Crypto-Ransomware Encrypts Files "Offline"

An anonymous reader writes: Ransomware comes in various forms, and not all ransomware encrypts files — some just block computers until the ransom is paid. When the file encryption feature is included, the encryption key is usually sent to the malware's C&C server, which is controlled by the crooks — but not always. Researchers have recently analyzed a crypto-ransomware sample that demonstrated an alternative method of encrypting files and delivering the key (i.e., the information required to discover the right key) to the criminal behind the scheme — it doesn't need to contact a C&C to receive an encryption key or to send it to the crook.

Stupid summary

[Kjella]

So instead of the malware actively sending the key, the victim has to send one of the encrypted files instead, big whoop. The method is the same, encrypt your files and put the key in an message encrypted for the malware author. Who does the sending is a technicality.

Re:Stupid summary

Difference is that this means you can't block it by filtering your internet connection.

Re:Stupid summary

[Kjella]

Difference is that this means you can't block it by filtering your internet connection.

So what's the failure mode here... the malware has the public key embedded, it encrypts your files with a random key, puts the key in an encrypted message (for which you don't have the private key), tries to send it and.... no. Does it say "Sorry for the inconvenience, I'll just decrypt your files and move along"? My money would be on no.

Re:Stupid summary

[dbIII]

The technically is that you are trusting someone who has carried out a criminal act on you already.

If you don't have good backups the nature of the malware is that it writes out an encrypted copy of a file, deletes the original, and then goes on to the next one. In a lot of circumstances a file undelete program such as "photorec" can get the original files back, but it can be time consuming since the names of the files are lost.

Re:Stupid summary

[darkmeridian]

That's quite a change! Prior malware had hard-coded C&C servers, which were susceptible to hacking or white-knight control. This system allows these extortionists to change the address on the fly.

Re:Stupid summary

[Aaden42]

Any reasoanble implementation would overwrite the victim file’s blocks with the encrypted ones in-place. Most filesystems can’t do anything to undelete that. A copy-on-write system like ZFS would technically still have the blocks, but good luck reconstructing the metadata if you don’t have a snapshot pinned to them. SSD wear leveling might also preserve the original blocks, but again good luck getting to them in the right order.

Re:Stupid summary

Any reasoanble implementation would overwrite the victim file’s blocks

That sounds too much like work and not a criminal out for a quick buck. Thankfully their laziness currently provides a way back.
 

A copy-on-write system like ZFS would technically still have the blocks

They are going for the low hanging fruit with gaping security holes instead of any OS with ZFS, and remote CIFS access doesn't give you block access.

Transmission of the Key

[Coren22]

So, to save others having to click the link, the method of the key transmission is like this:

The first part of every file contains the key encrypted with the ransomer's private key, the victim needs to send at least one file to the ransomer, which he then uses to extract the key to send it to the victim.

The ransomware also has some odd features, from TFA:

Once downloaded and run on the machine, the ransomware encrypts all personal files and renames them. The new names follow the following format: email-[address to contact].ver-[Ransomware internal version].id-[Machine identifier]-[Date & Time][Random digits].randomname-[Random name given to the encrypted file].cbf (example: email-Seven_Legion2@aol.com.ver-CL 1.0.0.0.id-NPEULAODSHUJYMAPESHVKYNBQETHWKZOBQFT-10@6@2015 9@53@19AM5109895.randomname-EFWMERGVKYNBPETHVKZNBQETHWKZNB.RGV.cbf).

The researcher also recommends paying up, as there does not appear to be any way around this one.

Re:Transmission of the Key

The correct reaction however is to treat it like you accidentally wiped the disk: Restore from backup or, if you don't have a backup, learn your lesson and start making backups. Giving in to extortion just breeds more extortion.

Re:Transmission of the Key

Exactly this. The African AQ cells are funded by Europeans who continue to pay AQ to take Europeans as hostages.

Re:Transmission of the Key

[cavreader]

It would be nice if the so called "security researches" and all the high dollar security firms could actually prevent an attack every now and then. As it is the best these experts seem to be able to do is conduct postmortems after the damage is already done. It's plain to see that the real "security experts" are those creating malware and the ones trying to prevent malware and other security weak spots are 2 steps behind.

Re:Transmission of the Key

It would be nice if the so called "security researches" and all the high dollar security firms could actually prevent an attack every now and then.

