NHS hospitals hit with ransomware, people are going to die today because of it

fpbp

The UK government passed RIPA so everyones' browsing history will be shared with many such loose security government departments in future.
Once something like this happens to a deptarment, we will all be fucked too, as the the hackers could use the data to work out our home networks.
(If you visited a site ciscoroutertroubleshoot.com you would have given away a lot of info unwittingly)

Yes, I know VPN, but many many people have no idea about such things. :(

Pay it out of GCHQs budget maybe?
Surely they are meant to prevent such things happening?

This is what common law has become, "I and other people disagree with your opinion so I'm going to jail you".

Wangsblows strikes again, bribe after bribe have Microsoft taken over the world

I'm not sure if devices in intensive care are even connected to the internet. Maybe some parts of them, but certainly not critical components e.g. mechanical ventilation systems. No one is going to die from this, calm down.

coincidence (tm)
forbes.com/sites/thomasbrewster/2017/05/12/nsa-exploit-used-by-wannacry-ransomware-in-global-explosion/#3192c5d5e599

Remember! Install Windows 10 if you want to be protected!

ASK YOUR LOCAL GOVERNMENT TO INSTALL WIN 10 TODAY

WHY DIDN'T YOU INSTALL GENTOO IN THE FIRST PLACE

BBC story. Pure speculation, but would be highly embarrassing if true. I'm not surprised though, cyber criminals must have had a field day when those toys were released.

forbes.com/sites/thomasbrewster/2017/05/12/nsa-exploit-used-by-wannacry-ransomware-in-global-explosion/

archive.is/cQxOr

this is very bad, they are pretending its ok for the NSA to stockpile these vulnerabilities.

It is not ok, they should be reporting them and getting them fixed immediately.

yes they are trying to use this to push a narrative that NSA exploits should stay secret. this is wrong, NSA should not have exploits. defense means getting vulns fixed not hoarding them.

Intensive care isn't the only place were people die in hospitals.

Inability to access data creates a delay in patient treatment. Delays are fatal.

If this affected a haematology department then blood supplied to surgery theatres might be delayed = fatality.

This is pretty serious.

36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge.

twitter.com/JakubKroustek/status/863045197663490053
archive.is/q7jqH

The NSA needs exploits to do their job, that's never going to change. What needs to happen though, is a tighter window between discovery and disclosure. Let the NSA look in Mohammed's computer for 3 weeks, and then they MUST alert the vendor.

I'm concerned the Europeans will harp on the Russia connection, and use it as an excuse to move us to WW3.

If these are Russian hackers though, very stupid of them to hit their own people so hard. That'll raise the ire of their intelligence services, and will very likely result in many skulls being bashed in.

Can you imagine how nervous the group behind wanna cry is right now? They fucked up the replication rate of their worm, and now they have the attention of the entire world. Good luck trying to move all that bitcoin into cash.

Whatever the ransom price is on the computer screen the idiots have put a much higher price on their own heads.
Lots of people are now looking to collect their scalps.

this computer stuff is like when man first discovered fire.

a tiny spark can burn down an entire village. we humans are not ready for such power.

And the NSA leakers too, I don't imagine they are sitting too pretty right now, considering it was very likely an inside job. That narrows down the search quite a bit.

I really don't know if he's serious or memeing.

why?

How is it being passed from one computer to another though?

through virtual tubes

why? russians know that they're subhuman, they don't care anymore

It's a remote exploit in their SMB server.
technet.microsoft.com/en-us/library/security/ms17-010.aspx

So essentially just by specially crafted packets, independent of any activity from the victim (such as opening an attachment).

you guys are SO fucking cringey

Fuck off back to >>>/reddit/. You are worthless.

I think we'd have more resources to work with if we just brought back the death penalty, the prison system is completely unsustainable, we're feeding a bunch of murderers for life because 'wah I don't like killing people' and the number just keeps going up.

Why do you think they care? They get paid regardless of who they target.
Also it's mainly getting those countries because of how many people there are still running Windows XP.

How is this reddit, retard?

Which is why it makes me think this is possibly a Microsoft ploy to get people to update to the botnet
Alternatively the NSA have gotten really pissed off about losing their tools and are now trying to garner public support to criminalize the handling of "hacking software" and its distribution
Then again it could be like this user says and they fucked up by infecting so many people on accident and are in over their heads
Regardless, if fatalities come about due to this, these guys might very well get a price on their heads
Not to mention all those fucking pissed off companies still using windows xp
Wouldn't be surprised if these guys spend the rest of their lives in jail "if" they do get caught
and i mean "IF" because who the fuck is going to catch them?

Anyways, which updates do i need to protect myself?
I'm currently using windows 7 ultimate, haven't updated in years and now I'm fucking concerned with how fast this is spreading

Yes and ?
Don't get me wrong I know it awful and I consider it awful.
But RMS has warned everyone for 30 years.
In the 90s/2000s security researchers warned again.
I myself warned people about this kind of shit.
They were warned
Install gentoo with linux-libre.

web.archive.org/web/20170513140122/https://www.theregister.co.uk/2017/05/12/nhs_hospital_shut_down_due_to_cyber_attack/

Why do I even bother.
Trisquel
trisquel.info/
Gentoo
wiki.gentoo.org/wiki/Handbook

If it weren't for gayman I wouldn't be dualbooting 7. At least Wine's getting better by the day.

