Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA's DoublePulsar Kernel Exploit a 'Bloodbath' (threatpost.com)

Posted by BeauHD on from the sound-the-alarms dept.

msm1267 quotes a report from Threatpost: A little more than two weeks after the latest ShadowBrokers leak of NSA hacking tools, experts are certain that the DoublePulsar post-exploitation Windows kernel attack will have similar staying power to the Conficker bug, and that pen-testers will be finding servers exposed to the flaws patched in MS17-010 for years to come. MS17-010 was released in March and it closes a number of holes in Windows SMB Server exploited by the NSA. Exploits such as EternalBlue, EternalChampion, EternalSynergy and EternalRomance that are part of the Fuzzbunch exploit platform all drop DoublePulsar onto compromised hosts. DoublePulsar is a sophisticated memory-based kernel payload that hooks onto x86 and 64-bit systems and allows an attacker to execute any raw shellcode payload they wish. "This is a full ring0 payload that gives you full control over the system and you can do what you want to it," said Sean Dillon, senior security analyst at RiskSense. Dillon was the first to reverse-engineer a DoublePulsar payload, and published his analysis last Friday. "This is going to be on networks for years to come. The last major vulnerability of this class was MS08-067, and it's still found in a lot of places," Dillon said. "I find it everywhere. This is the most critical Windows patch since that vulnerability." Dan Tentler, founder and CEO of Phobos Group, said internet-net wide scans he's running have found about 3.1 percent of vulnerable machines are already infected (between 62,000 and 65,000 so far), and that percentage is likely to go up as scans continue. "This is easily describable as a bloodbath," Tentler said.

78 of 187 comments (clear)

  1. It's not a kernel exploit by Anonymous Coward · · Score: 3, Insightful

    For fuck sake, can we please stop calling these things 'exploits' as if Microsoft had nothing to do with it?

    These are FEATURES, people...

  2. I work for a medical billing software... by Anonymous Coward · · Score: 4, Interesting

    company, and I think all of our Internet-facing Windows servers have been compromised. We do everything we can, but there's still processes that use tons of bandwidth with outgoing traffic that we can't stop.

    1. Re: I work for a medical billing software... by Anonymous Coward · · Score: 1, Interesting

      Same here. We record outgoing traffic, and our Windows servers keep getting rotted no make what we do. I even found my own social security number in the logs.

    2. Re:I work for a medical billing software... by ewhac · · Score: 5, Insightful
      ...I guess I have to be Doctor Obvious here:

      Why do you have Windows hosts on the public-facing Internet??? WHY WOULD YOU DO THAT PROFOUNDLY STUPID THING?!???!?

      --
      Editor, A1-AAA AmeriCaptions
    3. Re:I work for a medical billing software... by Anonymous Coward · · Score: 1

      Because Linux wouldn't boot and recognize the hardware properly?

    4. Re: I work for a medical billing software... by Anonymous Coward · · Score: 1

      After firing their QA, they proved they don't care.

    5. Re:I work for a medical billing software... by SharpFang · · Score: 1

      Jut claim NSA did it and you've been forbidden to elaborate.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    6. Re: I work for a medical billing software... by Anonymous Coward · · Score: 1, Informative

      Excuse me, but you could put a 35 dollar raspberry pi as an inline firewall and essentially block the outgoing incoming traffic.

    7. Re:I work for a medical billing software... by gweihir · · Score: 4, Insightful

      One reason and one reason only: It is cheaper. Well, it is cheaper in the short run. That is all management focused on the year's end bonus if often caring about. I see it all the time. But even used internally, Windows "servers" are a constant problem, they never can compete to UNIX on maintenance cost, flexibility and reliability and performance. Sure, they are cheaper initially, but you pay for that for a long, long time. It becomes grossly obvious when you have global changes, and the windows servers are _always_ those lagging behind or needing special exceptions and the like. Windows on the server is a "90% OS": It only has 90% of what is really needed.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re: I work for a medical billing software... by Anonymous Coward · · Score: 1

      Same here. Our Dell IDS records traffic with Canadian SINs, like SSNs bit they have a checksum, and we are leaking a lot of information from our Windows servers.