We can, it is easy enough. But you don't want the cure. Ditch windows. Have rate-limiting on remote logins. (Wether it is ssh, vpn, email, it doesn't matter. Brute forcing must not be possible in a timely manner.) Daily off-site backups, of course. Don't run the most vulnerable software, it does not matter if it is "industry standard". That means in particular, no outlook and no windows. Yeah, you may have to learn something. Or pay up like the other sheep.

Re:Transmission of the Key

As of now, this works, but malware is arguably the most well written software in existance these days, but i wouldn't be surprised if the next generation of software would have a random delay, not just to hide when the machine got infected, but to foul up backups. Of course, too much of a delay, and that adds time that the software can be detected.

I wouldn't be surprised to see the next iteration of ransomware install a shim driver, then sit in the background encrypting files as this software does, but either leave the originals (hiding the encrypted files) or automatically/transparently decrypting the encrypted files (with a session key stashed in RAM), until a point in time is reached, or the machine is rebooted. What this will do is foul up backups (for example, some cloud utilities only keep one versions, others only keep 30 days.) Further advances will detect backup software, intercept the reads to encrypted files, and hand over pseudorandom garbage (so a verify pass will see the same data as the copy.)

Of course, we haven't even touched the damage malware can do if it gets Domain Admin or EA rights.

Re:Transmission of the Key

The researcher also recommends paying up, as there does not appear to be any way around this one.

Apart from creating backups that is

Re:Transmission of the Key

You can avoid a time delay by making and verifying backups the right way. Ultimately it is of course a cat and mouse game, but the point stands: Giving in to extortion breeds more extortion. The time to stop it is now, not when these people have established a lucrative business model and received enough money to upgrade their attacks as they please.

Re:Transmission of the Key

You probably mean "encrypted with the ransomer's public key"

Re:Transmission of the Key

with hos sophisticated these programs are -- I'm of the opinion these malware types are Government Run and sanctioned. Not necessarily US, but highly likely.

example: CIA Drug smuggling, was(is?) a rampant problem--- i don't recall anyone going to jail over it from a brief skimming of wikipedia. I cant even begin to imagine the 'cost' for the policing, incarceration, shattered lives, etc ---- all because the CIA wanted additional money to fund covert ops to topple governments when congress wouldn't give them the money.

Odds are, to me, this is a same type of operation.

Re:Transmission of the Key

[cavreader]

"Ditch windows"
A "properly administered" Windows OS is no more secure or non-secure than any of other popular OS's being used today. Windows just presents a bigger footprint. Windows biggest weaknesses can be attributed to inept system administration, sloppy security patch procedures, bad user account setup, social engineering, and poor firewall administration. These same weaknesses also apply to all of the other OS's being used today. And unfortunately ditching Windows would also mean ditching all the programs running on the system. Other OS's provide some of the applications being run on Windows so your average user might adjust to the transition. However, all the businesses running internally developed custom Windows applications will not be keen on having to re-build all those applications to run on another platform.

"Don't run the most vulnerable software, it does not matter if it is "industry standard". And what if this vulnerable software is the only option? I am forced to work with a 3rd party PLC interface library the could be vulnerable but there is no other choice available that meets my criteria.

You can build a secure OS of any flavor and then have it fall apart as soon as administrators, developers, and support staff start using it. And enough with the "sheep" BS. Your almost out of puberty so put a lid on your arrogance and realize being OS agnostic will serve you well when you get your first job in a couple of years.

Dang...

[truck_soccer]

So they were able to contact the author of the malware, but are unable to find him and bring him to justice?

Re:Dang...

[Coren22]

Russia has no desire to prevent crime like this, they don't give a damn about anyone but themselves.

Re:Dang...

[truck_soccer]

Well played. I figured that because this guy is targeting other russians, sooner or later he'll hit the "wrong" machine and get sent to Siberia.

Re:Dang...

No. He targets other russians because he understands them. He won't attack "the wrong guys". Someone who makes contact from a fsb address gets the decrypt for free . . .

Re:Dang...

Siberia is quite nice this time of year you insensitive clod!

Crypto-Ransomware runs on the machine ..

[nickweller]

"Once downloaded and run on the machine"

How does this 'Ransomware' get downloaded and run on the machine?

Re:Crypto-Ransomware runs on the machine ..

I asked my dad, he had no idea.

