NHS ransomware virus

OY VEY, WE DON'T NEGOTIATE WITH TERRORISTS

many people are paying, we have seen the bitcoin address recieve a lot of money.

blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

The only ones saying they weren't were shills.
BRING ON THE NIGHT!

How likely is it he'll make it out unscathed? Is there any way this attack can be traced?

everyone is going to be looking for him. Hard to say though.
the hardest thing is to cash the money out, that draws a lot of attention. bitcoins can be traced when they are exchanged.

Im no expert but ill try and give you a picture

Bitcoin can be traced but if he uses an online wallet and uses some kind of proxy it will be the same as any other cybercrime by proxy, just depends on how far we went and how careful he was

...

forbes.com/sites/thomasbrewster/2017/05/12/nsa-exploit-used-by-wannacry-ransomware-in-global-explosion/
archive.is/cQxOr

this is very bad, they are pretending its ok for the NSA to stockpile these vulnerabilities.

It is not ok, they should be reporting them and getting them fixed immediately.

Isn't every bitcoin transaction publicly available and traceable? Even if he gets millions, how will he possibly spend them?

Trade them for shekels of course.

36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge.

twitter.com/JakubKroustek/status/863045197663490053
archive.is/q7jqH

Maybe cold storage?

wew.

It has got to be a kike hitting the UK and Russia like that.

By selling them on an exchange for Monero and then buying his Bitcoins back. There are plenty of Bitcoins ATM in major cities all over.

im a jew… pls dont gas me

enjoy your ban

Going to be very difficult now. He fucked up by spreading this so widely, now all the security services around the world are going to me monitoring him. He's not long for this world, believe me.

Its to show that the NHS´ computer security is a meme, and that if a serious entity, like a foreign intelligence agency wanted to shut it down, they could.

obviously the guy[s] who wrote this virus are bastards are should be prosecuted.

but I want people to understand that everything this virus does, the NSA could do. This is just a sample of their power over our computer systems.

They should not be allowed to hoard exploits. They should be legally compelled to disclose them immediately. If they had done this then this bug would have been fixed years ago and could not be exploited today.

this computer stuff is like when man first discovered fire.

a tiny spark can burn down an entire village. we humans are not ready for such power.

We shouldn't be wasting time trying to preach morals to the IC. What we need to do is hammer the NSA/CIA for their lax security protocols for thier contractors. We need to be demanding that they be given the screws and live under incredibly draconian security procedures if they're going to do these kinds of things. That will make all the brony faggot's morale plummet as internal security gets ratcheted up. The result will be mass attrition and/or even more leaks.

We need WW3 with RUSSIA GOYS!!!! They took down our hospitals and killed old people!

I bet pajeet is responsible for this.

Spanish companies have also been hacked. Telefonica the telecomunicationsservice and internet provider, is also hacked.
It's on the newspaper el mundo.
GRACIAS NSA!

B-B-BUT WINDOWS IS A SECURE OS, THEY TOLD ME LINUX WAS A MEME

Here in Chile they shutted down the subway's free wifi.
People from some ISP are leaving their jobs early because they can't do shit, their internet access was shutted down and all the emails with attachments were blocked.
The news is all over the media and people are talking about it on the streets.

Socialism getting BTFO'd once more. Single point of failure.

This is probably the best angle. The people running this show are too mentally deficient to understand that what they're doing is a terrible idea, but they've had so many leaks in recent years that they'll be nice and paranoid. There's plenty of evidence to make the case that they need to dramatically step up security.

Here I thought all the happenings were done for the week but I wake up and Ebola-chan is back and this shit with hospital computers is going down. What a great day.

Whew lads.

The funny thing is the harder congress tries to fight this shit, the harder everyone tries to fight common sense, the more we hackers win.
If you don't want innocent people harmed by exploits you've found:
TELL THE INNOCENT PEOPLE BEFORE IT CAN BE USED AGAINST THEM
NSA fags: Name a single, actual, threat to the United States that these exploits were successfully used by their agencies to defeat.
protip: you can't.
Can we hurry up and put more stickers and rfid tags in everything to use as authentication while we're at it?
I'd love to be able to impersonate anyone for less than $30.

Plus, normalfags would understand MUH SECURITY! a lot more than they would the technical aspects of NSA not patching these exploits.

They aren't bugging iPhones to spy on terrorists, they're bugging iPhones to spy on Drumpf. Or combat veterans that buy guns and go to church. Or people that say mean things about Israel.

I understand that.
Which is why they are fucked.
They set this whole system up so everyone could easily be spied upon without ever considering anyone intelligent coming wise to it.
Classic jew-golem move tbh fam.

Burger detected.

Eurofags love their socialism. That's why they won't be able to save themselves.

Don't kid yourself, burgerclap. 60% of your government's spending goes towards healthcare, welfare and pensions.

I used to work for a support company, we'd see this sort of thing every day
it's not a direct attack, as in nobody actively targeted the NHS and sent the malware to their servers or anything like that, what likely happened is some shithead clicked the wrong link, got the worm on his computer and it hopped all around the LAN fucking over every single machine
this probably wasn't a "cyber attack", just the slightly more severe equivalent of your senile old grandpa getting porn popups all over his computer

How is it spreading?

this.

it's a worm. They usually spread over the network. Without analyzing it though I couldn't fucking tell you tbh.

For each individual machine? On a rapidly propagating worm, that could end up with a nice sum total.
Course ideally anything important should be on a fileshare, with regular backups, but these aren't the main customers.

Would make sense if each computer has to be bought out individually.

if it's anything like the shit I used to deal with, they'll need to be
because of modern network structure though the sensible thing to do is just ransom the server(s), back up the databases and nuke everything
if he's lucky he'll get maybe 15-20 ransoms tops

WannaCry ransomware has taken down Spain's two largest telecommunication companies, Spain's largest bank and Spain's largest gas company.

Spain Paralyzed, Government Panics

Pluto's Kiss is a little bit late.

$300 is the standard fee for ransomware. No one's going to pay $1000 for the contents of their hard drive; they'll just take the computer to Best Buy and get Windows reinstalled. $300 seems to be the "sweet spot" in terms of how much money you get – any less and you make less money per ransom, any more and people stop paying.

Keep in mind that's $300 per computer, so if he's infected 100 computers (he likely got more; there's a lot of computers at hospitals and he's apparently hit private practices as well), that's $30,000 for a day or two of work. Factor in multiple campaigns per year, and it's easy to see the guy behind these attacks making high six figures.

He may have been able to adjust the price upwards from $300 given that he was attacking hospitals, but the guy behind these attacks likely has very little programming experience, has no clue how to modify compiled programs, and just downloaded the ransomware program from some site, like 90% of crimeware operators.

