Trixology

General Category => General Computing/Macintosh => Topic started by: xairbusdriver on May 12, 2017, 09:06:52 PM

Title: Another "massive" ransomware attack
Post by: xairbusdriver on May 12, 2017, 09:06:52 PM
Quote
"Currently, we have recorded more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world, mostly in Russia," cyber security firm Kaspersky says.
the two-way BREAKING NEWS FROM NPR (http://www.npr.org/sections/thetwo-way/2017/05/12/528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded)
Title: Thanks for sharing. (Re: Another "massive" ransomware attack)
Post by: elagache on May 13, 2017, 12:04:50 AM
Dear X-Air and WeatherCat "sadder but wiser" seekers of Internet security,

Quote from: xairbusdriver on May 12, 2017, 09:06:52 PM
Quote
"Currently, we have recorded more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world, mostly in Russia," cyber security firm Kaspersky says.
the two-way BREAKING NEWS FROM NPR (http://www.npr.org/sections/thetwo-way/2017/05/12/528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded)

Definitely scary stuff.  You would hope that hospitals would have an IT department that can keep up with these sorts of Microsoft patches.  However, that is clearly optimistic.  The whole situation reminds me of a Murphy-ism:

If architects and engineers built buildings the same way programmers wrote software, the first woodpecker that came along would destroy civilization! (http://www.canebas.org/WeatherCat/Forum_support_documents/Custom_emoticons/eek-sign.gif) 

Oh well, . . . . Edouard
Title: Re: Another "massive" ransomware attack
Post by: xairbusdriver on May 13, 2017, 12:18:20 AM
Unfortunately, sometimes malware is not recognized until it starts making problems. It's much easier to patch something after you know what needs to be patched. Also unfortunately, this kind of attack can be dangerous to the health of real people. Just another reason for not allowing 'backdoors' in encryption devices. All it takes is for one 'bad apple' to leak the code or the key. Fortunately most of the time, these scum bags can't keep their knowledge a secret very long.
Title: Beat's me why software is like this (Re: Another "massive" ransomware attack)
Post by: elagache on May 13, 2017, 11:10:09 PM
Dear X-Air and WeatherCat puzzled observers of the software industry, (http://www.canebas.org/WeatherCat/Forum_support_documents/Custom_emoticons/scratch_head.gif)

Quote from: xairbusdriver on May 13, 2017, 12:18:20 AM
Just another reason for not allowing 'backdoors' in encryption devices.

I can't help but admit my utter bewilderment at the number of "back doors" software engineers apparently insist they need.  When I was working at San Diego Supercomputer Center, security was already a serious concern and that was in the late 1990s.  Almost 20 years, later the coding practices still seem to create a "swiss cheese" of exploit opportunities.  Considering how old the problem is, why is any piece of software obtaining root access unless - it is absolutely impossible for that software to work otherwise?  (http://www.canebas.org/WeatherCat/Forum_support_documents/Custom_emoticons/confused_do_no.gif)

Oh well, . . . . . Edouard
Title: Re: Another "massive" ransomware attack
Post by: xairbusdriver on May 14, 2017, 03:39:42 AM
The 'back doors' I referred to are requested by our 'guvment'. Mainly to DEcrypt the data that the ENcryption software can't without the 'keys'. Those wanting/needing to decrypt always say "Trust us. We'd never misuse on your data." All I say is who believes the 'back door' will always be secure and never get into the black hat hackers hands? OTOH, historic code seems to confirm that it's not the "back" door that is weak; who's that coming in the front after no one checked to be sure it was even closed, much less locked? [banghead] [rolleyes2]
Title: Point well taken, but . . . . (Re: Ransomware attack)
Post by: elagache on May 14, 2017, 11:04:23 PM
Dear X-Air and WeatherCat responsible netizens,

Quote from: xairbusdriver on May 14, 2017, 03:39:42 AM
The 'back doors' I referred to are requested by our 'guvment'.

Yes, I do understand your point and concern.  Alas, the government hadn't started asking for back-doors until recently.  Since it stands to reason the government has always been as nosy as it is now, one has to assume that software was chocked full of back-doors that the government simply helped itself to our devices without so much as a warning.  I wouldn't be surprised if governmental monitoring of computers started out because it was so easy to hack into these sloppily implemented systems.  Once the government got addicted to this sort of access, it is hardly a surprise that they don't want to lose what is to them "a really good thing."  This piece on gizmodo makes some really good points of how the government carefully catalogued every exploit they could find and why government should ultimately should be blamed for this outbreak:

http://gizmodo.com/u-s-government-fears-a-monday-explosion-of-the-ransomw-1795208518 (http://gizmodo.com/u-s-government-fears-a-monday-explosion-of-the-ransomw-1795208518)

I particularly like this quote:

Quote
We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.

Nonetheless, the piece makes it clear the government had nothing to do with creating the back-doors.  The back-doors were creating by sloppy software implementation. 

I remain convinced the greatest blame should fall on the silicon valley types who never have enough time to implement software correctly and only reluctantly go back to fix their mistakes because they are way too busy working on the next big thing.  [rolleyes2]

As the old saying goes: "It ain't no way to run a railroad . . . . "

Oh well, Edouard