Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Please say NO to Windows 10 upgrade

 Recommended Tools to Enhance Command Line Usage in Windows 7

News

See also

Recommended Books Recommended Links Recommended Papers

Free Registry Tools

Unixification

Why this annoying icon to update to Windows 10? Windows 7 XP mode Windows 7 Tips Controlling path in windows 7 Burn ISO Images Natively in Win7 Windows Process Viewers Windows Data Recovery
Windows XP Windows XP Slow Startup and Shutdown Reinstallation of Windows XP Performance tuning exFAT Formatting partition as exfat in windows 7 Selected Utilities
Windows 8 Windows 8 Tips          
Windows bulk file copy tools Hard drive Click of Death crash recovery Windows Terminal Services Network Tools for Windows      
Windows Keyboard and Mouse Utilities Clipboard managers Macrorecoders and Keyloggers Microsoft IntelliType Macros Keyboard remapping Recovery Unable to Access Hotmail or Microsoft account
Undeleting files under Windows Norton Ghost Alternatives to Norton Ghost FAT32 Partitions Data Recovery Resizing Windows partitions Fighting spyware Windows Integrity Checkers
Alternatives to Norton Utilities Windows Powershell WSH Scripting in Windows      
Working with ISO Images Office NetDrive Windows Security Windows Tips Humor Etc

Introduction

Microsoft is the king of software complexity and Windows becomes more complicated with each new version. Features get added. The UI gets "improved". Privacy disappears. Security gets tightened.  Windows 10 is this respect is a disaster and I do not recommend upgrade to it from Windows 7 unless you are using your Pc purely for entertainment.

Windows 7 is also not without problems and in comparison with XP SP3 was the fist OS when Microsoft went (slightly) downhill and while all features were provided without significantly increasing power consumption or decreasing performance it essentially accomplished little over Windows XP. As for the ease of recognizing, recognizing and working with new devices was a definite step back. It was far more capricious.  Propensity to self-destruct with age in this version of Windows is less pronounced then in case of Windows XP

Windows 10 marks at important stage in Microsoft OS development -- Microsoft lost control of the complexity and was essentially buried under avalanche of created complex subsystems and wrong architectural decisions. This is the first in a long line of Microsoft operating systems which can be called one step forward -- two steps back.  . Problems with subsystems due to patches are systemic. Looking at system messages log gives impression that in Microsoft left hand no longer knows what right hand is doing and no amount of testing now can help.   Of cause many people hate Windows 10, especially if they were lured into it by forced uprgade.  

The policy of forced upgrade that Microsoft adopted signify that both Microsoft ethics and Microsoft OS development skills really went downhill. For regular desktops both Windows 8 and Windows 10 are questionable from a number of aspects and first of all as for the "strange" approach as for merging touch interface with "classic" windows. All this tile-based enhancements are not as valuable as preservation of classic Windows interface. Instead two competing interfaces were created.  BTW Microsoft increeases strong negative feeling toward Windows 10 by the annoying icon to update to Windows 10 and obnoxious reminers to do that.  

As touch is unimportant for a laptop and mostly useless for desktop,  I will also say that a decent Windows 7 laptop still holds it own against newer version of Windows (both 8.1 and Windows 10). Also with Windows 10 Microsoft became really intrusive in privacy space.  Even in Windows 8.1 the default is to login to your Hotmail account.

So let's just say No to windows 10 on laptops and desktops. The only place where it makes some sense are tablets.

The importance of command line enhancements

This page contains the recommendations for my CS students on how quickly enhance "default" Windows 7 installation  with some additional, mostly command line, utilities. Windows XP is OK and on modern laptop faster then Windows 7. The only problem is that support ended in 2014.

In Windows 7, the XP mode is available only in Windows Professional and above. It is probably a must to have so as some Windows XP applications are not Windows 7 compatible. It also has value as a protective layer for Internet browsing: breaking into disposable Windows XP does not affect your main Windows 7 installation.