Some moralfag fixed it.
Please pardon my use of the guardian, couldn't find any more reputable news source reporting on it.
theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
archive.is/7VlW5

kys

Yes, goy, we swear we don't keep logs. We promise we won't sell your usage stats or share your data with any government.

Death penalty is actually currently more expensive than life without parole because it takes like 20 years until execution and expenses are higher for a death row inmate.

Holla Forums btfo again

I just install those that are not listed on the spyware lists.

I don't understand this.

this is not as exciting as Mr Robot thought it to be....
plus its not all hospitals which are affect, allegedly a lot of other public systems, but mostly stuff that doesn't need security in the first place

What the fuck are you talking about?
Everything needs security.

The security requirements are not equivalent to everyone but it's essential to every public system and arguably to every system in general.

Wait - he fucking fixed millions or even billions of $$$ in ransomware FOR FREE? He didn't ask for a $1 M payment for his solution?

He said that he only discovered that it would stop the ransomware by accident, AFTER registering the domain name.

Then don't give them 10 years and don't spend ridiculous amounts on lethal injections, electric chairs and gas chambers, just give it like a week then do it the old fashioned way.

*20 sorry

web.archive.org/web/20170513135125/https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

The sad thing is that the people who are going to suffer are not the ones who made the choice to use outdated proprietary software. You could be the most autistic person about Freedom, but if you need to go the the hospital and their software crashes and burns you are the one who is going to suffer the consequences.

So many edgy kids on Holla Forums

Toucher
I'll be indeed be yelling my autism to the IT mangers.

If you take care of your health and of your safety, you should never end up in a hospital.

Why would you rely on the state fallback security net at all?

Not the user you responded too.
Because you can't predict what will happen to you.

No, but you can take precautions to not end up in a hospital.

If you end up needing the state for your survival then you're practically dead already.

Kys

Hospitals have shit ton of material such has MRIs and such.
Besides private hospitals who is affordable for only 1% of the population I don't know other solutions.

You'd think they'd be doing that if it were possible. However, it's a little difficult to do that given that defendants are given way more chances to appeal in death penalty cases, and that it's way easier to get a sentence of life without parole.

Are you American?

lolbergs need to be gassed tbh

He's advocating prevention, and you're advocating giving up because you weren't born with 100% perfect circumstances. Your way is an evolutionary dead-end.

...

"gib"

You just don't get it, it has nothing to do with politics. You can be a socialist and still practice prevention. You're just an idiot, or maybe a troll.

He didn't do it for free, he paid 10bux to fix it.

...

No.

PCI Passthrough & QEMU KVM
Do some research, will ya.

This simply isn't true in the UK. Most people could afford private health care but don't because the difference in care between a private hospital and an NHS hospital is minimal. Private insurance starts at £10 a month if you have no existing conditions.

...

Just wait until kebabs ruin the NHS. Then everyone will flock to private providers (which will then jack up prices to orbit). It's always the same story with anything public.

If there is a customer flood to private providers of healthcare, then new healthcare providers will pop up to take a slice of that market segment.

It's already happened in bigger cities, it's the same with schools or any other public service. White people can't make nice things and keep them for themselves anymore.

If the white middle class stop using the NHS, it would be the death of it because they wouldn't want to pay the high taxes to keep a service that they don't use.

You do realize that the quality of the healthcare will be absolutely shit plus the prizes will skyrocket.

So you're saying that market competition reduces the quality of service and increases the cost for the whole marketplace?

General healthcare is a great example why textbook economics is always flawed.

Is that how it works???

What a fucking cuckold

No shit. The NHS is funded by tax payers. Currently the Tories are in power and will be for a long time. If their middle England voters decide that the NHS isn't useful for them anymore and they don't want to pay for a service that they do not use, the Tories are going to comply.

Free software is not the answer to malware. Fuck off, LARPer.

General healthcare is supported by the government. We do not live in a Free market.

He did not know that would stop the malware, it was an accidental discovery.

Yes it is. Every software has bugs, so the more eyes can audit and the more hands can fix the code, the better.

Wincuks BTFO once more.

couldn't expect any better from a freetard.

Nobody will audit your code if it's horrendously bloated to the point where your empty programs exceed 80 lines.

git.savannah.gnu.org/cgit/coreutils.git/tree/src/true.c

Noone fucking cares about `true` parsing --help or --version. It's just totally stupid. I could write a code 8 times shorter in assembly. The solution to malware and security exploits is short, formally proven code. GNU is the total opposite of that. And me being allowed to change the software I own and release a modified version nobody will ever give a fuck about is not going to fix things faster than me being allowed to send the devs an e-mail with the fixed code.

