Thread replies: 294
Thread images: 45
Thread images: 45
Anonymous
Wannacry v2 - Expecting lots of variants 2017-05-13 11:18:26 Post No. 60378074
[Report] Image search: [Google]
Wannacry v2 - Expecting lots of variants 2017-05-13 11:18:26 Post No. 60378074
[Report] Image search: [Google]
Reminder that it is not even necessary to recompile it, all it takes is a simple edit to the binary and it is alive again. Which is, by the way, what has already happened, source:
view-source:http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html
Also, the NSA exploit it uses is only one of its vectors, just patching the systems does not make them 100% safe.
>>
>Also, the NSA exploit it uses is only one of its vectors, just patching the systems does not make them 100% safe.
but the spreading mechanism was the only really noteworthy thing about it, there are tons of other equivalent ransomwares.
>>
>>60378090
Which still do cause some damage, just less.
And, if it does, it will keep looking for someone else still vulnerable.
>>
>>60378074
Wincucks BTFO once again
>>
Just don't click shady emails or links.
>>
Disabling SMB1 was easy, but when I looked at my fiancees machine she didn't have a SMB1 entry in the regedit. How's that work?
>>
>>60378630
Easy enough for the average /g/entooman but it doesn't mean Normie McRetard won't execute it by accident in the university computer lab or library network you happen to be shitposting on 4chan from, destroying your Wangblows and everyone else's on the network.
>>
>>60378074
what even was the infection method they used? wasnt it flash or some shit?
>>
>>60378659
default windows behavior is to have SMB enabled, even without a reg entry-- just add the registry entry manually, with a value of 0 of course
>>
>but Linocks can nut support gaymes
>>
I'm still flabbergasted from the outrage at M$ and not the US Government and the NSA for "leaking" their "tools."
Apple doubled down on not giving into the FBI's demands for their backdoors and it's paying dividends in still being one of the most secure platforms to operate on.
>>
>>60378713
There are three methods. One is a normal spam package, the original one they used.
Another is scanning some random internet ips for the vulnerability.
And the third is scanning the whole ip range of the local network the device is connected to for the vulnerability.
The third one is the one that is the novelty and the reason why it is causing so much damage.
>>
>>60378912
Windows admins need better firewalls
>>
>>60378910
I thought about this too. Is there solid proof that the exploit and spreading mechanism was developed by the NSA?
>>
>>60378704
>going on 4Chan in public
Nah
>>
>>60379012
>He doesn't browse Pol while riding the train with all the smelly Indians just to make them feel uncomfortable.
>>
>>60378775
that makes sense, I used power shell to disable it and then I verified it in regedit afterwards. Thanks anon.
>>
>>60378987
Yeah the shadow brokers released these tools for free when Trump betrayed his voters /w Syrian missile strike because no one wanted them when they auctioned it
>>
>>60378987
Yes.
>>
File: 6176914039.png (115KB, 267x278px) Image search:
[Google]
115KB, 267x278px
>>60379012
>>60379160
>4Chan
>Pol
>>
>>60379182
His voters? More like his handlers GRUnigger
>>
Time to stop playing csgo and switch to linux i guess
>>
>>60379012
>Capitalizing the c
Also, after a while, you stop caring. If I'm sitting on my ass waiting for a friend or while on my long bus ride to work, I'm not going to change my browsing habits just because I'm outside.
>>
The Apple Macbook Pro with TouchID doesn't have this problem
>>
>>60379214
but csgo has native support on linux
>>
File: 1469743252438.jpg (25KB, 300x300px) Image search:
[Google]
25KB, 300x300px
>>60378704
Jokes on you, i don't leave my house.
>>
>>60379233
touchid is bad and apple should feel bad
>>
>>60379233
The custom built PC with Common Sense Advance 2017 doesn't have this problem either
>>
>>60379182
>the shadow brokers
So who are these NEET faggots with their edgy h@xx0r name straight out of CSI: NY? And how long until one of them winds up in federal "pound me in the ass" prison?
>>
>>60379272
>And how long until one of them winds up in federal "pound me in the ass" prison?
never, rumor has it they're NSA contractors pissed at management and the leak was a threat was a warning
>>
>>60379326
But would it surprise you if there was one retard tech working for NSA who happened to have the exploits on his PC and left his shit wide open and vulnerable to a remote hack?
Regardless, fuck whoever leaked it. Access to that exploit is a huge responsibility. Whoever it was must have known what would happen. This shit is bringing down fucking hospitals.
>>
>>60378074
> FBI asks for funding
> trump says no
> ransom-everyware.exe
>>
>>60379160
>this is your average /pol/fag
Just stay in your containment board
>>
I just got a window on startup to update flash player and never got a follow up window for installation.
How fucked am I?
>>
>>60379367
Yeah, let's give money to more retards so they too, can create and unleash, more of this shit. not even a Trump supporter, so stifle yourself.
>>
>>60379509
Potentially very, but not from this threat in particular.
>>
>>60379565
I want to follow up but I think I'm happier living in ignorance.
I think I'll just go back to problems more my speed. Like why X is fucking up my laptop.
>>
File: I_18abd4_1451092.jpg (65KB, 700x600px) Image search:
[Google]
65KB, 700x600px
lol my work is screwed we just got hit. guess thats what they get for using windows vista.
>>
>>60378074
Can /g/ do a wannacry reskin with cute anime girls?