Re:Crypto-Ransomware runs on the machine ..

Infected emails, ad servers, fake social network profiles, flash vulnerabilities....pick your poison.

Re:Crypto-Ransomware runs on the machine ..

[PhunkySchtuff]

Just like the vast majority of malware gets downloaded and run - phishing and drive-by downloads.

The most recent ones I've seen were from the Australian Federal Police warning you about a traffic infringement - please open the attachment to see the photo.

Re:Crypto-Ransomware runs on the machine ..

Block Adobe Flash, and you may never find out. Flash ads aren't just annoying, they're a security risk, so any anti-malware strategy should include blocking Flash.

Re:Crypto-Ransomware runs on the machine ..

[tlhIngan]

How does this 'Ransomware' get downloaded and run on the machine?

Easy. From most likely to least, here's a few ways

1) User visits web page, web page says it needs to install a plugin to work, click here for the link. (Variants include downloading a movie that shows "Codec not installed. Visit http://evil-site.example.com/c... to download required software", email that says "Your invoice is enclosed - refund and cancellation instructions contained within" (interestingly - all those emails for fake invoices always make it so helpful to cancel the order), and many others).

2) User downloads pirated software or crack/keygen wrapped with this software so before the crack/keygen runs, it infects the PC. This is a very popular way, so popular that malware authors are dispensing with the whole "wrapping" aspect (where a legitimate application has a malware executable set to run first then the application, bundled into a single file) and just releasing the malware stubs under all sorts of filenames in the hopes the user will download it and blindly click it.

3) Infected media exploiting autoplay (USB, optical disc, etc)

Re:Crypto-Ransomware runs on the machine ..

[dbIII]

The copy of Internet Explorer on many machines sucks so badly that it helpfully runs code on webpages that tell it to install and run the malware. All the user has to do is click on a link in an email in MS Outlook or webpage in IE to start off the process.
Ridiculous in 2015, stupid in 2005, not all that clever in 1995 so it seems we have to put up with this shit forever no matter how many times developers are warned not to do stupid shit in networked software.

Minor technicality...

[PhunkySchtuff]

With ransomware, like Cryptolocker, it doesn't generate the key and then send it to the C&C servers - the machine doing the encrypting (i.e. what was your machine before it got owned) never has the private key in it's possession. When it's ready to start encrypting, it contacts the C&C server. The C&C server generates a new private/public keypair and sends the public key to the owned machine. The owned machine then starts encrypting everything with the public key, and only the private key (that resides on the C&C server and nowhere else) is able to decrypt the files.

This means that even if you were monitoring all network traffic and you scour the memory and the disk, you will never see a copy of the private key needed to decrypt the files.

Anyway, I'm going off on a tangent here, this doesn't have much to do with TFA...

Re:Minor technicality...

even if you [...] scour the memory [...], you will never see a copy of the private key needed to decrypt the files./quote>

You will however see the symmetric key which is actually used to encrypt the files. It is this symmetric key which gets encrypted with the public key and sent to the C&C server.

Re:Minor technicality...

[ArmoredDragon]

In this case they're trying to do it in such a way that requires no contact with C&C. I.e. the target downloads and installs "cool free app that you must try now" from a site not owned by the C&C owner. But because lots of firms are routinely shutting down C&C botnets, we just skip the C&C process, and from what I gather they do something like this:

- Include hardcoded public key with trojan package
- Generate 256-bit key
- Encrypt file with said key
- Encrypt symmetric key with asymmetric public key
- Inject the encrypted symmetric key into the filename

The ransom "drop" would then happen like this:

- Target emails the file (or just the filename) and sends bitcoin payment.
- Perp decrypts symmetric key using asymmetric key, mails a file back to the target with information required for the trojanized malware to decrypt all of the files, thus completing the transaction.

Coren22 proven a LYING punk

"APK doesn't think that DNS servers are worth running and seems to believe that somehow Microsoft Active Directory can run without DNS." - by Coren22 (1625475) on Tuesday October 27, 2015 @12:58PM (#50811615)

Where'd I say AD will run minus DNS Coren22? I've said AD = internal network DNS dependent as far back as 2007 http://forums.tweaktown.com/wi...