Open source is beneficial for security. Free software means jack shit.

so much this. Look up the Google OSS-Fuzz project

It is and it is not.
Free software indirectly stops the act of introducing malware in the source.
Why ?
Because everyone can read it.
Because every one can correct it.
Of course someone can do it anyway the GPL is magic, but the malicious code it will ultimately be removed thanks to the freedom the GPL grants.
The GPL still grant us the freedom to audit it whenever we want by anyone and correct it.
Free software and good design limits malware.
See for example the thread with the gentoofag who got ransomwared.
It wasn't because of a vulnerability but because he executed his web browser with root and with adobe flash player installed.
Fortunately for him he had a backup.
But you have to be pretty retarded execute a browser has root and installed the botnet that is adobe flash player.
If he had respected the security design by not executing the web browser has root he wouldn't have had this problem.
Same thing with adobe flash which is the kind of software that is known to deploy shit everywhere.

If so why was it written ?
Do it
That I can agree with the less code to audit the less possible vector of attacks.

I bet you're the kind of fag that doesn't even read or understand licensing.>>747313

Google's design for most of "open source" project is shit.
Like with android where they purged all GPLv3 software and tried to make their own coreutils and such.

.text_start: .globl _start movl $1, %eax movl $0, %ebx int $0x80

Then tell me how a free license is going to reduce the risk of exploits and malware.

Hard mode: answer in a way that is completely ignorant of open/closed source since it has nothing to do with free software.

Open Source and Free mean the same thing when it comes to security. The difference between the two is only in their motivation, i.e. the why and not the how

80 lines of code is still small enough. Yes, it's ugly, but having --version and --help is part of GNU's development standard and actually quite useful when you want to know what it is you have on your system. It only looks this bad because of how basic true is, but those few extra lines will be totally insignificant in any other software.

Just to clarify:

I 100% agree with this, but it was a poor choice to use GNU true as an example for that.

Has anyone found any vectors that don't involve some fucking retard clicking on shit that they shouldn't click?

So far the only possible ways I am seeing initial infection is normie morons opening attachments from clear fake emails or clicking every pop up in sight. After that it is able to spread through the network to machines that are headless but I cant see any initial vectors that dont involve social engineering the dumb shits first.

Congratulations on being the gayest post in this thread.

Already responded in it's an indirect protection.

Free software is tied to the technical aspects of a software you can't separate or not talk about it.
Or is there something that you would to point out ?

Before the 80s their wasn't that aspect of licensing in software.
People just exchanged source code between them.
The concept of closed software (aka sharing only the binaries) gradually came afterwords until present days.

I'm not going to defend proprietary software, but if you actually think free software has no "real" security threats, you're fucking delusional.

...

Awesome! I have emailed Theresa May to tell her I'll be moving to the UK and wont be paying taxes for defence, welfare, NHS amd schools since I wont be using either!
That should make my tax rate 1% since I only plan to pay to use police and firefighters.

No thanks.

Reading comprehension required.
Hope you enjoyed your spoonfeeding.

Unless you're a fan of George Orwell I don't think it's worth it.

How do you think the SMB exploit gets into the network to begin with? It has to get into the network through an infected host somewhere else on the network before it can spread the SMB malware. How do you think that initial infected host gets infected?

Nice bait.

Withholding the code for a program provides absolutely no benefit to users. Security through obscurity doesn't work, and abandoned proprietary programs expose users to various risks without giving anyone the ability to fork or fix a program, or recompile when there are ABI changes, forcing you to stick to other old software.

Infected computers scan all IPs for more victims. If your port 445 is exposed to the internet, you'll get infected.

Why are all freetards so inconsistent when it comes to the differences between free software and open source?

But who are you quoting?

If Americans start using this as an excuse to slander the healthcare system I am going to fucking break something

Proprietary software, you mean.
I don't know how you got through school with that reading comprehension of yours (if you did at all).

The difference is simple. Examples:
>3. Program has cucked BSD-like license that allows only allows oppressed wimminz to make proprietary versions? Free, but not open source (license discriminates against persons or groups) (and no one will use it, you hypocritical sexist cuck).
Though it's unsurprising you wouldn't understand with your nonexistent reading comprehension skills.

Make up your mind.

None of these corporate networks have 445 open to the outside world. Hundreds of thousands of dollars worth of physical firewalling meaningless when the receptionist opens up a phishing email and brings down every single windows box on the network because microsoft SMB was incredibly easy to manipulate on the LAN side

BETTER OPEN ALL OF THEM LOL XD
These 4 were pulled by proofpoint as matching the heuristics for the wannacrypt initial infection

All have no message content other than a pdf attachment
Opening the pdf on a linux machine shows that the pdf itself might have executable code attempts on it but there is just a simple http link inside that most people are probably just clicking on when they open the pdf

You are either retarded or a liberal and have no idea about UK politics. What I am saying is that if the Tories see that privatising the NHS is becoming a popular idea, then they are going to go with it as a policy and then implement it. They already have a large enough majority in the house of commons to make it happen.