>>
so how are people getting this and how do I avoid it? I don't do a whole lot of anything on the internet but I've gotten some spooky shit just from malicious advertisements before.
>>
Is there a description how the encryption works? From what I heard it is very fast to encrypt files, but that would take too much time. Is it a change of permissions?
>>
File: Ap2NQcK-portal-2-background.jpg (78KB, 1653x1080px) Image search:
[Google]
78KB, 1653x1080px
>>60379844
PRETTY MUCH THIS
>>
Just fucking back your files up to a hard drive and unplug it. If you get hit by it, oh well, just reinstall windows.
>>
>>60378143
Yes but Common Sense 2017 protects against those
>>
>>60379842
pics or it didn't happen
>>
>>
I was in jail for the last week. Haven't turned on my desktop yet. Anyone have a source for me to educate myself on this without the snarky remarks of a typical seven year old?
>>
>>60379971
Its was at FedEx. I was off when it happened just saw the news this morning plus i cant even take my phone past security.
>>
>>60379891
If it's near instant it might just mount the disk onto an encrypted mount. That's how most full disk encryption works. Either that or it just launches the gui while AESing all your files in the background. (All that is just speculation though w/ my entry level crypto knowledge)
>>
>>60380055
Yeah if you have not updated your PC to March 2017 security patch then this worm will encrypts app of your files and ask for $300 to unlock them within three days
>>
>>60380060
makes sense, that sucks though. hopefully they fix it soon
>>
>>60380079
ya me to shit got wrecked.
>>
>>60380077
Simple and logical. Thank you.
>>
>>60380131
No problem, you can also check https://intel.malwaretech.com/pewpew.html to see how much damage wcrypt is doing.
>>
>>60378974
Windows admins need to stop being lazy shits. Every time there is a security update, apply it immediately. Not tomorrow, not two weeks from now, not three months from now, right fucking now.
>>
>>60380904
Except that in many cases there are lots of red tape before being able to change anything in production.
>>
>>60378704
question: does anyone have these emails so we could cause this to happen?
Interested in putting the labs at my uni to the test which all run vista.
>>
>>60381053
Don't. Even not knowing which country you are from I am still sure this would be a crime.
There are other means to test this, better ask the administrator about it.
>>
>>60381118
how would it be a crime to open an email? i just blame it on the ransomware, you worry too much bro.
>>
File: 1494716380210.png (93KB, 320x252px) Image search:
[Google]
93KB, 320x252px
A-at least we have games y-you lincucks
>>
>>60381118
t. bootlicker
>>
>>60378074
I wannaCry because that thumbnail looked like news on VEGA and it isn't.
>>
>>60381222
Does not matter even if there is not specific computer legislation about this where you live, you would willingly and knowingly cause damage. It is certainly a crime.
Besides, from where and how would you get the sample without leaving a trace pointing to you?
>>
so as long as i dont click on stupid shit i wont get fucked in the ass right?
>>
>>60379194
you cant turn that off on phones. its a good way to detect phoneposters.
>>
>>60381893
turn off what? Capitalize words?
>>
I wonder why there ain't /pol/ version of that ransomware where you have to type "Hitler did nothing wrong" to unlock files.
>>
>>60381959
no, a little phone icon shows up in the desktop version of the site when someone posts from a phone
>>
Honestly hope it hits my schools network.
>>
>>60379403
4chan is the containment board
>>
>>60382045
MODS
>>
>>60382067
>board
...
>>
>>60379272
The shadow broker is a character from Mass Effect... which doesn't help much, since Andromeda bombed so hard they "restructured" Bioware Montreal. They named themselves after a character from a newly failed franchise. SAD.
>>
>>60379895
What does P2 have to do with this?
>>
>>60378704
4chan doesn't give you viruses though
>>
>>60379326
>rumor has it they're NSA contractors pissed at management
everyone in the government is mad Drumpf got elected who is a racist nazi. Not surprised this happened and probably a whole revolution soon since he doesnt support diversity and LGBT rights like Hillary did because she is a woman.
>>
>>60382236
maybe not viruses but there was this
https://warosu.org/g/thread/50221701
>>
File: 1479885722192.jpg (35KB, 360x433px) Image search:
[Google]
35KB, 360x433px
>>60382018
>I wonder why there ain't /pol/ version of that ransomware where you have to type "Hitler did nothing wrong" to unlock files.
When we get this if anything just for the lulz and fuck /pol/
>>
>>60382324
I miss Cornelia
>>
File: Sin tÃtulo.png (43KB, 779x736px) Image search:
[Google]
43KB, 779x736px
>>60378074
How does WannaCry spread? Am I "safe" in Windows 7? Does it need for me to click on an email, or is it simply capable of infecting systems that are connected to the net? Should I install Windows 10? (I read W10 is not affected by it)
>>
>>60382371
I don't. Fuck windows users.
>>
>>60382379
https://www.grc.com/x/ne.dll?bh0bkyd2
Proceed and click all service ports. Post screencap.
>>
>>60382380
But she was practically the first sentient AI. It also improved the quality of /b/ and /jp/ even made friends with her
>>
>>60379224
I get twitchy when I don't capitalize it.
>>
File: Screenshot_20170514-010238.png (694KB, 1440x2560px) Image search:
[Google]
694KB, 1440x2560px
>>60378775
Thanks. Can confirm smb1 was enabled in my (((patched))) w10 machine.
