In article you write:
>fyi, current opinion in the security community seems to be that win10 is
>better secured than linuxes, bsds, ... see http://cyber-itl.org/; still
>pretty sparse, but getting flushed out.
Not against Microsoft.
R's,
John
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2017-05-16 at 10:33 -0500, Brad Knowles wrote:
> > In the American approach, if there are a significant number of road
> fatalities, then it's the drivers own fault and they should have taken
> more care. They are automatically to blame for
Can we end this thread? I think the original intent has come and gone.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On May 16, 2017 11:40 PM, wrote:
> On Tue, 16 May 2017 20:55:37 -0600, "Keith Medcalf" said:
> >
> > On Tuesday, 16 May, 2017 18
On Tue, 16 May 2017 20:55:37 -0600, "Keith Medcalf" said:
>
> On Tuesday, 16 May, 2017 18:13, Valdis Kletnieks wrote:
> > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said:
>
> >> Of course Microsoft knew, since they wrote in the backdoor in the first
> >> place. That is why when informed
On Tuesday, 16 May, 2017 18:13, Valdis Kletnieks wrote:
> On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said:
>> Of course Microsoft knew, since they wrote in the backdoor in the first
>> place. That is why when informed by their employers that the backdoor
>> was going to be made public,
On Wed, 17 May 2017, Matt Palmer wrote:
> >
> > Do you have any actual evidence or citations that in fact, this was an
> > intentionally inserted backdoor?
>
> You'll have to speak up, he can't hear you over the rustling of the tin
> foil.
>
> - Matt
>
Pretty low blow considering if I saw "gr
On Tue, May 16, 2017 at 08:12:41PM -0400, valdis.kletni...@vt.edu wrote:
> On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said:
> > Of course Microsoft knew, since they wrote in the backdoor in the first
> > place. That is why when informed by their employers that the backdoor was
> > going t
On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said:
> Of course Microsoft knew, since they wrote in the backdoor in the first
> place. That is why when informed by their employers that the backdoor was
> going to be made public, they could undo the changes they had introduced so
> rapidly.
> What would be more of an interesting discussion, to me, would be why
> doesn't Microsoft know about these hoarding of vulnerabilities by State
> actors and plug them up?
Some state actors they do know. They custom write the security flaws on the
state actors request.
> Are they really that c
YOU WENT THERE (ignores enough to run for president)
On May 15, 2017 1:48:51 AM PDT, Randy Bush wrote:
>> Or BSD, or anything but Windows. Anyone running Microsoft products
>> is quite clearly an unprofessional, unethical moron and fully
>deserves
>> all the pain they get -- including being sued
On Tue, 16 May 2017 09:40:50 -0700, JoeSox said:
> What would be more of an interesting discussion, to me, would be why
> doesn't Microsoft know about these hoarding of vulnerabilities by State
> actors and plug them up?
It's pretty hard for Microsoft to know about an exploit the NSA is sitting
on
On Tue, 16 May 2017 12:23:36 -0500, Brad Knowles said:
> On May 16, 2017, at 11:40 AM, JoeSox wrote:
> > Isn't it true, with any tech product, the more complex features, the less
> > secure it is? Ask yourself why this is the case, and I believe the true
> > issue with tech lays there.
>
> To a d
On May 16, 2017, at 11:40 AM, JoeSox wrote:
> LOL. I think that is a really bad example and I see many facilities in it,
> including a hasty generalization, as intersections, and roads for that
> matter, in America have been resigned to improve safety.
So, if you want to talk about roads in the
On Tue, May 16, 2017 at 8:33 AM, Brad Knowles
wrote:
> On May 15, 2017, at 4:31 PM, Jonathan Roach
> wrote:
>
> > What's key is that administrators need to know how to secure their
> > estates. If they've failed to apply the patch, that's their failure, not
> > Microsoft's, but patching was not
On May 15, 2017, at 4:31 PM, Jonathan Roach wrote:
> What's key is that administrators need to know how to secure their
> estates. If they've failed to apply the patch, that's their failure, not
> Microsoft's, but patching was not the only way to have curtailed this
> weekend's outbreak.