Well, that's the thing - you either have to spend the bitcoins, which is entirely traceable, or somehow redeem them for shekels, which is even more traceable. I'm not a btc user but I frankly don't see how he can cash out the millions he'll be getting today without getting v& instantly.
How is this spreading exactly? Can a Holla Forumsfag explain what makes one at risk of getting this?

there are bitcoin laundering combines out there so it's not exactly difficult.

Spend the next year scattering the coins between different tumbling services and exchanges, trading for other coins, then continuing to transfer those coins through other services and exchanges while leaving some coins behind here and there to obfuscate the in/out amounts. Eventually he can start withdrawing BTC from ATMs (or localbitcoins trading sites) but he has to do it gradually.

One thing worth noting is that many exchanges are setup so that when you withdraw, it is not coming from the same wallet you would deposit into. That's because most exchanges keep 3 types of wallets:

-deposit wallets each tied to a specific account so they can identify who to credit when the deposit is made
-deep storage wallets which hold most of the exchange's reserves
-withdrawal wallets that always keep a buffer of coin so when you withdraw the funds get sent to wherever. many security reasons for this (for example a withdrawal exploit wouldn't be able to drain all the exchanges funds)

For this reason alone, if you deposit $x worth of BTC into a popular exchange without doxing yourself and withdraw various amounts to offsite wallets over the next few weeks, there is no actual trace in the blockchain of the $x going to those wallets (but it would be easier to figure out if there was $x in followed by $x out). The only way feds would know if they had system access to the exchange and could actually audit which account made the transactions.

Anyway I think whoever made this ransomware is probably smart enough they won't get caught but I guess you never know.

See I'm of the opinion the nation needs some manner of public/government software development office that maintains a Linux distro for use by public services, etc.

Probably cheaper than buying all those Windows licenses.

Likely through spam emails with attached documents containing Visual Basic scripts or through a Flash zero day.

Pro-tip for Holla Forumsaks that are afraid of getting v&: disable Office macros and remove Flash completely from your browser. If you do that, you're safe from 99% of malware, including malware that the FBI uses, even if you're running Windows 7 with no antivirus installed.

Linux wouldn't have made a difference. This malware was installed either by a vulnerability in Flash or by users willingly running a document that contains a script. Both of those can be done just as easily in Linux as on Windows.

Linux out of the box is just as insecure as Windows, with the possible exception being that on Linux you aren't using the root account out of the box. Linux is only more secure than Windows if you take steps to make it more secure. Like everything else with *nix, there's no hand-holding – how secure your computer is is completely up to you, unlike with Windows where there are easy one-click-to-install antivirus programs.

Bitcoin mixers

If he's an idiot and fucked up a la Ross Ulbricht, he may have set up a command and control server in a Western-friendly country and may have SSH'd into said server from his home IP. If he lives in a country that plays ball with Western law enforcement, he's fucked.

If he's smart and hid his IP, there's realistically very little chance that he'll ever be caught.

I'm more curious about this than all the money stuff tbh

Cryptocurrencies can be laundered in 2 ways:
1. Mixing
Take dirty BTC, mix it with clear, cash out. It's like you drop 10 dirty coins into a huge piggy bank, shake it and then take out 10 coins. Same money, but no taint.
2. Exchanges
Get an account on an exchange that doesn't ask for ID (using tor of course), deposit your dirty coins, buy other coins with them, cash out. This way completely erases any blockchain trace.

The people behind this are way in over their heads.
They're asking for fuck all money while committing a major crime. Unless they live in Zimbabwe or some shit I don't think they fully grasp how fucked they are.

This is no ordinary malware

Malicious hackers are exploiting NSA's Vault 7 technology to bring down the world and you are basically stupid.

dailymail.co.uk/news/article-4500738/NHS-hack-huge-global-cyber-attack.html

Got any news articles linking nsa or cia to illegal spying on us citizens? I may or may not bebwroting something related to the electronic frontier foundation's efforts to counter this right now

wrong
real linux users don't use flash/or use open source flash alternative
implying masterrace falls for such things
wrong
wrong
implying you are truly root with Wangblows admin
WRONG
nigger do you even Mint
He puts all his trust in anti-virus

What a fuckup. Vault7 is CIA, WikiLeaks isn't related to TheShadowBrokers.

Given the spread, I don't think they actually intended to attack the NHS. The virus most likely just spread to their network from an exteranl infected source.

topkek

if half of what you said was true, macfags would make good music and actually be allergic to gluten

I mean, most viruses don't get reported in the news, at least not soon. I'm not a Holla Forumsfag at all, but what I bet happened is some guy's little backburner cash cow got infected some NHS paper pusher's laptop, and then used whatever vector it employs to get into the NHS system. This kicked the door in, causing the whole rotten system to be infected, and since there are a lot of people in communication with the NHS, it blew up while at the same time making front page news.

Is this a plausible scenario? sage for replying to myself

Provide source.

Then that's up to user preference. Flash can be installed on Linux, and if you have it installed it is just as vulnerable on Linux as on Windows. Whether or not "real" users install it is irrelevant – that has nothing to do with the security of the operating system. That is about the security of the user.

You might as well say that Linux is more secure out of the box because "real" users install grsecurity or AppArmor.

Again, you're talking about the user. If you take a Windows user and put him on Linux, he will not magically gain 1337 [email protected]/* */ skills. He will be just as likely to fall for a social engineering scam as he was on Windows.

Provide proof. How is it any more difficult to exploit Flash or write a LibreOffice macro on Linux than it is on Windows.

Again: provide proof

…? How is that even relevant to what I'm talking about?

[citation needed]

If you're running Mint, you're just as insecure as if you were running Windows 7 with a guest account, unless you've installed AppArmor, SELinux, Tomoyo, Smack, grsecurity, or are using hardened binaries or Linux containers

Are you doing any of those things?

I've been running CentOS with grsec and RBAC for years now. I've never even had antivirus installed. But please go ahead with your shitposting.

What is smbclient?

How secure is arch?

If you're using windows, do any of the following:
a) install updates
b) disable incoming smb/block local firewall ports (it's a given that your wan firewall shouldn't allow well known ports in unless specific reasons)
c) don't be on a network with a pc that has that infection, or with an attacker pushing it out
d) don't use windows

It mainly interesting because it has/had the potential to catch a lot of people with their pants down on large/open networks, due to it being a common port (i.e. point c) )

so because its the same protocol, the same exploit AUTOMATICALLY works regardless of OS???

also

HAHAHAHA just stfu dumbass

People are going to die… This is sad.

Those people are likely going to be Mudslimes though, Ha!

But oh shit… I just realized

I want you to put your thinking cap on.

Done? Now, follow my logic here. I'll use BIG LETTERS and line breaks between statements to make it simple for you.