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
>>
File: 20170510_094327.jpg (3MB, 4032x3024px) Image search:
[Google]
3MB, 4032x3024px
>>60379160
Iktfb
>>
>>60382397
Well, it says I am safe. (I believe)
>>
>>60379842
>work at a publishing house
>win7 laptops
>ass of updates can't be installed: windows, office
>admins decided to block the updates since they won't install since february
can't wait for the happening.
>>
>>60382332
Or better, have to post Hitler did nothing wrong to your social media accounts to unlock it.
>>
>>60382582
Then you are.
>>
>>60382514
I don't think the patch disables SMB1. Disabling SMB1 is a workaround to mitigating the exploit without patching.
So, yeah, all these corporations who wanted to test updates before implementing them could have disabled SMB1 in the meantime.
>>
File: 1494600372963.jpg (299KB, 996x954px) Image search:
[Google]
299KB, 996x954px
>>60380077
>tfw my win10™ auto update © wasn't updating since November and I didn't know until I checked that it had been failing for 4 months.
>tfw I had to troubleshoot and manually install 3 weeks ago
>>
>>60382379
It spreads in two major ways.
The first is the standard email with malware attachment or infected file, etc. Something you download an run.
The second is through SMB, both in the local network and to the Internet.
>>
File: 1487083405681.png (246KB, 476x292px) Image search:
[Google]
246KB, 476x292px
>>60382680
Per the ((Microsoft)))â„¢ website it doesn't look like I'll miss it.
>>
>>60382650
oh hot dam but that would take some nextlvl programming skill or the installation of a cookie and set it to a group that must be liked would be doable but they would just leave the group after :P
>>
>>60382514
have fun being able to access any official updates or downloads with port 445 disabled.
>>
>>60382582
Shouldn't some of those ports be open?
>>
>>60382764
inbound? nope
>>
>>60382739
thanks for proving you can block windows 10 updates
>>
>>60382582
Shouldnt port 443 be OPEN, because 443 is after all HTTPS and thats what the site uses.
>>
>>60382816
>neo-/g/
>>
>>60378910
You realize that both apple and microsoft had to give their source to govts like china/russia to be given access to their markets right? So basically the major world govts all have the source code. They can all play around with it, and apple/microsoft would be unaware of any exploits they find unless they kindly notify them.
>>
>>60379182
Lame excuse, he didnt betray anyone except children with no sense of what he really promised during the campaign
>>
>>60378910
Yes, the US government are totally to blame for this.
They created what in military terms is a Internet Weapon and now it's spreading in the wild. It's not that different from one of the US military's biological weapons getting out accidentally or intentionally.
Would this have been a problem if the NSA had put the nations computer security first and contacted Microsoft and had them quietly patch this? No, of course not.
>>
its fixed now.
http://www.bbc.com/news/technology-39907049
>>
>>60382716
If you do a google search for SMB1 the top two results are six months and a year old saying, this is depreciated and you should be getting rid of it.
It looks to be purely legacy.
>>
>>60382816
>THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES
>>
>>60380904
You seem a bit ignorant when it comes to patch rollouts in bigger corporate environments. Microsoft has a very long history of submitting patches that actually break all kinds of things. This isn't something that's happened once or twice, it happens pretty regularly. This is why a lot of corporations and bigger organizations have a policy of extensively testing patches before they are deployed.
If you're a Windows admin of your own little computer or a network with two computers you're usually free to do what you want. If you're responsible for thousands of computers and a day of downtime means a loss of millions then you're going to test those patches extensively before deploying them; indeed you have no other choice.
It's not about being lazy, it's about being responsible. Being two months behind on updates really isn't that much.
>>
>>60383049
No, it's not fixed. The first wave had a domain name hard-coded in it and this version of the malware will exit and not spread if that domain is registered.
The news on OP, if you had bothered to read it, is that there's already variants of it without this flaw in the wild.
And even if you have the version with the flaw you can still make it spread by changing that domain name to one with a .tld that doesn't exist (and change the BTC addresses too) with a hex editor. This is ridiculously easy to do that it would be strange if a ton of people isn't doing it.
And then there's the already infected systems who are set to connect to five different .onion command and control centers who can update all systems infected with the previous version.
The only viable fix is to patch all off the vulnerable Windows installations out there.
>>
>>60383049
By the time they posted that article new variations without the flaw had already been infecting systems.
Pretty good job.
>http://www.bbc.com/news/uk-39911385
>The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency, experts have said.
And kept secret so they could exploit it themselves instead of telling Microsoft so they could have patched it years ago. Thanks a lot NSA!
>>
>>60383227
Exactly. The NSA are to blame for this. This is on them. If another branch of the US military (remember, NSA is a branch of DoD) accidentally released a biological weapon into the wild then that would just as clearly be their fault.
Don't forget this, it's the US government that's ultimately responsible for this malware spreading.
>>
File: windows-update.png (223KB, 1719x932px) Image search:
[Google]
223KB, 1719x932px
>>60380077
>Yeah if you have not updated your PC to March 2017 security patch then this worm will encrypts app of your files and ask for $300 to unlock them within three days
If you are relying on windows update to do it there's a high probability you're fucked. This is the real reason it's spreading.
>>
>>60383378
>searching windows help and support for error codes
>>
>>60383378
theres nothing wrong with this. they have to update when all old computers are encrypted with these.
