On Friday 13 November 2015 14:19:00 Piyavkin wrote: > On 12.11.2015 21:14, Ralph Katz wrote: > > On 11/11/2015 10:24 PM, Cindy-Sue Causey wrote: > > > > [...] > > > >> Brian Krebs of Krebs On Security had > >> something on ransomware and Linux, just not labeled Ransm-C or > >> anything: > >> > >> http://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your- > >>web-sites/ > >> > >> IF I'm understanding correctly, he appears to have updated that > >> article with a *potential* way to beat it via a *potential* > >> vulnerability.... at least until the perpetrators upgrade their own > >> tactics, anyway. > >> > >> I like what Brian's been doing. I can cognitively understand a LOT > >> of what he writes about. He's caught SlashDot's eye a time or two, > >> too. > >> > >> Adding another keyword here, Linux.Decoder.1, which Brian says was > >> a name dubbed by "Russian antivirus and security firm Dr.Web". It > >> may or may not be the same as the other, but sounds like it works > >> similar'ISH. > >> > >> Next stop is to pop over to a group called BlindWebbers. I'd seen > >> Brian's email subject line earlier and thought instantly of them, > >> just didn't get around to opening it then. The guy in Brian's > >> article makes it sound like it's a little time consuming and still > >> has incidental glitches afterwards. > >> > >> That's presumably coming from someone with no visual disabilities. > >> The difficulty level of getting one's website back would > >> understandably rise relative to one's ability or lack thereof to > >> actually see what's going on within the file hierarchy..... AND > >> apparently each single file that reportedly stands to potentially > >> gather random bits AFTER the files have been decrypted. > > > > As a user, I too, find Krebs informative. Also notable was this > > recent Washington Post article about Linus Torvalds and Linux > > security: > > > > http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecuri > >ty-the-kernel-of-the-argument/ > > > > "Fast, flexible and free, Linux is taking over the online world. But > > there is growing unease about security weaknesses." > > > > Regards, > > Ralph > > The ransomware articles from the security companies are pure marketing > efforts to develop customer's «pain» and to exploit it. There is > nothing new in the scheme «pay or suffer». And the companies provide > nothing new as a «cure» either (which haven't been there for decades). > > More over, I wonder, what is the difference between the «ransomware» > business model and so called «planned obsolescence» business model, > which, I guess, has become worldwide industrial standard nowaday? And > in what way should differ protective measures for both of them? I > mean, from the end users point of view, there is no much difference if > their data have been stolen/encrypted by one crook or if their data > have been lost because of «sudden» HDD fail planned in advance by > another crook. Except, may be, the fact that in the first case you > still have a tiny chance to get your precious data back (may be, which > I doubt). > > The WP article seems like a spin. It gives us a spooky filling of > great imminent danger radiating from the Linux, but in the same time > it is surprisingly shallow and inconcrete. Though it uses security > thing as a pretext, I guess, it's not about security. > > Of course, I don't think the subject of Linux security does not > deserve attention or discussion. But what the point in such articles > as the WP example, except from not so subtly playing with mass opinion > with pretty obvious commercial intention? > Shallow? Devoid of facts was my impression. > > Regards, > Piyavkin
Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
