It looks like you're new here. If you want to get involved, click one of these buttons!
Subscribe to our Patreon, and get image uploads with no ads on the site!
Base theme by DesignModo & ported to Powered by Vanilla by Chris Ireland, modified by the "theFB" team.
Comments
Blogger ‘halts spread of malware by accident’
A British researcher who claims to have found a “kill switch” that can stem the tide of yesterday’s global cyberattack said he stumbled upon the solution by accident.
The cybersecurity blogger, tweeting as @MalwareTechBlog, has been credited with protecting thousands of IT systems from malicious software which caused chaos in the NHS yesterday and affected computers in more than 70 countries.
By paying $10.69 to take control of a web domain linked to the bug, he was said to have stopped its spread to new computers. However, those already affected will not be helped and the researcher warned that other strains of the ransomware may exist.
“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” he tweeted last night.
“I can only add ‘accidentally stopped an international cyberattack’ to my résumé.”
The domain was reportedly hidden in the malware’s code in case the hackers wanted to stop it spreading. Analysts said it was a stroke of fortune that the cybercriminals hadn’t registered it first.
Monitors tracking the spread of the malware, known as WannaCry, showed a sharp decline in the number of new addresses being infected shortly after the domain was registered before rising again.
“So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again,” @MalwareTechBlog tweeted. He said he was sharing information with the FBI to help notify affected organisations.
The researcher has not been named but works for the security firm Kryptos Logic, according to the technology website Ars Technica.
Remember, it's easier to criticise than create!
The encryption used in these things is crazy strong. They won't be decrypting it unless the hackers have really screwed up.
Supportact said: [my style is] probably more an accumulation of limitations and bad habits than a 'style'.
1 - Everybody in the IT industry (except the third party companies contracted to carry out the work) told the £12bn NHS IT project that it was doomed to failure and there was a simpler, cheaper-by-orders-of-magnitude way to do it, but they were ignored in favour of a single-vendor centralised system (otherwise known as a single point of failure). Like it or not, the project was politically-motivated rather than brought about by a technical need; Blair's obsession with modernisation-in-the-face-of-common-sense is the only thing that let the project continue...after two years it was four years behind, and would've been shitcanned under any other government.
2 - Everybody in the IT industry told them that they'd be better off spending a fraction of that money on a rolling OS upgrade plan for the sake of security. Also ignored in favour of shiny things.
3 - All Windows versions from XP to Server 2012 were vulnerable until March, when Microsoft released a patch for the vulnerability that this worm uses to propagate. Unsurprisingly, the NHS didn't bother to apply it because of bureaucracy.
4 - Because servers were vulnerable and unpatched, it's not just a case of wiping the desktops and refreshing.
5 - As with all ransomware, finding the decryption key is only a matter of time - it's down to the security experts to decompile the worm and find it, though. Given the time it takes to do this, though, it's unlikely to save anyone's job (or life, for that matter).
6 - If you're using Windows 8 or above, you should be protected by default. Same if you keep up-to-date with security patches.
7 - There are going to be a lot of calls for NSA/MI5/etc to stop hoarding exploits, and they'll just blame Snowden et al for ruining their security-by-obscurity.
The short version of all of this is that it's a clusterfuck with so many actors involved that the circle-jerk of blame will continue for years.
Remember, it's easier to criticise than create!
I read this attack only affected PCs and not servers.
Remember, it's easier to criticise than create!
EDIT: Oh, and it wasn't entirely wasted - I believe one hospital is using the software, somewhere down south. My dad worked on the documentation for the project...oh, the stories...
I don't think it's a single encryption key I think each one is unique. The FBI advice last time they had a big outbreak was just to pay if you want your data back.
The company I worked for at the time submitted a proposal for a part of it, and the response was "We don't want interoperability, we want a new system". Basically, they actively put their fingers in their ears and decided to be the only government project which totally ignored the entire infrastructure that the government had built (which was actually quite good, very secure and very resilient) in favour of reinventing the wheel...presumably, because they believed they had a bottomless budget and everybody wanted on the gravy train.
If they'd gone for the more sensible solution, it would maybe have cost them £500m at an outside lots-of-things-have-gone-wrong estimate.
I'd hazard a guess that this is actually a bunch of script kiddies who've got hold of some nasty tools and chucked it out there in the hope of making a bit of money - to make it reliant on a single, easily-hijacked domain is not the act of a well-funded organisation or an experienced cracker. They'll now be shitting themselves, because they would never have expected it to get this far out of control.
My assumption is that it generates a random key and uploads it over an encrypted channel to the command and control system.
I also completely agree that the NHS computer system fiasco was the responsibility of the Blair government, but probably not for any actual political reason - just arrogance and incompetence with added gravy-train jumping - and I'm sure the civil service had a lot to do with it as well. Which has exactly no bearing on the current situation, either for the NHS or for politics.
"Take these three items, some WD-40, a vise grip, and a roll of duct tape. Any man worth his salt can fix almost any problem with this stuff alone." - Walt Kowalski
"Only two things are infinite - the universe, and human stupidity. And I'm not sure about the universe." - Albert Einstein
The only issue is the time limit, the program deletes all of the data after 7 days.
Politicians are quick to take the credit when things go right.
Remember, it's easier to criticise than create!