There are several steps in configuring Windows 7 desktop with command line tools.  Tools listed below are those tested extensively; most of them I am using for many years.  As Windows 7 Resource Kit is not free you should use Cygwin to get most of the Unix compatible command line utilities.  I heard that Windows 7 Ultimate has some remnants of SFU 3.5, but I don't know the details.

Softpanorama Recommended Windows Command Line Enhancement Set

  1. The first and the most important thing is to install RandyRants SharpKeys -- the utility that provides GUI for remapping of keys. And then remap CapsLock to Ctrl in Windows registry (yes this is built-in feature of Windows).   This is a well known blunder in the design of IBM keyboard that, thanks God, is easily correctable.
  2. Install xxcopy: XXCOPY, A Versatile File Management Utility --- Boldly Extended Xcopy. See also Windows bulk file copy tools
  3. If you use Microsoft keyboard install Intellitype 8.2,  It is superior then later ("merged") versions of Intellitype Pro and IntelliPoint (mouse driver).
  4. If you use Logitech mouse like G600 install Logitech drivers. They are compatible with Intellitype.
  5. Install ArsClip. This is a wonderful free clipboard manager. In windows 7 it is better to install it outside Program_files tree. 
  6. Install Cygwin.  It provide Unix command line tools. 32 bit version recommended: Teraterm does not work correctly with 64-bit versions.
  7. Install Active Perl and Komodo Editor (or Iron Python if you prefer the latter)
  8. Working with ISO
    1. Microsoft Virtual CD-ROM Control Panel This is a self-extracting Zip archive. Download the file and execute it. Click Unzip and select any appropriate folder to extract the contents. Before using this tool, read the readme.txt file and follow its instructions for installation and use.
      • alternative is Virtual Clone Drive That latter utility lets you mount  not only .ISO, but also  .CCD, .DVD, .IMG, .UDF and .BIN files. Download the utility and select the necessary associations. Now you should be able to mount any ISO image by just double-clicking on the file. You can also right-click on the cd-rom drive to mount or unmount an image.
    2. Windows 7 support burning ISO images out of the box. You can also install ISO Recorder Power Toy  -- the tool that was popular with Windows XP. The tool that can create ISO images from CD/DVD disks as well as burn CD/DVD ISO images to media. The tool was written by Alex Feinman
  9. Install OFM managers are really superior file manager for advanced users then Windows Explorer. Two leading OFM are Windows 7 compatible:
  10. Install editors. For example:
    1. NOTEPAD++ -- great free replacement for notepad. Another option is to install Notetab.
  11. Install 7-zip. You might wish also to install RAR.
  12. Install Teraterm
  13. Install WinSCP. An excellent scp client with Orthodox file manager like interface
  14. Create C:\Utils directory and install  info-zip in it.
  15. Correct PATH env variable to include C:\Utils directory and Perl. You can use pathed.exe to do that
  16. Install clip.exe from Windows 2003 server

    Quickly Copy Error and Display Messages

    ...copy the CLIP.EXE file from a Windows Server 2003 into your system's path (best if placed in %systemroot%\system32 folder). You can also get the file from HERE (14kb)

Some questionable possibilities

  1. ??? Install console2. Console Free software downloads at SourceForge.net
  2. Install  Magical Jelly Bean Keyfinder (for example from Download.com). This is one-time use utility when you migrate to a new computer. You can use it without networking and uninstall after usage.

    Magical Jelly Bean Keyfinder won't help you find your car keys or point you to the Easter Bunny's stash. But if you need to reinstall Windows and can't find your product key, it might be seem magical to you. This free utility retrieves your Windows Product Key (CD key) from your registry and saves it to a text or CSV file. If you need to reinstall Windows but don't have the Product Key because you lost the original CD or case, it can save your bacon, or at least a lot of your time. It works in most versions of Windows from 95 to 7. The latest release also supports Windows Server 2000.

  3. PasswdFinder Magical Jelly Bean Similar to previous but extract passwords stored by Windows. Running it is a useul exersize. Should be done without netwroking and program should be deinstelled immediately after run. Just in case. This is an interesting exercise to see what can be stolen from your computer ;-)
  4. For windows XP only: Tweak look and feel using built-in ClearType text tuning utility by typing cttune in the Start Menu search field and opening the search result.