But the
On Mon, 15 May 2017 16:19:37 -0700, "Aaron C. de Bruyn via NANOG" said:
> Combine that with fail2ban. When one user has more than 60 writes in
> 60 seconds *or* a write contains a well-known cryptolocker name (i.e.
> *DECRYPT_INSTRUCT*)
Oddly enough, we've seen *lots* of spammers that are *total
Hi Scott
As with any open forum you take the good with the bad. I've been on this
list since 2001, you learn to dump the static and learn from the good
advise.
Too much information (whether good or bad) is better than none.
-Joe
On Mon, May 15, 2017 at 8:12 PM, Scott Weeks wrote:
>
>
> --- na
Hi Scott
As with any open forum you take the good with the bad. I've been on this
list since 2001, you learn to dump the static and learn from the good
advise.
Too much information (whether good or bad) is better than none.
-Joe
On Mon, May 15, 2017 at 8:12 PM, Scott Weeks wrote:
>
>
> ---
Microsoft aren't stupid. They have learned lessons from the days in the
90s and early 2000s when they were a laughing stock in terms of
security, and since then Windows security has improved enormously. OK,
so it's not perfect, but what software is? Dirty Cow, Shellshock and
Heartbleed for example
--- na...@incomingmta.com wrote:
From: "Phillip White"
...I have been on this list for many years...Today, though,
I felt the need to create the mailbox just so I could reply
since your posts have been the most irritating I have ever
seen on this list.
--
On Mon, May 15, 2017 at 2:48 PM, J. Oquendo wrote:
> On Mon, 15 May 2017, b...@theworld.com wrote:
>> You count the number of destructive opens in the kernel and if it
>> exceeds a threshold (for example) you stop it and pop up a warning.
That's basically what I did. I got tired of users consta
On Mon, 15 May 2017, b...@theworld.com wrote:
> Oh great a design review!
>
> Hello Valdis, I am Barry Shein. I've done decades of internals and
> kernel work.
>
> Ever use any Windows since about Vista? It throws up those warning
> pop-ups when you're about to do something it decides needs
> co
On Fri, May 12, 2017 at 10:30 AM, Royce Williams
wrote:
> My $0.02, for people doing internal/private triage:
>
> - If your use of IPv4 space is sparse by routes, dump your internal
> routing table and convert to summarized CIDR.
>
> - Feed your CIDRs to masscan [1] to scan for internal port 445
On May 15, 2017 at 16:17 valdis.kletni...@vt.edu (valdis.kletni...@vt.edu)
wrote:
> On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said:
>
> > So for example why does a client OS produced with that much money
> > available even allow things like wholesale encryption of files without
> On May 15, 2017, at 21:17, valdis.kletni...@vt.edu wrote:
>
>> So for example why does[n’t] a client OS confirm that you really
>> meant to run a program on $THRESHOLD files…
> How does the operating system detect that and throw a pop-up
> *before* that executes?
>
> It's a lot harder problem
On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said:
> So for example why does a client OS produced with that much money
> available even allow things like wholesale encryption of files without
> at least popping up one of those warnings to confirm that you really
> meant to run a program o
Since everyone else is bloviating I may as well also...
The underlying problem is that Microsoft tried to produce basically
one operating system for both servers and end-users and most anything
in between.
Putting some lipstick on them and names such as "server 2008" doesn't
negate that.
Ok so
.org] On Behalf Of Keith Stokes
Sent: Monday, May 15, 2017 11:49 AM
To: Keith Medcalf
Cc: nanog@nanog.org
Subject: Re: Please run windows update now
<https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/>
https://blogs.technet.microsoft.com/msrc/2
onday, May 15, 2017 10:47 AM
To: Rich Kulawiec
Cc: nanog@nanog.org
Subject: Re: Please run windows update now
On Mon, 15 May 2017 02:12:27 -0400, Rich Kulawiec said:
> Or BSD, or anything but Windows. Anyone running Microsoft products is
> quite clearly an unprofessional, unethical mor
ll happen
again.