      So good to hear from Another Satisfied Microsoft Customer. Be sure to buy them again, won't you?

    9. Re:I work for a medical billing software... by Anonymous Coward · · Score: 1

      All the NSA needs to do is identify the employee who took the data.

      Sounds awfully easy, doesn't it?

    10. Re:I work for a medical billing software... by thegarbz · · Score: 1, Informative

      Why do you have Windows hosts on the public-facing Internet??? WHY WOULD YOU DO THAT PROFOUNDLY STUPID THING?!???!?

      Because the meme that security is gained by not using Windows is just that, and sensible people realise that just because it isn't Windows doesn't mean you're secure?

    11. Re: I work for a medical billing software... by vtcodger · · Score: 2

      Or you could save $35 and some labor costs by just unplugging the telephone company's data line. If you're willing to wait a while, don't pay the telco, and they'll unplug it for you.

      BTW, I haven't tried it personally. But I suspect that if the mystery traffic is on port 443 (HTTPS) and is intermixed with legitimate traffic, the Raspberry Pi may have some trouble distinguishing real from bogus. And we're all supposed to use HTTPS because it's secure, right?

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    12. Re: I work for a medical billing software... by vtcodger · · Score: 1

      "You know that you are old ..."

      Hell, man. I AM old. Heck, I can remember when they told me that I should switch to NT based Windows because it was much more secure than Windows 98.

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    13. Re: I work for a medical billing software... by Zero__Kelvin · · Score: 1

      By properly configured we can all assume you mean having the exploits properly installed? If you really believe what you just said I don't believe even janitorial work is a field for which you possess the requisite intellect.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    14. Re: I work for a medical billing software... by Zero__Kelvin · · Score: 1

      Great. Who said that again? Nobody here. What was said is you CAN properly secure a Linux server, but can NEVER properly secure a Windows one. The evidence of the latter part of that statement is everywhere. The evidence of the first part is an exercise for the reader.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    15. Re: I work for a medical billing software... by Type44Q · · Score: 1

      Mint can definitely tell when my grandmother uses it.

    16. Re: I work for a medical billing software... by Type44Q · · Score: 1

      How do you spot the shill? They're full of shit and they modded themselves up from another account.

    17. Re: I work for a medical billing software... by Doke · · Score: 2
      I've seen the "to get real work done you use windows" argument used rationally for jobs that require using windows-only desktop software like AutoCad. However, it's growing less and less true for any other desktop task. It's blatantly false for servers. Linux now massively dominates the server market, especially in supercomputing. https://en.wikipedia.org/wiki/...

      Windows was a cheap, low-end desktop OS, that has grown up enough for some people to try to use as a server. Commercial Unix is an expensive server OS, that has an add-on gui desktop interface since 1984 (long before windows existed). Linux is somewhere in between.

    18. Re: I work for a medical billing software... by vtcodger · · Score: 1

      Just trying to point out that in many cases a simple firewall is going to block everything. (or maybe nothing). Either way it's more or less a waste of time and money. I would assume that anyone savvy enough to know they are sending out way more traffic than they should would have considered and rejected a firewall appliance within the first 10 minutes after deciding that they have a problem.

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    19. Re: I work for a medical billing software... by thegarbz · · Score: 1

      What was said

      What was said and what you think were said may as well have been in two different languages.

      I mean both comments were effectively two full sentences and yet what you think was said and what was actually said has the words "you" and "windows" in common.

    20. Re:I work for a medical billing software... by gweihir · · Score: 1

      Indeed. And apparently, the ones that caused huge losses for society and cost a lot of people their jobs are somehow regarded as above punishment.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    21. Re: I work for a medical billing software... by Zero__Kelvin · · Score: 1

      So you are too stupid to understand that the same thing can be said in two different languages. Got it.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    22. Re: I work for a medical billing software... by slashdotwannabe · · Score: 1

      Microsoft clearly hates ACs!