PROGRAM CONTAIN VULNERABILITIES
ALL PROGRAM CONTAIN VULNERABILITIES
NO PROGRAM WITH NO VULNERABILITIES
IF ATTACKER CAN FIND VULNERABILITIES IN WINDOWS SAMBA CLIENT
MAYBE ATTACKER FIND VULNERABILITIES IN LINUX SAMBA CLIENT?

The point I'm making is that switching to Linux won't have some magic anti-haxxor effect. The people attacking you will just start looking for Linux vulnerabilities instead of Windows vulnerabilities. You're acting like Linux programs magically don't have vulnerabilities.

I see no proof or citation in your statement. You are asserting that what you say is true with no evidence. My evidence for my point is simple: Linux Mint contains software that can have vulnerabilities, and by default has no hardening mechanisms to make these vulnerabilities less exploitable. The Mint non-root account is virtually identical to the Windows guest account in terms of what the user is allowed to do. Therefore, Mint security is equivalent to Windows security while using a guest account.

Now you have to provide proof to support your argument. That's how arguments work. You can't just repeat dogmatic phrases like they're indisputable facts and expect anyone to take you seriously.

Unless he's an idiot he'll probably get away. If it was me, and no its not me if any agents are looking, I would use tumblers to mix up the money, trade for a more private coin like Monero, send to another exchange, and trade the Monero back for bitcoin, then sell on localbitcoins(or buy shit on amazon that I was wanting through Purse.io).

I don't need proof to know youre a dumbass

also

your lack of self awareness is astounding

Where did I ever say it would be the same exploit, you dullard?

I said it would contain an exploit, and that anyone who wanted to find the exploit would be able to find it just as easily as he could find an exploit in the Windows client, because Linux by default contains no hardening mechanisms that Windows doesn't.

All my points are backed up by facts. You, on the other hand, just say "hahahaha just stfu dumbass" and "wrong" with no evidence.

Name one point where I used a dogmatic phrase and didn't provide evidence.

I know I'm responding a 3rd time but fuck it because you seem like a disinfo-shill from microshit.

You just blew your own argument out.
DUMBASS

HAHAHAHA

OK
evidence plz

BGP drop rusholes & ex-eastern bloc shitholes, chinks, afrinic + street shitters/paki
mudslimes.
Problem solved.

Jesus Christ. I'm arguing with a mental midget.

Yes, MAYBE. Just like an attacker MAYBE may find a vulnerability in the Windows client. The probability of a program for Linux containing a vulnerability is equivalent to the probability of a program for Windows containing a vulnerability. I said MAYBE because a vulnerability that has not yet been found cannot be proven to exist until it is found.

You seem to think that vulnerabilities for Linux are somehow less common than vulnerabilities for Windows programs, or are somehow magically not exploitable. Here's some data to the contrary:

cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33

cvedetails.com/product/39/Microsoft-Windows-Nt.html?vendor_id=26

The probability that an attacker will find a vulnerability in a Linux program is equal to the probability that an attacker will find a vulnerability in the Windows version of the program, because Linux programs aren't magical memory-safe programs with no bugs.

Now, please provide me your evidence to suggest it would be any more difficult to find a bug in Linux than it would be to find a big in Windows NT.

Okay. Name the hardening mechanism that Linux has out of the box that Windows does not.

You seem confident in your correctness, so you should have no difficulty finding this magical linux-only out of the box hardening mechanism.

I'm waiting.

citation plz

If we go on past findings alone (how many have been found for windows vs linux) then you are
wrong

What's your agenda NSA?

Linux's innate security comes mainly from how it handles user permissions.
It's extremely restrictive out of the box.
Many kinds of tasks require a secondary password confirmation by the user.

Indeed the main way to target Linux machines is to try and get the user to add a fake repository.

Don't bother with him.

he's probably some NSA shill

notice how it got really quiet suddenly?

A Linux non-root user can do everything that a Windows guest user can do: access all of his own files, including documents and installed programs, alter the settings that effect his own account, etc. This can all be done on a Linux non-root account. A Linux non-root user can ptrace and inject his own programs into any other processes running on his own account, just like a Windows user can.

A Windows guest user cannot, however, access any documents he does not own. He cannot inject into any processes he does not own. He cannot even see any processes he does not own. Just like a Linux non-root user cannot do these things.

A Windows guest account cannot install software for all users, nor can he modify settings that apply to all users on the computer – just like a Linux non-root account cannot install software for all users or modify settings that affect all users.

A Windows guest account can, however, install software that only it will use, just like a Linux non-root account can install software that only it will use.

Ransomware operates by starting a new thread, reading the contents of the user's documents and shared files, encrypting said contents, and writing the contents back to the files on disc, thereby overwriting the old contents with the new, encrypted ones. It then opens a TCP socket to a command and control server to send the encryption key to it.

These things can all be done with a Linux non-root account. You can read your own documents on a non-root account (else how would you edit them?) and you can write to your own documents on a non-root account (else how would you save files you've edited?). You can connect to remote servers (how would a browser work if you couldn't?). Ransomware works on a Linux non-root account the same way that it works on a Windows guest account.

Yes, Linux programs can contain vulnerabilities just like Windows programs, because memory-safety vulnerabilities are not operating system specific. A buffer overflow, for example, can occur when a program writes past the end of an array. This is not something that can only happen on Windows – in fact, an array is not something that is operating-system specific at all.

There are mechanisms to harden programs against vulnerabilities, for example stack canaries and ASLR, but these things are implemented on Windows as well.

Again, I ask you: name the magic hardening mechanism that Linux programs have that Windows programs don't.

bullshit ass links

You can't just dismiss evidence because it's "bullshit ass," as you call it. All of the vulnerabilities listed are actual vulnerabilities that have been found in actual programs and reported. You can read through the entries if you like.

You can't just hand-wave away evidence because you don't like it.

As I said earlier, a Windows guest account is restricted in much the same way as a Linux non-root account. If you're running Windows with an Administrator account, then yes, you are able to do more than on a Linux non-root account. But if you're running a guest account, you are restricted.

… because anyone that mentions hardening is from the NSA apparently?

HE SAY DUMB-DUMB THINGS!
HE DISAGREE WITH MY BELIEFS!
I NO LIKE!
HE BAD-BAD MAN!

It "got quiet" because I was writing a logical and fact-supported response instead of spamming "LOL HE SO DUMB HAHAHA" like you have been doing.

You're kind of missing the point.

The way Linux is set up out of the box is essentially idiot proof.
With Windows it takes effort to not be idiot proof. A lot of it.
On top of that Windows Guest users can still initiate a lot of processes without extra authorisation

… just like a Linux non-root user

How would you use Linux if you couldn't start a process?

I can set up a Guest account in a minute. It's literally just as easy as setting up a new account on Linux.

