Whelp, I got to go home early today. Thanks to centrally-managed stuff like Active Directory and Group Policy. Thanks, IBM, for forcing it down our throats and not letting us patch our own workstations.
How was your day, Sup Forums ?
Whelp, I got to go home early today. Thanks to centrally-managed stuff like Active Directory and Group Policy. Thanks, IBM, for forcing it down our throats and not letting us patch our own workstations.
How was your day, Sup Forums ?
I sat here and didn't get hit by cryptomalwareworms. So, pretty good so far.
I don't use Windows so my day couldn't be better.
Neither do I. But Windows is what's used for an LDAP server for single-sign-on, and for pushing "group policy" to enforce standards and authentication rules to workstations that are Windows, macOS or "blessed" linux.
They want to control all the things. So when they get exploited, that means there's only one key needed to unlock all the devices across all 450 workstations in three offices. w2g, IBM.
What's IBM got to do with it? WSUS yo
Kinda curious. Do they actually send a real key back or is it all bs.
Can't you brute force that shit?
Sometimes they actually do, but it's a gamble either way.
Pretty good so far, sold my Nintendo Switch to GameStop and I'm about to take a nap.
Cathy in accounting opened another fake invoice.
It would take more time than the earth has before being engulfed by fire before you can brute force this thing with every pc on earth at the same time. With current tech its not possible.
Did you seriously do that? You could have sold it easily if you asked for retail price or slightly higher on craigslist or your local equivalent.
I'm willing to pay (or accept less pay) for convenience. I just wanted to get rid of it desu, the money wasn't that important.
IBM's the implementer. Who thinks that a single exploitable controller in charge of all our assets is "best practices." and locks us out of our own workstation's "for your own safety" so we can't patch shit like, on I don't know, ETERNALBLUE last month.
Not that my workstation needed it, but clearly their servers did. Anything that uses their AD single-sign-on (ie. everything they touch) is fucked.
I could, eventually. You could. But can Stacy Buttershire in Human Resources fix her own laptop? Or some middle manager who opens Bing.co.uk, types "google" in the search bar and clicks on the first link?
The AD server will get restored from backup, eventually I'm sure, but they better patch the replacement AD server before wiring it in.
What I would like to know is:
how this got installed without admin/root rights.
>WSUS yo
Does wsusoffline for Windows 7 have the botnet updates removed, or do I need to fuck around with it still to keep it clean?
I imagine that the important stuff is not really in admin-accessible folders, as for the MBR payload, I think it exploits a bug in windows, and gains admin through there?
My day's been mostly fine, though it's been raining for a little too long, and I can't figure out why my giant jump table won't work.
It doesn't gain administrator rights, its encrypting user files.
Initially it was propagating via SMB (Windows file sharing) but that's been patched, they're investigating other potential propagation methods currently
It's using the NSA-discovered "ETERNALBLUE" exploit. and maybe the DoublePulsar exploit. Older version of the SMB protocol that can be used to pass instructions to the windows kernel. This is WannaCry II the sequel.
- patch your shit (if your employer lets you)
- block port 445
- don't open executable-code attachments from email.
I just quickly read over an article(read: swathes of nonsense making like it's the end of the world) to try to figure out if the exploit changed.
It sounds like its propagating over WebDAV, using a similar exploit.
Interesting.
>How was your day, Sup Forums
sitting front of my comfy macbook browsing technews and reading happenings
I dont update my computer... havent got the problem yet.. i have a pending update... should i update tho????
Yeah... but for wannacry to happen to microsoft, wouldnt u think they'd fix this??
Their email provider (posted) just banned their account so nobody's getting any decryption keys even if they send the bitcoin
I slept until about 5:30, fiddled with my phone until 7:30, took a shower, walked 5 minutes to work, double checked and staged some changes for new elasticsearch clusters, waiting on hardware to finish getting racked, helped out coworker map his stuff for elasticsearch, then lastly fill out the day with drinking scotch with coworkers.
K....and???? We needed to know this?
He asked, I replied.
Sorry, didnt fully read the thread, just that it was related to petya.. my b..
THIS IS WHY YOU ALWAYS KEEP YOUR SYSTEM FULLY PATCHED AND UP TO DATE.
Preferably automatically, because otherwise you'll fucking forget or put it off.