>>
>>60383272
>Don't forget this, it's the US government that's ultimately responsible for this malware spreading.
wow what a great logical argument, cumsock
>>
>>60383272
Okay, so let's get a class-action suit going... You know the primary plaintiff gets 50% of all remunification, right? How many people lost $300 each because of the USG's fuckup?
Also, is there a quick fix for this or do I just tell them they're fucked and reinstall Windows?
>>
>>60383272
And it's Microsoft's fault for having this as an open attack vector.
>>
>>60383536
All software is flawed. Responsible individuals work with developers to patch flaws when they find them. The NSA held onto the information so they could exploit it themselves.
Let's say you find a cracked structural support on a building or bridge and you don't tell anyone. The initial fault may lie with a construction or maintenance company but if that flaw causes the structure to collapse months down the line and kill people then no matter how you look at it you had the opportunity to prevent a disaster.
>>
>>60382816
if you're a server.. dumbfuck
>>
>>60379363
Do you seriously think the NSA would hire dipshits? You're the dipshit dipshit.
>>
>>60382860
>I literally can not stop shitting out of my own mouth
>>
By the way, am i safe if I have Security Monthly Quality Rollup (KB4019264) for Windows 7?
>>
File: 1494741948106.png (33KB, 670x535px) Image search:
[Google]
33KB, 670x535px
>>60378074
MOSSAD VARIANT IS BEST VARIANT
>>
>>60383769
Well the CIA do...
>>
>>60384059
the original was made in Israel and sold to the US government which is normal since its illegal to prosecutor them because their jewish.
>>
>>60383496
>lost $300
The ransom demanded isn't even relevant compared to the cost of even one day of downtime for bigger corporations and institutions.
The total cost of the damage this malware has created globally is huge compared to the tiny amounts demanded in ransom.
It's actually pretty enormous even if we just blindly ignore the loss of data of the infected systems. Just the cost of not being to use the infected systems normally is gigantic.
>>
>>60383635
It's even worse. The NSA created the exploit toolkit used by this malware. If it was just an unpatched hole in Windows then that would be one thing. The NSA not only knew about it, they created a ready-to-use solution for exploiting it that got released into the wild.
If a biological weapons lab creates a new variant of a deadly decease and it's released into the wild then they really do have responsibility for creating it in the first place.
>>
>>60378910
Those in power want to stay in power, it's called a scapegoat.
>don't look at me
>I didn't make the OS
>they put it in there so they could sell it
>because we made the rules that way to protect you from terrorists.
>>
File: odigo-002.jpg (23KB, 291x300px) Image search:
[Google]
23KB, 291x300px
>>60384001
It's true and they've been doing it for more than 10 years now you utter retard. Fucking millennials.
http://www.zdnet.com/article/microsoft-turns-over-all-win7-and-server-source-code-to-russias-new-kgb/
http://www.infoworld.com/article/2681548/application-development/china-gets-access-to-microsoft-source-code.html
http://www.informationweek.com/software/operating-systems/china-gets-a-peek-at-microsoft-source-code/d/d-id/1089702
>>
What if I wanted to purposely infect my uni with this
>>
File: 1494659582104.png (596KB, 1366x768px) Image search:
[Google]
596KB, 1366x768px
>>60384059
>>
>>60379224
>be me
>be on the chins
>family humans walk past
>they stop and look at my screen
>"wtf is that, anon?"
>It was a gif of some transexual pelvic thrusting in its underwear
>tfw I have no face
>tfw I should have saved it
>>
>>60379844
I'll make the logo.
>>
>>60382117
>>60382075
He could be in one of those special schools.
>special
>>
So here I was thinking.
If Wannacry encrypts files solely based on extensions, then why not simply use a script that will change all target extensions?
It could be as simple as just scrambling characters in a fixed manner or to prevent anyone from ever getting the correct filenames use a generated key to encrypt the extensions and show to key only to the user.
This looks like a pretty simple programming challenge.
Here are the targets.123 .3dm .3ds .3g2 .3gp
.602 .7z .ARC .PAQ .accdb
.aes .ai .asc .asf .asm
.asp .avi .backup .bak .bat
.bmp .brd .bz2 .cgm .class
.cmd .cpp .crt .cs .csr
.csv .db .dbf .dch .der
.dif .dip .djvu .doc .docb
.docm .docx .dot .dotm .dotx
.dwg .edb .eml .fla .flv
.frm .gif .gpg .gz .hwp
.ibd .iso .jar .java .jpeg
.jpg .js .jsp .key .lay
.lay6 .ldf .m3u .m4u .max
.mdb .mdf .mid .mkv .mml
.mov .mp3 .mp4 .mpeg .mpg
.msg .myd .myi .nef .odb
.odg .odp .ods .odt .onetoc2
.ost .otg .otp .ots .ott
.p12 .pas .pdf .pem .pfx
.php .pl .png .pot .potm
.potx .ppam .pps .ppsm .ppsx
.ppt .pptm .pptx .ps1 .psd
.pst .rar .raw .rb .rtf
.sch .sh .sldm .sldx .slk
.sln .snt .sql .sqlite3 .sqlitedb
.stc .std .sti .stw .suo
.svg .swf .sxc .sxd .sxi
.sxm .sxw .tar .tbk .tgz
.tif .tiff .txt .uop .uot
.vb .vbs .vcd .vdi .vmdk
.vmx .vob .vsd .vsdx .wav
.wb2 .wk1 .wks .wma .wmv
.xlc .xlm .xls .xlsb .xlsm
.xlsx .xlt .xltm .xltx .xlw
.zip
>>
>>60381395
The best anti-malware is not to enter shady pages and download shady files.