How to say alot without saying anything: THE POST

WHAT IS FAKE NEWS

you keep mentioning SELinux (RedHat)
Not alot of redhat anons out there NSA bro, your covers blown.

waaaa cry moar bitch
Anyone who says Linux (even out of the box) is "just as bad as windows" is saying DUMBSHIT

everything you say is based on assumption MAYBE, IF, etc

PANTS
ON
RETARDED

I think I need to post this.

other than those 2 obscure links, you haven't posted shit

These are the guys that still have an extended support contract for Win XP. Mass outbreaks are a recurring theme for them.

Did you not read a single fucking thing I said? You're not even responding to what I'm saying. You're just writing in redtext about how I'm so stupid.

How to respond without actually responding to a single point I made: the post.

Are you schizophrenic? How does CNN lying about news have anything to do with the fact that Linux has just as many vulnerabilities as Windows?

I mentioned SELinux once, in a list of various hardening mechanisms Linux has.

You might as well say I work for Canonical because I mentioned AppArmor, of that I'm Spengler because I mentioned grsecurity, or that I'm working for IBM because I mentioned stack canaries.

Provide evidence. I've provided plenty of my own.

You haven't posted shit.
Meanwhile, in a post made five minutes ago:

hold the fuck up
Therefore the same vulnerabilities exist?????

No, this cancer argument has been debunked time and time again in all sorts of studies. Even if you look at the adoption studies where a nigger or a half mixed nigger is placed with white parents, they still do absolutely worse and under perform drastically. Race is not a product of the environment. You can not alter predisposition towards violence due to their brain structure by placing them in a better 'safe space'.

Muh hebephile argument. Any man who has sex with a under age child, i don't care if their 1 day away from their birthday to becoming 'legal' is a pedophile. Pedophiles need to be executed wherever you find them.

Any self respecting white nationalist would never promote any of these above. Sotomayor is literally preaching for black men to shack up with white women because he hates black women. Indirectly promoting miscegenation.

This speaks for itself. They talked about ruining a white mans life for 5 years, and they said ti was okay, because he was 'just' a white man because he spoke the truth about 9-11 which was caused by Jews.

Not gonna look further into it, i've always known he's Kike. See here's the deal; kikes know that the niggers will never accept them and see them as the same white devil. They began to realize that if they promote white genocide due to their innate Loxism hatred for them, the only Caucasians that will be left are hemedic and semetic, therefor they will bare the brunt of the blame game. Their victim role doesn't work in South Africa, South America nor Asia one bit, niggers don't give a shit about your holohaux, you are one of the haves, while 90% of them are the have nots. Jews are over represented in that society as being have's.

There is no hollywood propaganda to overcome the innate tribalism within latino's and niggers. Niggers and spics won't give a shit about how your a white half mixed asions or a white half mixed arab and so progressive for racial justice, when they become majority, they will subjugate you, remove your chances of Usury and ultimately they will kill you. Goodluck trying to survive when Europe, Northern America, Middle East and Africa are all against the kikehive Israel. This is simply a number games. They've begin to realize, that what the socialist jews are promoting is even the death of the Jewish Semetic race itself, because EVEN FOR THEM they are supposed Jewish sheeps, the majority of them have to be race mixed to prevent uprisings against the few multi billionaires who hold the power.

Anyone who promotes this anglin cancer guy on this Holla Forums will get a head shot from me. You don't change from these radical notions to a national socialist, he's a plant or a idiot who truly began to realize the error of his ways but can't be trusted because kike's gonna kike.

naw, these people are heroes
i work in cybersec, cant find a job
these orgs deserve exactly what they got coming, jews dont want to pay white men to keep thier systems secure

This is what happens when something anarchic like the internet is integrated to something organized and important, keep systems closed or don't use them at all but in the following years everyone will be vulnerable, only the strong will survive. You cannot protect yourself against everyone else, eventually the internet, the communication between everyone, including bad people will be the downfall of humanity.

Not only did you post this in the wrong thread but you're also a stupid fuck who doesn't think 16 is legal in most places.

Yeah thanks for telling everyone how the sun is yellow and the sky is blue
Clearly you really know your shit

also
MUH HARDENING
Your tears are giving me a hardening NSA

Strawman. I never said the same vulnerabilities exist. I said that vulnerabilities will exist, and that they will be just as easy to find and exploit as they would on Windows, because Windows contains the same hardening mechanisms that out-of-the-box Linux has (stack canaries, DEP, ASLR).

I notice a profound lack of counter-arguments and a profound excess of butthurt in your post.

You seem to be angry that I have provided proof and you have not.

...

I too work in a similar industry, and could certainly use more manpower/funding. Something like this is needed in order to wake up my higher-ups to the reality of the situation.

assumptions

No. I said that Linux and Windows non-root accounts have the same privileges, that Windows and Linux use the same hardening mechanisms, and that Linux does not have any magic fairy dust that makes it not able to have vulnerabilities.

Give me one reason why Linux programs would have less vulnerabilities than Windows programs.

Do you even know what a memory-corruption vulnerability is? Do you even know how an exploit works?

theregister.co.uk/2017/03/16/linux_kernel_vuln/

cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/cvssscoremin-7/cvssscoremax-7.99/Linux-Linux-Kernel.html

thehackernews.com/2017/02/linux-kernel-local-root.html

dirtycow.ninja/

arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/

ubuntu.com/usn/

zdnet.com/article/old-linux-kernel-security-bug-bites/

safecomputing.umich.edu/security-alerts/patch-address-vulnerability-linux-cve-2017-6074

Daily reminder that all x86 Intel CPUs past Core 2 Duo are compromised with Intel ME
Linux doesn't matter.

Why wouldn't Linux programs have vulnerabilities? Give me one reason.

That's not what's being argued dumbass

It's you saying - LINUX WITHOUT MUH SELINUX MODULE IS JUST AS BAD AS WINDOWS

but you're a NSA shill and you have to dissuade people from trying *nix

Where did I say that? I said: "Linux out of the box is like Windows with a guest account."

I mentioned SELinux once, in a list of other hardening mechanisms.

I also mentioned, in that same exact list: AppArmor, grsecurity, Tomoyo, Smack, and Linux containers. Are those all NSA shill inventions as well?

also here's my proof

The vault 7 leaks:
The sheer amount of Windows exploits as compared to Linux exploits

Show me where the vault 7 leaks have more linux exploits than windows

Otherwise stfu

I'm typing this on a CentOS computer. I never said "don't use Linux," I said "if you use Linux without hardening it, you're no safer than if you use Windows with a guest account."

If you want to use Linux, use grsecurity and RBAC, because if you don't, you are no safer than a Windows use using a guest account.

