Code Published for Triggering a BSOD on Windows Computers -- Even If They're Locked (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Code Published for Triggering a BSOD on Windows Computers -- Even If They're Locked (bleepingcomputer.com)

Posted by EditorDavid on Saturday April 28, 2018 @09:34AM from the crash-courses dept.

"A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state," writes BleepingComputer. An anonymous reader quotes their report: The code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender. The expert's proof-of-concept code contains a malformed NTFS image that users can take and place on a USB thumb drive. Inserting this USB thumb drive in a Windows computer crashes the system within seconds, resulting in a Blue Screen of Death (BSOD). "Auto-play is activated by default," Tivadar wrote in a PDF document detailing the bug and its impact...

Tivadar contacted Microsoft about the issue in July 2017, but published the PoC code today after the OS maker declined to classify the issue as a security bug. Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user).

118 comments

Min score:

Reason:

Sort:

Autoplay by Anonymous Coward · 2018-04-28 09:40 · Score: -1

I'm not impressed. It requires you to tell your computer to run every program anyone sticks into it.
1. Re:Autoplay by war4peace · 2018-04-28 09:49 · Score: 5, Informative
  
  Actually, no, Autoplay doesn't have to be enabled, what the researcher meant is that the OS auto-mounts the image anyway, guaranteeing the crash.
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
2. Re:Autoplay by Anonymous Coward · 2018-04-28 10:13 · Score: 0
  
  Thanks for the info. I was trying to burn the PoC tinyntfsimg (10 MB) file into a USB, but can't trigger the BSOD on XP.
  Seems this crash requires that the OS itself auto-mounts the 10mb img. XP doesn't have this feature.
3. Re: Autoplay by Anonymous Coward · 2018-04-28 10:31 · Score: 0
  
  You can disable that with a registry key or run diskpart and use the automount disable command.
4. Re: Autoplay by Anonymous Coward · 2018-04-28 10:31 · Score: -1
  
  Windows XP also doesn't know or understand what an NTFS filesystem is anyway. Nice trolling ðY£
5. Re:Autoplay by Anonymous Coward · 2018-04-28 10:33 · Score: -1
  
  > I was trying to burn the PoC
  We're gonna have to work on phrasing before this site gets mistaken for one of those ultra right wing racist havens or something
6. Re: Autoplay by toadlife · 2018-04-28 10:46 · Score: 4, Informative
  
  Windows XP also doesn't know or understand what an NTFS filesystem is anyway
  NTFS is XP's default filesystem.
  
  --
  I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
7. Re: Autoplay by Anonymous Coward · 2018-04-28 10:50 · Score: 0
  
  Your trolling is weak: https://support.microsoft.com/en-us/help/307889/how-to-create-and-use-ntfs-mounted-drives-in-windows-xp-and-in-windows
8. Re: Autoplay by Anonymous Coward · 2018-04-28 10:53 · Score: 0
  
  You don't know what you're talking about, kid.
9. Re:Autoplay by Anonymous Coward · 2018-04-28 11:48 · Score: -1
  
  > I was trying to burn the PoC
  We're gonna have to work on phrasing before this site gets mistaken for one of those ultra right wing racist havens or something
  Violence is most definitely not the answer. Awareness is. This is a well researched presentation on what actually causes the phenomenon known as racism. It focuses on profiling and why it happens. It's interesting because it includes data from multiple countries, some of which had no history of slavery, colonialism, or anything like Jim Crow. It's refreshing to see this kind of topic discussed in a dispassionate, factual manner.
10. Re:Autoplay by Anonymous Coward · 2018-04-28 12:29 · Score: -1
  
  Daily reminder:
  Person of Color = Currently orthodox politically correct term for non-whites
  Colored Person = The most racist term since Ni**erkike McOvendodger
11. Re:Autoplay by Anonymous Coward · 2018-04-28 12:57 · Score: -1
  
  Daily reminder:
  Person of Color = Currently orthodox politically correct term for non-whites
  Colored Person = The most racist term since Ni**erkike McOvendodger
  Related note:
  Black males killing other black males accounting for over 50% of all US murders: whitey's fault.
  Black males refusing to father their own children over 80% of the time: whitey's fault.
  Black females having one of the highest obesity rates even in the US: whitey's fault.
  A black male getting shot because he physically fought with a cop and tried to take the cop's gun: whitey's fault.
  Blacks being 12 times more likely to murder whites than the odds of whites murdering blacks: whitey's fault.
12. Re:Autoplay by Anonymous Coward · 2018-04-28 14:17 · Score: -1
  
  Racism is a natural and in-built judgement response. Everybody discriminates against things every minute of every day. Racism is no different.
  It's just a matter of people who are honest and admit they carry racism and those who are dishonest and pretend like they don't ever have such feelings. Admitting that you're racist doesn't mean you have to go out and do horrible things or treat people like crap. It just means that in the back of your mind, you are glad that you are who you are.
13. Re:Autoplay by Anonymous Coward · 2018-04-28 14:29 · Score: -1
  
  I am not white and I don't get offended by terms like "coloured people". I think anyone who does is feigning outrage and looking to stir up trouble.
  Oh and white people, please stop trying to tell us non-whites what is and isn't offensive to us. When you do that, you are actually being more offensive than any racial slur could ever be.
14. Re:Autoplay by EETech1 · 2018-04-28 14:58 · Score: 0
  
  I'm not a racist, I even have a color TV!
15. Re:Autoplay by Anonymous Coward · 2018-04-28 15:19 · Score: -1
  
  I am not white and I don't get offended by terms like "coloured people". I think anyone who does is feigning outrage and looking to stir up trouble.
  That's great. Now go explain that to everyone at CNN et. al. the next time they spend an entire week crying about how racist Trump is because he was caught on camera frowning in the general direction of a black person.
16. Re:Autoplay by Anonymous Coward · 2018-04-28 15:57 · Score: -1, Offtopic
  