      --
      This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for
    23. Re: I work for a medical billing software... by thegarbz · · Score: 1

      If you think it's the same thing it's time to fire whatever translator or language teacher you had. Idiot.

    24. Re: I work for a medical billing software... by Brockmire · · Score: 1

      Loser comment award.

  3. In the wild by DrYak · · Score: 1

    And you can expect to find it used in the wild in about a few seconds next...

    (At least, luckily it got discovered though public channels : It got published by shadowbrocker and got analysed by experts.
    So at least our sysadmin have heard about it.
    Security solutions vendor will try to get ways to detect and neutralize it.

    Imagine if instead it was discovered by a few blackhats who reverse engineered a sample, and decided to incorporate the technology into their exploits, without the information ever reaching the public).

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  4. If the NSA wasn't evil by Snotnose · · Score: 5, Interesting

    They would immediately tell Intel, Microsoft, and Mr Torvalds exactly what flaws they are exploiting so they could be closed. Instead, being the evil assholes they are, they won't tell anyone. Cuz we all know the NSA is smarter than the Chinese, Russians, and random hacker groups who exploit the same holes.

    I guess it's a difference of philosophy. I want my computing to be as secure as possible. The NSA wants to hack anyone's system at anytime.

    My philosophy is comment sense, the NSA's is pure evil considering it lessens my security.

    1. Re:If the NSA wasn't evil by Anonymous Coward · · Score: 1

      I would point out that there's a pretty subtle difference between the programmers and engineers that come up with this stuff, and the PHBs that tell them what to do.

      When you're using these tools to "fight evil", you're doing good work. When you've been fooled by someone into thinking that you're fighting evil when you're really doing nothing but ensuring slavery and starvation will continue in several third world countries for the next two generations, you're still doing good work, but the PHB that gave you the false evidence/orders to do so should go to prison.

    2. Re: If the NSA wasn't evil by CAIMLAS · · Score: 2

      Ah, a "just doing my job" apologist...

      --
      ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
    3. Re:If the NSA wasn't evil by Anonymous Coward · · Score: 1

      Here's some irony for you: The S in NSA stands for security.

    4. Re:If the NSA wasn't evil by Billly+Gates · · Score: 2

      They would immediately tell Intel, Microsoft, and Mr Torvalds exactly what flaws they are exploiting so they could be closed. Instead, being the evil assholes they are, they won't tell anyone. Cuz we all know the NSA is smarter than the Chinese, Russians, and random hacker groups who exploit the same holes.

      I guess it's a difference of philosophy. I want my computing to be as secure as possible. The NSA wants to hack anyone's system at anytime.

      My philosophy is comment sense, the NSA's is pure evil considering it lessens my security.

      Wrong. The government is ordering to put the flaw in!! If Snowden is correct under the American Patriot Act they can arrest those who do not comply making their products with backdoors so the government doesn't have to get a court order.

      To me that is pure evil. You think Apple and Android LOVE putting in hidden apps that secret turn your phones into recording devices that send the GPS and conversations wihtout you knowing while appearing off?

      --
      http://saveie6.com/
    5. Re:If the NSA wasn't evil by gweihir · · Score: 1, Troll

      I do not see that difference. Engineers and coders that decided to work for the NSA are leaving their morality at the door when they come to work. They knew what the NSA was doing or they know now and have decided to stay. They are just as guilty as the ones taking the decisions.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re: If the NSA wasn't evil by Anonymous Coward · · Score: 1

      It not like they can't afford to pay for a couple thousand engineer-years of testing and code review.

      Testing reveals the presence of bugs, never their absence.