...

cvedetails.com/product/39/Microsoft-Windows-Nt.html?vendor_id=26

cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33

bullshit

nothing to do with Vault 7
Thanks for being so disingenuous everyone can spot your bullshit

Yeah okay NSA bro

btw you called me schizo earlier when I "hand waved" away these links
Let me explain to your dumbass

[citation needed]
You might not want to believe it, but that's what I said:

So if vulnerabilities weren't published in Vault 7, they don't exist?

I must be crazy – updating VPS boxes to install a patch to protect the KVM/QEMU hypervisor from the Venom exploit. It wasn't published in Vault 7; clearly the exploit never actually existed!

What am I saying – the Venom vulnerability wasn't even Windows specific! I didn't need to do all that work in the first place. After all, only Windows programs are exploitable. Linux programs are protected by Linus' Magic Anti-Vulnerability Essence.

Silly me, updating Linux computers to protect against a critical vulnerability that effected Linux. I should have known: once I installed Linux, those computers were safe by default!

Implying? Did they get 1337 h4xx0red too?

LOOK AT THESE LINKS

COUNT THE VULNERABILITIES

COUNT THEM

THERE ARE JUST AS MANY FOR LINUX AS THERE ARE FOR WINDOWS, DIPSHIT.

cvedetails.com/product/39/Microsoft-Windows-Nt.html?vendor_id=26

cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33

I asked for vault 7
You did not provide vault 7

So windows has only has 207 vulnerabilities between 1998 & 2008?
TOTALLY LEGIT BRO

The only goon here, is you. Off to Endchan you go, with your 2 PPH.

>cvedetails.com/top-50-products.php

TOTALLY LEGIT SITE BRO

LOLLOLOLOL

Britain already banned hard encryption long before that AFAIK.

Banning encryption is even dumber than banning guns because unlike guns someone can fuck with you from a continent away.

banning encryption is a great then CRIMINALS would not be able to use encryption, cause it's banned!
genius!

seriously, if you ban encryption the ONLY people that suffer is the common man.

Watch those goalposts shift!

Exploits are exploits. I asserted that Linux is no more safe than Windows by default, because they both contain similar numbers of exploits and Linux does not have any special hardening mechanisms that Windows does not.

You "countered" by saying that, because one leak of vulnerabilities contains Windows exploits, the literally hundreds of Linux exploits simply do not matter.

Those are the vulnerabilities for the Windows NT kernel. The fact that you want to believe there are more does not mean there are more. Your opinions do not make reality.

Do you have evidence of more that haven't been released? Please provide it.

… that's a list of all programs by the total number of vulnerabilities that have been released. What's your point?

Also I'd like to point out that the Linux kernel is AT THE TOP OF THE FUCKING LIST.

Linux kernel in 1st.

see

The jew projects

Clearly the linux kernel is LESS secure than Windows Vista
TOTALLY LEGIT SITE BRO

sysadm here. this is fucking awesome. i mean, sure, it sucks, but this is grade-A funding time.

how do you get new systems when no funding? break them; or let them break; or let them break because you spend all your time and money patching some crumbling infrastructure and can't –not– let them break; all the same thing, really.

pay day.

some one, some where, is going to be making a shitload of money on this yet-another-ancient-ransomware resurgence.

ps: this bug's code only encrypts the standard file spaces, and only small files such that the user won't notice the high local cpu consumption, and at that only after it talks to a CnC to reg the keys used back to actually complete the ransom, etc. so, if you even have the slightest sub-par data archiving and system mgmt policies, you pretty much just format and don't have to worry. but this is NHS with spic, nic, ackbar, and designateds running 'IT', so… they are so absolutely fucked.

if real.

I'll point you to you're own fucking post:

Look at the top of the list. For the program with the most vulnerabilities.

What program is that? Is it Windows of Linux.

I want the numbers from Vault 7 release, otherwise stfu crybaby

Given that it has more vulnerabilities…

TOTALLY LEGIT SITE BRO

cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/cvssscoremin-7/cvssscoremax-7.99/Linux-Linux-Kernel.html
cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33

ur bullshit site doesn't even agree with itself

It's in the USA. FedEx got hit.

Don't you mean HAD?

one filtered by score, you are just being a moron here

CAN YOU TWO FAGGOTS SHUT UP PLEASE

Both the Improvise and Aquaman programs were developed to infect Linux computers.

That's because the first link is after you narrowed down the exploits to only the ones with a severity score between 7 and 7.9, whereas the second link is the total number of exploits.

Was being intellectually dishonest part of your plan?

Source.

tell Satya Nadella fanboy to give it a rest

Again, I'm writing this on a CentOS computer.

ciodive.com/news/microsoft-took-6-months-to-patch-flaw-but-hackers-took-just-days-to-moneti/441474/

2 out of hundreds GOOD JOB

Unchecked dubs of truth dot png

NSA confirmed

That's because the vast majority of the programs in the leak were command and control applications, exploits for internet of things devices, and file obfuscators. 90% of them weren't even viruses.

This is why we have to ban civilian encryption, goy

By your logic that makes Linux moar secure than Windows
checkmate

And if you want your *nix exploits, just look at the earlier CIA leak, which had a whole directory of exploits for Solaris computers.

This is all just shifting the goalposts. You can't argue that Linux has less vulnerabilities than Windows, because I've demonstrated multiple times that that's false, so instead you hand-selected a microcosm of exploits that you insist are the only important ones.

… how? I said:

The vast majority were command and control applications, IoT exploits, and file obfuscators.

How does that make Linux more secure?

Let me guess – you're going to be intellectually dishonest again and claim somewhere later that I said "the vast majority were for Windows", aren't you?

...

Nigger, people were going to die anyways.

dailymail.co.uk/health/article-195277/NHS-death-rates-times-higher-US.html

NHS 'must be more open on preventable patient deaths'
bbc.com/news/health-38305033

Is Monero the most private cryptocurrency?

… because those links are to a repository of all public exploits for both Windows NT and Linux.

If you can find another repository of all exploits for Windows and Linux, please post it.

You're just shifting the goalposts again. Let me pin you down:

Find me one repository of all exploits for Windows and Linux that shows Windows having significantly more exploits than Linux.

Hell, I don't know why I'm asking. You don't even know what an "exploit" is.

Yes, and the darknet drug markets all accept it now too.

And those links conclusively state that Windows has less vulnerabilities than Linux.

What you're saying is like saying that someone is wrong, despite the fact that they posted evidence that they're right, because they keep posting the same piece of evidence every time you make the same baseless assertion that they're wrong.

Currently working on a keygen to create the key!

Filter ID

nice work

see

Windows has had tens of thousands of vulnerabilities

also
nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=windows
5370
and took 6 months to get patched
nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=linux
5225
and took a week

That red bold text is a nice cue to let me know to just ignore the post.

Please include Pepe in the UI!

But its getting on his nerves

What exactly are you talking about?

Again, Vault 7 was command and control applications and file obfuscators. The fact that you use that as a list of "exploits" indicates that you don't even know what an exploit is.

