south of sanity

Re: Cyber attack, as someone once said 'be careful out there'

Postby Hampshire Hammer on Mon May 15, 2017 10:27 am

I used to run a team that conducted security audits and penetration tests, my opening line for presentations to prospective customers was "The only truly secure computer is buried several hundred feet underground, entirely surrounded by concrete, with no cables connected to it and turned off - anything else is a compromise." A slight exaggeration, but there is an essential truth there. All operating systems have flaws but the biggest one is the user.

I use Windows because I have to and it is convenient, my Unix and Linux systems also have vulnerabilities they're just not attacked as often.
User avatar
Hampshire Hammer
 
Posts: 8417
Joined: Mon Jul 14, 2003 3:18 pm
Location: Somewhere south of sanity

Re: Cyber attack, as someone once said 'be careful out there'

Postby uptonparkhurst on Mon May 15, 2017 11:19 am

Hampshire Hammer wrote:I use Windows because I have to and it is convenient, my Unix and Linux systems also have vulnerabilities they're just not attacked as often.


Serious questions (not trolling), as I use Linux and am keen to be as secure as possible.
(Not talking servers, just home PC systems)

Have you ever had/seen a successful attack that managed to execute code on the user file system without the user granting permission to run a script or macro? (Surely this would need to happen in the case
of ransomware for example?)
Have you ever had/seen a successful attack that managed to execute code against the root file system
by escalating privileges?
User avatar
uptonparkhurst
 
Posts: 2925
Joined: Tue Dec 15, 2009 11:01 pm
Location: An Alternate Reality of Evil Spells and worse spelling

Re: Cyber attack, as someone once said 'be careful out there'

Postby mushy on Mon May 15, 2017 11:25 am

So am a little confused here, how is this ransomware threat spread?

Some are saying that its the old chestnut of opening a file attachment in an email, whilst others are saying that its a shared network exploit, meaning (as far as I can tell), that if you are not on a shared network i.e. a home stand alone PC, then you are ok.
Not heard of many home users being effected so am guessing its more like the latter, but I assume someone within one of these organisations such as the NHS would have opened an attachment first and spread it through the network that way?

Anyone know, as the info in the popular press is the usual stuff about making sure your anti-virus software is up to date etc?.
mushy
 
Posts: 11121
Joined: Mon Dec 17, 2007 4:17 pm
Location: Kumb Poster of the year 2009

Re: Cyber attack, as someone once said 'be careful out there'

Postby Hampshire Hammer on Mon May 15, 2017 11:48 am

uptonparkhurst wrote:
Serious questions (not trolling), as I use Linux and am keen to be as secure as possible.
(Not talking servers, just home PC systems)

Have you ever had/seen a successful attack that managed to execute code on the user file system without the user granting permission to run a script or macro? (Surely this would need to happen in the case
of ransomware for example?)
Have you ever had/seen a successful attack that managed to execute code against the root file system
by escalating privileges?

Obviously I work with company infrastructure, so some of this may not be entirely relevant to home users.

Most successful attacks result from a user "allowing" it, either through executing code or through poor security (sharing of password normally). Once something is running on one computer in a network it can exploit trust between computers on the same network to spread.

The code can be embedded in any attachment, documents are a common vehicle, or from accessing websites.

I have seen successful attacks where the user did not realise that they were running something, but all of them are based on something executing.

I have also seen successful attacks on Unix and Linux systems where code was executed as root (or with root privilege) and/or the kernel was "patched" - in the main these have been due to poor physical security. In the main I believe that a home Linux user is pretty secure, as the target base is too small for criminals to target, and basic common sense precautions are enough.

The latest headline attack seems to be targeted at companies that have not upgraded to supported O/S rather than home users, but I'm basing that on media reports and the bulletins issued by Microsoft.
User avatar
Hampshire Hammer
 
Posts: 8417
Joined: Mon Jul 14, 2003 3:18 pm
Location: Somewhere south of sanity

Re: Cyber attack, as someone once said 'be careful out there'

Postby Kludgehammer on Mon May 15, 2017 11:49 am

Judging from some of the commentary, this ransomware outbreak uses a network exploit using outdated version(s) of SMB protocol; don't know if this is the only method of infection
User avatar
Kludgehammer
 
Posts: 6887
Joined: Thu Dec 05, 2002 1:33 pm

Re: Cyber attack, as someone once said 'be careful out there'

Postby Iron-worx on Mon May 15, 2017 6:38 pm

Hampshire Hammer wrote:In the main I believe that a home Linux user is pretty secure, as the target base is too small for criminals to target, and basic common sense precautions are enough.


Yes, No...

The home Linux user is pretty secure (so long as they don't do anything stupid)

Linux is thought to be nearly 2% of computer usage, which percentagewise is small but which in number of machines is still huge and a number worth targeting - Thinking about it in percentages rather than numbers is a thought virus which of course may also be polluting the thinking of malware producers.

The reasons it isn't targeted in the main are the number of different flavours, the root password, the trusted repositories, and the average Linux user is savvy compared with the average Windows user.

