Thread replies: 31
Thread images: 5
Thread images: 5
File: coworkers_desk_2017Jun27.jpg (214KB, 1024x768px) Image search:
[Google]
214KB, 1024x768px
Whelp, I got to go home early today. Thanks to centrally-managed stuff like Active Directory and Group Policy. Thanks, IBM, for forcing it down our throats and not letting us patch our own workstations.
How was your day, /g/ ?
>>
>>61108689
I sat here and didn't get hit by cryptomalwareworms. So, pretty good so far.
>>
>>61108689
I don't use Windows so my day couldn't be better.
>>
File: ass_band.jpg (60KB, 500x321px) Image search:
[Google]
60KB, 500x321px
>>61109385
Neither do I. But Windows is what's used for an LDAP server for single-sign-on, and for pushing "group policy" to enforce standards and authentication rules to workstations that are Windows, macOS or "blessed" linux.
They want to control all the things. So when they get exploited, that means there's only one key needed to unlock all the devices across all 450 workstations in three offices. w2g, IBM.
>>
>>61108689
What's IBM got to do with it? WSUS yo
>>
Kinda curious. Do they actually send a real key back or is it all bs.
>>
>>61108689
Can't you brute force that shit?
>>
>>61109735
Sometimes they actually do, but it's a gamble either way.
>>
>>61108689
Pretty good so far, sold my Nintendo Switch to GameStop and I'm about to take a nap.
>>
>>61108689
Cathy in accounting opened another fake invoice.
>>
>>61109759
It would take more time than the earth has before being engulfed by fire before you can brute force this thing with every pc on earth at the same time. With current tech its not possible.
>>
>>61109797
Did you seriously do that? You could have sold it easily if you asked for retail price or slightly higher on craigslist or your local equivalent.
>>
>>61109826
I'm willing to pay (or accept less pay) for convenience. I just wanted to get rid of it desu, the money wasn't that important.
>>
>>61109700
IBM's the implementer. Who thinks that a single exploitable controller in charge of all our assets is "best practices." and locks us out of our own workstation's "for your own safety" so we can't patch shit like, on I don't know, ETERNALBLUE last month.
Not that my workstation needed it, but clearly their servers did. Anything that uses their AD single-sign-on (ie. everything they touch) is fucked.
>>61109759
I could, eventually. You could. But can Stacy Buttershire in Human Resources fix her own laptop? Or some middle manager who opens Bing.co.uk, types "google" in the search bar and clicks on the first link?
The AD server will get restored from backup, eventually I'm sure, but they better patch the replacement AD server before wiring it in.
>>
>>61108689
What I would like to know is:
how this got installed without admin/root rights.
>>
>>61109700
>WSUS yo
Does wsusoffline for Windows 7 have the botnet updates removed, or do I need to fuck around with it still to keep it clean?
>>
>>61109855
I imagine that the important stuff is not really in admin-accessible folders, as for the MBR payload, I think it exploits a bug in windows, and gains admin through there?
>>61108689
My day's been mostly fine, though it's been raining for a little too long, and I can't figure out why my giant jump table won't work.
>>
>>61109903
It doesn't gain administrator rights, its encrypting user files.
Initially it was propagating via SMB (Windows file sharing) but that's been patched, they're investigating other potential propagation methods currently
>>
File: machines_still_accepting_SMB_connections.png (92KB, 2616x1360px) Image search:
[Google]
92KB, 2616x1360px
>>61109855
It's using the NSA-discovered "ETERNALBLUE" exploit. and maybe the DoublePulsar exploit. Older version of the SMB protocol that can be used to pass instructions to the windows kernel. This is WannaCry II the sequel.
- patch your shit (if your employer lets you)
- block port 445
- don't open executable-code attachments from email.
>>
>>61110004
I just quickly read over an article(read: swathes of nonsense making like it's the end of the world) to try to figure out if the exploit changed.
>>
>>61110108
It sounds like its propagating over WebDAV, using a similar exploit.
>>
>>61110510
Interesting.
>>
>>61108689
>How was your day, /g/
sitting front of my comfy macbook browsing technews and reading happenings
>>
I dont update my computer... havent got the problem yet.. i have a pending update... should i update tho????
>>
>>61110510
Yeah... but for wannacry to happen to microsoft, wouldnt u think they'd fix this??
>>
>>61109735
Their email provider (posted) just banned their account so nobody's getting any decryption keys even if they send the bitcoin
>>
I slept until about 5:30, fiddled with my phone until 7:30, took a shower, walked 5 minutes to work, double checked and staged some changes for new elasticsearch clusters, waiting on hardware to finish getting racked, helped out coworker map his stuff for elasticsearch, then lastly fill out the day with drinking scotch with coworkers.
>>
>>61113635
K....and???? We needed to know this?
>>
>>61113681
He asked, I replied.
>>
>>61113708
Sorry, didnt fully read the thread, just that it was related to petya.. my b..
>>
File: 74805_1209675324358_full.jpg (15KB, 276x296px) Image search:
[Google]
15KB, 276x296px
THIS IS WHY YOU ALWAYS KEEP YOUR SYSTEM FULLY PATCHED AND UP TO DATE.
Preferably automatically, because otherwise you'll fucking forget or put it off.
Thread posts: 31
Thread images: 5
Thread images: 5