    7. Re:If the NSA wasn't evil by thegarbz · · Score: 1

      They would immediately tell Intel, Microsoft, and Mr Torvalds exactly what flaws they are exploiting

      The NSA is an offensive organisation. Their purpose is not to allow you to provide yourself protection. There's nothing evil about it, just that your view of them is incompatible with what they are actually set out to do.

      The CIA on the other hand, they would have a good case for reporting such issues.

    8. Re: If the NSA wasn't evil by GameboyRMH · · Score: 1

      But he vas just following ohrdahs!

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    9. Re:If the NSA wasn't evil by chrish · · Score: 2

      It's No Security Anymore isn't it?

      --
      - chrish
    10. Re: If the NSA wasn't evil by Zero__Kelvin · · Score: 1

      So you don't get that there is no way to ban strong encryption because how to do it is widely known throughout the world and everyone already has the source code then? Crypto isn't guns. The bad guys already have an infinite supply of crypto.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    11. Re: If the NSA wasn't evil by Type44Q · · Score: 1

      ...but ensuring slavery and starvation will continue in several third world countries for the next two generations...

      That'll likely happen on its own anyhow; the real goal is to bring it about everywhere else.

    12. Re: If the NSA wasn't evil by Type44Q · · Score: 1

      Yeah but that would be the rancher's security, not the cows'

    13. Re: If the NSA wasn't evil by Doke · · Score: 2
      Banning crypto software and hardware exports was tried before, and didn't work (https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States). It's far to easy to illegally export the code, or an algorithm, on a micro-sd card. It's easy to find loopholes in the law, by printing the code on a t-shirt or in book.

      Much of the code was developed outside the US. For example, AES was developed in Belgium (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).

      Limiting hardware exports is also long obsolete, China now has the top two (publicly announced) supercomputers in the world (https://www.top500.org/lists/2016/11/). We don't knows what secret computers any government has, but that's irrelevant for export laws.

    14. Re: If the NSA wasn't evil by Brockmire · · Score: 1

      You're right, you don't have common sense, just comment sense. Saying NSA should report and close exploits they developed and need is a really, really stupid thing to say.

    15. Re: If the NSA wasn't evil by Agripa · · Score: 1

      Banning crypto software and hardware exports was tried before, and didn't work (https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States). It's far to easy to illegally export the code, or an algorithm, on a micro-sd card. It's easy to find loopholes in the law, by printing the code on a t-shirt or in book.

      Much of the code was developed outside the US. For example, AES was developed in Belgium (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).

      Limiting hardware exports is also long obsolete, China now has the top two (publicly announced) supercomputers in the world (https://www.top500.org/lists/2016/11/). We don't knows what secret computers any government has, but that's irrelevant for export laws.

      Congress just needs to legislate harder.

    16. Re: If the NSA wasn't evil by Brockmire · · Score: 1

      Ugh, what? The CIA is clearly a more offensive organization than the NSA. You don't hear about foreign entities complaining about NSA in their politics, they complain about the CIA. Colombia, Egypt, Syria, etc. All of these NSA programs are about extraction without detection. They're not trying to brick your device or leave a sign of being there.

    17. Re: If the NSA wasn't evil by thegarbz · · Score: 1

      It's not about who is offensive. It's about their primary mission. CIA's mission is to improve the safety and security of America through intelligence. The NSA's mission is to provide intelligence to the military and command.

      Of course you hear complaints about foreign agencies, but it's not foreign vs domestic which is the topic of discussion here, just: Disclose known issues that put Americans at risk, vs don't disclose. The CIA would have a mandate to disclose for the common good. The NSA would not.

  5. Blade style blood bath? by future+assassin · · Score: 1

    https://www.youtube.com/watch?...

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  6. What do we use to scan for it? by brxndxn · · Score: 5, Interesting

    What do we use to scan for this exploit being present on our servers and networks? With the nature of the work I am in, I connect to a lot of different client networks with admin access.. I remember with Conficker, there was a Professor's website that basically listed all sorts of information about it and how to mitigate the problem. It resulted in a lot of consulting hours for me since I read all about it and was able to completely remove it whereas previous IT people just ran a scan and removed what it found only to have a later version of Conficker installed a day or two later. This seems like another one of those opportunities..