  Racism is a natural and in-built judgement response. Everybody discriminates against things every minute of every day. Racism is no different.
  It's just a matter of people who are honest and admit they carry racism and those who are dishonest and pretend like they don't ever have such feelings. Admitting that you're racist doesn't mean you have to go out and do horrible things or treat people like crap. It just means that in the back of your mind, you are glad that you are who you are.
  The rubber meets the road here: in the end, when a 7% minority (black males) commit the vast majority of all investigated (FBI crime stats) robberies, rapes, assaults, aggravated assaults, murders, and drug crimes, well, those who care for their safety and the safety of their families have two choices. One of those choices is totally unrealistic - convince that small minority to behave in a different way. The other choice is realistic, pragmatic, and achievable: avoid them whenever possible. You can call that "racism" if you want. Really though it's just pattern recognition.
  What's very interesting is that blacks do this throughout the world. They do this in black-run nations. They do this in white nations that never had a history of slavery or systematic oppression. They do this in white nations that did have slavery and/or systematic oppression. They do this everywhere. Contrast this with the track record for Asian immigrants or Native Americans (who also faced terrible oppression) or Jews (same). You don't see those topping the crime charts in stark disproportion to their population numbers. This is telling. Again, it's pattern recognition.
  Pattern recognition is all about cold hard facts and stats. It has nothing to do with what you might like things to be. It boils down to whether you want to make rational decisions that affect yourself and your family or whether you want to live in a fantasy world like the child who talks about the Tooth Fairy or Santa Claus. It's time to grow up.
  Another funny thing: as Jim Crow laws were repealed, as affirmative action was enabled, as "racism" became synonymous with "pure evil", well during this time, black crime has steadily INCREASED. Really puts the lie to the whole "because we have been oppressed" idea.
17. Re: Autoplay by Z00L00K · 2018-04-28 16:30 · Score: 1
  
  Still Autoplay is one of the worst features ever from a security perspective.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
18. Re:Autoplay by coastwalker · 2018-04-28 20:05 · Score: 2, Interesting
  
  Offtopic but racism damages society so the comment needs a response. Trump is not racist because he frowns at black people. Trump is racist because he encourages racism in his voting base. "Mexicans are rapists and drug dealers" "there are faults on both sides" "Ban on all Muslims until we figure out what is going on" etc.
  His administration goes all out to increase conflict just like a tooth and claw business does in the capitalist economy. Politics is not like business in the capitalist economy because crushing your enemy does not just inconvenience another bunch of shareholders - it kills people in genocides. Whatever good Trump does is undone by this pointless increase in fear and hatred.
  Re the NTFS vulnerability, does anyone know if and when Microsoft can provide a bug fix for it?
  
  --
  Facts are history now plebs have politics for religion on social media.
19. Re: Autoplay by thegarbz · 2018-04-28 20:38 · Score: 1
  
  Still this isn't auto play, and every modern desktop OS mounts the image when plugged in. Happens on Macs, happens on Linux too.
20. Re: Autoplay by Z00L00K · 2018-04-28 20:55 · Score: 1
  
  I'm fully aware of that this was automount, but Autoplay is even worse.
  It's also one thing to crash a computer another to inject malware. If it had been possible to inject malware through the automount then it would be really bad.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
21. Re: Autoplay by Anonymous Coward · 2018-04-28 23:52 · Score: 0
  
  Wrong. It takes some effort to set up automounting. Some distros (debian, maybe others) do this, but not all.
22. Re:Autoplay by Anonymous Coward · 2018-04-29 01:10 · Score: -1
  
  A country that does not control its borders cannot exclude rapist, drug dealers, gang members or any other criminal. Is our immigration system broken? Yes. Can it be fixed without securing the borders? No.
  I know people who attend school in Virginia. When a bunch of racists, black racists and white racists come to their town from out of state to riot both sides need to be called out.
  Side issue. Civil War statues need to remain in place. They need a big sign placed on them revealing that they were erected by members of the Democratic party. Than same party that started the Civil War to defend slavery, supported Jim Crow and stopped Eisenhower from passing the Civil Rights Act for years, so that Republicans wouldn't get the credit for it, and the party that has kept blacks and other minorities down for decades by keeping them dependent.
  When members of a group tell me that the goal of their life is to destroy me I generally believe them. Especially when they have killed people both domestically and in other countries.
23. Re: Autoplay by Highdude702 · 2018-04-29 02:11 · Score: 1
  
  Some peoples children. My thoughts when I read it was "Windows XP was the first consumer OS from microsoft to have NTFS" And maybe even the first period? i was kind of young when it came out.
24. Re: Autoplay by Highdude702 · 2018-04-29 02:35 · Score: 1
  
  Actually, I run Debian, and have ran variants for years. They do not automount, they read the disk structure, and you have to actually click mount to mount the drive. And from command line you have to also be root.
25. Re: Autoplay by thegarbz · 2018-04-29 04:08 · Score: 1
  
  I said modern desktop OS :-P
  Mind you the entire topic really is quite moot. If someone can get to a position where they can insert the USB stick to crash your system they could just as well simply turn off the power and move on with their lives :)
  Incidentally Debian used to offer auto-mounting via udev but systemd broke that functionality ...
26. Re: Autoplay by Anonymous Coward · 2018-04-29 04:16 · Score: 0
  
  If someone can get to a position where they can insert the USB stick to crash your system they could just as well simply turn off the power and move on with their lives
  Yeah, almost. I'm sure you have heard of those people who find a USB storage device in the parking lot or on the floor somewhere and then plug it into their computers? Yep, that will happen with this.
27. Re: Autoplay by Highdude702 · 2018-04-29 04:27 · Score: 1
  
  Do you not consider it modern because its stable? Modern hardware(R7-1700 + GTX1070 + NVME Drive) handles anything i can think of throwing at it. I know its popular to rip on Systemd, I personally have never had an issue with it. Sure I don't like the way it logs. Pain in the ass IMO. Other than that its pretty stable. And if you don't like it, you can spend the time to remove it and use whatever you wish. Power of Linux!
  But seriously I don't think I have ever had a Linux OS that would mount a USB drive on its own if you inserted it, unless you previously set it up that way.
28. Re: Autoplay by Ilgaz · 2018-04-29 07:08 · Score: 1
  