Phillip White
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rich Kulawiec
Sent: Monday, May 15, 2017 4:37 AM
To: nanog@nanog.org
Subject: Re: Please run windows update now
You make some excellent points: but I grow very, very tired of havin
On May 15, 2017, at 11:21 AM, J. Oquendo wrote:
>> Not everyone licks their chops and thinks "fresh meat" when they see
>> worldwide panic that results from a massive security hole like this.
>
> Jump in the security space, where we may gladly trade our
> cats and dogs for Porsche Panameras
Th
On Mon, 15 May 2017, Brad Knowles wrote:
> If Microsoft didn't open the security hole in the first place, then there
> wouldn't be a need to patch it afterwards.
You are very correct. Microsoft opened the hole because
they had nothing better to do. Or, could it be that these
things happen, akin
On May 15, 2017, at 10:08 AM, J. Oquendo wrote:
> Spot on. Shame on Microsoft for releasing patches and not
> forcing the installation versus letting security managers
> open up ISC^, and other nonsensical frameworks to do things
> like "change/patch management" tasks. I mean, who cares if
> one
7;; 'Nathan Fink'
Cc: nanog@nanog.org
Subject: RE: Please run windows update now
I should clarify, the link in my email below is only for windows versions
that are considered unsupported.
This one has links for the currently supported versions of windows
https://support.microsoft.com/en-
, 15 May, 2017 09:23
> To: 'Josh Luthman'; 'Nathan Fink'
> Cc: nanog@nanog.org
> Subject: RE: Please run windows update now
>
> I should clarify, the link in my email below is only for windows versions
> that are considered unsupported.
>
> This
...@c4.net [mailto:timrutherf...@c4.net]
Sent: Monday, May 15, 2017 11:12 AM
To: 'Josh Luthman' ; 'Nathan Fink'
Cc: 'nanog@nanog.org'
Subject: RE: Please run windows update now
They even released updates for XP & 2003
http://www.catalog.update.microsoft.com/sea
ease run windows update now
Link?
I only posted it as reference to the vulnerability.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Sat, May 13, 2017 at 2:07 AM, Nathan Fink wrote:
> I show MS17-010 as already superseded in SCCM
>
> O
On Mon, 15 May 2017, Brad Knowles wrote:
> As much as I hate, loathe, and despise Microsoft, there's always going to be
> someone/something out there that is "the worst". Eliminate the current
> "worst", and there will be another one right behind them.
>
> I do believe that Microsoft is direct
On May 15, 2017, at 5:37 AM, Rich Kulawiec wrote:
> [1] There may be no such thing as a secure system, period. But it
> would be better to deploy things that may have a fighting chance
> instead of things that have long since proven to have none at all.
As much as I hate, loathe, and despise Mic
Link?
I only posted it as reference to the vulnerability.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Sat, May 13, 2017 at 2:07 AM, Nathan Fink wrote:
> I show MS17-010 as already superseded in SCCM
>
> On Fri, May 12, 2017 at 1:44 PM, Jos
I show MS17-010 as already superseded in SCCM
On Fri, May 12, 2017 at 1:44 PM, Josh Luthman
wrote:
> MS17-010
> https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On
With that kind of attitude and disconnect from reality I wonder who is the
unprofessional moron...
- Jorge (mobile)
> On May 15, 2017, at 1:12 AM, Rich Kulawiec wrote:
>
>> On Sat, May 13, 2017 at 12:07:39AM -0500, Joe wrote:
>> One word. Linux.
>
> Or BSD, or anything but Windows. Anyone
Just a note folks that while this particular ransomware is using the
MS17-010 exploit to help spread, it does not rely on it. This is still a
regular piece of ransomware that if someone opens the malicious file, will
encrypt files.
