Security Fuckup Megathread - v13.69 - plugins may violate privacy

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v13.69 - plugins may violate privacy

«‹›216 »

Wiggly Wayne DDS: Sep 11, 2010

anthonypants posted:

his initial reaction was "shucks i'm just glad that worked i had no idea what it would do" and now it's "well in my lab i simulated what putting the site back up would do, and then i sprung into action!!!!!!!"

i gave him the benefit of the doubt until his blog post agreeing with his incompetence went up

Phone posted:

just wait until next time when the next wave of ransomware triggers in the opposite direction

now i'm just awaiting this for the legal fallout

# ? May 16, 2017 04:33

Adbot: ADBOT LOVES YOU

# ? May 22, 2024 05:57

BangersInMyKnickers: Nov 3, 2004; I have a thing for courageous dongles

RISCy Business posted:

i love pfsense but the prebuilt stuff is pretty expensive, and i don't want to roll my own because i suck at it

i need at least 3xGbE (DRAC, management NIC, and vmnet NIC)

you don't need a dedicated interface for drac. bind it on to LOM1 and use a tagged vlan

# ? May 16, 2017 04:35

Jabor: Jul 16, 2010; #1 Loser at SpaceChem

The malware author could of course trigger that themselves at any point, and would likely do so at the time that suits them best.

But it's not like the people affected are going to see it that way.

# ? May 16, 2017 04:41

Magic Underwear: May 14, 2003; Young Orc

yeah, the guy that stopped a computer worm from encrypting a shitload of documents is definitely a bad guy (?)

# ? May 16, 2017 06:03

teamdest: Jul 1, 2007

Magic Underwear posted:

yeah, the guy that stopped a computer worm from encrypting a shitload of documents is definitely a bad guy (?)

i agree, we should absolutely reward results above all else and not consider whether someone made a huge gamble on behalf of a lot of other people when he wasnt in a position to even know if there were odds, let alone what they were.

shoot first, shoot later, shoot some more, just keep shooting until all the (bad?) guys are dead, right?

# ? May 16, 2017 06:10

Magic Underwear: May 14, 2003; Young Orc

teamdest posted:

i agree, we should absolutely reward results above all else and not consider whether someone made a huge gamble on behalf of a lot of other people when he wasnt in a position to even know if there were odds, let alone what they were.

shoot first, shoot later, shoot some more, just keep shooting until all the (bad?) guys are dead, right?

i find it pretty appalling that you would post here knowing that the presence of your post could be the coded trigger to engage a massive botnet or even a nuclear bomb. how can you justify making such a huge gamble on behalf of a lot of other people?

# ? May 16, 2017 06:13

BangersInMyKnickers: Nov 3, 2004; I have a thing for courageous dongles

lol you're a loving idiot and him registering that domain without testing in a DNS environment that first claimed to be SOA for that domain is reckless as hell

# ? May 16, 2017 06:38

fisting by many: Dec 25, 2009

what worse thing could have possibly happened if the domain check turned out to do something else? i'm geniunely curious i can't think of anything

i guess maybe the ransomware deletes all the files but given how few people paid the bounty that wouldn't have mattered

# ? May 16, 2017 07:05

hifi: Jul 25, 2012

fisting by many posted:

what worse thing could have possibly happened if the domain check turned out to do something else? i'm geniunely curious i can't think of anything

i guess maybe the ransomware deletes all the files but given how few people paid the bounty that wouldn't have mattered

deleting the files or just wiping the computers its on

# ? May 16, 2017 07:08

Carbon dioxide: Oct 9, 2012

http://www.hollywoodreporter.com/news/disney-chief-bob-iger-says-hackers-claim-have-stolen-a-disney-movie-1003949

# ? May 16, 2017 07:16

geonetix: Mar 6, 2011

hifi posted:

deleting the files or just wiping the computers its on

thats the way to salvation anyway

# ? May 16, 2017 07:17

cinci zoo sniper: Mar 15, 2013

hifi posted:

mikrotik. latvia strong

???

# ? May 16, 2017 07:34

Wiggly Wayne DDS: Sep 11, 2010

shadowbrokers are getting more and more amusing by the month https://steemit.com/shadowbrokers/@theshadowbrokers/oh-lordy-comey-wanna-cry-edition

quote:

Q. What is being difference between ransom and sale?

A. Sale is buy or no buy, no bad things happen if no buy. Ransom is buy or bad things happen to you. Yes?

TheShadowBrokers is feeling like being very responsible party about Windows dump. Do thepeoples be preferring theshadowbrokers dump windows in January or August? No warning, no time to patch? this is being theshadowbrokers version of alternative facts.

In August theshadowbrokers is telling thepeoples theequationgroup fails at security, theequationgroup is losing their data. Is telling thepeoples, theshadowbrokers is having equation group data, hacker tools for auctioning. Auctioning is sale, bid or no bid. Auction is not ransom. TheShadowBrokers is releasing theequationgroup 2013 firewall tools as proof and advertising. Only Zero-Day is old Cisco. All thepeoples laughing or not paying attention. No peoples is believing theshadowbrokers.

ThePeoples is asking "why not do X or Y or Z?" "Why auction?" TheShadowBrokers is not being interested in bug bounties, selling to cyber thugs, or giving to greedy corporate empires. TheShadowBrokers is taking pride in picking adversary equal to or better than selves, a worthy opponent. Is always being about theshadowbrokers vs theequationgroup.

But theequationgroup didn't bid in auction. The Five Eyes, Russia, China, Iran, Korea, Japan, Israel, Saudi, the UN, NATO, no government or countries didn't bid in auction. Cisco, Juniper, Intel, Microsoft, Symantec, Google, Apple, FireEye, any other bullshit security companies didn't bid in auction.

In December theshadowbrokers canceling auction, offering direct sales, advertising list of warez with reasonable on website. No new Zero-Days.

But theequationgroup didn't buy back lost warez. The Five Eyes, Russia, China, Iran, Korea, Japan, Israel, Saudi, the UN, NATO, no government or countries didn't buy lost warez. Cisco, Juniper, Intel, Microsoft, Symantec, Google, Apple, FireEye, any other bullshit security companies didn't buy lost warez. TheShadowBrokers was very very sad! Story is now sounding like silly children's' book. TheShadowBrokers is writing to audience reading level, thepeoples is having average reading level of 8th grade.

TheShadowBrokers is asking selves, selves why is no peoples making offer on theshadowbrokers equation group warez? Are thepeoples not understanding? No, theshadowbrokers canceling complex auction? Is thepeoples not wanting warez? No, much great interest in free warez. Is thepeoples not really caring about security and public safety? No, governments and corporations caring about thepeoples, yes? Do thepeoples thinking theshadowbrokers are scammers? Maybe, no peoples is buying because thinking theshadowbrokers are scammers and not having anymore theequationgroup data.

In January theshadowbrokers is deciding to show screenshots of lost theequationgroup 2013 Windows Ops Disk. TheShadowBrokers is knowing if showing screenshots, then vulnerabilities is being reported by theequationgroup to Microsoft and is being patched. TheShadowBrokers is goes dark and is watching. No new Zero-Days.

In February Microsoft is missing patch Tuesday. TheShadowBrokers is knowing, Microsoft is missing to be making patches for Eternal exploits. No new Zero-Days.

In March Microsoft is releasing patch for SMB vulnerabilities. TheShadowBrokers is knowing this is being for Eternal exploits. TheShadowBrokers is still waiting and not releasing. No new Zero-Days. Oracle is patching huge numbers of vulnerabilities but TheShadowBrokers is not caring enough to be look up exact dates.

In April, 90 days from theequationgroup show and tell, 30 days from Microsoft patch, theshadowbrokers dumps old Linux (auction file) and windows ops disks. Because why not? TheShadowBrokers is having many more where coming from? "75% of U.S. cyber arsenal" TheShadowBrokers dumped 2013 OddJob from ROCTOOLS and 2013 JEEPFLEAMARKET from /TARGETS. This is theshadowbrokers way of telling theequationgroup "all your bases are belong to us". TheShadowBrokers is not being interested in stealing grandmothers' retirement money. This is always being about theshadowbrokers vs theequationgroup.