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Oct 16, 2017] Windows 10 setup and configuration tips Don't settle for default settings ZDNet

Oct 16, 2017 | www.zdnet.com

javascript:void(0)

The tips in this category are all about setting up Windows 10 the right way, and then configuring it the way you want it to work.

I assume that you've already done a clean install of Windows 10 or upgraded from a previous edition. (For answers to all your questions on Windows 10 installation issues, see my FAQ: "How to install, reinstall, upgrade and activate Windows 10" .)

And if you've heard that Microsoft is no longer offering free Windows 10 upgrades, I have a pleasant surprise for you: See "Here's how you can still get a free Windows 10 upgrade."

After you've got Windows 10 up and running, you're ready for the tips in this category.

Temporarily delay the Fall Creators Update

Each time Microsoft rolls out a major upgrade to Windows 10, you have the option to wait a few months before you install it on PCs running Windows 10 Pro or Enterprise. But you have to act quickly.

Find any Windows 10 setting in seconds

One confusing aspect of Windows 10 is the way it keeps some options in the old-style Control Panel and others in the new Settings app. The good news is you don't have to guess where to look, once you learn these two search secrets.

See also:

Turn off Cortana completely

Microsoft has removed Cortana's on-off switch. But the option to disable Cortana is still available, if you know where to look. Use this tweak to make Windows search strictly local.

See also:

Shut down OneDrive completely

In Windows 10, OneDrive is built in. The connections are so tight, in fact, that OneDrive has its own node in File Explorer, with no obvious way to remove it. But the options to disconnect OneDrive are there if you know where to look. Here are the full instructions.

See also:

Switch back to a local account from a Microsoft account

During Setup, Windows 10 encourages you to use a Microsoft account. But if you prefer to use a local account, the option is there. Here's how to switch back easily.

See also:

Find your PC's original product key

If you've purchased a new PC with Windows pre-installed in the past few years, chances are it has a product key embedded in its BIOS. With a little PowerShell wizardry, you can find that well-hidden key and learn more about your current licensing status.

More Windows 10 tips in this category:

[Oct 11, 2017] Elite Hackers Stealing NSA Secrets Is 'Child's Play'

What a great waste of taxpayers dollars. After Stuxnet any government that cares about secrecy does not use open, connected to internet networks for sensitive information. Some switched to typewriters, at least for highly sensitive operations, which is probably overkill. but good, old DOS can still be used to above NSA spook pretty much like typewriter; and communication via parallel port is not that easy to hack; UUCP is also pretty much available for serial port communication ;-)
But the effect on undermining the US software and hardware sales is overwhelming. Why anybody in foreign government would buy the US hardware or software, when it is clear that NSA can put a backdoor into both "before arrival". In this sense the game is over and net beneficiary might be Taiwanese and other East Asia firms as China is suspect too.
To say nothing about the effects of the US consumers and business when those tools are incorporated by criminal hacking groups into commercial malware. And this is a real dnager of NSA activities. Boomerang tends to return. And the security culture in most US companies (including government security contractors) is simply rudimentary or non existent. In no way they can withstand the attack of NSA tools. The sordid take of Hillary shadow IT and "bathroom server" is actually not an exception. Creation of "Shadow IT" is pretty common in fossilized and over-bureaucratized US enterprise It world.
Moreover operations like "Its operations that violate sovereignty of other nations, like digging into China's networks , developing the tools British spies used to break into Belgium's largest telecom, and hacking sections of the Mexican government " are clearly criminal, and are possible only due to the status of the USA as a sole of superpower. But they can result is some shipment of arms to anti-USA factions as a state-to-state retaliation. Moreover "There is no honor among thieves" and sharing of this information should be assumed is always larger then intended.
Like drone strikes they inflame anti-Americanism and has constrained U.S. foreign policy options in ways that civilian and military planners neither imagined nor anticipated.
Oct 11, 2017 | www.msn.com

The NSA's hackers have a problem.