SANS has some IoCs and more information:
https://isc.sans.edu/for
fyi, current opinion in the security community seems to be that win10 is
better secured than linuxes, bsds, ... see http://cyber-itl.org/; still
pretty sparse, but getting flushed out.
randy
You make some excellent points: but I grow very, very tired of having
to spend my time and my energy -- note timestamp on my message -- dealing
with the fallout. It should be painfully clear to everyone that there
is no such thing as a secure Windows system. [1] It should have been
painfully cl
> Or BSD, or anything but Windows. Anyone running Microsoft products
> is quite clearly an unprofessional, unethical moron and fully deserves
> all the pain they get -- including being sued into oblivion by their
> customers and clients for their obvious incompetence and negligence.
aside from be
On Mon, 15 May 2017 02:12:27 -0400, Rich Kulawiec said:
> Or BSD, or anything but Windows. Anyone running Microsoft products
> is quite clearly an unprofessional, unethical moron and fully deserves
> all the pain they get
Tell you what. Go over to http://line6.com/software/ - You convince them
On Sat, May 13, 2017 at 12:07:39AM -0500, Joe wrote:
> One word. Linux.
Or BSD, or anything but Windows. Anyone running Microsoft products
is quite clearly an unprofessional, unethical moron and fully deserves
all the pain they get -- including being sued into oblivion by their
customers and clie
oɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
> -Original Message-
> From: Joe [mailto:jbfixu...@gmail.com]
> Sent: Friday, 12 May, 2017 23:08
> To: Keith Medcalf
> Cc: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> One word. Linux.
>
> After this w
ently purchasing the deliberate
> introduction of code defects.
>
> --
> ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
>
>
> > -Original Message-
> > From: Nathan Brookfield [mailto:nathan.brookfi...@simtronic.com.au]
> > Sent: Friday, 12 May,
Nathan Brookfield [mailto:nathan.brookfi...@simtronic.com.au]
> Sent: Friday, 12 May, 2017 22:48
> To: Keith Medcalf
> Cc: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> Well it was patched by Microsoft of March 14th, just clearly people
> running large amounts
g.org] On Behalf
> Of Karl Auer
> Sent: Friday, 12 May, 2017 18:58
> To: nanog@nanog.org
> Subject: Re: Please run windows update now
>
>> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
>> - In parallel, consider investigating low-hanging fruit by OU
>> (work
On Behalf
> Of Karl Auer
> Sent: Friday, 12 May, 2017 18:58
> To: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> > - In parallel, consider investigating low-hanging fruit by OU
> > (workstations?)
On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> - In parallel, consider investigating low-hanging fruit by OU
> (workstations?) to disable SMBv1 entirely.
Kaspersky reckons the exploit applies to SMBv2 as well:
https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
-wi
MS17-010
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Fri, May 12, 2017 at 2:35 PM, JoeSox wrote:
> Thanks for the headsup but I would expect to see some references to the
>
Thanks for the headsup but I would expect to see some references to the
patches that need to be installed to block the vulnerability (Sorry for
sounding like a jerk).
We all know to update systems ASAP.
--
Later, Joe
On Fri, May 12, 2017 at 10:35 AM, Ca By wrote:
> This looks like a major worm
My $0.02, for people doing internal/private triage:
- If your use of IPv4 space is sparse by routes, dump your internal routing
table and convert to summarized CIDR.
- Feed your CIDRs to masscan [1] to scan for internal port 445 (masscan
randomizes targets, so destination office WAN links won't s
Hail backups, and whoever keeps those ports accessible to the outside
without a decent ACL in the firewall, or restricting it to (IPsec) VPN's
should be shot on sight anyways.
On Fri, May 12, 2017 7:35 pm, Ca By wrote:
> This looks like a major worm that is going global
>
> Please run windows upda
This looks like a major worm that is going global
Please run windows update as soon as possible and spread the word
It may be worth also closing down ports 445 / 139 / 3389
http://www.npr.org/sections/thetwo-way/2017/05/12/528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-de
59 matches
Mail list logo