  I remember how much I flamed Linux for not auto mounting removable media back in 90s. Now, almost all of them does.
29. Re: Autoplay by Anonymous Coward · 2018-04-29 07:34 · Score: 0
  
  And maybe even the first period?
  No, it wasn't the first. Windows NT 3.1 from about 8 years before XP was the first, even if it wasn't a consumer OS.
30. Re:Autoplay by Anonymous Coward · 2018-04-29 07:42 · Score: 0
  
  Seems this crash requires that the OS itself auto-mounts the 10mb img. XP doesn't have this feature.
  Interesting. It seems that my XP installation has this feature. It happily automounts every supported filesystem present on a USB stick when I insert it, be it FAT, FAT32 or NTFS (haven't tried with exFAT, though).
31. Re: Autoplay by thegarbz · 2018-04-29 10:41 · Score: 1
  
  Do you not consider it modern because its stable?
  It was a joke. Lighten up a bit man, you'll work yourself up a stroke at this rate.
  
  But seriously I don't think I have ever had a Linux OS that would mount a USB drive on its own if you inserted it
  Shit Mandravia did it back before the USB days for CDs. It blew my mind to think Linux at the time was trying to be user friendly. Anyway I grew up since then.
  Pretty much every desktop with Gnome does it too since it's a Gnome default to automount CDs and USB. You can control it via dconf: org.gnome.desktop.media-handling.
32. Re: Autoplay by fuzzywig · 2018-04-29 20:24 · Score: 1
  
  Mint automounts USB drives, although Mint is very much a desktop/ease-of-use focused distro.
33. Re: Autoplay by Highdude702 · 2018-04-29 23:31 · Score: 1
  
  I never liked mandrake much and rarely used it. normally stuck with RHEL's and Debian based distros.
  
  Pretty much every desktop with Gnome does it too since it's a Gnome default to automount CDs and USB
  That makes sense why I haven't noticed it, I haven't used Gnome since the late 90's. Im a KDE Fan. And KDE would never mount anything I didn't explicitly tell it to. Gnome has been worthless since version 2. Gnome 3 IMO isn't even usable. Worse than windows 10.
34. Re: Autoplay by Highdude702 · 2018-04-29 23:39 · Score: 1
  
  The closest I have come to "Easy As Windows" Linux Distros is Ubuntu with KDE. I have never personally used mint past an install for a friend/family member. And that was just to get them started on something I heard was easy to learn on to keep the headache off of me lol. It worked rather well I guess as i rarely get the call of "How do I do this, I have already googled and cant figure it out" You know what they say. Set a man on fire, He will think you're Microsoft, Teach a man to Fire, And he will Compile on his own. well im paraphrasing. but you get my drift. I currently use Debian 9, with KDE. I would guess the main reason I dont rage at this behavior is because i have basically exclusively used KDE for so long, that I didn't notice some of the stupid crap other DE maintainers are doing on the linux platform. For anybody not wanting stupid crap like Auto Mounting on by default, I strongly suggest try KDE.
Topsy turvy by arth1 · 2018-04-28 09:40 · Score: 1, Troll

Wake me up when someone publishes something that's guaranteed not to crash Windows...
1. Re:Topsy turvy by Insanity+Defense · 2018-04-28 09:46 · Score: 0
  
  A/ Don't install Windows, B/ Don't boot into Windows. No crashes from Windows either way.
2. Re:Topsy turvy by greenwow · 2018-04-28 10:31 · Score: 1
  
  Some of the Windows programmers I work with certainly know how to do this.
3. Re:Topsy turvy by Sanat · 2018-04-28 13:36 · Score: 1
  
  Times apparently have changed... Not too long ago this post would have been marked "funny"...
  
  --
  And in the end, the love you take is equal to the love you make
4. Re:Topsy turvy by Cederic · 2018-04-29 05:54 · Score: 1
  
  It made me smile too.
  Kids these days, etc..
I've discovered another physical access eploit by Anonymous Coward · 2018-04-28 09:49 · Score: 0

Mine is guaranteed to bring down any system regardless of OS: Strap C4 to it and detonate.
USB by amiga3D · 2018-04-28 09:50 · Score: 1, Informative

USB is problematic anyway. Where I worked if you inserted a flash drive into a computer it would lock you out and send an alert to security. Good way to get fired.
1. Re:USB by Anonymous Coward · 2018-04-28 09:57 · Score: 0
  
  Gee, if only there were some way to connect storage devices to a computer, which didn't offer the ability to infect and destroy the system.
  Maybe someday, we'll see such advances in computing technology, that systems can be designed and engineered to not be vulnerable by default!
2. Re:USB by volodymyrbiryuk · 2018-04-28 10:17 · Score: 2
  
  Pff what a joke. Where I worked if you inserted a flash drive into your computer they sent in Droidekas to exterminate everyone in the room.
  
  --
  sudo rm -r -f --no-preserve-root /
3. Re:USB by TeknoHog · 2018-04-28 10:41 · Score: 1
  
  Gee, if only there were some way to connect storage devices to a computer, which didn't offer the ability to infect and destroy the system.
  USB wasn't intended for storage devices to begin with. It was meant for relatively simple/stupid peripherals like keyboards, mice and sound cards. If it only had stayed that way instead of trying to emulate real interfaces like Firewire, things would be perfectly safe. Sure, you could whip up a stick that acts as a keyboard, perhaps with its own remote control. But in that perfect world with no USB storage sticks, who would try and use it? Naah, real men would plug in keyboards they find lying on the parking lot.
  