(Searching this in BOLD "To warn users who have ActiveDirectory/AD LAN-WAN setups to NOT use external DNS servers!" referring to OpenDNS suggestions for those using AD stupid in the POSTS BEFORE IT in my security guides for users (geared to stand alone single machines no less), & right there on that page proves it stupid - so even if you posted as myself someplace here on /. "impersonating me", I have your ass NOW, shithead!)

I've also stated MANY TIMES I use remote DNS in OpenDNS @ home (but not @ work on AD networks + exchange/outlook: Free OpenDNS model doesn't work with AD dependent Exchange + Outlook specifically you lying little imbecile).

I also don't hardcode in "every site there is under the sun" is why, so I have to use DNS, but OpenDNS & rarely.

I also RARELY MISS A LOOKUP since I put where I spend a good 95++% of my time online in my favorite sites into hosts @ the TOP of hosts for utmost LOCAL FASTER RESOLUTION SPEEDS and more reliability vs. Open DNS (not OpenDNS) resolvers being abused, Kaminsky redirect poisoned DNS servers (of which 99.999% of ISP DNS are not proofed against to this very day even though a patch exists which OpenDNS uses), rogue DNS servers, and yes ROUTERS with bushwhacked by malware DNS settings (happening a LOT lately).

Hardcodes in hosts are faster than remote DNS, waste less resources than local dns in power, cpu cycles, RAM, & other I/O by FAR considering ALL THE PARTS of such a setup in programs, data, I/O, & power (especially if setup as a separate machine).

APK

P.S.=> You're a disgusting liar... apk

Coren22 "security guru" wannabe fails security

YOU say "hosts=bad" (but they add security, speed, & reliability) & bitch on admin privelege to UPDATE vs. threats:

"So, have you figured out why privilege escalation is a bad thing yet?" - by Coren22 on Tuesday September 22, 2015 @05:15PM (#50577809)

Hypocrite - You use admin priv admitting it

&

How else can I programmatically update hosts minus it in Windows?

---

"Of course it requires elevation to write to the hosts file" - by Coren22 (1625475) on Wednesday September 23, 2015 @05:35PM (#50585879)

You FINALLY later admit there's no other way!

FACT:

Even MalwareBytes AntiMalware (best one) DEMANDS you use admin privelege (you saying it's "bad" too?) it can't do its job fully otherwise, like many security tools do!

---

Aryeh Goretsky NOD32/ESET says hosts = good security-> http://it.slashdot.org/comment...

Oliver Day (Symantec) does-> http://www.securityfocus.com/c...

MalwareBytes' hpHosts hosts & recommends my APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...

---

* HOW MANY SECURITY PROS DO I NEED TO KNOCK THE CHOCOLATE OUTTA YOU?

---

Those security pros INCLUDE me: I work w/ guys from malwarebytes' hpHosts on a regular basis!

I've professionally worked for decades as a combined domain-wide network admin & software engineer since 1994 (Even showing you HOW to migrate a hosts across an enterprise-> http://slashdot.org/comments.p... )

I've also been securing computers + WRITING GUIDES using CIS Tool (who took fixes from me http://slashdot.org/comments.p... - bonus) http://www.bing.com/search?q=%...

You told me you learn from guides?

I write good ones that MILLIONS USE & was PAID FOR IT http://pcpitstop.com/news/winn...

+ WARES TO PROTECT USERS that are endorsed & hosted by security pros -> http://hosts-file.net/?s=Downl...

You did all that? No!

(& that's ONLY a SMALL part of what I could put out)

APK

P.S.=> You're all TALK -> http://slashdot.org/comments.p... & a "ne'er-do-well" in security... apk

Coren22's desperation, lies, & libel

"I guess we should avoid your crap, it looks like it is marked as malware. Good luck getting that removed." - by Coren22 (1625475) on Monday November 02, 2015 @03:52PM (#50850445)

False positive: I've wrote 'em long ago, no response vs. 60++ REPUTABLE sources (not nobodies) below that fries you Coren22!

Is that your fake site for more lies Coren22?

Lying about me LIKE YOU DID HERE punk -> http://slashdot.org/comments.p... ??

---

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...

&

It's safe proven by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

Its 32-bit model too https://www.virustotal.com/en/...

More "SALT IN YOUR WOUNDS" -> http://f.virscan.org/APKHostsF...