Eternal exploits is not being ZeroDays. Is being gay to be using this term, but if being gay then correct terminology is being ThirtyDays because Microsoft patch was being available for 30 days before theshadowbrokers is releasing dump to public. Despite what scumbag Microsoft Lawyer is wanting the peoples to be believing Microsoft is being BFF with theequationgroup. Microsoft and theequationgroup is having very very large enterprise contracts millions or billions of USD each year. TheEquationGroup is having spies inside Microsoft and other U.S. technology companies. Unwitting HUMINT. TheEquationGroup is having former employees working in high up security jobs at U.S. Technology companies. Witting HUMINT. Russian, China, Iran, Israel intelligence all doing same at global tech companies. TheShadowBrokers is thinking Google Project Zero is having some former TheEquationGroup member. Project Zero recently releasing "Wormable Zero-Day" Microsoft patching in record time, knowing it was coming? coincidence?

If theshadowbrokers is telling thepeoples theequationgroup is paying U.S technology companies NOT TO PATCH vulnerabilities until public discovery, is this being Fake News or Conspiracy Theory? Why Microsoft patching SMB vulnerabilities in secret? Microsoft is being embarrassed because theequationgroup is lying to Microsoft. TheEquationGroup is not telling Microsoft about SMB vulnerabilities, so Microsoft not preparing with quick fix patch. More important theequationgroup not paying Microsoft for holding vulnerability. Microsoft is thinking it knowing all the vulnerabilities TtheEquationGroup is using and paying for holding patch. Douche bag, dumbass, libtard, rich prick Head Microsoft Lawyer is running his cock holster because he is having ruff weekend doing real work. Head Microsoft Lawyer being angry because he is missing leisurely weekend playing the skin flute behind the country club. Real work is not being for executives. Real work is being for dirty foreign H1B workforce, happily working for less than stupid lazy American workers.

In May, No dumps, theshadowbrokers is eating popcorn and watching "Your Fired" and WannaCry. Is being very strange behavior for crimeware? Killswitch? Crimeware is caring about target country? The oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry. Nukes and cyber attacks, America has to go to war, no other choices! (Sarcasm) No new ZeroDays.

In June, TheShadowBrokers is announcing "TheShadowBrokers Data Dump of the Month" service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.

TheShadowBrokers Monthly Data Dump could be being:

web browser, router, handset exploits and tools

select items from newer Ops Disks, including newer exploits for Windows 10

compromised network data from more SWIFT providers and Central banks

compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

More details in June.

OR IF RESPONSIBLE PARTY IS BUYING ALL LOST DATA BEFORE IT IS BEING SOLD TO THEPEOPLES THEN THESHADOWBROKERS WILL HAVE NO MORE FINANCIAL INCENTIVES TO BE TAKING CONTINUED RISKS OF OPERATIONS AND WILL GO DARK PERMANENTLY YOU HAVING OUR PUBLIC BITCOIN ADDRESS

-TSB

# ? May 16, 2017 07:48

Wheany: Mar 17, 2006; Spinya^{ha^{ha^haha}ha}ha_{ha_{ha_haha}ha}ha!; Doctor Rope

Kuvo posted:

cant wait for these to ship with a 18 month out of date version of lollipop that never gets patched

can't wait to buy a used car with a 10-year-old version of android on it

# ? May 16, 2017 07:58

Daman: Oct 28, 2011

so what is tsb trying to do

they're not trying to make money, they would just sell individual exploits.

they're not trying to cause chaos, they wait for patches

they're not trying to embarrass the usgovt, they'd just post how easy it was to own them for that or at least there'd be more fuckery than a tool dump

are they just in it for the meme fame

# ? May 16, 2017 08:19

Chalks: Sep 30, 2009

fisting by many posted:

what worse thing could have possibly happened if the domain check turned out to do something else? i'm geniunely curious i can't think of anything

i guess maybe the ransomware deletes all the files but given how few people paid the bounty that wouldn't have mattered

You're basically activating an unknown function of the malware so there are a whole bunch of outcomes that are bad. Activating a secondary exploit to allow it to spread further, erasing files, initiating a ddos... I mean the fact is that registering the domain disabling the malware is a really unlikely outcome, made possible only by the incompetence of the author.

# ? May 16, 2017 08:20

Wiggly Wayne DDS: Sep 11, 2010

Daman posted:

so what is tsb trying to do

they're not trying to make money, they would just sell individual exploits.

they're not trying to cause chaos, they wait for patches

they're not trying to embarrass the usgovt, they'd just post how easy it was to own them for that or at least there'd be more fuckery than a tool dump

are they just in it for the meme fame

they're building a public reputation and are making no attempt to obfuscate attributions. i am very interested in their end-game plan as they seem to be ramping up, and unfortunately it coincides with another force doing the same

at the very least they have a very relaxed command structure that seems to allow them to have all the fun in the world, and they don't care who knows it

# ? May 16, 2017 08:22

angry_keebler: Jul 16, 2006; In His presence the mountains quake and the hills melt away; the earth trembles and its people are destroyed. Who can stand before His fierce anger?