Last week, multiple outlets reported that the NSA's elite Tailored Access Operations unit -- tasked with breaking into foreign networks -- suffered another serious data breach. The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations, according to the Washington Post. It's potentially the fourth large scale incident at the NSA to be revealed in the last five years.

Now, multiple sources with direct knowledge of TAO's security procedures in the recent past tell The Daily Beast just how porous some of the defenses were to keep workers from stealing sensitive information -- either digitally or by simply walking out of the front door with it.

One source described removing data from a TAO facility as "child's play." The Daily Beast granted the sources anonymity to talk candidly about the NSA's security practices.

TAO is not your average band of hackers. Its operations have included digging into China's networks , developing the tools British spies used to break into Belgium's largest telecom, and hacking sections of the Mexican government . While other parts of the NSA may focus on tapping undersea cables or prying data from Silicon Valley giants, TAO is the tip of the NSA's offensive hacking spear, and could have access to much more sensitive information ripped from adversaries' closed networks. The unit deploys and creates sophisticated exploits that rely on vulnerabilities in routers, operating systems, and computer hardware the general population uses -- the sort of tools that could wreak havoc if they fell into the wrong hands.

That doesn't mean those tools are locked down, though. "TAO specifically had a huge amount of latitude to move data between networks," the first source, who worked at the unit after Edward Snowden's mega-leak, said. The former employee said TAO limited the number of USB drives -- which could be used to steal data -- after that 2013 breach, but he still had used several while working at TAO.

"Most operators knew how they could get anything they wanted out of the classified nets and onto the internet if they wanted to, even without the USB drives," the former TAO employee said.

A second source, who also worked at TAO, told The Daily Beast, "most of the security was your co-workers checking to see that you had your badge on you at all times."

The NSA -- and recently TAO in particular -- have suffered a series of catastrophic data breaches. On top of the Snowden incident and this newly-scrutinized 2015 breach, NSA contractor Hal Martin allegedly hoarded a trove of computer code and documents from the NSA and other agencies in the U.S. Intelligence Community. Martin worked with TAO, and he ended up storing the material in his car and residence, according to prosecutors. Like Snowden, Martin was a contractor and not an employee of the NSA, as was Reality Winner, who allegedly leaked a top-secret report about Russian interference in the U.S. election to news site The Intercept.

Then there's the incident now in the news. Israeli operatives broke into the systems of the Russian cybersecurity firm Kaspersky Lab, officials told The Washington Post. On those systems were samples of sophisticated NSA hacking tools; a TAO employee had brought them home and placed them on his home computer. That machine was running Kasperky software, which allegedly sent the NSA tools back to Moscow.

It's not totally clear how the breach overlaps with any others, but in 2016, a group called The Shadow Brokers started publishing full NSA exploit and tool code. Various hackers went on to incorporate a number of the dumped exploits in their own campaigns, including some designed to break into computers and mine digital currency, as well as the WannaCry ransomware, which crippled tens of thousands of computers around the world. (A handful of other, smaller NSA-related disclosures, including a catalogue of TAO hacking gear from 2007 and 2008, as well as intelligence intercepts, were not attributed to the Snowden documents, and the public details around where that information came from are muddy.)

Although not a data breach per se, in 2015 Kaspersky publicly revealed details on the history and tools of the so-called Equation Group, which is widely believed to be part of the NSA. A third source, who worked directly with TAO, said the fallout from that exposure meant the hacking unit entered a "significant shutdown," and "ran on minimum ops for months."

Nevertheless, a report by the Defense Department's inspector general completed in 2016 found that the NSA's "Secure the Net" project -- which aimed to restrict access to its most sensitive data after the Snowden breach -- fell short of its stated aims. The NSA did introduce some improvements, but it didn't effectively reduce the number of user accounts with 'privileged' access, which provide more avenues into sensitive data than normal users, nor fully implement technology to oversee these accounts' activities, the report reads.