APK

P.S.=> /.'ers say my work is good too:

"his hosts program is actually pretty good" - by xenotransplant (4179011) on Monday August 10, 2015 @03:34PM (#50287195)

"I like your host file system." - by Karmashock (2415832) on Wednesday September 09, 2015 @03:57PM (#50489401)

"APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works." - by bmo (77928) on Thursday October 15, 2015 @11:30AM (#50736071)

"his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg (948359) on Friday September 25, 2015 @09:57AM (#50596461)

That's why I made this... apk

See subject: Between it, firewalls & patching I do APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o...

---

FREE & not 'souled-out' to advertisers + adds speed, security & reliability & does FAR more w/ FAR less more efficiently vs. redundant browser addons & locally installed DNS servers @ home + fixes DNS' many security issues &
it stops a LOT of tracking @ webpage + DNS levels combined too from 1 file you already NATIVELY have - firewalls do the rest (on lesser used IP address based tracking vs. host-domain name type).

---

It obtains its data vs. many types of online threats & for adbanner blocking from 10 reputable sites in the security community!

---

It SPEEDS YOU UP 2 ways (adblocking + locally cached in RAM favorites placed @ the TOP of hosts for fastest resolution speed vs. remote DNS also aiding reliability) vs. other "so-called security 'solutions'" SLOWING YOU!

---

It does all that via something you already natively have vs. "bolting on browser addons 'MOAR'" that's usermode slower & increases messagepassing, cpu + ram overheads!

---

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...

&

It's safe proven by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

In its 32-bit model too https://www.virustotal.com/en/...

---

* "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend".

APK

P.S.=> By "yours truly" - "The Lord of Hosts" so-to-speak:

"The image this title brings to mind is of a mighty military commander, one who can at a mere word summon rank upon rank of protective power" from https://answers.yahoo.com/ques... & THAT WORD = hosts!

(Accept NO substitutes!)

...apk

Pardon my asking

[Provocateur]

What's a C & C server? I think I missed the memo...(Command and Conquer? shows you how much I think I know)

Re:Pardon my asking

Not sure. I used to play C&C over internet, but as far as I can remember the game didn't use any server but set up two computers to eachother. So one could have been the host, and maybe someone would call that the "server" but I don't think so, and I honestly don't remember. It's been a while. Good game though, ahh those were the days. Other than that I don't know what C&C could mean either.

Re:Pardon my asking

command and control

Re:Pardon my asking

It stands for computerized numerical control.

Re:Pardon my asking

[QRDeNameland]

What's a C & C server?

A cocktail waitress.

Re:Pardon my asking

[LordWabbit2]

Clearly you are trolling, a simple google of "C & C server" tells you exactly what it is in the first link.
If you are not, then perhaps you should not be reading /. posts if you can't figure out how to google.

We could use a detection app

[hackertourist]

A program that constantly monitors my documents, and warns when a document is encrypted. That would give me time to stop the next backup from happening (so I can prevent the malware from accessing the backup medium), and to nuke the malware before it can do more damage.

Coren22 gets crushed (& he ran)

See subject: Says it all & this link, dismantling him point-by-"so-called 'point'" of his publicly http://slashdot.org/comments.p...

* :)

(Coren22, I tried to give you a chance, 3x no less - you're a fool: You mistake mercy for weakness, like cretin brutes in the streets do... you paid the price!)

APK

P.S.=> I notice you stopped responding there - "Gosh, golly gee - why's that?" (not) - but I expect you'll TRY some more b.s. as that's all "your kind" (trolls) understand - crap like downmodding my posts or ac troll me!

(Which you & your sockpuppets OR fellow trolls have here already NOW TELLING OTHERS TO TROLL ME BY UNIDENTIFIABLE AC POSTS http://slashdot.org/comments.p... as I've torn you ALL up 1 by 1 every time as I have yourself above... you did this, to yourself "signature boy")... apk

Coren22's "greatest hits" fails #1/5... apk

"Apk doesn't think DNS servers are worth running & believes Microsoft Active Directory can run w/out DNS." - by Coren22 (1625475) on Tuesday October 27, 2015

Where'd I say it? Show us. I say AD needs internal DNS far back as 2007 http://forums.tweaktown.com/wi...

See "To warn users who have ActiveDirectory/AD LAN-WAN setups to NOT use external DNS servers" there on OpenDNS free (I use it) + AD in my security guide.

+ how to migrate hosts across a LAN (admin/scripts not GPO)-> http://slashdot.org/comments.p...