    --
    --- We need more Ron Paul!
    1. Re:What do we use to scan for it? by Anonymous Coward · · Score: 5, Funny

      > What do we use to scan for this exploit being present on our servers and networks?

      1- Go to each server, and run:
      2- uname -r

      If you get a result that displays a valid kernel, you are safe. If you are infected, it will say:

      'uname' is not recognized as an internal or external command, operable program or batch file.

      3- If you are infected, you can follow the cleaning steps here:
      http://www.tecmint.com/fedora-...

    2. Re:What do we use to scan for it? by Anonymous Coward · · Score: 3, Funny

      I get 4.4.0-43-Microsoft on Windows 10 Creators Update :-p

    3. Re:What do we use to scan for it? by AHuxley · · Score: 1

      Try a lot of different AV products from the US, EU, Russia, Japan long term depending on what can be used on a network.
      Be unexpected and random with different AV products.
      Someone will have just the right kind of behaviour software update that might find something.
      Try the new tools some security experts are now offering to help with todays issues.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:What do we use to scan for it? by gweihir · · Score: 1

      I would mod this "Funny", but I have already commented. Sorry ;-)

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:What do we use to scan for it? by brxndxn · · Score: 1

      You had me going.. my first thought was 'Okay.. this guy made a joke to say I gotta switch to linux or I'm infected.' But then I thought 'Oh wait.. Doesn't Windows 10 have a built-in bash now? I better research this.' Then.. Google.. they're in on it.. and it basically looks like 'uname' should be a built-in Windows 10 command from the results. So anyway.. 5 minutes I can't get back. You got me.

      --
      --- We need more Ron Paul!
    6. Re:What do we use to scan for it? by Dwedit · · Score: 2

      Having mingw, msys, and cygwin installed, I actually get results for the uname command.

    7. Re:What do we use to scan for it? by DarkOx · · Score: 1

      use the metasploit framework. Its already got code to test this exploit, and the many eyeballs on it probably make it the safest bet among hackers tools for not having anything in it that should not be there.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  7. Re:this highlights the problem with avoiding win(N by sgage · · Score: 1

    I think it's about time for the Butlerian Jihad ;-)

    Seriously, every new technology just gives greed and hate more power. There seems to be nothing anyone can do about it, which baffles me. Why can't they catch ransomware assholes and throw them into jail for a long long time? They can do anything else but catch the bad guys. WTF - must be no MONEY in it. MONEY MONEY MONEY. That's the only arbiter of anything in our broken 'culture'.

  8. "gives you full control over the system" by Anonymous Coward · · Score: 3, Funny

    We've been asking for this ever since Windows 10 was released. Someone should develop and release an adaptation for regular users who want to take control of their own computers back.

    1. Re: "gives you full control over the system" by Anonymous Coward · · Score: 1

      Kind of like how rooting Android is considered 'hacking'?

  9. Re:this highlights the problem with avoiding win(N by AHuxley · · Score: 1

    The US and UK security services have had a few options to get standard OS, hardware and set crypto accepted by most users over most decades.
    International standards. Banking and payments, mil, police cooperation, educational grants and charity.
    Get a free US computer system with working crypto for a nation that can link to the world.
    If a nation wanted to network it would have to accept some US backed crypto, software, crypto and OS.
    Cost could be kept very low or products offered as part of deals, charity or some common need.
    Often full of trapdoors, backdoors or just junk crypto that would allow 5 eye nations in.
    The 1980's saw a change to the desktop computer and a lot of new OS backed by different nations. A nations own software and very different OS designs and even some good crypto.
    All that had to be corrected until most of the world returned to US backed OS, US standard crypto and hardware.
    Mobile phone, smartphones always had police tracking, logging by design as connected to any telco globally.
    The other trick to is out price any emerging crypto standard that might work.
    US and UK backed standards become free with the weak crypto. The good private sector crypto that works is priced out of the market or "proved" in some tech media review not to work. Hard to make money when junk crypto is free with the OS, network or hardware.