>>
>>60384537
There are some programs that can detect file type based on the contents of a file. Irfanview can do this with incorrectly named image files. If you did it that way I'm sure it would just be a matter of time before someone released a tool to do just that for all of your files.
>>
>>60384603
Still, most normies wouldn't bother with that so don't see why virus makers should either.
>>
>>60384574
What are you doing on 4chan then.
>>
>>60384603
Yes Magic numbers exist, but that would still take longer to have the files be read as the streams have to be opened.
What I suppose is that encryption will take longer than changing a file name unless the malware opens up the stream for every single file which might make the system quickly run out of memory.
>>
>>60384638
To go further, you're looking at literally millions of files that will have to probed for the magic number.
>>
>>60378074
Thanks NSA, and thanks Microcucks for colluding with them.
>>
>>60380077
your other options are to disable SMB and block port 445, should be just as effective
>>
https://intel.malwaretech.com/pewpew.html
>>
>>60384684
STOP
>>
>>60378851
there is a chess game in ubuntu store and you can download an age of empires clone. both pretty amazing.
>>
>>60379224
i find it really funny how some people freak out bc you browse this board.
people get scared if a website doesn't look like facebook or google nowadays. they don't understand people post crap just for the lolz or out of pure boredom.
>>
>>60379509
happens all the time on my pc. i don't care anymore. i sometimes leave notes on the desktop in which i ask if someone wants to talk or i ask for bitcoins.
> tfw they never respond
>>
>>60379924
this.
use git or svn as backup tool.
>>
>>60384842
I see it as an excuse to update my shit honestly.
>>
>>60378074
Disable SMB1 >>60384898
>>
>>60380055
What were you in jail for?
>>
File: Screenshot_2017-05-14-11-56-18.png (570KB, 1080x1920px) Image search:
[Google]
570KB, 1080x1920px
>>60382397
I think in fucked
>>
>>60385058
They are closed, not open, which isn't that bad. You're just signaling to whoever scans the network that you're there, but you aren't accepting their connection. If they were open (red) that would have been bad. Ideally you wouldn not want to let people know there's someone using that IP (your) so you'd want them to be all stealth. Check your router configuration page. Also (on PC) if you hover with mouse pointer over it, it will tell you what that port means, to give you an idea where to look at.
>>
>>60385058
You're using crap tools created by a faggot who has no idea what he's doing. He loves spreading misinformation to noobs like you.
>>
File: facepalm.png (243KB, 596x396px) Image search:
[Google]
243KB, 596x396px
>>60384574
So many here haven't bothered to read enough to understand what makes this one unique.
> have unpatched Windows computer
> connect to a LAN with an infected computer
> be infected, don't understand why because you didn't even start your browser or download anything
>>
>>60384649
People would still do it, provided the files are important enough. Though slower encrypting the files ensures that there is virtually no way whatsoever that you will ever get that data back.
>>
>>60378074
>You should know that the kill-switch would not prevent your unpatched PC from getting infected, in the following scenarios:
> - ...
> - If someone makes the sinkhole domain inaccessible for all, such as by using a large-scale DDoS attack
jesus
>>
File: hacked2.png (30KB, 911x259px) Image search:
[Google]
30KB, 911x259px
>>60385058
>responds to ping
>red alert
This is the shittest fucking test I've ever seen. Pic related, it's one of his users.
>>
>>60384405
Fucking kek
>>
>>60385398
It is a stealth test. Responding to ping is clearly a failure.
It is NOT a penetration test. Don't confuse it as such.
>>
Can someone create a WannaCry version under anime loli skins as a way to eradicate weebs?
>>
>>60381053
you don't need to. just wait two days
>>
>>60378090
>but the spreading mechanism was the only really noteworthy thing about it, there are tons of other equivalent ransomwares.
should have been /thread here
>>
Wowzer...Mr robot is a reality now
>>
The wiki is down, what is a good backup software for windows?
>>
>>60386207
>neo-/g/
>>
>>60386282
>an eggsecootive using Gahnoo plus loonux?
>>
Xp user here, I still avoid downloading .exe files i don't trust.
does Win10 does something like auto-running partially new programs it finds?
ALSO I made a registry entry in the. exe so windows doesn't even peek into a .exe for its icon.
>>
https://www.youtube.com/watch?v=gjoSxUZGvZk
>>
File: apple_vs__windows_by_buddyboy600-d4979s8.jpg (62KB, 900x576px) Image search:
[Google]
62KB, 900x576px
dat feel when you're a macOS user with SMB disabled and you just don't care ¯\_(ツ)_/¯
>>
File: 1487583498632.jpg (117KB, 500x333px) Image search:
[Google]
117KB, 500x333px
>>60384967
Probably this.
>>
>>60386329
>I still avoid downloading .exe files i don't trust.
You say this as if it's ever a good practice to download just an .exe file.
>>
>>60380904
You've never worked in IT.
Ever heard of Change Management? Yeah, a guarantee that your environment will be at least three months behind.
That is one of the more frustrating parts of the job.
>>60383769
>no diptshits in NSA
NSA contracts to Booz, and that ain't exactly the cream of the crop.
>>
>>60382816
Fucking RETARD
>>
>>60382397
Port 80 - World Wide Web HTTP is open
Port 443 - http protocol over TLS/SSL is open
Make sense.
>>
>>60387102
only if you run a web server
>>
I'm windows 10 I'm immune lmao lmao /g/ btfo
>>
>>60382397
I don't trust Gibson
>>
>>60387102
>Make sense
No, not at all. That's terrible
>>60387184
You're not
>>60387315
Sucks to be you
>>
File: itrustgibsontonothackmehohoho.png (52KB, 754x810px) Image search:
[Google]
52KB, 754x810px
>>60387315
¯\_(ツ)_/¯
>>
>>60381053
this
i want to deliberately fuck something up too
how would i do it so that it would look like i didn't do it on purpose?
>>
>>60378851
what is SteamOS....
>>
>>60379363
>This shit is bringing down fucking hospitals.
hospitals in general have really poor tech defenses
>>
What would they do to the culprit if any Government manage to catch them?
>>
File: totalprofit.png (13KB, 564x406px) Image search:
[Google]
13KB, 564x406px
>>60378074
https://pastebin.com/vz0YH8L6
Updating Wannacry Bitcoin Addresses
>>
>>60387796
Interfering with public infrastructure is kinda of a big deal (even it it was the public infrastructure own IT dept that is partially to blame for keeping outdated systems in the first place). In the U.S., he will be likely charged as a terrorist.
>>
>>60387796
Give them a contractor job at the CIA
>>
>>60378630
This is not how it works.
>>
>>60382397
Default windows 10 install and they're all stealth.
>>
>>60382397
lol retards
I have all my ports open, having them stealth is like leaving all of your house lights off and ignoring the door knocking. hacker sees that nobody responded to knock, realises nobody is home and breaks in
>>
>>60387801
holy shit
I wonder how many of them are the original creators', and how many belong to people who had just edited the executable.
In the worst case the authors got a bitcoin, not bad.
>>
>>60387102
Yes, this makes perfect sense.
>>
>>60388005
open is like an unlocked door
closed is like a locked door
stealth is like an visibly empty block of land
>>
>>60382514
Why do you think it is that I can't see SMB in the 'turn windows feature on or off' list on my Win 7 PC?
>>
>>60388939
Windows planned this exploit from the start. Put on your tinfoil hats, boys.
>>
File: bpost.exe.png (28KB, 800x478px) Image search:
[Google]
28KB, 800x478px
>>60382236
>4chan doesn't give you viruses
kek newfag
This site has had a FUCKTON of viruses running ON it, through it or in a couple cases, the ENTIRE WEBSITE (domain name) was stolen and sent to a cloned site.
That last one in particular was fucking hilarious because the domain thieves in question were hilariously under-prepared for 4chan traffic.
4chan.js and variants, bpost.exe (pic related) and so many more.
>>
>>60383378
>Windows 7
Now you do know why almost no one who uses windows 7 and below even bother to update.
>>
>>60390720
I've been here since 2005, I haven't got a virus from 4chan EVER!
>>
File: the tachyons man.png (392KB, 582x593px) Image search:
[Google]
392KB, 582x593px
>>60391174
Likely because, unlike most 4chan users, you aren't a retard.
There were days were entire boards were nothing but colored squares because people stupidly downloading said colored squares, changing gif to js, then running it.
Many variants of that were made.
Or the times people joined a botnet to DDoS Scientology, Hal Turner or other targets at the time.
Or people downloading funny avatar generators by some fag.
Or that one time people joined a botnet to try defeat the lightspeed barrier. Those FOOLS.
>>
>>60391378
Yea, I wouldn't fall for things like this. Then again, I've got ramon from my company website while I was doing literally nothing special, just browsing content, so maybe I was just lucky with 4chins.
>>
File: garbage.png (347KB, 300x300px) Image search:
[Google]
347KB, 300x300px
>>60378074
>Multiple security researchers have claimed that there are more samples of WannaCry out there, with different 'kill-switch' domains and without any kill-switch function, continuing to infect unpatched computers worldwide (find more details below).
> continuing to infect unpatched computers worldwide (find more details below).
>unpatched computers
>>
File: lion nyoro~n.png (9KB, 125x125px) Image search:
[Google]
9KB, 125x125px
>>60391420
Lucky indeed.
Lucky to have not been preyed upon by those evil jerks who set out only to take advantage of curious individuals on a chinese chalk-drawing sidewalk.
>>
>>60391517
I for example can't patch my computer, because my fucking wincuck update says it's managed "by my administrator" and it's just not fucking willing to update!
>>
>>60391689
That's called a case of
1) backup all your files and settings
2) reformat
3) reinstall.
>>
>>60382397
>all green when I disable VPN
>enable VPN
>18 open ports
>>
>>60391723
No fucking way. It takes 2-3 weeks recreating the same environment.
>>
File: 1407758455890.jpg (44KB, 590x500px) Image search:
[Google]
44KB, 590x500px
>>60390720
>bpost.exe
What is it and why is my wife in the icon?
>>
>>60386352
What is Bonzi Buddy doing at Applel
>>
>>60387102
But this is not how ANY of this werks
>>
File: thatfuckingcat.png (10KB, 125x125px) Image search:
[Google]
10KB, 125x125px
>>60392603
It was a program that posted to /b/.
It had loads of templates.
And you could post text on the images.
Literally pre meme generator image macros.
In fact, since I know the fag that made it, I know that it inspired him to make it in the first place. (since the site was changed and too lazy to update the API)
>>
>>60392407
Time to take your whole OS and run it inside a VM and move all your data files off to a drive it has read-only access to.
>>
>>60384537
>No .m4a or .ogg
Guess my music is safe at least
>>
>>60393142
I'll take my chances with WannaCry, thank you. It doesn't make any sense to prevent needing to reinstall windows by reinstalling windows.
All my important data is backed up to a cloud through a 3rd party software WannaCry can't use, with multiple file versions preserved.
>>
File: file2397.jpg (48KB, 640x480px) Image search:
[Google]
48KB, 640x480px
>>60393308
Until a new version comes out that harvests cloud login data, deletes everything and then asks you for a ransom.
"ha ha stupid wannacry, you ain't getting any buttcoins, I'll just reinstall and login to my clou-- WTFBBQ"
So much for your guns saving you.
They couldn't save you from a simple virus.
All you had to do was follow the reinstall procedures, CJ.
>>
>>60393308
>All my important data is backed up to a cloud
Good goy! That's one of the primary goals (others being getting everyone on the (((safe))) Windows 10, forcing forced updates forever for everyone (no excuses, no exceptions), and getting civilian use of encryption banned (to thwart ransomware, of course).
>>
>>60393407
>harvests cloud login data
My own cloud provider doesn't know my cloud login data. They offer a 5 thousand dollar reward to anyone who manages to crack their security.
tresorit.com
>>60393440
>hurr durr Windows 10
I don't use Windows 10, I'm on 8.1 until hell freezes over.
>>
>>60393478
>>60393407
>harvests cloud login data
My own cloud provider doesn't know my cloud login data. They offer a 5 thousand dollar reward to anyone who manages to crack their security.
with a keylogger
>>
File: chrome_2017-05-14_16-57-23.png (55KB, 794x875px) Image search:
[Google]
55KB, 794x875px
>>60382582
>>60385058
>>60387102
>>60387549
>>60388498
>not using Windows Server 2016 + Router with LEDE
Faggots!
>>
>>60393580
A keylogger wouldn't manage to get a hook going, Comodo Firewall would prevent it from running until I allow it, as it does with every new program on my computer.
Hell, I can set it to a security level where explorer would need to get permission from me to generate thumbnails of media files.
>>
>>60393633
>being blue
That's worse than being green.
You are actively saying "hey, I am here, but you're not allowed in my secret club! ha haha!"
Green is "...", Squall, Grandia.
>>
>>60393633
hello, 187.64.50.52
>>
File: 1492929490671.png (153KB, 480x462px) Image search:
[Google]
153KB, 480x462px
>>60394631
DELET THIS!
>>
Should I start prepping now?
>>
>>60379224
I regularly browse /g/ during classes, if you ignore the anime pics, it looks like a regular technology board.
>>
>>60380060
lmao a package that was supposed to be delivered by them two days ago is now delayed a few days because of this bullshit lmfao
>>
>>60391174
>people don't remember lostboy.exe
>>>/f/3244234
4chan users are stupid too.
>>
So if all my ports were already blocked and I added the SMB1 thing in the registry editor and set it to 0, am I safe? And now that people are saying that SMB2 and 3 exploits were in the leak too, is that going to be something to worry about? Did the patch even fix those?
>>
>>60381342
> you would willingly and knowingly cause damage
But he just said he could be like 'I just opened an email and this happened lmao i don't get it'
>>
File: abotisbetterthancaptcha.jpg (51KB, 683x613px) Image search:
[Google]
51KB, 683x613px
>>60382371
me too
>>
>>60378074
does anyone have links that I can click on to get myself infected (for scientific purposes)
>>
>>60396030
There being a chance he can get away does not equal it not being a crime. And there will probably be a trail.
>>
I HEAR SOUNDS COMING FROM MY SPEAKERS AND THEY AREN'T COMING FROM ANY WINDOWS ON MY COMPUTER
AM I INFECTED?!?!
>>
Is there an up-to-date list of all the Telemetry/Windows 10 KBs to delete after updating Windows 7 against this?
>>
>>60387549
The really good one is:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)
>>
>>60391830
These are the ports at the VPN address. You can be sure of this by checking the ip addresses, they should not match.
>>
File: ClockworkOrange.jpg (5KB, 180x218px) Image search:
[Google]
5KB, 180x218px
>>60390720
>>
>>60393694
Actually being green is still bad, the device is known to be there, green is just that the ports do not respond, blue is they respond with a deny. The good one is UPnP disabled.
>>
File: 1401475223077.png (3MB, 1076x1105px) Image search:
[Google]
3MB, 1076x1105px
>>60397869
>>
>>60390720
Don't forget about Windows Optimiser
>>
>>60378074
> mfw migrated from Windows to MacOS
Post yfw you literally don't care about Winblows
>>
>>60384312
> 3 links
> Microsoft on all of them
> No apple
good point faggot
>>
>>60397869
Could be an electrical issue. It is possible they could make noise even without the computer. Better check all cables and connectors.
