Major hack / IT attack against UK NHS in progress

[FriendlyFire]

Initial Kaspersky report said 70% of new infections were in Russia. But as they admit, they may have incomplete data.
If they are correct, the pandemic might indeed start in Russia.

More like 90% the rest are coming from India and Gyna
The irony of it is the hacking tools came from the US NSA

With Trump President I dont expect much, Maybe Russia can catch a few of the hackers as a token crackdown
UK and EU are going to be angry for a while.

 

[red_elk]

Maybe Russia can catch a few of the hackers as a token crackdown

If it does, which is unlikely, it would rather offer them a job. Like CIA does.

UK and EU are going to be angry for a while.

Who cares.

 

[Broken_Erika]

Seems someone Accidentally broke it.
http://www.bbc.com/news/technology-39907049

 

[Zelig]

Your example for an RCE on a unix platform is not comparable with windows file services exploitable in windows. You're comparing user-installed software on unix (which distributions even package and maintain struts?) to built-in software active by default on windows.

Yes, and like I said, there's no fair comparison possible if that's your metric, there's no such thing as "built-in" software on Linux.

AMT (allegedly only when enabled, if you take the word of "our closed-source AMT is safe, trust us" Intel) is vulnerable to a remote attack from its associated network interfaces regardless of the operating system or drivers installed on top.

That's a very broad reading of the vulnerability. It's only vulnerable on when the CPU/chipset/network hardware all support AMT, and the system vendor has specifically licensed the AMT code for the management engine firmware. No consumer system is going to hit those boxes, enterprise administrators should know better. (Particularly from now on.)

Don't be so partisan, Zelig.

That's a laugh. I've got no horse in the race, and own/use Windows/macOS/iOS/Android/Linux/FreeBSD OS's, and devices with Intel/AMD/Apple/Broadcom/Qualcomm/Ralink CPUs on a daily basis.

There are differences between what the likes of Intel and Microsoft have been doing and the people producing open-source software.

Yeah, one is open source, the other isn't.

The problem is not security by obscurity because with security the idea is that something be obscure (hidden).

You're being intentionally obtuse. "Security through obscurity" is a well defined term, and is not a legitimate form of security.

The problem is trusting obscure claims to security. "This is safe, trust us but don't even think of checking".

Words of an open-source ideologue, which ignore how secure things actually are.

AMT, I will add, was yet another instance of Richard Stallman being proven absolutely correct on his warning made years before the "flaw" was acknowledged.

I'm not going to read that, because I'm saying the same thing, you shouldn't have been using, and should still not been using AMT. That's the reason I'm so dismissive of the vulnerability - AMD isn't an critical administrative tool, it's a timebomb waiting to go off for technical reasons, not for source-availability reasons.

 

[uppi]

Yes, and like I said, there's no fair comparison possible if that's your metric, there's no such thing as "built-in" software on Linux.

It is not a fair comparison, but it hints at the problem of Windows that it is not very modular and comes with a lot of built-in software. Each additional piece of software is a potential security risk, even if you do not even use it.

 

[Zelig]

Windows as such is quite modular: https://docs.microsoft.com/en-us/windows-server/get-started/getting-started-with-nano-server

 

[innonimatu]

Yes, and like I said, there's no fair comparison possible if that's your metric, there's no such thing as "built-in" software on Linux.

You're one of the few people who really irritate me here, because of this you just did, and constantly do when offering what you consider to be your "expert advice": you must be right at all costs and refuse to admit when you're caught in the wrong. I specifically asked which distribution of unix (of which there are hundreds if we understand it to include linux ones, as we did in our conversion) packages (includes) that software you presented as an example.
Each distribution usually packages far more software than Windows does. That is the "built-in" software of the distribution. I was actually making it easy for you to refute my point, had you chosen any fair software for your initial comparison. And you failed to find one single example to refute it with.Instead of acknowledging that you had made an unfair comparison, you sought to divert the question with a claim that there is no built-in software on linux (of course there isn't, linux is a kernel). But you know very well that we were talking about linux distributions (full operating systems as sold or offered by various organizations) versus windows systems as sold by Microsoft, both with their default installation settings.