    The use of open source is not an issue to the security services. The international crypto standards are set, the end users use US operating systems and networks.
    Why bother with open source when the crypto standards are weak, the enduser device is junk or the global telco network is able to track all use?
    The NSA and GCHQ are using the same methods to work around Linux as they did emerging 1980's OS in different nations.
    Just push any international standard over open source efforts. Once the user has to install software, hardware to "network" "share" "work as a server" "chat" "VOIP" or "encrypt" on set standards the OS is not an issue.
    Plain text and collect it all is the result wanted.
    Study how the UK and US spy. The plain text, bulk collection for later language translation and sorting.
    Consider France into the 1950's. All of Frances embassy codes and spy work was been collected in plain text by the US and UK.
    France understood all its spies could not have been turned globally on average. Its embassy staff around the world passed loyalty tests as expected.
    All the information kept on flowing out. Finally France looked at its secure telco and crypto hardware and found plain text end to end the issue.
    1920's, 1940's, 1950's, 2015 collect it all in plain text and sort has always been the preferred method.
    Two methods can help. Fill any public network with junk files, work, fictional projects. Pure internal fiction thats updated everyday with real meetings, movements.
    An internal project hinted at may not exist but everything around the project looks real to an outside observer using a network to spy.
    Option two, go for the vault, paper and typewriter, no smartphone, no networked watch, no desktop computer in the vault. Very hard work to run a company of any size but the very best new ideas are kept a bit more secure for longer.

    --
    Domestic spying is now "Benign Information Gathering"
  10. TCP port 445 screening, Metasploit, Alert Logic by raymorris · · Score: 3, Informative

    A first-pass screening test is to see if TCP port 445 is open. Most hosts will have 445 blocked by the firewall, thereby providing a degree of protection for the vulnerable SMB.

    If 445 is open, that does not mean the host is compromised, but it is likely to vulnerable. This Metasploit module is one check that can be run:

    https://github.com/rapid7/meta...

    More information can be found on the Alert Logic blog and our various teams will continue to post there and elsewhere as more information is made available.
    https://www.alertlogic.com/res...

    I know Alert Logic has other resources posted elsewhere, but unfortunately I don't know the exact URLs off hand. My team sends technical details to another team, who aggregates it with information developed by other teams, then they forward it to the PR people who post it for you to read, with other, more detailed information provided to customers. So personally I only know where I send the information internally, but not where you can read all of it.

  11. MS08-067 Still Out There? by aster_ken · · Score: 4, Informative

    Who the hell is still using operating system software that hasn't been patched since October 2008? And even then, only one of the affected operating systems (Windows Server 2008) is still receiving security updates. If there are public-facing Windows 2000, Windows XP, and Windows Server 2003 machines still in the wild, I'd go so far as to say those companies deserve to be compromised.

    1. Re:MS08-067 Still Out There? by budgenator · · Score: 1

      You would be amazed at how many pieces of mission critical software will only run on Win2008 or WinXT. Small shops can't always afford to drop $50K on new hardware, that has the new software that runs on Win10 or Win2012; not to mention another $50K for new clients and server.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    2. Re:MS08-067 Still Out There? by ausekilis · · Score: 1

      Who the hell is still using operating system software that hasn't been patched since October 2008?

      ATM's still run Windows XP, many Point of Sale systems too. If you've ever paid close attention in a doctor's office, the computer they are running is very likely XP, maybe Vista or 7. Hardware-controlling computers may even go back to Windows 98 due to their ability to read/write directly to hardware and do in-line controlling with ease.

