Author Topic: Another "massive" ransomware attack  (Read 444 times)

xairbusdriver

  • Storm
  • *****
  • Posts: 1733
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless w/remote wireless Anemometer Kit
Another "massive" ransomware attack
« on: May 12, 2017, 09:06:52 PM »
Quote
"Currently, we have recorded more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world, mostly in Russia," cyber security firm Kaspersky says.

elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 4333
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, MacBook Pro (Mid 2009)
Thanks for sharing. (Re: Another "massive" ransomware attack)
« Reply #1 on: May 13, 2017, 12:04:50 AM »
Dear X-Air and WeatherCat "sadder but wiser" seekers of Internet security,

Quote
"Currently, we have recorded more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world, mostly in Russia," cyber security firm Kaspersky says.

Definitely scary stuff.  You would hope that hospitals would have an IT department that can keep up with these sorts of Microsoft patches.  However, that is clearly optimistic.  The whole situation reminds me of a Murphy-ism:

If architects and engineers built buildings the same way programmers wrote software, the first woodpecker that came along would destroy civilization!  

Oh well, . . . . Edouard

xairbusdriver

  • Storm
  • *****
  • Posts: 1733
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless w/remote wireless Anemometer Kit
Re: Another "massive" ransomware attack
« Reply #2 on: May 13, 2017, 12:18:20 AM »
Unfortunately, sometimes malware is not recognized until it starts making problems. It's much easier to patch something after you know what needs to be patched. Also unfortunately, this kind of attack can be dangerous to the health of real people. Just another reason for not allowing 'backdoors' in encryption devices. All it takes is for one 'bad apple' to leak the code or the key. Fortunately most of the time, these scum bags can't keep their knowledge a secret very long.

elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 4333
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, MacBook Pro (Mid 2009)
Dear X-Air and WeatherCat puzzled observers of the software industry,

Just another reason for not allowing 'backdoors' in encryption devices.

I can't help but admit my utter bewilderment at the number of "back doors" software engineers apparently insist they need.  When I was working at San Diego Supercomputer Center, security was already a serious concern and that was in the late 1990s.  Almost 20 years, later the coding practices still seem to create a "swiss cheese" of exploit opportunities.  Considering how old the problem is, why is any piece of software obtaining root access unless - it is absolutely impossible for that software to work otherwise? 

Oh well, . . . . . Edouard

xairbusdriver

  • Storm
  • *****
  • Posts: 1733
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless w/remote wireless Anemometer Kit
Re: Another "massive" ransomware attack
« Reply #4 on: May 14, 2017, 03:39:42 AM »
The 'back doors' I referred to are requested by our 'guvment'. Mainly to DEcrypt the data that the ENcryption software can't without the 'keys'. Those wanting/needing to decrypt always say "Trust us. We'd never misuse on your data." All I say is who believes the 'back door' will always be secure and never get into the black hat hackers hands? OTOH, historic code seems to confirm that it's not the "back" door that is weak; who's that coming in the front after no one checked to be sure it was even closed, much less locked? [banghead] [rolleyes2]

elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 4333
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, MacBook Pro (Mid 2009)
Point well taken, but . . . . (Re: Ransomware attack)
« Reply #5 on: May 14, 2017, 11:04:23 PM »
Dear X-Air and WeatherCat responsible netizens,

The 'back doors' I referred to are requested by our 'guvment'.

Yes, I do understand your point and concern.  Alas, the government hadn't started asking for back-doors until recently.  Since it stands to reason the government has always been as nosy as it is now, one has to assume that software was chocked full of back-doors that the government simply helped itself to our devices without so much as a warning.  I wouldn't be surprised if governmental monitoring of computers started out because it was so easy to hack into these sloppily implemented systems.  Once the government got addicted to this sort of access, it is hardly a surprise that they don't want to lose what is to them "a really good thing."  This piece on gizmodo makes some really good points of how the government carefully catalogued every exploit they could find and why government should ultimately should be blamed for this outbreak:

http://gizmodo.com/u-s-government-fears-a-monday-explosion-of-the-ransomw-1795208518

I particularly like this quote:

Quote
We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.

Nonetheless, the piece makes it clear the government had nothing to do with creating the back-doors.  The back-doors were creating by sloppy software implementation. 

I remain convinced the greatest blame should fall on the silicon valley types who never have enough time to implement software correctly and only reluctantly go back to fix their mistakes because they are way too busy working on the next big thing[rolleyes2]

As the old saying goes: "It ain't no way to run a railroad . . . . "

Oh well, Edouard