---

I'm RIGHT on admin priv + hosts (WFP/SFP)!

"figured out why privilege escalation's a bad thing?" - by Coren22 on Tuesday September 22, 2015

How else can I programmatically update hosts itself?

---

"it requires elevation to write hosts" - by Coren22 (1625475) on Wednesday September 23, 2015

Hypocrite later admits it!

Even MalwareBytes AntiMalware DEMANDS it or it can't do a job fully like many security tools!

---

"Needing admin privileges every time a program updates is poor design" - by Coren22 (1625475) on Tuesday November 10, 2015

Mine doesn't to get new data to update hosts vs. threats. Only hosts itself updates need it vs. WFP/SFP. Users set it too. It's not programmatic impersonation.

---

"90's tech to fight modern war" - by Coren22 (1625475) on Tuesday November 10, 2015

Ozymandias/Watchmen per a namesake:

"I resolved to apply antiquities teachings" (hosts) "to our world today & began my path to conquest - Conquest not of men but of the evils that beset them: Fossil Fuels (antispyware), Oil (antivir), Nuclear Power (addons) are like a drug & you gentlemen along w/ foreign interests are the pushers"

It works Aryeh Goretsky NOD32/ESET hosts = good security-> http://it.slashdot.org/comment...

Oliver Day (Symantec) too-> http://www.securityfocus.com/c...

MalwareBytes' hpHosts' Admin hosts+recommends APK Hosts File Engine 9.0++ SR-2 32/64-bit-> http://hosts-file.net/?s=Downl...

APK

P.S.=> Con't. in #2/5... apk

Coren22's "greatest hits" fails #2/5... apk

"I guess we should avoid your crap, it looks like it is marked as malware. Good luck getting that removed." - by Coren22 (1625475) on Monday November 02, 2015 @03:52PM (#50850445)

62 sources of good repute show + /. users say otherwise:

Proven safe by 57 antivirus programs in its 64-bit model https://www.virustotal.com/en/...

+

Same for the 32-bit model https://www.virustotal.com/en/...

&

Per VirScan its installer too -> http://f.virscan.org/APKHostsF...

---

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news... /.'ers say my work is good too:

"his hosts program is actually pretty good" - by xenotransplant (4179011) on Monday August 10, 2015 @03:34PM (#50287195)

"I like your host file system." - by Karmashock (2415832) on Wednesday September 09, 2015 @03:57PM (#50489401)

"APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works." - by bmo (77928) on Thursday October 15, 2015 @11:30AM (#50736071)

"his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg (948359) on Friday September 25, 2015 @09:57AM (#50596461)

---

You tried using Computer Associates antivirus that I overturned on false positives (1/8 over time) were caught in ACCOUNTING SCANDALS FRAUD http://www.bing.com/search?q=c...

Reputable source (not): They had to sell off their PC security suite too (crap too) LOWERING the 'threat level' on THAT program (not my hosts file engine) TO ZERO!

* YOU ARE WRONG ON EVERY ACCOUNT NOTED!

APK

P.S.=> To be continued in part #3/5... apk

Coren22's "greatest hits" fails #3/5... apk

"Virus scanners/Adblock software don't need admin priv to update" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

Neither does my program. AV does to remove threats - Adblock addons = Vastly INFERIOR in abilities + efficiency vs. hosts as I proved & no one proved me wrong to date!

---

"your software does" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

No, hosts do due to WFP/SFP - Intake update of new hosts data doesn't!

---

"won't reveal your source code" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

I don't owe you it. I don't give away work to be stolen by others so it's misused like GOOGLE CHROME http://it.slashdot.org/story/1...

---

"What's stopping you from pointing my bank's web site at your private server?" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

I don't keep a server. Security guru (not - you create no ware for security & your forensics skills = non-existent): Put it in a VM, trace it using process monitor + wireshark to prove it (don't need code)!

---

"the possibility of being caught, which would be pretty hard to catch w/ such a large hosts file, as no one can go through it manually." - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

I place hardcoded fav sites @ top of hosts for speed & reliabilty - you'd spot it easily & bulk of hosts is sorted blocked known bad threats.

---

"What are you going to do when Windows gets rid of the hosts file completely?" - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

Hasn't happened!

