Armed Polite Society

Main Forums => The Roundtable => Topic started by: Ben on June 27, 2017, 07:04:09 PM

Title: NSA Exploit Strikes Again
Post by: Ben on June 27, 2017, 07:04:09 PM: The Petya ransomware is infecting much of Europe, including Maersk shipping. I'm curious how far that actually affects their worldwide shipping and what backups they have for something like that.

Petya is using the same exploit as Wannacry did, which was developed by the NSA to poke into everybody's business. Thanks NSA.

http://www.foxnews.com/tech/2017/06/27/huge-ransomware-attack-hits-europe-sparks-mass-disruption.html
Title: Re: NSA Exploit Strikes Again
Post by: Regolith on June 28, 2017, 12:00:22 AM: Anyone who hasn't patched that vulnerability by now almost freaking deserves it. :facepalm:
Title: Re: NSA Exploit Strikes Again
Post by: agricola on June 28, 2017, 10:54:35 AM: Quote from: Regolith on June 28, 2017, 12:00:22 AM
Anyone who hasn't patched that vulnerability by now almost freaking deserves it. :facepalm:

you mean the virus or the NSA?
Title: Re: NSA Exploit Strikes Again
Post by: Perd Hapley on June 28, 2017, 11:22:34 AM: Quote from: agricola on June 28, 2017, 10:54:35 AM
you mean the virus or the NSA?

Well played.
Title: Re: NSA Exploit Strikes Again
Post by: Fitz on June 28, 2017, 07:40:42 PM: Quote from: Regolith on June 28, 2017, 12:00:22 AM
Anyone who hasn't patched that vulnerability by now almost freaking deserves it. :facepalm:

This

so far as we can tell, the kill switch found and used during the last one made tons of IT people say "Oh ok, we're safe now"

... so they were still unpatched.
Title: Re: NSA Exploit Strikes Again
Post by: RevDisk on June 30, 2017, 08:46:41 AM: Quote from: Fitz on June 28, 2017, 07:40:42 PM
This

so far as we can tell, the kill switch found and used during the last one made tons of IT people say "Oh ok, we're safe now"

... so they were still unpatched.

:facepalm:

It's not the 90's anymore. Any business these days at a minimum needs monthly patching, reporting, enterprise grade AV and malware/baddie checking at multiple points all over the network. Plus you know, employee training. My email gets filtered three times before a user sees it, and we still sometimes get new stuff. Then you have the desktop AV just in case.

Morons. If it can't be patched, draw up a business plan for scheduled replacement. Or put them behind dedicated firewalls with very tight whitelists.
Title: Re: NSA Exploit Strikes Again
Post by: Fitz on June 30, 2017, 06:59:35 PM: Quote from: RevDisk on June 30, 2017, 08:46:41 AM
:facepalm:

It's not the 90's anymore. Any business these days at a minimum needs monthly patching, reporting, enterprise grade AV and malware/baddie checking at multiple points all over the network. Plus you know, employee training. My email gets filtered three times before a user sees it, and we still sometimes get new stuff. Then you have the desktop AV just in case.

Morons. If it can't be patched, draw up a business plan for scheduled replacement. Or put them behind dedicated firewalls with very tight whitelists.

We even patched old OS's that we said we were done patching, and people still got hit.
Title: Re: NSA Exploit Strikes Again
Post by: RevDisk on July 01, 2017, 11:11:01 AM: Quote from: Fitz on June 30, 2017, 06:59:35 PM
We even patched old OS's that we said we were done patching, and people still got hit.

In fairness, some blame lies on lots of vendors who screw up and do not keep up with security. I've seen quite a few legacy systems labeled "DO NOT PATCH, OR WILL BREAK COMPLETELY". I've always made it conditional that max of one year or we yank the cable. That's not as easy with say, a CNC router that's a couple million bucks. Embedded computer folks are generally the absolute stone cold worst, and charge insane pricing for support that's terrible.