  --
  Escher was the first MC and Giger invented the HR department.
4. Re:USB by GerryGilmore · 2018-04-28 10:54 · Score: 1
  
  Sorry, but you are wrong. The original USB spec (https://en.wikipedia.org/wiki/USB) had 2 data rates, one low-speed for keyboards, etc. and a second, higher data-rate spec specifically for disk drives.
  To me, the whole auto-play thing is bizarre and ridiculous from any basic security standpoint. In high-security situations, they (USB drives) can/arguably-should be blocked whether physically or at the OS level.
5. Re:USB by Anonymous Coward · 2018-04-28 10:59 · Score: 0
  
  Where I work if you inserted a flash drive into a computer, the flash drive would work correctly.
  That's because we have real security in place and we can easily handle trivial things like the use of flash drives. Your network administrator and IT department need to be fired and replaced with people who know what they are doing.
6. Re:USB by toadlife · 2018-04-28 11:44 · Score: 3
  
  That's because we have real security in place and we can easily handle trivial things like the use of flash drives. Your network administrator and IT department need to be fired and replaced with people who know what they are doing.
  Where the parent works and where you work probably have drastically different security, privacy and regulatory requirements.
  
  --
  I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
7. Re:USB by Khyber · 2018-04-28 14:06 · Score: 2
  
  "Your network administrator and IT department need to be fired and replaced with people who know what they are doing."
  You go into any casino talking that nonsense and the Gaming Commission of almost every state, if not the Feds, would utterly rape you in court and then bar you from ever working in that field ever again.
  There are places where full physical security of the device is an absolute requirement, right down to every port being behind a physically-locked plate and literally every cable tied down and locked.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
8. Re:USB by cavreader · 2018-04-28 14:21 · Score: 1
  
  "There are places where full physical security of the device is an absolute requirement, right down to every port being behind a physically-locked plate and literally every cable tied down and locked."
  This certainly didn't protect Iran's centrifuge lab. Stuxnet was delivered to the lab on a memory stick. Just goes to show where there's a will there is always a way.
9. Re:USB by tlhIngan · 2018-04-28 20:22 · Score: 1
  
  To me, the whole auto-play thing is bizarre and ridiculous from any basic security standpoint.
  This is not an auto-play bug. Auto play is disabled by default nowadays.
  The problem happens before auto-play - basically you present a filesystem so corrupted that the filesystem driver aborts, which causes the kernel to stop. Windows happens to try to mount every partition it can automatically, so if you present a filesystem so corrupt it aborts the filesystem driver, it can kill the kernel.
  Of course, Linux is somewhat safer in this respect - given the kernel behavior isn't to mount filesystems. However, it's not much of a safety net - unless you were plugging it in for another reason, presumably you were intending to access the disk and will need to mount it at some point. Of course, depending on the filesystem driver, some can crash, others will simply fail.
  Anyhow, I remember this from NT4 days - where there was a specific STOP code similar to "NTFS_FAILED_TO_MOUNT". Yes, NT4 would BSOD if it couldn't mount an NTFS partition. Had this happen with a failing secondary (backup) disk. The disk would read a few sectors fine, then return errors and Windows was not happy with that. Obviously for Windows 2000, Microsoft had to fix this error - the era of external disks meant you can't simply BSOD every time you had a corrupt filesystem, because that would be a really common event.
10. Re:USB by amiga3D · 2018-04-28 20:33 · Score: 1
  
  The reason they didn't want flash drives connected was to avoid people copying files to them.
11. Re:USB by Rockoon · 2018-04-28 21:32 · Score: 1
  
  USB wasn't intended for storage devices to begin with.
  Even if this were true (it isn't) you are grossly naive.
  
  It was meant for relatively simple/stupid peripherals like keyboards, mice and sound cards.
  The USB mass storage class (USB MSC) is close to the safest of them.
  
  A rogue USB device that declares itself a keyboard (HID) can do pretty much anything it wants to your machine, such as open a terminal window, write some code into a source file, compile it, and then execute it.
  
  This isnt just speculation.. it was labeled "BadUSB" and was one of the main topics at the Black Hat USA conference in 2014: here is a video of one of the talks.
  
  But thats for playing the "I'm know I'm ignorant but I am still going to act like an expert" game... YOU WIN!
  
  --
  "His name was James Damore."
12. Re:USB by Anonymous Coward · 2018-04-28 23:55 · Score: 0
  
  What happened if you inserted a USB drive that pretends to be a keyboard, while actually just running a script that creates the executable on the PC and then executes it?
  Would they alert security about that?
13. Re:USB by Highdude702 · 2018-04-29 02:43 · Score: 1
  
  There are places where full physical security of the device is an absolute requirement, right down to every port being behind a physically-locked plate and literally every cable tied down and locked.
  Well, you have apparently never been anywhere important in a casino, I frequent casinos for work in vegas all the time. That is not how it is.
14. Re:USB by Anonymous Coward · 2018-04-29 04:21 · Score: 1
  
  If it only had stayed that way instead of trying to emulate real interfaces like Firewire, things would be perfectly safe
  OK, I may be missing some really well hidden sarcasm here but it is hard to take you seriously when you say things like that. Perhaps you meant Thunderbolt? Because Firewire is so insecure everyone recommends that you disable it on the few devices that still have it. Firewire's design was a security nightmare from the start. The devices are peers and can read and in some cases write each other's memory. It became trivial to create a device that would log you on to a Windows machine as an admin by just plugging it in because it could write to the memory on the PC. By comparison USB is much more secure. At least there you have a concept of a host and a device - they are not peers.
15. Re:USB by Khyber · 2018-04-29 04:47 · Score: 1
  
  "I frequent casinos for work in vegas all the time"
  Try California where we are a whole lot more strict, and even simply changing your lighting in a casino from incandescent to LED requires a full review from the GC.
  I install the lighting. I have to chat with CAGC every single fucking time.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
16. Re:USB by Cederic · 2018-04-29 06:00 · Score: 1
  
  That's so sweet. Flash drives are sooo trivial. You fucking muppet.
17. Re: USB by Brockmire · 2018-04-29 13:36 · Score: 1
  
  Presumably because someone put cameras in a light fixture at some point.
Another exploit by Anonymous Coward · 2018-04-28 09:53 · Score: 2

I've found another similar exploit.
If you pull on the flexible plastic tube that link the computer to the wall, the computer will abruptly shutdown without warning. Sometimes, you may even *corrupt* the file system, if you time it right! And Microsoft refuses to acknowledge this as a severe vulnerability! Crazy!
1. Re:Another exploit by Anonymous Coward · 2018-04-28 10:17 · Score: 0
  
  Nope. if you're using a laptop, pulling the plug won't shutdown your computer.
2. Re: Another exploit by Brockmire · 2018-04-29 13:39 · Score: 1
  
  Plastic tube? Wtf are you talking about? What fucking backwards nation are you from?
3. Re: Another exploit by toadlife · 2018-05-01 08:50 · Score: 1
  
  Plastic tube? Wtf are you talking about? What fucking backwards nation are you from?
  Well, it's actually a series of tubes.
  
  --
  I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Strange by AndyKron · 2018-04-28 09:55 · Score: 2

That's strange. My computer always asks me what I want to do when I put a USB drive in, and I never changed the default.
1. Re:Strange by Anonymous Coward · 2018-04-28 10:21 · Score: 1
  
  Well, go ahead and build this USB image and plug it in
  Windows will ask you something, alright: whether IRQL is not less or equal
2. Re:Strange by Anonymous Coward · 2018-04-28 18:23 · Score: 0
  
  Today a million Windows users learn the difference between mounting a volume and 'autoplaying' it.
3. Re:Strange by phantomfive · 2018-04-28 19:33 · Score: 1
  
  I'll bet it does that after it mounts it.
  
  --
  "First they came for the slanderers and i said nothing."
4. Re:Strange by thegarbz · 2018-04-28 20:40 · Score: 1
  
  Notice that it asks you what you want to do while looking at the files and proposing things such as opening the pictures on it?
  This isn't about auto-play, it's about auto-mount, something that every desktop OS does.
how long before someone makes it portable by Anonymous Coward · 2018-04-28 09:55 · Score: 0

and makes an .iso or .img or some other sort of file that can be downloaded disguised as something else, and when the user clicks on it and it BSODS their windows
1. Re:how long before someone makes it portable by Anonymous Coward · 2018-04-28 10:37 · Score: 0
  
  Don't breed. You're a moron.
How about some real references, EditorDavid? by Anonymous Coward · 2018-04-28 10:05 · Score: 0

Like to the actual proof of concept, instead of to the top website in your internet explorer favourites.
Just tried it by TheDarkener · 2018-04-28 10:05 · Score: 4, Interesting

Doesn't work, at least on a (since Jan 2018) unpatched Win7 Home Premium system. "The file or directory is corrupt and unreadable" when trying to access the drive even. Maybe I have to patch it?

--
It is pitch black. You are likely to be eaten by a grue.
1. Re:Just tried it by TheDarkener · 2018-04-28 10:07 · Score: 1
  
  Note that it was x86 Windows install, not sure if that has anything to do with it.
  
  --
  It is pitch black. You are likely to be eaten by a grue.
2. Re:Just tried it by Anonymous Coward · 2018-04-28 10:12 · Score: 1
  
  It was already patched via an update... Without credit to Tivadar.
3. Re:Just tried it by Anonymous Coward · 2018-04-28 10:27 · Score: 0
  
  which usually means it was reported by someone else first or they had already discovered it also or he broke the conditions of disclosure required to be credited.
4. Re:Just tried it by Anonymous Coward · 2018-04-28 11:21 · Score: 0
  
  Wait, let me email the file to you. It'll work that way too.
Won't be fixed by Anonymous Coward · 2018-04-28 10:25 · Score: 1

even if the computer is in a locked state
I feel this bug won't be fixed by M$ because this is a very important feature for authorities. This is an intentional feature so TLA can just stick-in their USB toolkit and unlock any machines at will at checkpoints and airports.
Sorry, this is a secret feature and NOT A BUG.
1. Re: Won't be fixed by Brockmire · 2018-04-29 13:44 · Score: 1
  
  You are an idiot.
2. Re:Won't be fixed by fuzzywig · 2018-04-29 20:29 · Score: 1
  
  Windows isn't running any code on the USB drive, it's just trying to mount the file system (OSX does the same, some Linux distros do too). The problem is that it's possible to crash the file-system driver and crash the whole computer.
Foolish Hackers by Anonymous Coward · 2018-04-28 10:58 · Score: 0

Don't they know that it doesn't take any exploit to BSOD a Windows machine. They come that way straight from the shop.
1. Re: Foolish Hackers by Brockmire · 2018-04-29 13:45 · Score: 1
  
  Then return it, it's defective hardware. Oh, you thought you were being funny? Shit man, you're hilarious! Can't wait for your comedy special.
Well ... by jmccue · 2018-04-28 11:04 · Score: 1

Well it is a way quick to turn off a Windows PC
Well makes for a great system lock
Well at least the screen looks scary, with that on the PC at Starbucks, no one will steal the laptop
I will be here all week, tip the waitresses
1. Re: Well ... by Brockmire · 2018-04-29 13:47 · Score: 1
  
  It doesn't turn off the PC. Work on your set a bit more.
"unstated ability to get access to systems" by NZheretic · 2018-04-28 11:23 · Score: 1

Transcript of Internet Caucus Panel Discussion. Re: Administration's new encryption policy.
Date: September 28, 1999.
Weldon statement.

Rep. Curt Weldon : Thank you. Let me see if I can liven things up here in the last couple of minutes of the luncheon. First of all, I apologize for being late. And I thank Bob and the members of the caucus for inviting me here.
...
But the point is that when John Hamre briefed me, and gave me the three key points of this change, there are a lot of unanswered questions. He assured me that in discussions that he had had with people like Bill Gates and Gerstner from IBM that there would be, kind of a, I don't know whether it's a, unstated ability to get access to systems if we needed it., Now, I want to know if that is part of the policy, or is that just something that we are being assured of, that needs to be spoke. Because, if there is some kind of a tacit understanding, I would like to know what it is.
Because that is going to be subjected to future administrations, if it is not written down in a clear policy way. I want to know more about this end use certificate. In fact, sitting on the Cox Committee as I did, I saw the fallacy of our end use certificate that we were supposedly getting for HPCs going into China, which didn't work. So, I would like to know what the policies are. So, I guess what I would say is, I am happy that there seems to be a comming together. In fact, when I first got involved with NSA and DOD and CIS, and why can't you sit down with industry, and work this out. In fact, I called Gerstner, and I said, can't you IBM people, and can't you software people get together and find the middle ground, instead of us having to do legislation.
...
Concidence? by SurenEnfiajyan · 2018-04-28 11:33 · Score: 1

Hmm, interesting... In 2013 a Windows kernel developer expressed his opinion about NTFS source code.

Oh god, the NTFS code is a purple opium-fueled Victorian horror novel that uses global recursive locks and SEH for flow control. Let's write ReFs instead. (And hey, let's start by copying and pasting the NTFS source code and removing half the features! Then let's add checksums, because checksums are cool, right, and now with checksums we're just as good as ZFS? Right? And who needs quotas anyway?)
The full article.
It's not auto-play it's auto-mount by Anonymous Coward · 2018-04-28 11:40 · Score: 0

It's not auto-play, it's auto-mount. Something that Mac and your beloved Linux Machines will do, too.
1. Re:It's not auto-play it's auto-mount by PPH · 2018-04-28 12:16 · Score: 1
  
  Linux
  Not by default. At least my Debian system won't. I get an icon and then I've got to mount it manually. If I lock my screen/keyboard, plugging in a USB drive does nothing.
  
  --
  Have gnu, will travel.
2. Re:It's not auto-play it's auto-mount by techno-vampire · 2018-04-28 14:25 · Score: 1
  
  I run Fedora and Xfce and what happens is configurable. I think that automount is the default, but it's only a few mouse clicks to change it.
  
  --
  Good, inexpensive web hosting
Be GLAD I'm no malware maker: Why? by Anonymous Coward · 2018-04-28 11:56 · Score: 0

See subject & on the subject of FILESYSTEMS in general: I'd create a slow insidious method that would be hard to id:
Zerobyte length file creation @ high speed!
This INEVITABLY floods masterfiletables out eating up ALL diskspace on ANY filesystem!
* You're possibly thinking "How could a file w/ no length do that?" - it wouldn't. Entries in masterfiletables, afaik, are NEVER PURGED & grow unstoppably the more entries they gain, never undoing deleted files (which is also why NTFS/HPFS you-name-it-FS, afaik, can also show 'guiltyness' during forensic analysis, despite deletion of files (yes, even by tools like 'bleachbit' etc.)).
* Feel free to correct me IF I am off/wrong guys - it's been a LONG while since I looked @ things @ that level (filesystems).
APK
P.S.=> No, I instead chose to create tools that help folks https://it.slashdot.org/comments.pl?sid=12027433&cid=56500021/ vs. threats... apk
1. Re:Be GLAD I'm no malware maker: Why? by Anonymous Coward · 2018-04-28 17:47 · Score: 0
  
  Stop lying you stupid fuck. If your malware is on par with your security solution it would be easily defeated. Likely by small retarded children. How about you overstate your abilities some more so everyone can mock you in this thread as well.
Not impressed... by Archfeld · 2018-04-28 13:00 · Score: 1

What is the point ? If I have physical access to the machine I can induce the equivalent of a BSOD by unplugging the fsck'n thing. Why bother with a USB stick to make it crash ? Seems like an exercise in stupidity. I've discovered that I can crash your computer even if locked if I can get physical access to it by picking it up off the shelf and throwing it to the floor. Rinse, repeat....

--
errr....umm...*whooosh* *whoosh* Is this thing on ?
1. Re:Not impressed... by Ol+Olsoc · 2018-04-28 13:12 · Score: 1
  
  What is the point ? If I have physical access to the machine I can induce the equivalent of a BSOD by unplugging the fsck'n thing. Why bother with a USB stick to make it crash ? Seems like an exercise in stupidity. I've discovered that I can crash your computer even if locked if I can get physical access to it by picking it up off the shelf and throwing it to the floor. Rinse, repeat....
  I think if you thought about it a while, you might find that if you wanted to do some damage, that thumb drive might allow you to walk in, plug in, BSOD, and walk out without destroying anything at the scene of the crime. Think about it.
  I notice you didn't have a similar "This is no problem" for the social engineering aspect.
  I know that it is fashionable to believe that Windows has no problems, but seems like it's taking denial these days to exonerate the Perfect OS.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
2. Re:Not impressed... by Archfeld · 2018-04-28 15:03 · Score: 1
  
  Wouldn't unplugging the machine do the same thing ? I can't think of ANY OS that doesn't have 'problems', and I've worked on more than my fair share, from DOS/VSE, to OS/360, to VM/XA,, TMDS, OS/2, Windows, Unix, Linux, Solaris, and many others, classified as programming languages and/or OS's. The so called 'social engineering' aspect is beyond the hacking aspect. You can educate the ignorant, but stupid is forever, besides how do you socially engineer someone to put a USB stick with some code into a machine unless you could get the stick to them somehow, and what are the odds of that ??
  
  --
  errr....umm...*whooosh* *whoosh* Is this thing on ?
3. Re:Not impressed... by phantomfive · 2018-04-28 19:35 · Score: 1
  
  Worth adding that a crash can often be turned into an exploit with a little work..
  
  --
  "First they came for the slanderers and i said nothing."
4. Re:Not impressed... by Ol+Olsoc · 2018-04-29 01:47 · Score: 1
  
  Wouldn't unplugging the machine do the same thing ?
  Oh hell, let's just call it a Windows feature.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
5. Re:Not impressed... by Ol+Olsoc · 2018-04-29 02:17 · Score: 1
  
  Worth adding that a crash can often be turned into an exploit with a little work..
  Exactly.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
6. Re:Not impressed... by suutar · 2018-04-30 07:39 · Score: 1
  
  unplugging the computer doesn't lead to buffer overflow exploits. Breaking the kernel can (though this one doesn't seem to yet).
7. Re:Not impressed... by hoggoth · 2018-05-04 07:10 · Score: 1
  
  > how do you socially engineer someone to put a USB stick with some code into a machine
  "Hi, I'm here for an interview. Oh shoot I spilled coffee on my resume. Could you please print a copy for me? It's on this thumbdrive."
  
  --
  - For the complete works of Shakespeare: cat /dev/random (may take some time)
8. Re:Not impressed... by Archfeld · 2018-05-04 09:00 · Score: 1
  
  There would be another available opening if anyone mounted a USB stick of any sort, let alone one brought on site by non employee. I've been to places that have USB ports disabled or had local mice plugged in and had locked covers over the input to prevent adding anything. But I generally don't work for very small offices so I guess that kind of stuff must still occur.
  
  --
  errr....umm...*whooosh* *whoosh* Is this thing on ?
Wait...What? by Ol+Olsoc · 2018-04-28 13:06 · Score: 1

Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user).
So physical access and social engineering aren't problems now?

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
1. Re:Wait...What? by Daltorak · 2018-04-28 13:15 · Score: 2
  
  Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user).
  So physical access and social engineering aren't problems now?
  Theft and idiocy are not things that can be fixed with software updates.
2. Re:Wait...What? by Anonymous Coward · 2018-04-28 16:19 · Score: 0
  
  Pretty much every Windows update is to fix a security hole that can be exploited by a stupid person downloading and opening/executing random shit from the internet. They probably downgraded its severity because fixing it would close a hole that law enforcement has used successfully in the past.
3. Re: Wait...What? by Z00L00K · 2018-04-28 16:34 · Score: 1
  
  If you find an USB stick somewhere - aren't you curious about the content?
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
4. Re: Wait...What? by Anonymous Coward · 2018-04-28 17:01 · Score: 0
  
  No, because some of us are aware of USB kill sticks.
5. Re:Wait...What? by thegarbz · 2018-04-28 20:45 · Score: 1
  
  So physical access and social engineering aren't problems now?
  Not ones warranting rolling out fixes to prevent an otherwise secure computer from crashing and remaining secure.
6. Re:Wait...What? by Dog-Cow · 2018-04-28 22:19 · Score: 1
  
  If you were literate, you'd know "downgraded" is not the same as "we're going to ignore it".
7. Re:Wait...What? by Ol+Olsoc · 2018-04-29 01:44 · Score: 1
  
  Microsoft downgraded the bug's severity because exploiting it requires either physical access or social engineering (tricking the user).
  So physical access and social engineering aren't problems now?
  Theft and idiocy are not things that can be fixed with software updates.
  Go onto a college campus, or perhaps a library. Computers everywhere. Or a Doctors office. I understand perhaps your idea of computer security might be armed guards with orders to terminate with extreme prejudice anyone that gets with in a ten meter kill zone of the computer - but hey, if you are willing to accept the idea that your computer can be BSOD'd with a simple geek stick, then call it a feature. Much damage can be done that does not require your break the computer sens of how things are done.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
8. Re: Wait...What? by Ol+Olsoc · 2018-04-29 01:55 · Score: 1
  
  No, because some of us are aware of USB kill sticks.
  Some people are aware, some people are not. I've personally seen computers owned by geek sticks handed out at trade shows. Weird that Windows fans would stand in defense of a big problem by re-defining it as no problem.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
9. Re: Wait...What? by Ol+Olsoc · 2018-04-29 02:02 · Score: 1
  
  If you find an USB stick somewhere - aren't you curious about the content?
  I used to keep a sacrificial Windows machine around for the very purpose of plugging in suspect CDs and thumb drives.
  Pop 'em in, and see what happens.
  A lot of people don't realize how many of us have been exploited.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
10. Re:Wait...What? by Ol+Olsoc · 2018-04-29 03:56 · Score: 1
  
  If you were literate, you'd know "downgraded" is not the same as "we're going to ignore it".
  Okay - when is the projected fix date? I've heard "downgraded" a lot over the years. It means very well we're going to ignore it.
  Otherwise, you hear "We'll work on it after all of the other problems are fixed." Or something. Since than never happens, it means "we'll ignore it."
  It also tells me that there are a whole lot of other really critical problems going on that require immediate and intensive work on successful ongoing exploits that are sucking up all of our time.
  Either that or "we're just going to ignore it." Take your pick. Your illiterate little friend Ol Olsoc.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
11. Re: Wait...What? by Brockmire · 2018-04-29 13:54 · Score: 1
  
  What is hard for you to understand levels of severity? It's fucking explained right there. Are you not in ANY technical field where there's multiple levels of severity? Like holy fuck, that's some basic newbie type questioning. This is a fucking tech site.
12. Re: Wait...What? by Brockmire · 2018-04-29 14:04 · Score: 1
  
  Further, there's several errors in this article and misunderstanding by the researcher. Just look at the comments on bleeping computer, no one got the PoC to work.
13. Re: Wait...What? by Ol+Olsoc · 2018-04-29 14:48 · Score: 1
  
  What is hard for you to understand levels of severity? It's fucking explained right there. Are you not in ANY technical field where there's multiple levels of severity? Like holy fuck, that's some basic newbie type questioning. This is a fucking tech site.
  Sure there is various levels of severity. Would you bet 20 years of your life that this is not and will not be a problem? You don't ignor vulnerabilities. Plus, your completely dismissive attitude about this makes you a security risk. You know how many of the security incidents happen? People just like you - If you worked for me, and went into that rant, you'd have an appointment with security waiting for you the second you left my office. You are not the genius you think you are.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
14. Re: Wait...What? by hoggoth · 2018-05-04 07:13 · Score: 1
  
  Yes I am curious. That's why I boot into a Linux Live-CD and make sure my hard drive is not mounted before I plug in the thumbdrive.
  
  --
  - For the complete works of Shakespeare: cat /dev/random (may take some time)
I call shenannigans on your racist BS by davidwr · 2018-04-28 17:16 · Score: -1, Offtopic

First, I don't know what "total investigated" crimes mean, but according to the 2015 FBI crime stat, "Black or African American" represented 26.5% of total arrests. This includes women as well. Granted, that may be twice their representation in the population but it's nowhere near "a vast majority" of crimes. However, at least some of this disparity can be explained away comparing crime rates within socio-economic classes: If a socio-economic class that is heavily African-American also has a high crime rate and within that socio-economic class African-Americans commit crimes at the same rate as non-African-Americans, then your logic falls apart completely.
Looking just at the individual crimes you listed:
robberies - 53.5%, a slim majority
rapes - 28.2%
assaults - data not in chart, but "other assaults" are 30.8%
aggravated assaults - 32.1%
murders - 51% - a slim majority
drug crimes - not listed in chart, as just about any crime might be drug-related. Drug abuse violations - 27.0%, Driving under the influence (including alcohol) - 13.2% (right in line with the population)
Totalling just the measurable numbers above and leaving out drug crimes:
robberies - 39,052 of 73,023
rapes - 4,907 of 17,370
assaults - data not in chart, but "other assaults" are 254,600 of 826,920
aggravated assaults - 92,237 of 287,566
murders - includes non-negligent manslaughter 4,347 of 8,508
Total of these groups: 395143 of 1213387, or 32.5%, only slightly higher than the "other assaults" percentage, which is to be expected as that dominates this group.
Yes, 32.5% is much greater than the their overall arrest rate, and it's over 2 1/2 times their percentage of the population, which was at least 17.6% in 2015 (some Hispanics and pepole of two or more races may be African-American as well). However, much of the difference in crime rate in the United States is better attributed to socio-economic factors than anything else. To the extent that anything can be attributed to race, I strongly suspect that much of it is the legacy of "Jim Crow" and the racism of the past. I also suspect that some of it is a result of present-day racism, which, while not as prevalant as 50 years ago, still exists and still generates "defensive responses" - which in some cases may be criminal - in its victims.
The bottom line:
While your statement "those who care for their safety and the safety of their families have two choices" might actually be true if we lived in a community which matched your mistaken statistics, we don't live in such a country.
If you are going to appeal to racism on a technical forum, at least give your readers the courtesy of using statistics that are at least close to accurate. At least you did get the "7% of the population are Black males" right if you don't count Hispanics and those of more than one race, and assuming you meant the United States and not the entire world. Thank you for that much.
Oh, by the way, White people make up 82.6% of people arrested for driving under the influence, but they are 61% of the population (possibly up to 78% if all Hispanics and mult-racial people were also White).
2015 crime figures are from
https://ucr.fbi.gov/crime-in-t...
2015 population figures are from https://www.statista.com/stati...
I was unable to find a race/ethnic breakdown of licensed drivers or driving patterns of miles driven. It is possible that the high rate of White DUI arrests correspond to Whites having a higher-than-expected number of license drivers or miles driven that their percent of the population would suggest.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Eliminating Jim Crow didn't eliminate the problem by davidwr · 2018-04-28 17:28 · Score: -1, Offtopic

Another funny thing: as Jim Crow laws were repealed, as affirmative action was enabled, as "racism" became synonymous with "pure evil", well during this time, black crime has steadily INCREASED. Really puts the lie to the whole "because we have been oppressed" idea.
Things are a lot more complicated than that. If your grandparents were oppressed, your parents probably didn't have the opportunities their non-oppressed peers had. If they didn't have those opportunities, then your socio-economic status is probably lower. To the extent that certain crimes are correlated with low socio-economic status, people whose grandparents were oppressed will be over-represented in statistics for those crimes.
There is also biology at work: If your grandparents were of a low socio-economic class, whether due to racial oppression or other reasons, your parents are more likely to have low nutrition and epigenic factors that impair their ability to succeed in life compared to their peers. This means they are more likely to be in a lower socio-economic class. If they are in a lower socio-economic class, odds are you will be too. These biological factors are independent of race - they are a fuction of the value your parents and their parents placed on good nutrition and good health, the ability of them to afford nutritious food and live a healthy lifestyle, and exposure to physical stress such as pollution and psychological stress such as worrying about bills. These aren't the only factors of course. If your parents or their parents placed a high value on education and instilled those values on your parents or you, the odds of you becoming successful are higher than if they were not. This is one reason Asian immigrants tend to do better than immigrants from other countries or poor families from other ethnicites: The parents of the immigrants valued education and passed those values on to the immigrants, who passed them on to their children.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Profile by davidwr · 2018-04-28 17:38 · Score: 0

It focuses on profiling and why it happens.
I don't know about you, but I profile becase I'm lazy or pressed for time. It's unfair to those I profile for obvious reasons, but it is expedient. It's unfair to me because the false-positive and false-negative results of assuming "it fits the profile" is a proxy for whatever it is I'm really trying to measure are both non-zero.
When I have the luxury of time, I have a duty to myself and other to skip the profiling.
When time is of the essence, such as when a sportscar is approaching me very fast and weaving in and out of traffic, and I profile the driver as an idiot who doesn't know how to drive safely or doesn't care because I don't have time to find out if he actually does have the skills to weave in and out of traffic at high speeds, assume the worst and get the [bleep] out of his way. Why? I'm probably right, and if I am wrong, I'm not hurting him and it's worth the inconvenience on my part.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Ah, such "substance & value" from you (not) by Anonymous Coward · 2018-04-29 04:54 · Score: 0

See subject UNIDENTIFIABLE anonymous worm. Says it all about your "FoAmInG-@-TeH-MouTh" so-called response.
* I've thought about WHY you & "your kind" offer zero - you are ZERO, a do-nothing "ne'er-do-well", nothing more.
(You obviously WASTED your waste of a life, "trolling" vs. educating yourself... no questions asked).
APK
P.S.=> As to my work? Well, others disagree w/ you (love doing this part) shutting your dumb mouth by making you EAT YOUR WORDS yet again as always vs. me & these facts https://tech.slashdot.org/comments.pl?sid=12042539&cid=56520379/ lol - I love it! apk