---

"They have already taken steps to make it useless in Windows 10." - by Coren22 (1625475) on Tuesday November 10, 2015 @04:14PM (#50904323)

It works there!

Telemetry tracking's killing 10 by itself: Win10 = Win8 = flops - who're you fooling other than yourself?

APK

P.S.=> Con't. in #4/5... apk

Coren22's "greatest hits" fails #4/5... apk

Coren22 'eats his words' vs. me 2x yet again:

"introduces risk you are relying on a 3rd party to update a hosts file potentially opening you up to MITM attacks" - by Coren22 (1625475) on Tuesday November 17, 2015

How can my program do it?

Only things it puts in as non-blocking IP addy to hostnames is ones users give it as their favs to speed up @ the TOP of hosts REVERSE DNS VERIFIED!

(For more speed, & reliability + security - in RAM as 1st resolver queried = faster & more secure vs. remote DNS w/ all its security issues in Kaminsky flaw, DNSChanger malware IP stack settings, routers bushwhacked in DNS settings, rogue DNS, Open DNS servers abused by malware. It aids in reliability vs. redirects).

YOU'D SPOT IT INSTANTLY AS THEY ARE @ TOP OF CUSTOM HOSTS & can easily edit anything you want out of it!

(Rest = known bad sites from 10 reputable security community sites for blocking - the MAJORITY of what's in my hosts files!)

---

"maybe one day you can get a score 5 comment" - by Coren22 (1625475) on Tuesday November 17, 2015

See subject & ~ 12 +5 upmods making you "eat your words" vs. me (1st one: You tried using what I post there against me to FAIL):

+5 'modded up' posts by "yours truly" (11):

http://news.slashdot.org/comme...
http://tech.slashdot.org/comme...
http://news.slashdot.org/comme...
http://science.slashdot.org/co...
http://tech.slashdot.org/comme...
http://hardware.slashdot.org/c...
http://news.slashdot.org/comme...
http://news.slashdot.org/comme...
http://hardware.slashdot.org/c...
http://yro.slashdot.org/commen...
http://yro.slashdot.org/commen...

"You believe you are getting the better of me" - by Coren22 (1625475) on Tuesday November 17, 2015

YOU GOT THE BEST OF YOURSELF in tech fails & lies about me. Your immature signatures about me SCREAM you're butthurt! You did it to yourself.

APK

P.S.=> Con't. in #5/5... apk

Coren22's "greatest hits" fails #5/5... apk

"defame me saying things he knows aren't true - by Coren22 (1625475) on Wednesday November 04, 2015

Hypocrite You're projecting & your signatures do the rest.

"the feeling of icky his software - by Coren22 (1625475) on Wednesday November 04, 2015

I show /.'ers say differently by quoted testimonials - Show us you've done better: YOU can't!

"maybe someone will think they are true - by Coren22 (1625475) on Wednesday November 04, 2015

Quotes of you = true - & You can't keep your word + projecting what YOU do (AD/DNS lie).

"I don't have time for the Troll APK, and refuse to respond anymore to a post signed APK" - by Coren22 (1625475) on Tuesday November 03, 2015

I protect users speeding them up, helping reliability, & security + anonymity online w/ more ability & efficiency than ANY 1 solution doing more w/ less - do you? No.

"I should change my signature again to rile him up more." - by Coren22 (1625475) on Tuesday November 03, 2015

Childish sigs = all you've got!

"I refuted his assertions - by Coren22 (1625475) on Wednesday November 04, 2015

&

"You claim I have never proved you wrong...a flat out lie." - by Coren22 on Monday November 16, 2015

&

"I proved you wrong on numerous occasions" - by Coren22 on Monday November 16, 2015

Where & on what tech? "Cat got your tongue"??

"written in shitty Delphi, "How to secure Windows" docs I could have written in my sleep when I was 20" - by Coren22 on Monday November 16, 2016

You're 30++ & haven't done either!

Show you've done MORE vs.a small partial list of mine & better, + earlier:

http://slashdot.org/comments.p...

THEN talk vs. TALKING OUT YOUR ASS!

CIS Tool took fixes from me http://slashdot.org/comments.p... which you doubted & my layered security guides got me paid http://pcpitstop.com/news/winn... MILLIONS use.

APK

P.S.=>

"I never admit you were right" - by Coren22 (1625475) on Tuesday November 10, 2015

You PROVED I am... apk