Post reply

Security and Patching Struggles

  • May 20, 2017 at 11:47 am

    #336996

    Comments posted to this topic are about the item Security and Patching Struggles

  • May 22, 2017 at 1:39 am

    #1943505

    The most frightening thing about WannaCry is that the means by which people were infected is uncertain.  There was an IBM guy saying they had analysed billions of log entries for what was expected to be a dodgy email link and the user who clicked on it.  IBM were expecting the source of the infection to stick out like a sore thumb....only it didn't.

    LinkedIn Profile

  • May 22, 2017 at 10:24 am

    #1943594

    How hard would it be to go backwards from the Bitcoin payment if you had a 50 billion dollar a year budget?

    412-977-3526 call/text

  • May 22, 2017 at 11:05 am

    #1943602

    David.Poole - Monday, May 22, 2017 1:39 AM

    The most frightening thing about WannaCry is that the means by which people were infected is uncertain.  There was an IBM guy saying they had analysed billions of log entries for what was expected to be a dodgy email link and the user who clicked on it.  IBM were expecting the source of the infection to stick out like a sore thumb....only it didn't.

    That is scary. The attacks get more sophisticated all the time.

  • May 22, 2017 at 11:07 am

    #1943603

    robert.sterbal 56890 - Monday, May 22, 2017 10:24 AM

    How hard would it be to go backwards from the Bitcoin payment if you had a 50 billion dollar a year budget?

    No idea, but it's not practical. You could do this, but we'll get more and more attacks, and I suspect the paths and tracing would be harder. Not to mention financial groups often don't want to be too involved because they benefit from trading.
    Solve one, sure. Solve then next 500 from copycats? Maybe, but your budget becomes a bigger and bigger issue.

  • May 22, 2017 at 11:11 am

    #1943605

    It would be helpful if there were something like an Access Control dialog warning whenever a program attempts to use the Cryptography API.

    It also seems like a ransomware program should be relatively easy to detect by a generic malware scanner; the message and paypal links may differ between various versions but they all work essentially the same. This type of thing has been around for years; so why are the major anti-malware vendors responding to this after the fact, rather than proactively detecting it?

    If this disaster turns out to be the result of hackers exploiting an intentionally engineered and concealed back door in the operating system, then some heads should roll at Microsoft and the NSA.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • May 22, 2017 at 11:22 am

    #1943607

    I never assume that the government can't figure out the source of this information. I just consider it an unknown.

    The government has very little interest in anonymous transactions.

    OS level cryptography is problematic for an OS used by the masses. Application and data level cryptography would seem to make more sense.

    412-977-3526 call/text

  • May 24, 2017 at 7:03 am

    #1943971

    Eric M Russell - Monday, May 22, 2017 11:11 AM

    It also seems like a ransomware program should be relatively easy to detect by a generic malware scanner; the message and paypal links may differ between various versions but they all work essentially the same. This type of thing has been around for years; so why are the major anti-malware vendors responding to this after the fact, rather than proactively detecting it?

    ( A bit of conspiracy nonsense...) did anyone notice how shares and stocks have gone up in this sector?:hehe:

  • May 24, 2017 at 7:27 am

    #1943976

    One problem is that platform and security software vendors have business entanglements with AdWare software companies. Companies agree to "play nice" and not to block each other's software. However, many of these AdWare guys are not trustworthy, and once they are allowed fast-track access, they'll turn rogue and start dropping a payload. Any software that contains features like encryption, remote control, access to My Documents folder, or bitcoin payments should at least be flagged as potentially unsafe. Even if most users swipe away the warnings and continue, there is always at least one guy in the organization will take notice and investigate.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • May 24, 2017 at 8:45 am

    #1944002

    Eric M Russell - Wednesday, May 24, 2017 7:27 AM

    One problem is that platform and security software vendors have business entanglements with AdWare software companies. Companies agree to "play nice" and not to block each other's software.

    Do you know some good reporting on this?

    I guess I'm trying to see who are the good and bad actors in the space.

    412-977-3526 call/text

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply