This has nothing to do with C. It's not a buffer-overrun or other typical C flaw.
It's a command-injection flaw, and any language that is able to call other programs through the shell would be vulnerable, and that includes both Python and Java.
Err, why is an image processing library doing network uploads anyway?
Reading comprehension, where are you?
The image processing library does just that, process images. In some cases, it processes images that have been uploaded by users to a web site (think Facebook photo albums), and if the user maliciously uploaded a booby-trapped photo, he can now make the website execute commands that were not intended by the site operator...
"The extortion emails encourage targeted victims to Google for the Armada Collective," CloudFlare CEO Matthew Prince wrote. "I'm hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat."
Only if the attackers are as inept as their victim. If they know what they are doing, they set up a different Bitcoin address to receive the funds of each victim.
Given that the attackers can't tell who has paid the extortion fee and who has not,
Theoretically they could. Just set up a different wallet (or bitcoin address, or whatever the correct term is...) to receive the ransom for each potential victim.
But if they don't, and 2 victims compare notes, then it is easy to spot.
[not the original poster, just normal reading comprehension...]
(Probably) what he means is "Apple doesn't support more than 3 buttons on mice, unless it's their own overpriced $75 "magic mouse". Button 4 and 5 could be used (for example) for back and forward in a browser"
(Didn't even know that Macs support mice with more than one button, hehe, so 3 is already a neat progress...)
Don't reboot into the harddrive, but boot from a livecd, and try decrypting the contents from there.
User who know what a LiveCD is probably don't fall for such ransomware themselves.
At best, they are called by a friend or family member who did fall for it, but in that case, chances are said friend or family member already "cleanly" shut down their computer ("hey, I had documents open on which I worked all afternoon, I had to save them, didn't want to lose that work"), or even rebooted it once or twice ("if I call Peter right now, he'll again scold me for being so careless about opening attachments, better try to fix it myself, I can always call him later")
because their is a lot of support for reading and recognising QR so the person you send the error too doesn't need to manually type it all in maybe.
Except that the QR code does not actually contain the actual text of the error message but is just a generic URL describing how to solve blue screens in general (rather than this one specifically). Utterly useless.
This is assuming of course that the judge would be favorable to the (wrongly) accused. Which is rather unlikely, once the words "child pornography" are trotted out, especially if it is a female judge. I know a case here in Luxembourg where a guy got convicted for running dpkg --purge somepackage because the forensic "expert" convinced the (female) judge that this is a command used to hide child porn. Fortunately, his sentence got considerably reduced on appeal.
That, or he might actually just be adding to your joke/cynism rather than missing it. Note: he said "don't nuke because it spoils the very resources that the US wants", and not "don't nuke because it kills millions of innocent lives along with the handful of actual terrorists"
all communications software of this type should be able to interact with each other so all APIs should be published
Actually, there are standards and RFC for communication protocols. Just google SIP. And there's plenty of SIP clients and server too, all interoperable with each other. Of course, Skype is not SIP, but (almost) all of its competitors are, and do communicate with each other...
I know a person who uses a Yahoo account as their second email account.
I know such a shyster too. Worse: he uses Yahoo as his primary mail account. Seriously broken software. Not only does it ignore existence of carriage returns but also of spaces, and often runsseveralwordstogether.
Slashdot Mirror
It's a command-injection flaw, and any language that is able to call other programs through the shell would be vulnerable, and that includes both Python and Java.
Err, why is an image processing library doing network uploads anyway?
Reading comprehension, where are you?
The image processing library does just that, process images. In some cases, it processes images that have been uploaded by users to a web site (think Facebook photo albums), and if the user maliciously uploaded a booby-trapped photo, he can now make the website execute commands that were not intended by the site operator...
If they're not going to retaliate anyway, what's the point?
... to know whom they can hit up for more money...
"The extortion emails encourage targeted victims to Google for the Armada Collective," CloudFlare CEO Matthew Prince wrote. "I'm hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat."
... and it did: https://www.google.com/search?q=armada+collective has as a top hit Empty DDoS Threats: Meet the Armada Collective - CloudFlare
Only if the attackers are as inept as their victim. If they know what they are doing, they set up a different Bitcoin address to receive the funds of each victim.
Given that the attackers can't tell who has paid the extortion fee and who has not,
Theoretically they could. Just set up a different wallet (or bitcoin address, or whatever the correct term is...) to receive the ransom for each potential victim.
But if they don't, and 2 victims compare notes, then it is easy to spot.
Drivers... But what if some "punk" feature on your Mac prevents you from installing any drivers not blessed by Apple?
[not the original poster, just normal reading comprehension...]
(Probably) what he means is "Apple doesn't support more than 3 buttons on mice, unless it's their own overpriced $75 "magic mouse". Button 4 and 5 could be used (for example) for back and forward in a browser"
(Didn't even know that Macs support mice with more than one button, hehe, so 3 is already a neat progress...)
You can't have a pattern of one ...
Woosh! A woman can...
Why do so many Slashdot users defend ransomware criminals?
Maybe because they only attack Windows users? Just consider it as cheap education...
Don't reboot into the harddrive, but boot from a livecd, and try decrypting the contents from there.
User who know what a LiveCD is probably don't fall for such ransomware themselves.
At best, they are called by a friend or family member who did fall for it, but in that case, chances are said friend or family member already "cleanly" shut down their computer ("hey, I had documents open on which I worked all afternoon, I had to save them, didn't want to lose that work"), or even rebooted it once or twice ("if I call Peter right now, he'll again scold me for being so careless about opening attachments, better try to fix it myself, I can always call him later")
There is absolutely nothing stopping them embedding the error code in the URL of the QR code.
They could, but they don't.
because their is a lot of support for reading and recognising QR so the person you send the error too doesn't need to manually type it all in maybe.
Except that the QR code does not actually contain the actual text of the error message but is just a generic URL describing how to solve blue screens in general (rather than this one specifically). Utterly useless.
Even my 70 year old mother can do that.
My 70 year mother was taught to read when she was young. And she still masters that skill.
they didn't shoot any dogs
. Maybe because there weren't any?
No pets were shot.
Probably because the guy didn't have any...
This is assuming of course that the judge would be favorable to the (wrongly) accused. Which is rather unlikely, once the words "child pornography" are trotted out, especially if it is a female judge. I know a case here in Luxembourg where a guy got convicted for running dpkg --purge somepackage because the forensic "expert" convinced the (female) judge that this is a command used to hide child porn. Fortunately, his sentence got considerably reduced on appeal.
That, or he might actually just be adding to your joke/cynism rather than missing it. Note: he said "don't nuke because it spoils the very resources that the US wants", and not "don't nuke because it kills millions of innocent lives along with the handful of actual terrorists"
... so it's not as bad as it sounds. Unless they "upgrade" existing cars during yearly checkup.
This new machine does actually do complex chemical synthesis
Indeed, that's what the linked article says...
Me too, I just blindly assumed that it was just packaging pre-manufactured drugs (who does RTFA these days).
So, after RTFA'ing, and given the very intriguing claims, I CTFD'd, and indeed... :-)
If it is a giant meta April fool's, then there's a lot of independent, often rival, groups cooperating with one another to pull it off.
Well, "cooperating" would be one explanation. "Falling for each other's prank" would be another...
all communications software of this type should be able to interact with each other so all APIs should be published
Actually, there are standards and RFC for communication protocols. Just google SIP. And there's plenty of SIP clients and server too, all interoperable with each other. Of course, Skype is not SIP, but (almost) all of its competitors are, and do communicate with each other...
Anonymous cowards don't have karma...
I know a person who uses a Yahoo account as their second email account.
I know such a shyster too. Worse: he uses Yahoo as his primary mail account. Seriously broken software. Not only does it ignore existence of carriage returns but also of spaces, and often runsseveralwordstogether.
(n/t)