Physical security wasn't much better, at least at one TAO operator's facility. He told The Daily Beast that there were "no bag checks or anything" as employees and contractors left work for the day -- meaning, it was easy smuggle things home. Metal detectors were present, including before Snowden, but "nobody cared what came out," the second source added. The third source, who visited TAO facilities, said bag checks were random and weak.

"If you have a thumb drive in your pocket, it's going to get out," they said.

Unsurprisingly, workers need to swipe keycards to access certain rooms. But, "in most cases, it's pretty easy to get into those rooms without swipe access if you just knock and say who you're trying to see," the third source added.

To be clear, The Daily Beast's sources described the state of security up to 2015 -- not today. Things may have improved since then. And, of course, the NSA and TAO do of course have an array of security protections in place. TAO operators are screened and people on campus are already going to have a high level clearance, some of the sources stressed. The part of the NSA network that TAO uses, and which contains the unit's tools, can only be accessed by those with a designated account, according to the source who worked with TAO. Two of the sources believed in the NSA's ability to track down where a file came from after a breach.

Indeed, the system TAO members use to download their hacking tools for operations has become more heavily audited over the years too, although the network did have a known security issue, in which users could make their own account and automatically gain access to additional information, the source who worked with TAO said.

"The NSA operates in one of the most complicated IT environments in the world," an NSA spokesperson told The Daily Beast in a statement. "Over the past several years, we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies."

"We do not rely on only one initiative. Instead, we have undertaken a comprehensive and layered set of defensive measures to further safeguard operations and advance best practices," the spokesperson added.

The problem of securing this data from the inside is not an easy one to solve. If the NSA was to lock down TAO systems more ferociously, that could hamper TAO's ability to effectively build tools and capabilities in the first place, and two of the sources emphasised that excessive searches would likely create a recruiting problem for the agency. "It's not prison," one of the former TAO employees said.

"The security is all predicated on you having a clearance and being trusted," the source who has worked with TAO said.

"The system is just not setup to protect against someone with a clearance who is determined to go rogue," they added.

[Oct 11, 2017] Spy Spin Fuels Anti-Kaspersky Campaign

Indiscriminate spying is a costly and not very efficient operation. The problem of drinking form a fire hose arise. So a lot of money spend by US, GB and other countries on installation of such software are wasted. If the user of such computers uses steganography this does not even allow to detect the targeted activities.
It in not that elimination of Kaspersky software from the US market (due to current anti-Russia witch hunt) is a big loss. The efficiency of AV program against new threats was always problematic. But this hysteria points to a larger problem: threat from regular hackers to your data, especially financial data and access to financial sites. I would say that the person who does not use two separate computers for browsing and for his financial and other confidential operations and data is reckless indeed. Now anybody with important financial data can afford two laptops. A good used, enterprise class, Dell laptop is around $400.
In Windows each antivirus is simultaneously a backdoor. That's given. So usage by the US government agencies of foreign AV software was an oversight; and the US government is doing the right thing to prohibit such usage. Similarly it would be highly irresponsible for, say Russian government, to use MacAfee software on government computers. Even with large transnational companies there are some tricky problems about which AV software to use. And that was the problem already understood long ago, say in 1996.
For governments any large AV company represents tremendous asset as for surveillance. Also intelligence community probably has close understanding of signature updaters and their vulnerabilities and probably have agents in each of major AV company. And for government AV signature updates are the best way to install malware on your computer. And much simpler then hijacking OS updates.
So it is only natural that AV companies are primary target of intelligence agencies. I remember being very surprised the McAfee was bought by Intel. Now I know why ;-). In the past some mass deployed AV companies software (Symantec) as well as Google software (Google bar) were spyware even without intelligence agencies interference. In a way they were pioneers of mass surveillance.
In no way linux is a panacea. This is another monstrously complex OS with multiple backdoors, especially on application level (Apache is one recent example). But it will be much less attacked by non-government hackers. This is true. Security via obscurity does work. Still if you need security against exfiltration of your data MS DOS and Windows 3.1 are also useful option (any non-networked computer actually would work; you can exchange data via parallel port too. for example Total Commander has such an option ).
Notable quotes:
"... The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it. ..."
"... An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights . They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos ..."
"... That the NSA and the British GCHQ did not list U.S. and British made anti-virus products on their "to do" list lets one assume that these packages can already be controlled by them. ..."
"... The Kaspersky anti-virus software, which the NSA employee had installed, identified parts of these tools as malware and uploaded them for analysis to the Kapersky's central detection database. The Kaspersky software behaved exactly as it should . Any other anti-virus software behaves similar if it detects a possibly new virus. ..."
"... The only person in the tale who did something illegal was the NSA employee. The case also demonstrates that the NSA continues to have a massive insider security problem. There is no hint in the story to any evidence for its core claim of "Russian hackers". ..."
"... Meanwhile its a well reported established fact that american virus/antimalware corps have allowed the FBI and other agencies to compromize their software with silent signatures - as with Magic Lantern for example (and imagine how far its gone since then) ..."
"... In the network security world there is this concept of a honeypot where you entice/allow the world to attack/invade your honeypot so you can study the tools they use and insure the trail back to them is useful. ..."
Oct 11, 2017 | www.moonofalabama.org
... ... ...