Linux is far harder to succeed in targeting than Windows is.
User avatar
Iron-worx
 
Posts: 4809
Joined: Tue Aug 16, 2011 12:44 pm
Location: Rebuilding Lady Garrets Tower

Re: Cyber attack, as someone once said 'be careful out there'

Postby FreeWheeling on Mon May 15, 2017 9:44 pm

On the plus side, Our bosses, **** the pants and I got 6 hours of unnecessary overtime this evening , working from home, few beers checking over stuff i knew had no problem :thup: as i installed the mcafee patch and rule changes by 8 this morning
FreeWheeling
 
Posts: 2480
Joined: Mon Aug 16, 2010 6:55 pm
Location: Behind the away goal at the Camrose

Re: Cyber attack, as someone once said 'be careful out there'

Postby POP POP POP Robson on Tue May 16, 2017 4:07 pm

An IT guy who works in my building was telling me a few weeks ago about an attack he had to deal with for a client which turned out to be identical to this one and at the time he was telling me how impressed he was with it's ingenuity. He'd never seen anything like it. He explained to me that it's not distributed by email but the analogy he gave me was it's like something trying each network and knocking on every door until it finds a way in. I spent yesterday checking my Windows updates and antivirus was up to date.
User avatar
POP POP POP Robson
 
Posts: 3952
Joined: Wed Sep 28, 2005 10:50 am
Location: With sufficient thrust, pigs fly just fine

Re: Cyber attack, as someone once said 'be careful out there'

Postby mumbles87 on Tue May 16, 2017 4:16 pm

alkali wrote:or a mac


this is the problem say the entire NHS etc switched to mac

then they would just make virus' etc for macs ...

Macs arent safe because their macs.. their safe because there isnt the call for virus'
mumbles87
 
Posts: 8815
Joined: Sun Jul 01, 2012 10:35 am

Re: Cyber attack, as someone once said 'be careful out there'

Postby alkali on Wed May 17, 2017 8:34 am

I don't agree Mumbles. (but then I wouldn't would I?). It's not just numbers, there's plenty enough wealthy mac users to extort money from. The mac operating system is less vulnerable than these elderly Windows systems that are full of holes, chewing gum and string.
Free updates for ages have meant people are better protected too.
User avatar
alkali
 
Posts: 1080
Joined: Wed Feb 04, 2009 4:43 pm

Re: Cyber attack, as someone once said 'be careful out there'

Postby mushy on Wed May 17, 2017 9:16 am

The clue is 'elderly windows systems' alkali.
Any organisation still using XP deserves what it gets, any system (be it Windows,Linux,Mac etc) that old will have vulnerabilities.
I havent heard of anyone that took the offer of a free upgrade to Windows 10 complain about these attacks.
The truth is that technology, and the people hell bent on exploiting it move on.
Big companies constantly fail to invest in the right areas, thinking that while the system works there is no point in updating it, this is rampant in the industry. IT upgrades constantly get pushed back down the queue as companies look to save money, its short term madness.
My last contract was working for a British bank (the one mostly owned by the public), the back office team had direct access to update and view business accounts. They were using CICS on dumb terminals from the 80's, there was minimal security apart from praying that the firewall would stop unauthorised entry.

The sad part about the NHS is that they are constantly asked to make cuts, staffing and IT are big budgets and thats where they look to make the savings.
Macs have a system that checks a list of malicious software and blocks it accordingly.
Like anti-virus systems its only as good as the last update and the hope that they have identified the correct malicious software.Plus they only like you to download software from the Apple store, a feature that many developers turn off.
I dont doubt that Macs are generally more secure, but as with Windows , they are all only as good as how you use and maintain them.
mushy
 
Posts: 11121
Joined: Mon Dec 17, 2007 4:17 pm
Location: Kumb Poster of the year 2009

Re: Cyber attack, as someone once said 'be careful out there'

Postby alkali on Wed May 17, 2017 10:20 pm

yeah, kinda suppose so... :)
User avatar
alkali
 
Posts: 1080
Joined: Wed Feb 04, 2009 4:43 pm

Re: Cyber attack, as someone once said 'be careful out there'

Postby djclipz on Wed May 17, 2017 11:16 pm

2 year old article
https://www.theguardian.com/technology/2015/may/26/uk-government-pcs-open-to-hackers-as-paid-windows-xp-support-ends

TLDR: Government chose to not to extend support contract with Microsoft and then also didn't bother upgrading operating systems to an offically supported one.
User avatar
djclipz
 
Posts: 4160
Joined: Sat Aug 14, 2010 5:16 pm

Re: Cyber attack, as someone once said 'be careful out there'

Postby uptonparkhurst on Thu May 18, 2017 11:54 am

Apparently, an upgrade would have meant that the NHS needed to pay for the Patient software to be rewritten
in addition to the upgrade cost.

Anyway, supposing they'd attempted to upgrade to VISTA? The NHS would have ground to a halt!

I wonder how much it would cost to switch to Linux e.g REDHAT?
User avatar
uptonparkhurst
 
Posts: 2925
Joined: Tue Dec 15, 2009 11:01 pm
Location: An Alternate Reality of Evil Spells and worse spelling

Next

Return to The Snug

Who is online

Users browsing this forum: mumbles87, Yahoo [Bot] and 5 guests