PROOF

Where is the list of the "tens of thousands of vulnerabilities" that Windows has? I have provided a repository of all public Windows exploits that indicates that Windows has not had "tens of thousands" of vulnerabilities. You are just asserting that it does, and providing no evidence.

Where is the evidence that Windows has had "tens of thousands of vulnerabilities"? Where is the list?

Also, here's some info on how vulnerabilities are exploited:

corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

Name one step in this process that is Windows specific and couldn't be done on Linux.

completely ignores how his site says Windows NT ONLY had 200 vulnerabilities from 1998 to 2008

"Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En)"
in the first fucking sentence

8ch.net/pol/res/9903251.html

while I've been arguing with this shill
hahahaha

en.wikipedia.org/wiki/Patch_Tuesday

HAHAHAHA

why not goodgoy ?

And? Where's your evidence to suggest otherwise?

Do you seriously believe that you saying something makes it true?

Yes, the program was written for Windows. Now tell me how the exploit required some Windows-only technology?

Here's a Linux program that has multiple vulnerabilities:

cvedetails.com/vendor/9605/Gimp.html

Stack overflows involve overfilling a buffer. Do Linux programs not use buffers? Do Linux programs not use heaps? Do they not use functions like scanf and printf that are vulnerable to format string exploits?

Use-after-free exploits occur when memory is de-allocated and then re-allocated while pointers to it still exist. Do Linux programs not use allocatable memory? Do they not use pointers?

I'd think I would know, given that I've been writing C programs on both Linux and Windows since I was thirteen.

Those are remote administration tools. Remote administration tools exist for Windows, Linux, Android, FreeBSD, and every other operating system.

I provided two Linux remote administration tools that were included in Vault 7. How is the existance of Remote Administration Tools for Windows any different?

Again, the fact that you're listing RATs as exploits indicates that you know fuckall about computer security.

Can't help but notice he completely ignored that reply.

OpenBSD is the most well documented & securest operating system right now.

Year of the Linux Desktop soon

Criminally unchecked digits anons….cmon.

And this is real talk right here. I'm planning to build a vintage rig for just this reason.

Just proprietary my shit up.

Year of the Linux desktop never. The entire linux scene is too autistic to
1) Settle on one DE.
2) Stop changing that DE for the sake of change of change.

Now, this begs the question why important hospital network infastructure is open to the outside.

Oh right, people are retards, I forgot.

I still haven't seen a DE that doesn't look like a flaming pile of garbage imported from 1998.

You forgot 3) they don't comprehend that anybody actually wants to use their computer for anything else besides surfing and installing new distros

Fixing that is simply a matter of creating new assets. But the idea that everything needs to be updated stylistically every year is fucking cancer anyways.

That's a matter of what applications are written for linux. Outside the scope of DEs.

Then why has it simply not been done yet? Just about the closest thing anybody bothered to come up with was Unity, and that was also a flaming pile of garbage for the most part.

Not every year, just as system performance improves to permit it. Even stock android looks great.

What are you talking about? DE's for linux have had their assets remade about 6 gorillion times.

dubs of truth.. the elite THAT CREATED OR CURATED ALL SYSTEMS CAN INFECT ALL SYSTEMS

CHECKED & KEK'd

which one of you fuckers made this virus? i knew you fuckers getting your hands on the nsa tools was going to lead to something like this

Good work. I can see you have worked out the structure of the program. Will it actually decrypt properly as I've heard of ransomware that fails to decrypt, even with a purchased key?

Hopefully someone will have the wherewithal to seize the C&C server. It may be vulnerable to attacks itself.

You are all missing the point.
The vulnerability was known and everyone knew that the exploit was out in the wild, however MS told XP users to get fucked and upgrade to Windows 10 - many of them just did not do it, since it would have meant that lots of their software/hardware would have stopped working - no budget for fixes.
If their systems would have been on linux - they could have pooled their resources and got that distro fixed for cheap or even for free, without affecting their business-critical applications- remember, there was lot of lead time for these NSA exploits. It was well known that shit was broken for MONTHS.

what an fbi kike you are big nose!

oh vey ive been found out goy

ovens ready jew! in u go!

Brah Solaris is dead.It died with Sun. Last update was 2015. The active open development was ended in 2010.
The only reason Oracle says its still supported is because of contracts with legacy customers. No one is actually selling Solaris and installing new systems today.

They sell Linux now. en.wikipedia.org/wiki/Oracle_Linux

There is literally nothing wrong with Windows 10. The only other worthwhile desktop OS's are Slackware and Gentoo. Prove me wrong, faggots.

theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

it's over, rover

Top kek. You know exactly what will happen

Talk about disappointing. I bet that guy won't get any bonus or anything for it. Maybe a thank you letter from a manager somewhere.

So the hacker didn't use a public encryption scheme? I thought it'd be RSA where the attacker has the private key.

more Warhammer 40k figures tbh

Gonna need more than 300 bucks for that mate.

This ransomware outbreak proves once again that most people are too stupid and irresponsible to be using a computer.

Not to mention that it IS easy to install an antivirus on linux.

>Again, you're talking about the user. If you take a Windows user and put him on Linux, he will not magically gain 1337 [email protected]/* */ skills.

If all the other Linux users aren't total wintards then that's where the worm ride ends.

I could elaborate on the rest, but, with this principle, I don't have to, you can do it yourself.

This one was for money. What if the next one is for teh lulz? Why encrypt the data when you can just erase it all and brick the box?

Poo in loo

This does smell like one of those you have a virus popups. Contacting the vendor of such spam often redirects to Indian call centers that sell fake service agreements.

Is this true?!

No. In the same post the idiot seems to either think that the NSA will have spent as much time and effort to backdoor niche OSs as they have on the ones that most of the world uses, or that if one piece of software on one platform in a specific category has a bunch of exploits then those exploits must also be present in every other piece of software on every other platform that falls in the same general category. Both ideas are retarded beyond belief.

That said disabling files having permission to run scripts at lesiure in any software and removing the mess that is flash are both warranted things whatever you are using.

LOOK AT THIS NIGGER SHILL SWITCHING IP

I truly believe your interlocutor is indeed schizophrenic.

Its the same amount as the last ransomware virus. I guess they see it as a reasonable amount that people will pay for, my work got the old one but they had most of their stuff backed up so they just wiped the computers and transferred everything back.

I had to deal with ransomware several times in my company.

Word of advice - make daily backups, make sure you have good security practices and settings, and be very careful which drives you map and what the access policy is.

Problem is, half of the stuff won't work properly without flash.