      It's just not feasible to keep medical equipment up-to-date with the latest OS for various reasons, not the least of which is it's bundled as a unit and costs many tens (hundreds?) of thousands of dollars. Cost becomes non-trivial real quick.

  12. Re:So, WHY does this REALLY occur? Ok... apk by Anonymous Coward · · Score: 1

    I'm pretty sure his hosts file program actually installs DOUBLEPULSAR.

  13. Use Linux servers? by TheOuterLinux · · Score: 3, Insightful

    Seriously, why do people even use Window$ on servers? Any real advantage to it? It's not like the command line dark ages anymore with Linux to figure out how to do it. Tons of videos on how to set it up too. And if you want, you can set it up graphically and then run it without graphics to save resources.

    1. Re:Use Linux servers? by Anonymous Coward · · Score: 1

      Seriously, why do people even use Window$ on servers? Any real advantage to it? It's not like the command line dark ages anymore with Linux to figure out how to do it. Tons of videos on how to set it up too. And if you want, you can set it up graphically and then run it without graphics to save resources.

      Exchange, MSSQL, LDAP servers, .NET services, BI tools, SAP.

      When people get out of their garage, they find people have actual business needs that aren't met by KOffice or vim.

    2. Re:Use Linux servers? by thegarbz · · Score: 2, Insightful

      Seriously, why do people even use Window$ on servers?

      There are plenty of serious answers to this question but ultimately they're unlikely to be understood by someone with a mentality that extends to calling a product "Window$" and thinking they are clever.

      Tons of videos on how to set it up too.

      Ladies and gentlemen: How to setup an insecure facing internet server 101: Let's not have a clue and follow some video tutorial! Now I know where the $ came from, it's all the money that will be stolen from any server set up by those who follow your expert advice.

    3. Re:Use Linux servers? by coofercat · · Score: 2

      Ladies and gentlemen: How to setup an insecure facing internet server 101: Let's not have a clue and follow some video tutorial! Now I know where the $ came from, it's all the money that will be stolen from any server set up by those who follow your expert advice.

      I think what you're describing is exactly how this came about in the first place. Even a modicum of firewalls and proxies would mitigate most of the attack vectors for this exploit, yet we see lots of infections. That sounds like lots of people set things up without properly understanding them.

    4. Re:Use Linux servers? by ausekilis · · Score: 1

      oh you mean like the RHEL enterprise license my work has?

    5. Re:Use Linux servers? by TheOuterLinux · · Score: 1

      The videos are just to get you started. IT people hate it when you use anything other than Window$, yeah I'll do it again, because they would be out of a job without it. Linux forces users to be more proactive. If you blindly follow a video without knowing a little bit as to how servers or Linux works, of course that could cause problems. But, you can be an expert with Window$ and still have more security issues than you will ever come across with a proper Linux setup; that's the beauty of TRUE open source and not the half-baked, hidden spyware kind Micro$oft pushes. If you don't like that fact, take it up with Red Hat; they're the best. If you setup using Ubuntu, then you probably a newbie. Besides, guess which company Canonical partnered with a few years ago? Just one of many reasons I stopped using Ubuntu.

      P.S. I take it you're a "gamer" or an IT guy because no one else gets offended by my spelling but those nut jobs. Apple people are crazy, but the Window$ equivalents love their Kool-Aid, if you know what I mean. Glutens for punishment if you ask me.

    6. Re:Use Linux servers? by thegarbz · · Score: 1

      The videos are just to get you started.

      Except those videos are where it ends. We only just ran an article on security errors introduced through tutorials the other day.

      no one else gets offended by my spelling but those nut jobs.

      Oh I'm not offended, not in the slightest. I just happen to be over the age of 12 and draw instant conclusions into the maturity of people who find it funny to use misspellings in that way. Mind you it's quite fitting with your suggestion to start setting up something with a video tutorial.

      Tip for you: If you every come across the need to use a video tutorial even as a starting point, stop and hire an expert. Leave the video tutorials to the students learning about something.