That's a very broad reading of the vulnerability. It's only vulnerable on when the CPU/chipset/network hardware all support AMT, and the system vendor has specifically licensed the AMT code for the management engine firmware. No consumer system is going to hit those boxes, enterprise administrators should know better. (Particularly from now on.)

This is false, there are "consumer" systems with AMT included, even if consumers have no particular need for it and are unlikely to enable it. And that was not the issue I was taking about, again you are seeking to divert attention. The issue is that AMT cam be remotely exploited from the network, contrary to what you initially claimed.
As for your new claim here, that it is somehow unlikely that AMT will exist in a vulnerable state anywhere, I will only say that large enterprises, such as all these hit by the attack discussed on this thread, are likely to have AMT-enabled computers throughout the organization. And people seem to care whet these organizations are attacked, it makes the news.

That's a laugh. I've got no horse in the race, and own/use Windows/macOS/iOS/Android/Linux/FreeBSD OS's, and devices with Intel/AMD/Apple/Broadcom/Qualcomm/Ralink CPUs on a daily basis.

You know, I neither know not care who you work with or for. But I've dealt with many vendors and got to know very well how they try to manipulate conversations. I get the same feeling whenever I read your answers as I do when I deal with sales people.

Yeah, one is open source, the other isn't.

You're being intentionally obtuse. "Security through obscurity" is a well defined term, and is not a legitimate form of security.

Words of an open-source ideologue, which ignore how secure things actually are.

"ideology yada yada yada" Can you put any substance into an answer? The fact that source code can be examined and closed code cannot is a fact, not ideology. If you merely insist this has no relevance to security I'll just let other judge that claim.

 

[uppi]

Windows as such is quite modular: https://docs.microsoft.com/en-us/windows-server/get-started/getting-started-with-nano-server

That is not what I would call modular. At best, it shows that the Windows code might be written in some modular way to easily enable this. But you cannot take this as the basic install and then add exactly the Windows features you need, which would be my idea of modular.

 

[Kozmos]

Windows as such is quite modular: https://docs.microsoft.com/en-us/windows-server/get-started/getting-started-with-nano-server

Yeah, but that's the server version. You can strip that one down to bare essentials, attack-surface wise. Even so, I'd argue Windows has gotten a lot more secure and safe for the casual desktop users. I've dealt with a lot less of issues with them in any case.

 

[Zelig]

I specifically asked which distribution of unix (of which there are hundreds if we understand it to include linux ones, as we did in our conversion) packages (includes) that software you presented as an example.
Each distribution usually packages far more software than Windows does. That is the "built-in" software of the distribution. I was actually making it easy for you to refute my point, had you chosen any fair software for your initial comparison. And you failed to find one single example to refute it with.Instead of acknowledging that you had made an unfair comparison, you sought to divert the question with a claim that there is no built-in software on linux (of course there isn't, linux is a kernel). But you know very well that we were talking about linux distributions (full operating systems as sold or offered by various organizations) versus windows systems as sold by Microsoft, both with their default installation settings.

I disagree with your characterization of what relevant comparisons entail. I'm not going to look up what arbitrary distributions contain or don't contain, the answer could cover pretty much everything or nothing - it simply isn't useful information.

This is false, there are "consumer" systems with AMT included, even if consumers have no particular need for it and are unlikely to enable it.

Okay, I'll give you this, business systems are pretty readily available to consumers. They comprise a very small minority of sales though.

you must be right at all costs and refuse to admit when you're caught in the wrong.

You're wrong here, see previous quote response.

And that was not the issue I was taking about, again you are seeking to divert attention. The issue is that AMT cam be remotely exploited from the network, contrary to what you initially claimed. As for your new claim here, that it is somehow unlikely that AMT will exist in a vulnerable state anywhere, I will only say that large enterprises, such as all these hit by the attack discussed on this thread, are likely to have AMT-enabled computers throughout the organization. And people seem to care whet these organizations are attacked, it makes the news.

