|
uncurable mlady posted:We take security very seriously around here. *fills USB ports with hot glue* For a few years, the US Army was soldering them shut. Too many soldiers were mixing classified and unclassified USB sticks, or attaching personal USB devices onto classified computers. People and computer viruses sometimes feels like people and STDs: "Nah, it can't be me. I'm clean. He/she is the dirty whore!"
|
#
?
Nov 25, 2014 21:07
|
|
|
|
| # ? Jun 8, 2024 08:30 |
|
|
Wiggly Wayne DDS posted:Airgap anyone posting here I breached your mom's airgap.
|
|
#
?
Nov 25, 2014 21:29
|
|
|
get on your skateboard and ollie that airgap
|
|
#
?
Nov 26, 2014 08:27
|
|
|
I just dealt with poweliks, its a real motherfucker. Spent all day chasing it around with Process Hacker trying to figure it out. It lives in the registry, but its encrypted and just reinjects itself if you kill it or erase the autorun entries. Wound up using Combofix and Malwarebytes anti-rootkit. Malwarebytes only started recognizing poweliks a couple days ago, and doesn't flag the infected document (afaik it comes in an Office document). Of course as soon as the customer got home she DLed her email and tried to read that Very Important Message again. Wipe & reinstall time, which is probably how it should always be handled. But you might also want to look through the customer's email accounts, because the vector is probably still there, and give them both barrels during your lecture about email safety. edit: I don't understand how Windows works, is there any way to disable or remove access to Power Shell? Poweliks couldn't work without Power Shell. edit2: I did try renaming the powershell executables on an infected system, that gets poweliks stuck in a loop trying to call it and too busy to download anything, which might be temporarily useful. Syd Midnight fucked around with this message at 19:31 on Nov 30, 2014 |
|
#
?
Nov 26, 2014 11:05
|
|
|
It's different depending on the OS. Basically the older the OS is, the easier it is to get rid of, until you get to Windows 8 where it's a required part of the OS. Windows 7 instructions: http://answers.microsoft.com/en-us/...07-a1a554a56ae5 Even removing it from Win7 is kind of hinky but unless they're a developer/programmer you can get by without it.
|
|
#
?
Nov 27, 2014 00:08
|
|
|
You could just change the permissions on the users' Run keys and Startup directories so that only admins can add poo poo to them. Also, you can prevent them from loving with Task Scheduler through Group Policy. Provided you're actually using UAC, doing those things would completely kill poo poo like Poweliks (unless the user has UAC off, which you should never ever allow them to do).
|
|
#
?
Nov 27, 2014 06:58
|
|
|
Syd Midnight posted:I just dealt with poweliks, its a real motherfucker. Spent all day chasing it around with Process Hacker trying to figure it out. It lives in the registry, but its encrypted and just reinjects itself if you kill it or erase the autorun entries. Wound up using Combofix and Malwarebytes anti-rootkit. Malwarebytes only started recognizing poweliks a couple days ago, and doesn't flag the infected document (afaik it comes in an Office document). Use Roguekiller in safe mode. Sometimes you have to do the removal twice, so remove restart to safe mode and then remove again, but that is pretty much it. Roguekiller is your friend.
|
|
#
?
Nov 27, 2014 07:46
|
|
|
Syd Midnight posted:edit: I don't understand how Windows works, is there any way to disable or remove access to Power Shell? Poweliks couldn't work without Power Shell. You can use AppLocker to prohibit running it if your users don't have a legitimate reason to run it.
|
|
#
?
Nov 28, 2014 20:06
|
|
|
Hurray! People at my work whom I've never met are spamming "Here is your fax" and "Here your document is" emails with ZIP files. Surely everyone is just deleting them, right? Right?
|
|
#
?
Feb 18, 2015 14:58
|
|
|
Ynglaur posted:Hurray! People at my work whom I've never met are spamming "Here is your fax" and "Here your document is" emails with ZIP files. Surely everyone is just deleting them, right? Right? Time to break out some jumper cables and a car battery for aggressive anti-malware cognitive behavioral therapy.
|
|
#
?
Feb 18, 2015 22:03
|
|
|
From the Laptop megathread, bad news if you have a Lenovo device: http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/ TL;DR: Lenovo released pre-compromised laptops, didn't do anything about it for months, then lied about the extent of the problem. Installing root certificates like this is an extraordinarily bad thing, and the certificate is already exploitable and probably has been for a long time. If you have an affected laptop, you should wipe and reinstall from a non-Lenovo disc. If you have an unaffected Lenovo computer, you should probably still wipe and reinstall from a non-Lenovo disc.
|
|
#
?
Feb 20, 2015 05:53
|
|
|
dpbjinc posted:From the Laptop megathread, bad news if you have a Lenovo device: I've been following this since yesterday when it started blowing up. Lenovo is still lying about the problem, presumably in an attempt to shift the blame away from themselves, minimizing their legal impact. As a (former) recommender of their products up to about 2 years ago, and current "Valued Partner", we received an email from them today: "....included Superfish Visual Discovery software as a shopping aid to customers." We've heard this before, on browser search hijacks like Conduit, Trovi, Astromenda, and the others. "Superfish is a TrustE certified third-party software vendor, with offices in Palo Alto, CA." Thank you, now I know when I see a "TrustE" certified site I know I should get the gently caress out. They also have an office in Israel, but the mere mention of that would terrify Lenovo's U.S. based, everything-in-the-middle-east-is-evil, U.S. users. "User feedback on the software was not positive and we received some reports of security concerns." Right. No feedback has ever been positive on any preinstalled laptop software. That is downplaying the issue pretty severely. The rest of the email is a bunch of nonsense how they "take user feedback very seriously" which they obviously do not unless it bites them hard and fast on the rear end. There is no apology. The included removal instructions do not remove the root cert. Of course, every reinstall image will have Superfish on it, whether those users are aware it ever existed or not. The current laptop market is an absolute garbage heap. I cannot recommend anything.
|
|
#
?
Feb 20, 2015 23:09
|
|
|
Honestly, the last few Dells I've had have been quite good, both personal and professional. I'll always gravitate towards Clevo / Sager, though. Lenovo is obviously in damage control mode, though. More companies need to learn from BP. Don't cover things up: just come out, tell the truth, and fix the problem. The long-term damage to stock price is generally less the sooner and more honest companies are when it comes to problems. See also: politicians. Americans in particular love comeback stories, but hate snakes.
|
|
#
?
Feb 20, 2015 23:46
|
|
|
Ynglaur posted:Lenovo is obviously in damage control mode, though. More companies need to learn from BP. Don't cover things up: just come out, tell the truth, and fix the problem. The long-term damage to stock price is generally less the sooner and more honest companies are when it comes to problems. See also: politicians. Americans in particular love comeback stories, but hate snakes. Wait... are you comparing the Lenovo fiasco with the BP Deepwater Horizon oil spill?
|
|
#
?
Feb 21, 2015 00:05
|
|
|
pr0zac posted:Wait... are you comparing the Lenovo fiasco with the BP Deepwater Horizon oil spill? In that a big company pulling a Baghdad Bob "Nothing to see here, there are no tanks outside the city walls about to wreck out poo poo" tends to make everyone pissed when it comes out that 'downplaying the severity of the issue' actually means 'bold faced lies in an attempt to reduce liability'. Both are scummy, and both tend to cause more outrage than if they just said 'yeah, whoops, our bad'.
|
|
#
?
Feb 21, 2015 01:01
|
|
|
Before this nonsense, I might have recommended a Lenovo product to someone if it was cheap, or had the specs they were looking for, but I would temper that by telling them the quality has gone down over the last couple years and they are a Chinese company operating outside the bounds of what any consumer advocacy group or government entity could possibly hold them accountable for. After pulling this off and then obfuscating the truth? I will tell anyone who will listen to never do any business with them. This is the only satisfaction I will get out of the situation as our overburdened and ineffective legal system and insect-like attention spans eventually forget it ever happened.
|
|
#
?
Feb 21, 2015 01:28
|
|
|
pr0zac posted:Wait... are you comparing the Lenovo fiasco with the BP Deepwater Horizon oil spill? In terms of their initial response to a bad thing, yes. In terms of the impact of the bad thing, no.
|
|
#
?
Feb 21, 2015 01:44
|
|
|
Lenovo finally seem to understand that they hosed up, but Superfish thinks everything is fine with their software except for those meanie bloggers spreading lies.
|
|
#
?
Feb 21, 2015 03:29
|
|
|
Subjunctive posted:Lenovo finally seem to understand that they hosed up, but Superfish thinks everything is fine with their software except for those meanie bloggers spreading lies. It's a two headed defense right now, pretend to not understand the real issue "In no way does Superfish store personal data or share such data with anyone" and deflection "a vulnerability was introduced unintentionally by a 3rd party". They even had the cojones to put "Superfish user community" in their PR statement. Users unknowingly using your software does not make a community.
|
|
#
?
Feb 21, 2015 13:13
|
|
|
Next week at the malaria user group meeting..,
|
|
#
?
Feb 21, 2015 15:00
|
|
|
Just curious: could Lenovo run afoul of various hacking laws for this? They basically provided "unauthorized access to a computer system," which seems to be a charge used by some districts attorney in the US.
|
|
#
?
Feb 21, 2015 16:59
|
|
|
I stopped recommending Lenovo ever since it has been in Chinese hands. Oh their devices are riddled with malware? That's a loving shocker. I mean I can understand less insidious bundled crapware or certain elements of the production process allowing malware to slip in unnoticed but to be sanctioned as part of their business plan, no. Of course Sony rootkitted a load of people too so nationality of ownership isn't a wonderful guide to trustworthiness. I'd advise everyone to ATA secure erase their laptops and clean install from disk or download if consumers had it available to them instead of just a recovery partition loaded with the same poo poo.
|
|
#
?
Feb 21, 2015 17:34
|
|
|
Ireland Sucks posted:I stopped recommending Lenovo ever since it has been in Chinese hands. Oh their devices are riddled with malware? That's a loving shocker. I mean I can understand less insidious bundled crapware or certain elements of the production process allowing malware to slip in unnoticed but to be sanctioned as part of their business plan, no. Of course Sony rootkitted a load of people too so nationality of ownership isn't a wonderful guide to trustworthiness. Lenovo has been a Chinese company since its founding in 1984
|
|
#
?
Feb 22, 2015 04:07
|
|
|
I'm *really* glad all our new stuff gets imaged. I hate OEM bloatware with the fire of a thousand suns, but this is goddamned ridiculous. Lenovo should have their collective urethra swabbed out with a rusty carpenter's rasp for this. I fired up a kali linux VM and was able to crack and exploit that superfish root CA in minutes. THIS is how easy it is to MITM their bullshit: https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/ Seriously... for a company that fancies itself an enterprise hardware vendor, I am in total disbelief they went here. What could they possibly have to gain from this? Totally sounds like some hairbrained residual income scheme from some MBA beancounter. There's no loving way a competent engineer signed off on this.
|
|
#
?
Feb 22, 2015 05:08
|
|
|
The Superfish stuff is comically, implausibly broken. I don't think any of us realized how deep the pit of stupidity would go while it was playing out. At this point we're lucky that it doesn't execute base64'd x86 machine code stored in some extended attribute.
|
|
#
?
Feb 22, 2015 05:13
|
|
|
Subjunctive posted:The Superfish stuff is comically, implausibly broken. I don't think any of us realized how deep the pit of stupidity would go while it was playing out. Please don't give them any ideas.
|
|
#
?
Feb 22, 2015 23:06
|
|
|
I'll bet some smart person in this thread can help me out. Wife uses Google Apps to access her company email, and lately she's been getting failure notices about emails she never sent. Random sites - ebay, german telecoms, dozens of others over the past week. She's change her password a couple of times, but they're still trickling in. This morning she tried to send an email and got this: pre:Delivery to the following recipient has been delayed: someone@hisgmail.com Message will be retried for 1 more day(s) Technical details of temporary failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain gmail.com by gmail-smtp-in.l.google.com. [64.233.164.27]. The error that the other server returned was: 421-4.7.0 [209.85.215.43 15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. rb8si14633819lbb.34 - gsmtp pre:at 3:51am there was: Authorized Application (1098692739221-r7ju67or1ss36lq866l9b0idm265as1i.apps.googleusercontent.com) Hide details OAuth Domain Name: 1098692739221-r7ju67or1ss36lq866l9b0idm265as1i.apps.googleusercontent.com Manage Account Access
|
|
#
?