    7. Re:Use Linux servers? by TheOuterLinux · · Score: 1

      But aren't we all students at first? I would rather be proactive than let someone else handle my system. By the way, I got a family member that was 12 when he started his first website and that was about ten years ago, and guess what? YouTube got him started. Now, he does IT work for doctors, manages a radio station, and is helping to construct a small hydroelectric dam; no college and only a single doctor above him (his boss) and no underlings to help manage the servers. So, I don't know what videos you been watching, but they do help. I think people get mad at YouTube because older guys had to pay to learn in school (some still do for whatever reason) with god-awful manuals. As for me, I built my own Linux distro, coordinated EEG research (my degree is in Psychology), and manage a website. So, you're not talking to a 12 year old or anyone like it. I say Window$ because it's fitting, not funny. The only thing it does better than other systems is games and emptying people's pockets. They're even building a laptop similar to Chromebooks soon. What kind of company sells $400, 1.2Gz, 4GB laptops (my guess specs and price) that you have to be connected to their servers and internet to run? I'm running a 32-bit PAE Linux kernel 4.10 on a 9 year old laptop with up to date software that never gets above 2GB in RAM anyway, even with heavy use (Firefox, Kodi, GIMP, LibreOffice, and PCSX running at the same time just to test). So, in my experience, it's all about the money. That's why I spell it the way I do. Most diehard Linux users do.

    8. Re: Use Linux servers? by Brockmire · · Score: 1

      Do you somehow think Linux isn't hacked daily? Have you looked at a yum/apt update for all their security updates? I've never been personally affected by a windows infection, but years ago we ran software that used JBOSS on Centos. Hackers used Google search alerts to find JBOSS servers and notify the hacker of vulnerable systems. That was brilliant. Low effort and detection.

    9. Re: Use Linux servers? by TheOuterLinux · · Score: 1

      I'm not saying Linux is bullet proof but comparatively, I do believe it to be one of the safest options you can have because of how far you can go in customization. The problem with JAVA is that it's JAVA. That was in ~2006 though, and JAVA 8 isn't nearly as vulnerable as 6 was. Hackers were using JMX console and people weren't paying attention to file permissions. You could also use intitle:”JBoss Management Console – Server Information” “application server” inurl:”web-console” OR inurl:”jmx-console” to find servers. They call JBOSS "WildFly" now. You should check out a program called Lynis for looking at server security/Rootkits; they even make suggestions with links at the end. Fail2Ban helps a lot too with any brute force attempts. If you used Centos, you probably know this stuff, but I'm mentioning it just in case anyone else sees this. Also, I have grown to prefer zypper for package management over yum/apt. I'm not sure about the other managers (been a while), but zypper gpg checks all repos and checksums each package whether installing or updating. I gave up on Ubuntu and Debian. They're just too bloated and slow anymore to work on my machines.

  14. Re:Windows 7: How do I check if I got the fix? by ChoGGi · · Score: 1

    If you have the April rollup installed then you have the March one installed. Microsoft doesn't let you pick and choose when it comes to the (cumulative) rollup updates.

  15. Unplug it? by Kludge · · Score: 2

    there's still processes that use tons of bandwidth with outgoing traffic that we can't stop.

    Unplug the computer?

  16. Major AV apps working on this??? by martinfb · · Score: 1

    Can anyone address as to whether any of the major AV apps (Norton, Kaspersky, Bitware, McAfee, ...) are working on finding/remediating this crap?

    --


    Self-importance and self-indulgence is the root of ALL evil.
  17. Re: All part of the Hegellian Dialectic @ work by Brockmire · · Score: 1

    I don't even know how someone can take this guy's lunch order.

  18. Re: We watch outgoing bandwidth like a hawk... by Brockmire · · Score: 1

    Are you fucking serious? You'd only get remotely hacked without a firewall protecting Port 445. The default firewall for public interface only allows remote traffic from local subnet. You should be fired for incompetence.