My points regarding AMT are only:

1. There's been disproportionate hyperbole regarding this vulnerability. (https://mjg59.dreamwidth.org/48429.html has a pretty fair take.)
2. Smart, security-conscious people/organizations already shouldn't have been using or allowing AMT access in the first place.

You know, I neither know not care who you work with or for. But I've dealt with many vendors and got to know very well how they try to manipulate conversations. I get the same feeling whenever I read your answers as I do when I deal with sales people.

I try not to deal with feelings with it comes to technical matters.

"ideology yada yada yada" Can you put any substance into an answer? The fact that source code can be examined and closed code cannot is a fact, not ideology. If you merely insist this has no relevance to security I'll just let other judge that claim.

It doesn't has the relevance you think it does. Open source code creates a minimum threshold of security. Software doesn't become magically more secure when it's open sourced, or less secure when closed source.

And you're the one linking Stallman. His stances and computing habits are radical.

But you cannot take this as the basic install and then add exactly the Windows features you need, which would be my idea of modular.

That's pretty much exactly how Windows Server works.

For desktop Windows... I'm really not sure what features of note I'd actually strip out given the ability, other than legacy features, which are really problematic because of "legacy", and not because of "extraneous".

 

[innonimatu]

We need irreducible people with radical ideas, to avoid having the "centre" moved slowly but surely towards one side.

Windows has improved somewhat in security, but Microsoft's attempt to rule everything with one kernel, one system inevitably makes it weak. While they now have modularity to servers, theirs is still a monoculture (meaning that this latest attack managed to affect both clients and servers, all vulnerable by default), and one where people are asked to trust a single organization for everything.

 

[Zelig]

The centre has been moving slowly and surely towards open source. Microsoft is the top organizational open source contributor on GitHub.

Writing off closed-source software as weak is on par with government departments that write off open source software.

 

[FriendlyFire]

If it does, which is unlikely, it would rather offer them a job. Like CIA does.
Who cares.

I dont see the NSA doing anything in regards to creating the backdoor software
and I dont see Russia cracking down on this kind of cybercrime either
Oh well we can expect this to happen again, maybe if Russia and the US is the target the next time, we'll get some enforcement

 

[FriendlyFire]

Well the Russians cant blame themselves for this. So its the usual denials and deflection
I find it amusing that Russian government escaped because it using Soviet operating system for their computers. Seems I was wrong about Russia and the US escaping from this hacking and it affecting EU and the UK.

I hope the economic damage will compel, Russia and the US to do some kind of crackdown so this dosnt happen again

In fact, of all the countries afflicted in the first wave of the spread of the malicious software, Russia was hit the hardest: The virus tried to infect more computers in Russia than anywhere else, according to an analysis by Kaspersky Lab, a Russian antivirus company. While government computers were crashing, banks, cellphone operators and railroads in Russia were fending off attacks designed to freeze their systems in demand for ransoms to unlock the data. Now on the business end of a cyberattack, Russian officials were quick to voice outrage.

they were running domestic software, including a little-known operating system called Elbrus, first developed in the late Soviet period.

In December, the Obama administration imposed sanctions on the Russian hacker associated with Gameover Zeus, Evgeniy M. Bogachev, who is also wanted by the F.B.I. in connection with cybercrimes including bank fraud, money laundering and identity theft.

Mikhail Delyagin, the director of the Institute of Problems of Globalization in Russia, said he suspected the United States government was behind the WannaCry attack
And this time, he said, “of course it wasn’t Russian hackers,” given that Russia appeared to be a main target.

https://www.nytimes.com/2017/05/14/...column-region&region=top-news&WT.nav=top-news

 

[red_elk]

I find it amusing that Russian government escaped because it using Soviet operating system for their computers. Seems I was wrong about Russia and the US escaping from this hacking and it affecting EU and the UK.

In Soviet Russia, operating system infects viruses!
(No, they don't use Soviet operating system. Elbrus runs OS based on Linux core)

 

[Zelig]

I suspect the economic damage from actually using Elbrus on a regular basis is greater than that of the ransomware.