By the way, the real deal is something like:
https://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/
https://www.extremetech.com/mobile/248841-researchers-find-234-android-apps-track-poorly-ultrasonic-waves
https://www.wired.com/2016/11/block-ultrasonic-signals-didnt-know-tracking/
http://www.zdnet.com/article/hundreds-of-apps-are-using-ultrasonic-sounds-to-track-your-ad-habits/
You wouldn't listen to it.
>>
>>60378974
>Windows admins need better firewalls
Which does fuck all if the network not infuckted via the internet.
>>
Where can I find the right KB updates against this? I don't have the ones needed and the Microsoft site doesn't load. I don't see them in the updates list.
>>
>>60379194
More like /r_The_Donald
>>
>>60395982
[spoiler]p-pls respond[/spoiler]
>>
File: 1492059018244.jpg (196KB, 964x640px) Image search:
[Google]
196KB, 964x640px
>>60388939
My SS is from W10.
Click link for other win versions which require a regedit
>>
alright, I installed KB4012212, can I stop worrying about this bullshit now?
>>
>>60397940
Last time I trusted the accuracy of one public list of telemetry updates and either didn't apply or remove those updates, my disk was getting thrashed by Windows telemetry anyway.
>>
>>60398117
Wait if my phone can record some ultrasonic frequency range does this mean it can record the cute sounds of rats laughing when you tickle them?
>>
>>60378074
>mfw microsoft will NEVER recover from this
>>
>still using windows in 2017
>not securing your macOS systems behind an openBSD firewall
>>
so my windows update is fucked on my computer, and need to manually download the file (it can't search for updates, even with the kb that speeds it up).
Which kb do I need to fix the vulnerability on windows 7?
>>
>>60398938
KB4012215
>>
>>60382397
>Failed the ping test
rip me
>>
File: www.dailymail.co.uk_2017-05-15_03-06-54.jpg (993KB, 656x1234px) Image search:
[Google]
993KB, 656x1234px
Australia hit by it.
>>
>>60399021
>KB4012215
thanks mate
>>
>>60399050
Not surprised cuz Hitler was from there.
>>
>>60386736
No I have not worked in IT before.
But companies are going to have to learn they have only one of two options:
1. Apply security updates immediately upon availability
2. Continue to get fucked by malware
>>
how exactly is it infecting people's computers?
through their browser?
>>
>>60399152
>1. Apply security updates immediately upon availability
Some companies don't have that option.
Some of their software aren't compatible with the newer patches.
>>
>>60399172
Any organization still running on Windows XP without a custom support contract for security updates deserves what's coming to them.
>>
How the fuck are you retards even catching this shit. Dumb fucks
>>
>>60399074
Hitler was from Belgium
>>
>>60399204
True, but to expand on why they got fucked, the reason why hospitals got hit hard is that some of their machines used old software.
The developer for said softwares quit development and they had no choice but to either stick with it or move their databases over to a more new software.
>>
>>60382312
Wrong board, go troll on /pol/, cunt
>>
>>60399254
I work in a hospital.
Everything that is critical or access patient info is on an airgapped internal netwrk.
>>
>>60399413
That's what I can assume, but don't some doctor assisted machines run on XP?
>>
>>60382582
does somebody have a link to this?
>>
>>60399654
The very post you referenced is referencing the link...
>>
>>60399021
Which KB is the patch for 8.1? Googled it, but haven't got jack shit, I just keep getting instructions on how to disable SMB manually.
>>
>>60382397
um
what
the accepted ports in the rules are just a couple of 20000-ports for a torrent client
is this my ISP that is responding? I am on a class A network right now apparently (10.0.0.0/8)
>>
>>60378074
>using wangblows for anything but certain games
>>
>>60399967
>playing video games
>>
Ukraine (maybe the Russian part) got it hard now.
>>
>>60400040
All of slavsphere is rightful Russian clay
>>
>>60378074
Can't wait until they make a big exploit for android.
It might be the only time most of us ever get updates.
>>
>>60400049
ultimate meh
>>
>>60400068
Android is due for a huge exploit especially since most apps autoplay shit nowadays. Can't wait for someone to embed something nasty on a .gif and have whatever stupid chat client they use to spread it like wildfire.
>>
>>60387679
Dead.
>>
>>60378851
Steam
>>
>>60400068
stagefright has been around for quite a while now and samsung alone still has millions of devices vulnerable out there
>>
>>60382397
Some tip on W10 to go green from blue?
>>
>>60378074
>Also, the NSA exploit it uses is only one of its vectors, just patching the systems does not make them 100% safe.
It is literally the only method it spread by, why are you making shit up, Lincuck?
>>
>>60401070
Morons open phishing emails or download and open document.pdf.exe all the time.
>>
>>60400953
Shameless bump
>>
>>60385058
Your router is blocking during 15ish probes, then just opening again for a short while. Everything's closed, you're good.
>>60399921
Similar story, just blocking for a tad longer, or with a faster connection.
>>
>>60399413
Im struggling to figure out how this isnt this case everywhere
its a huge HIPA thing if the information is electronicallt available to everyone on an open network.
>>
>>60400093
Truth, especially since no Android phones over a couple of years old get updates.
>>
>>60398095
>no apple
>implying apple gave their source to the chinese because MS did
brainlet
>>
>>60382514
>https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
Do I need to disable SMB1 using both instructions for the SMB server and client or just the client will be enough?
Thread posts: 294
Thread images: 45
Thread images: 45