It works via smb bug. It doesn't matter what you map. It has /su access on all drives on system.

checked

Well would you look at that the people over at the IC who have been so booty blasted about Trump and have been doing all they could to subvert him have had their tools released upon the world. Looks like they will need to have the hammer dropped on them for being so careless and negligent. Would be a shame if they all got the axe or were found out to be commiting treasonous crimes against the American people. Would be a real shame if they were lined up for a firing squad.

this might be the trigger that send the pajeets back, and we can have our jobs back.

Well would you look at that the people over at the IC who have been so booty blasted about Trump and have been doing all they could to subvert him have had their tools released upon the world. Looks like they will need to have the hammer dropped on them for being so careless and negligent. Would be a shame if they all got the axe or were found out to be commiting treasonous crimes against the American people. Would be a real shame if they were lined up for a firing squad.

Could also be going the Goldfinger route. If it is someone who already has a huge amount of bitcoin, he could just be dropping the coins into dead wallets and hoping that the buying pressure on the exchanges would force the value of his holdings up.

Or maybe he's just some dumb fucking kid who thought he was going to pick up a few thousand dollars off of some normies.

Is this the new narrative? To make *nix not an option.

Could it be embedded to a webm or pdf uploaded here?

Perhaps. That'd be very new and unlikely. It's an SMBv2 exploit. You can download a cumulative update from here:

technet.microsoft.com/en-us/library/security/ms17-010.aspx

It spreads through email links, and open SMBv2 ports, for example, to have a network drive work over the internet. For example, so doctors can have access to patient records on their home computer.

github.com/misterch0c/shadowbroker

When things start getting worse, infraestructure sabotage and hacking will be a lot of fun for those annoyed.

Update doesn't work for me, long as I dont open suspicious emails or have a shared network like that, I'm safe?

But the gubbmint needs to spend more each year so it gets to retain a larger budget, goy. If Govt Department XYZ reduces spending, it will be allotted a smaller budget next year, goy. Spend more and you get more sheckels in the future, goy. Who cares, spend more – the gov't debt can just keep getting rolled over forever, goy. It's your grandchildren's problem not yours, goy.

i heard all you have to do is disable smb feature

Perhaps, but they do not work as well, mostly due to technical issues related to differences between the PE and ELF formats.

Windows uses the PE ("Portable Executable") format for almost everything, while modern Linux-based systems use ELF ("Executable and Linking Format") for almost everything. There are big differences between these related to dynamic linking and it affects the usefulness of ASLR on modern systems.

One of the major advantages of dynamic linking is that shared libraries can actually be shared between multiple programs that use them. Exactly how this is implemented differs in important ways between Linux and Windows.

On ELF systems, "shared objects" act independently in every process that loads them. While program text and read-only data can be shared between multiple processes, each instance of a shared object has its own local .data and .bss sections and no direct knowledge of any other instances of that library. Processes are fully self-contained. On modern architectures like x86_64, shared objects are not relocated but instead are required to be position-independent. While what exactly position-independent means technically would take us well into the weeds, a simple explanation is that shared objects can be mapped at any virtual address with no change to the text or read-only data. (Writable data can be subject to relocations, as is the PLT ("Program Linkage Table") that makes calls between dynamically-linked modules work.) Applied to ASLR, every shared object is mapped independently into every process that uses it.

On PE systems, dynamic linking uses a very different model. Each module (both the main executable and any DLLs ("Dynamic Link Libraries") it or they need) has tables local to that module. Symbols exported from a module are listed in an "export table", while symbols used from other modules are listed in an "import table". The loader fills in the slots in every module's import table with pointers to other module's export tables. All of these tables together are roughly equivalent to the ELF PLT and GOT ("Global Object Table"). Also, processes are less strictly isolated and DLLs can have "global data" segments that are implicitly shared among all processes that use that DLL.

Now for the fun part. On Windows, DLLs are relocatable, but have a preferred base address. With ASLR, the preferred base address is ignored and every DLL is relocated when loaded. So far, so good. But DLLs are not position-independent and their program text must be modified when they are relocated. This would prevent sharing a single copy of a DLL if it were relocated to different addresses in different processes. But DLLs can have "global data" that must be shared between all processes using them, so that single copy must be shared.
This means that ASLR on Windows is applied to a module once when that module is initially loaded, although it will be applied again (for a new base address) if all instances of a DLL are unloaded and then the DLL is loaded again. But some DLLs can never be entirely unloaded, such as KERNEL32.DLL and NTDLL.DLL, both of which are essentially the Windows API. These DLLs get a base address chosen once when the system boots and stay at that address (in all processes) until the system shuts down.

On Linux, ASLR is applied per-program, no exceptions. (But fork() clones a process, including its mappings. ASLR will not be reapplied until exec() starts a new executable.) When ASLR is applied, all shared objects are mapped at new, random, virtual addresses. (Okay, the implementation has been less than ideal, but ELF doesn't allow programs to assume the current implementation and they don't. It can be improved easily and I think grsec does exactly that.) (ASLR can also be globally disabled, but it's on "out-of-the-box".)

On Windows, ASLR is applied when each DLL is "first" loaded. But if a DLL is already in memory, relocation is not repeated. Instead, it will be mapped into the process at the same base address that was chosen when it was first mapped. An info leak in one process running one program is useful to attack other processes running other programs if they use a common DLL.

This mostly comes down to dynamic linking being a kernel facility on Windows and a userspace program ("ld-linux.so") on Linux. On Windows, the loader has knowledge of other processes and makes global optimizations at the cost of security. On Linux, it doesn't and can't. OS X has or has had a similar problem to Windows, made even funnier by loading shared libraries into a single global segment. Yes, this means that a shared library loaded by any program is visible in all processes, even if they don't use it. Yes, even root-owned processes get shared libraries loaded by unprivileged users. The Windows fuck-up times 9000. Makes injecting code piss-easy.

The NSA doesn't have a responsibility to report bugs to private companies. Nobody does.

Yes. It's the weekend. I work in IT (unfortunately); most of us cba to come in on the weekend.

"Linux" isn't an OS.

the only concept i understand about "stack buffer overflow" is here:
youtube.com/watch?v=cFYdr4X2Nqo

The obvious anti-linux shills earlier kept going on about hardening (SElinux, apparmor, etc)

These are additional software right?

My question is this; how is it smart to combat buffer overflow with MORE software/code? Doesn't this add the possibility of more exploits (some with root priv) ??

Wouldn't better coding be the best and most efficient way to combat the dreaded stack buffer overflow?

also

its like Windows Vista adding UAC to help combat exploits/unwanted-processes, yet vista/7 still got hacked left and right and dumb users still just clicked OK

go back to stallman.org

This is undoubtedly an attempt by kikecrosoft to force these companies to upgrade to windows 10.

which would explain the anti-linux shill ITT

what is funny is ppl still using windows lol You not on linux now you deserve to be fucked and do you even compute .