U.S. and British spies systematically target all anti-virus products and companies :

The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it.
...
An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights . They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos

That the NSA and the British GCHQ did not list U.S. and British made anti-virus products on their "to do" list lets one assume that these packages can already be controlled by them.

In February 2015 Kaspersky announced that it found U.S. and UK government spying and sabotage software infecting computers in various foreign countries. Later that year the CIA and FBI tried to recruit Kaspersky employees but were warned off. In June 2015 Kaspersky Lab detected a breach in its own systems by an Israeli government malware. It published an extensive autopsy of the breach and the malware programs used in it.

That the U.S. government now attempts to damage Kaspersky is likely a sign that Kaspersky products continue to be a hard-target that the NSA and GCHQ find difficult to breach.

To justify the campaign against Kaspersky, which began in May, U.S. officials recently started to provide a series of cover stories. A diligent reading of these stories reveals inconsistencies and a lack of logic. On October 5 the Wall Street Journal reported: Russian Hackers Stole NSA Data on U.S. Cyber Defense :

Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

A NSA employee copied code of top-secret NSA spy tools and put it on his private computer. ("It's just that he was trying to complete the mission, and he needed the tools to do it." said 'one person familiar with the case' to WaPo.)

The Kaspersky anti-virus software, which the NSA employee had installed, identified parts of these tools as malware and uploaded them for analysis to the Kapersky's central detection database. The Kaspersky software behaved exactly as it should . Any other anti-virus software behaves similar if it detects a possibly new virus.

The "multiple people with knowledge of the matter" talking to the WSJ seem to allege that this was a "Russian hacker" breach of NSA code. But nothing was hacked. If the story is correct, the Kaspersky tool was legally installed and worked as it should. The only person in the tale who did something illegal was the NSA employee. The case also demonstrates that the NSA continues to have a massive insider security problem. There is no hint in the story to any evidence for its core claim of "Russian hackers".

... ... ...

Further down the WSJ story says :
The incident occurred in 2015 but wasn't discovered until spring of last year , said the people familiar with the matter."

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

If the last sentence is true the employee must have had top access to multiple NSA programs.

A new story in the New York Times today builds on the WSJ tale above. It makes the claims therein even more suspicious. The headline - How Israel Caught Russian Hackers Scouring the World for U.S. Secrets :

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago , such global reach was its improvised search tool -- antivirus software made by a Russian company, Kaspersky Lab, ...

The Israeli officials who had hacked into Kaspersky's own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer.

The Washington Post version of the story is remarkable different. Unlike the NYT it does not claim any Russian government involvement in Kaspersky systems:

In 2015, Israeli government hackers saw something suspicious in the computers of a Moscow-based cybersecurity firm : hacking tools that could only have come from the National Security Agency.

Israel notified the NSA, where alarmed officials immediately began a hunt for the breach, according to people familiar with the matter, who said an investigation by the agency revealed that the tools were in the possession of the Russian government

Israeli spies had found the hacking material on the network of Kaspersky Lab ...

While the NYT asserts that the Russian government had access to the Kaspersky systems, the Washington Post does not assert that at all.

The NYT claims that the Israelis alerted the NSA of Russian government knowledge of its tools while WaPo says that it was the NSA itself that found this out. That Israel alerts the NSA when it has its hands on a valuable source that reveals NSA tools is not believable. There is no love lost between Israeli and U.S. spy agencies. They spy on each other whenever they can with even deadly consequences .

The NYT story is based on "current and former government officials", not on the usual " U.S. officials". It might well be that Israeli spies are spinning the NYT tale.

We already knew that the Israeli government had in 2015 breached some Kaspersky systems. Kaspersky Lab itself alarmed the public about it and provided an extensive forensic report.

There are several important questions that the above quote stories do not ask:

If the Israelis detected NSA malware in the hand of the Russian government "more than two years ago" (NYT) how come that the NSA hole was only found in 2016 (WSJ)? Did the Israelis use their claimed knowledge for a year without alarming their "allies" at the NSA? Why?

And why would the detection of alleged Russian government intrusion into Kaspersky products lead to a ban of these products only in fall 2017?

If the story were true the NSA should have reacted immediately. All Kaspersky products should have been banned from U.S. government systems as soon as the problem was known. The NSA allowed the Russian government, for more than a year, to sniff through all systems of the more than two dozen American government agencies (including the military) which use the Kaspersky products? That does not make sense.

These recently provided stories stink. There is no evidence provided for the assertions therein. They make the false claim that the NSA employees computer was "hacked". Their timelines make no sense. If not complete fantasies they are likely to be heavily spun to achieve a specific goal: to justify the banning of Kaspersky products from U.S. markets.

I regard these stories as part of "blame Russia" campaign that is used by the military-industrial complex to justify new defense spending. They may also be useful in removing a good security product that the NSA failed to breach from the "western" markets.

Oilman2 | Oct 11, 2017 10:29:02 AM | 10

Computers are dirt cheap these days. My first Mac cost me $3000 and the first clone PC I built cost me $1500. Today, I can buy a super-duper-anti-pooper PC device for $500. Hell folks, that is cheaper than an Iphone...

Use one computer for your critical work that has no internet connection, or use an old PC that has no network card. The OS may be uncool by today's standards, but the dang business software has hardly changed - just gotten more bloated with features.

Have one computer for exposure to wild viruses and all that crap, and another you can rely on. Move files one-way using cheap, new memory sticks.

My old PC runs the last version of Windows NT - and never crashes or locks up. It uses MS Office from that period, and the files are still readable by newer products.

My outward looking computer is either a Mac or a Linux box. I only transfer sensitive files one-way - from isolated to unisolated. Periodically, I toss the hard drive and pop in a new one. My 'sensitive' stuff is miniscule, as I don't work in the military or spook world. It's patent stuff.

And run Kaspersky - it works and the other's don't. Unless you are working on sensitive government crap, do you really even care if Russians can fish a few of your files? Do most people have PLC devices hung off their computers that stuxnet things can access?

If you have Alexa and other IoT crap - get rid of it because they are gadgets that have more downside than upside. Do you TRULY need a talking fridge? A washer you can turn on with your phone? A talking link to Google?

I don't care if the alphabet guys get my files - because they aren't of use to them. Most of the guys working at the alphabet agencies are spending their time on porno anyway or looking for blackmail files and images - which is why they can't seem to ever do anything useful except maybe foul a keyboard irretrievably.

It's hilarious to me that so much effort is put into all this when the old school ways of passing notes and talking are such simple workarounds, IF you are truly wanting privacy and fear for your precious files.