Daman posted:

so what is tsb trying to do

i like to imagine that tsb is just the nsa doing a fund raiser

# ? May 16, 2017 09:37

Dex: May 26, 2006; Quintuple x!!!

Would not escrow again.

VERY MISLEADING!

Wiggly Wayne DDS posted:

In June, TheShadowBrokers is announcing "TheShadowBrokers Data Dump of the Month" service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club.

lmao

# ? May 16, 2017 10:02

Zamujasa: Oct 27, 2010; Bread Liar

hifi posted:

deleting the files or just wiping the computers its on

what's the over/under on days until a new variant of wannacrypt shows up that checks for a different dns record and then does this. a week? two weeks?

# ? May 16, 2017 10:50

cinci zoo sniper: Mar 15, 2013

Zamujasa posted:

what's the over/under on days until a new variant of wannacrypt shows up that checks for a different dns record and then does this. a week? two weeks?

this week per some estimates i've seen

# ? May 16, 2017 10:53

Wiggly Wayne DDS: Sep 11, 2010

i doubt we'll see a variant that does this from the original creators, they've had multiple domains already though:

https://docs.google.com/spreadsheets/d/1XNCCiiwpIfW8y0mzTUdLLVzoW6x64hkHJ29hcQW5deQ/pubhtml

code:

Hostname	www.ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf[.]com	Killswitch in v1, let systems access this host
Hostname	www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com	Killswitch in v2, let systems access this host
Hostname	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com	Killswitch in v2, let systems access this host
Hostname	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergweb[.]com	Killswitch in v2, let systems access this host
Hostname	www.iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com	Killswitch in v2, let systems access this host

i'm operating under the assumption that the ransomware was to gain publicity and look like a regular worm to get a hold of the news cycle before showing cards. if they wanted to do damage they could do it, if they wanted money they'd have infrastructure or at least the ability to tell machine-specific infections apart. this is for notoriety and they're getting ready to cash in after laying the evidence out over years

# ? May 16, 2017 11:05

dpkg chopra: Jun 9, 2007; Fast Food Fight; Grimey Drawer

quote:

www.ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf[.]com

no way

# ? May 16, 2017 11:24

Wiggly Wayne DDS: Sep 11, 2010

Ur Getting Fatter posted:

no way

look at theshadowbrokers and tell me otherwise

# ? May 16, 2017 11:34

Instant Grat: Jul 31, 2009; Just add
NERD RAAAAAAGE

RISCy Business posted:

https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

factsheet for wcry

wcry fact sheet posted:

The filetypes it looks for to encrypt are:

.doc, .docx, .xls, .xlsx, .ppt, .pptx, .pst, .ost, .msg, .eml, .vsd, .vsdx, .txt, .csv, .rtf, .123, .wks, .wk1, .pdf, .dwg, .onetoc2, .snt, .jpeg, .jpg, .docb, .docm, .dot, .dotm, .dotx, .xlsm, .xlsb, .xlw, .xlt, .xlm, .xlc, .xltx, .xltm, .pptm, .pot, .pps, .ppsm, .ppsx, .ppam, .potx, .potm, .edb, .hwp, .602, .sxi, .sti, .sldx, .sldm, .sldm, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .bz2, .tbk, .bak, .tar, .tgz, .gz, .7z, .rar, .zip, .backup, .iso, .vcd, .bmp, .png, .gif, .raw, .cgm, .tif, .tiff, .nef, .psd, .ai, .svg, .djvu, .m4u, .m3u, .mid, .wma, .flv, .3g2, .mkv, .3gp, .mp4, .mov, .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .sh, .class, .jar, .java, .rb, .asp, .php, .jsp, .brd, .sch, .dch, .dip, .pl, .vb, .vbs, .ps1, .bat, .cmd, .js, .asm, .h, .pas, .cpp, .c, .cs, .suo, .sln, .ldf, .mdf, .ibd, .myi, .myd, .frm, .odb, .dbf, .db, .mdb, .accdb, .sql, .sqlitedb, .sqlite3, .asc, .lay6, .lay, .mml, .sxm, .otg, .odg, .uop, .std, .sxd, .otp, .odp, .wb2, .slk, .dif, .stc, .sxc, .ots, .ods, .3dm, .max, .3ds, .uot, .stw, .sxw, .ott, .odt, .pem, .p12, .csr, .crt, .key, .pfx, .der

my hand-ripped .flacs off 70s japanese avant-garde jazz are safe :smug:

e: that i keep on the mri machine running xp embedded in the local hospital

Instant Grat fucked around with this message at 11:58 on May 16, 2017

# ? May 16, 2017 11:53

big scary monsters: Sep 2, 2011; -~Ｓｋｕｌｌｗａｖｅ~-

lmao

# ? May 16, 2017 11:58

Progressive JPEG: Feb 19, 2003

Your Linux iso and midi collections however are not

# ? May 16, 2017 12:01

Truga: May 4, 2014; Lipstick Apathy

it's ok, i converted all my midis to flac once it became clear good synths are no longer a thing

# ? May 16, 2017 12:15

big scary monsters: Sep 2, 2011; -~Ｓｋｕｌｌｗａｖｅ~-

another victory for free software

# ? May 16, 2017 12:29

AtomD: May 3, 2009; Fun Shoe

kinda weird that they're doing vmdk but not vhd/vhdx

# ? May 16, 2017 13:02

BangersInMyKnickers: Nov 3, 2004; I have a thing for courageous dongles

lol nothing important is on hyper-v

# ? May 16, 2017 13:21

Volmarias: Dec 31, 2002; EMAIL... THE INTERNET... SEARCH ENGINES...

angry_keebler posted:

i like to imagine that tsb is just the nsa doing a fund raiser

A bake sale, but with zero days :gerty:

# ? May 16, 2017 13:43

Phone: Jul 30, 2005; 親子丼をほしい。

Instant Grat posted:

my hand-ripped .flacs off 70s japanese avant-garde jazz are safe

e: that i keep on the mri machine running xp embedded in the local hospital

cryptolocking gave my flac rips a warm sound that you just can't get with regular flac files

# ? May 16, 2017 14:09

infernal machines: Oct 11, 2012; we monitor many frequencies. we listen always. came a voice, out of the babel of tongues, speaking to us. it played us a mighty dub.

someone weaponized eternalblue to mine monero(?) as early as the end of april

evidently no one noticed until now

# ? May 16, 2017 14:11

Instant Grat: Jul 31, 2009; Just add
NERD RAAAAAAGE

Phone posted:

cryptolocking gave my flac rips a warm sound that you just can't get with regular flac files

i was about due to overwrite my 192 kHz 24-bit lossless audio files with fresh copies to prevent bitrot and retain the warm, crisp sound of a freshly written file, thanks to wannacry for doing it for me. $300 was a bargain

# ? May 16, 2017 14:17

Wiggly Wayne DDS: Sep 11, 2010

infernal machines posted:

someone weaponized eternalblue to mine monero(?) as early as the end of april

evidently no one noticed until now

yeah that's been bouncing around for a few days, awaiting further analysis as the spread doesn't make sense compared to wannacry's effectiveness

# ? May 16, 2017 14:18

fins: May 31, 2011; Floss Finder

hmm, idea for some niche ransomware. target audiophiles and reencode all their lossless files as 64 kbps mp3s

# ? May 16, 2017 14:34

cinci zoo sniper: Mar 15, 2013

fins posted:

hmm, idea for some niche ransomware. target audiophiles and reencode all their lossless files as 64 kbps mp3s

wannakrrshhry

# ? May 16, 2017 14:42

Shame Boy: Mar 2, 2010

npr this morning had some chucklefuck "bitcoin forensics company" talking about how they've discovered hints that wannacry might be from north korea!!!!!!

don't ask why we came to this conclusion just think about scary north korea!!!!

# ? May 16, 2017 14:47

Adbot: ADBOT LOVES YOU

# ? May 22, 2024 05:57

Lain Iwakura: Aug 5, 2004; The body exists only to verify one's own existence.; Taco Defender

Magic Underwear posted:

yeah, the guy that stopped a computer worm from encrypting a shitload of documents is definitely a bad guy (?)

You're a loving idiot. Don't post in this thread again.

# ? May 16, 2017 14:54

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v13.69 - plugins may violate privacy

«‹›216 »