Supposedly, ridiculously slow Windows updates (not happening even after hours and hours) have finally been solved
Well, old news from Dedoimedo.
These habits served me well for many years and I've never encountered problems with Windoze.
Quote from: krake on 2016-10-03, 08:30:52Well, old news from Dedoimedo. I don't know; I tried to install a number of recommended patches manually a few months back and it didn't help too much.
I think he wrote July.
What I am failing to notice in all the reporting is the word "Windows". Did the ransomware really affect any and all opsyses?
But they are saying "Ukraina" http://sverigesradio.se/sida/artikel.aspx?programid=161&artikel=6695485
Quote from: ersi on 2017-05-16, 04:55:26But they are saying "Ukraina" http://sverigesradio.se/sida/artikel.aspx?programid=161&artikel=6695485Either Lars Ericsson, Web and IT Manager at Region Dalarna is an idiot or he considers all the readers of his statement to be idiots.Neither are the "attacks from Ukrainian banks" related to the SMB exploit nor does an originating IP reveal the identity of an attacker.
Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which I promptly registered.[...]Our standard model goes something like this.Look for unregistered or expired C2 domains belonging to active botnets and point it to our sinkhole (a sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them).Gather data on the geographical distribution and scale of the infections, including IP addresses, which can be used to notify victims that they're infected and assist law enforcement.Reverse engineer the malware and see if there are any vulnerabilities in the code which would allow us to take over the malware/botnet and prevent the spread or malicious use, via the domain we registered.
You are trying your best to leave the impression that IP addresses reveal nothing. I have not seen any expert leave this impression. IP addresses usualy give a strong sense of direction of the attack.
Quote from: ersi on 2017-05-16, 07:12:42You are trying your best to leave the impression that IP addresses reveal nothing. I have not seen any expert leave this impression. IP addresses usualy give a strong sense of direction of the attack.I'm trying my best to make clear that the originating IP of an attack reveals only the source of the last hop.So while the originating IP of an attack can be attributed to a bank from the Ukraine, the attack could be performed from anywhere.
Yes, the attack could be from anywhere, but just like the direction from a bank in Ukraine was traced, cannot it be further traced by examining what's been going on in the bank servers?
What I am failing to notice in all the reporting is the word "Windows". And "Microsoft". Did the ransomware really affect any and all opsyses?
For sure it can. At best you'll end up with another IP which you can't trace any further.
The key to successfully hiding your identity during an attack seems to be making sure you pass through enough interim sites to conceal your point of origin permanently - either because they're in a country not vulnerable to pressure from the FBI, specifically offer to protect users' data by not saving the login or tracking data on their servers for more than a few days, or because they're zombies being remotely controlled by someone else, who makes sure the zombie doesn't keep enough information to point back to a command-and-control site.Lacking a trustworthy proxy, the best thing to do is to go through so many interim sites and services that the process of tracking you through them all is too time consuming for most security teams."Even if hackers redirect through other sites, it's frequently still possible to track an attack back to them," according to Clifford Neuman, director of the USC Center for Computer Systems Security, who was quoted in InfoWorld's recent Stupid hacker tricks: Exploits gone bad article. "You trace it back to one point, then you go through diplomatic channels to get the authorities in the outside country to find and collect the logs. It's a months-long process, but it can be done."
Didn't really affect MS either as they'd already patched the vulnerability last year iirc.
Page created in 0.056 seconds with 21 queries.