They're in the kernel, at least the active parts that stop attackers.
It'd be a bit worse than root — the hardening systems of this type are part of the Linux kernel itself. IF an attacker could exploit them, the shellcode would be running in the kernel. That's worse than root — SELinux and AppArmor can confine root-owned processes, shellcode in the kernel can simply turn SELinux/AppArmor/etc off entirely.

Fortunately, both of these are in the Linux kernel. Linux has very high standards for code quality (and a BDFL that likes to tell morons to fuck off in no uncertain terms, IIRC kdbus is still in limbo partly because one of the Lennart fanclub members was involved in its development while contributing to some mess or other that caused massive breakage — there was a specific threat that kdbus would never be merged if it contains code from this individual, Linus gets pissed when people try to say regressions aren't bugs) and the Linux developers generally know exactly how critical these subsystems are, so they get thorough code reviews. For technical reasons that would send us into the weeds, there is also very little attack surface into these subsystems. All this is why that's a big "if" above.

SELinux and AppArmor are both MAC ("Mandatory Access Control") systems. Exactly why they are called that would send us into the weeds again, but the important point is that they do very little to prevent buffer overflows beyond restricting the use of executable stack and data regions. Instead of preventing exploits, MAC systems limit what a process can do, regardless of the program running in that process. Exploit the Web server all you want, but you still only have the access the Web server needs — and installing a persistent backdoor ain't on that list unless the admin is pajeet-tier. The solution to that problem is to get an admin that knows how to use a toilet.

Which brings us to Yet Another Thing Wrong With systemd — one "do-everything" process ends up needing extremely broad MAC permissions, effectively rendering MAC largely useless. Because of systemd's "katamari" design, it is an amazing target for any exploit, since it can do almost anything and MAC cannot effectively confine it without breaking something. Because it's authors are clueless, it's shot through with bad code and I expect systemd to have an exploit density comparable to Windows. Lennart also likes to deny bugs, one recent case could result in systemd doing the equivalent of "rm -rf –no-preserve-root /" if asked to remove dotfiles from /tmp, by recursively removing "/tmp/.." (which is, er, "/"). Lennart tried to say "this is just one of the known Unix landmines, get used to it" except this particular landmine is so well-known that POSIX explicitly forbids "rm -r" from operating on "." and "..".

This is the "dancing bunnies" problem. You fix it by putting the dumb users in quicklime pits, classic BOFH ("Bastard Operator From Hell") style.

The updates to win 10 aren't free anymore though. Also they released patches for every Windows version until XP

It would have been more fun if they used the 2hu ransomware virus where they had to beat UFO on Lunatic with a good score.

jesus h christ

Im glad this is happening. I am tired of people just going "Well just install antivirus".

Im tired of this virus shit happening and no one doing a god damn thing. Hell you can make a virus, have it fuck over 100k people over a 4 month period and no one would do a fucking thing. Perhaps now people will start giving a shit and start finding these people. I want people who make these viruses shot in the god damn face. These people are almost as terrible as drugdealers since they steal information, hold your property hostage and sabatoge you, all at random.

The install gentoo meme has gone too far.

Shut the fuck up and install gentoo into your vagoo.

This would be an extremely effective means of instigating a mass suicide.

rofl and on top of this the patch for said exploit has been out for a month. If these hospitals had bothered to click yes to update windows XP security patch they wouldn't of been compromised. Not crying crocodile tears for profiteering health corporations that can't even bother with the most basic

It's not that simple.

Hospitals tend to use bespoke software that cost them millions to develop. Something as small as a vulnerability patch can break bespoke software like this, and getting your software patched to be compatible again ranges from "very expensive" to "fucking impossible".

All these XP machines remain in the NHS not because they can't afford to "upgrade" the OS, but because if they did they'd have tens of millions of £'s worth of software that is now useless unless they spend a similar amount on patching it / re-writing it.

Other industries are in a similar position but the NHS is really screwed by this situation.

They run proprietary shit that throws a shit fit if there's an update applied, or in some cases, they only work on XP, which hasn't been supported for years. Couple this with thousands of machines, and it would take (what they consider) too many shekels and too much money for an overhaul. Unfortunately money speaks louder than say people's safety and security.

tl;dr it's cheaper to keep shit as is, fuck your patients and shit, we need shekels

t. Holla Forums

pic unrelated

No, there are other exploits besides Flash. Look up exploit kits. You can actually rent the damn things if you know where to look.

They've already made more than 500k

They've released more than just eternal blue. There's a few others. This wanacry stuff use to be obsolete until they upgraded it with eternal blue and some new encryption.

Why the fuck are these systems connected to the internet then?!

SO lazy doctors can access files from home, instead of just using usb-sticks (sneakernet)

Except they don't.
An ordinary user can't even access the CD or DVD drive without the admin adding them to the appropriate group.
Mounting a USB stick (to access it) also requires root access in the default state.
Not the point. You are making a patently false claim, that ordinary users have the same default level of access under linux as they do under windows.
A lot. For example a linux user cannot infect his work network from usb, cd or bluetooth unless he has been granted special permission to access those devices.
And no amount of salty italics will make you right.

Just to add, this is no surprise at all.
NHS machines are set up with USB port fully accessible.
I have personally handed my psychiatrist a USB stick and had him insert it into his windows machine, he said something under his breath about "I don't think this will work, they're meant to be encrypted", but to his great surprise he was wrong.
The NHS puts great importance on muh diversity, being a public body in a Cultural Marxist state.
This is what happens when unqualified female Comp Sci graduates and shitskins are put in charge of tech.

And only criminals and veteran shitposters use vpns, so that's clearly out.

you're wasting your breath

the guy was obvious with a anti-*nix agenda

They should contact the WINE guys, or the WINE guys should contact them. We'll have the year of Gentoo by any means.

in one year, by investing only a few of his current bitcoins he manages to wash through bitcoin mixers, he can set up an official bitcoin exchange somewhere and begin to use it as a front to launder the rest

It's not simple to have something run on WINE (correctly) especially for large systems. Still need to pay someone for that.

It's like sort of like the airline industry, nothing changes until people die.

twitter.com/Snowden/status/863872972553166848
archive.is/UOnLo
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
archive.is/eKdHH

...

LOOK HOW FUCKING FAST IT'S SPREADING NOW

intel.malwaretech.com/WannaCrypt.html

...

checked
44 checking 22

MS new it was there and allowed it. Its a back door.

...

This is only gonna raise the value of Bitcoin…

Lennart is cancer. Init did need fixing, but why anyone would choose something made by the guy who designed pulseaudio, and then ramrod it onto the community despite other worthy replacement candidates being available… well, it made me want to believe it was a conspiracy. believing it was incompetence is just too painful

Hell, if *all* systemd did was replace init it would probably be a win. But no, he decided to give Linux "the pulseaudio treatment". Only retards have a problem with binary logs, amirite?