May 14, 2015 16:05
|
|
|
What's under her authorized apps in her account page ("Connected apps and services")?
|
|
#
?
May 14, 2015 17:29
|
|
|
Would I be able to create a recovery disk from here that won't have the Lenovo poo poo on it? I feel loving terrible that I recommended a Lenovo laptop to a coworker now. At least she has a SDD in it.
|
|
#
?
May 14, 2015 21:44
|
|
|
Seat Safety Switch posted:What's under her authorized apps in her account page ("Connected apps and services")? She's changed her password and setup two factor authentication, and we've taken Google's steps to get her of their temporary blacklist. Hopefully this helps.
|
|
#
?
May 15, 2015 03:15
|
|
|
Gothmog1065 posted:Would I be able to create a recovery disk from here that won't have the Lenovo poo poo on it? I feel loving terrible that I recommended a Lenovo laptop to a coworker now. At least she has a SDD in it. Yeah that just creates a plain windows 8.1 install disc. You'll need to get drivers and other necessary lenovo stuff (hotkey program if you have a thinkpad so the shut off wifi and shut off microphone keys work) from lenovo's website.
|
|
#
?
May 15, 2015 17:21
|
|
|
Lenovo used to have a sort of all-in-one driver package thing that you could get based on SN# - they don't anymore?
|
|
#
?
May 15, 2015 18:20
|
|
|
havenwaters posted:Yeah that just creates a plain windows 8.1 install disc. You'll need to get drivers and other necessary lenovo stuff (hotkey program if you have a thinkpad so the shut off wifi and shut off microphone keys work) from lenovo's website. It's a good policy in general. Remove the pre-installed OS and always use a clean installation medium. Almost all computer vendors operate at a very narrow margin of profit so the machines come with all kinds of bloat and nagware. This is also a remedy against NortonAV, the yellow pestilence.
|
|
#
?
May 15, 2015 19:00
|
|
|
sfwarlock posted:Lenovo used to have a sort of all-in-one driver package thing that you could get based on SN# - they don't anymore? Depends on which of Lenovo's model line it's from. T and X-series at a minimum have System Udate. Cheap ones like G and E don't, unless I'm mistaken.
|
|
#
?
May 16, 2015 07:29
|
|
|
We bought a new laptop today (in best buy, because she won't buy anything online  ) and the salesman was trying to sell us "internet security" software. What does that consist of? I've always just used Bitdefender/AVG/Kaspersky and whatever adblocking software was available at the time. What is internet security software, is it worth it, and are there any decent free versions? I've been liking Bitdefender free now that I'm on a PC that it works for (last PC it would just keep asking me to log in constantly, no matter how often I logged in).
|
|
#
?
May 24, 2015 22:49
|
|
|
22 Eargesplitten posted:We bought a new laptop today (in best buy, because she won't buy anything online no theyre just trying to pedal whatever retarded poo poo best buy tells them to its all garbage
|
|
#
?
May 24, 2015 22:51
|
|
|
Okay. Yeah, I hadn't heard of anything like that before, and none of the companies I've worked for had anything like that on their systems (that I knew of), so I was skeptical. I also knew that thanks to linux nerds, there's free everything.
|
|
#
?
May 24, 2015 22:57
|
|
|
The internet security software I've seen is usually software firewall plus stuff like a Web of Trust-style "can you trust this site?" plugin, a scanner that hooks into your email client, etc. It's probably less like an antivirus and more like a nagger that tells you about best practices.
|
|
#
?
May 24, 2015 23:03
|
|
|
If it was from Best Buy it was probably Kaspersky or their rebranded Sophos. Edit: Webroot
|
|
#
?
May 25, 2015 00:16
|
|
|
|
| # ? Jun 8, 2024 08:30 |
|
|
Krotera posted:The internet security software I've seen is usually software firewall plus stuff like a Web of Trust-style "can you trust this site?" plugin, a scanner that hooks into your email client, etc. It's probably less like an antivirus and more like a nagger that tells you about best practices. To be honest, the nagging part is probably more useful day to day for inexperienced users than the antivirus.
|
|
#
?
May 25, 2015 00:21
|
|