Robert Browning | Oct 11, 2017 10:43:32 AM | 11
Kaspersky uncovered the Stuxnet virus.
sejomoje | Oct 11, 2017 11:59:05 AM | 13
Yep this is payback for revealing who was behind Stuxnet, among other things. Every day, a little more USSA.
LXV | Oct 11, 2017 12:27:49 PM | 14
Isn't it to little to late for a payback, since it's been 5+ years since Kaspersky Labs discovered and revealed who is behind Stuxnet and Flame? Nah, this one smells more of a good ole-fashioned fascist market protectionism where you simply ban "those vile Russians" from a large portion of the market. Of course, all in context of the Empire's ongoing Blame Russia! campaign.
c1ue | Oct 11, 2017 3:12:28 PM | 19
Linux doesn't have many viruses - instead it has all manner of extremely dangerous 0-day bugs that can be exploited, plus a multitude of open source library vulnerabilities and channel attacks.
I was at a presentation by Paul Vixie - one of the 2 people who first proclaimed open source as the best way to product good and secure products 10 years ago. He's Internet Hall of Fame, ICANN Security Board, etc.
He no longer believes that for this reason: 10 years ago, there were 50 million lines of open source code, and you could rely that it was reviewed regularly and reasonably widely.
Today there are 50 billion lines of open source code, and the majority is never reviewed by anybody.
If you really want to go secure: don't use email. Don't use the internet. Just use your computer with no outside connection. Of course, you can't read Moon of Alabama, either - a fantastic way to nail all you paranoid types would be to watering hole attack this site.
As for the story: it is believable that one or more spy agencies hacked into Kaspersky's systems.
What again is not being said is whether Kaspersky was actively participating or abetting this activity.
While banning Kaspersky from US government and military isn't completely nonsensical, the reality is that *all* AV and other type of security products - any ones which auto update include FireEye, Palo Alto, Symantec, Microsoft and so forth all have the same vulnerability: The ability to access all data on a computer is an inherent ability to spy.
c1ue | Oct 11, 2017 3:13:26 PM | 20
And just FYI: Apache - you know, the source of the Struts vulnerability that lead to the Equifax breach, among others? It is Linux.
Thominus | Oct 11, 2017 3:24:35 PM | 21
Meanwhile its a well reported established fact that american virus/antimalware corps have allowed the FBI and other agencies to compromize their software with silent signatures - as with Magic Lantern for example (and imagine how far its gone since then)

With such subservience by the corporations anything is possible with whats been buried in these closed source systems.

I'm pretty sure the US establishment never accuses anyone of something if they aren't already themselves doing the same in the extreme.

Steve | Oct 11, 2017 3:27:13 PM | 22
@19 & 20

What you say may be correct in the most part. However, is it better to run an OS where there is a possibility of someone reviewing the code to improve it or run an OS where the vulnerabilities are intentionally left in the OS at the behest of the three-lettered agencies ? Only one choice gives the possibility of security even if it is remote.

The greater problem is the lack of maturity in so much of the software on Linux.

c1ue | Oct 11, 2017 3:37:19 PM | 23
@Steve #11
I guess you didn't read far enough into Vixie's comment: No one is reviewing the code - there is just too much.
Apache is an enormously widely used Linux platform with presumably an optimal reviewer population - it has millions of installs worldwide and is used from huge corporations to individuals, yet the Struts bug was also enormous (allows someone to remotely run code on any Apache server via a command line in a browser).

From my view as a security professional: I'd rather have a platform where there are thousands to tens of thousands of people actively trying to improve its security as opposed to one where there might be a few hundred.

The reality is that iOS, for example, is far more secure than Android.

iOS is not open source, Android is.

But the relative security has nothing to do with open sourcedness - it has to do with the architects of iOS continuously adding capabilities to make it more secure. iOS was the first widespread OS to use signed firmware updates - which is why jailbreaking an iPhone is so much harder than it used to be.

Despite that, there are still vulns which the 3 letter agencies likely know about and use.

That doesn't change the overall fact that iOS is more secure than Android and will be for the foreseeable future, because Android simply doesn't do all the things iOS can (and does) do.

If your concern is 3 letter agencies, then you need to create your own OS.

If your concern is overall security except for the 3 letter agencies, open source is *not* the way.

And lest you think I'm an Apple fanboi - I am not. I don't use iOS/iPhone/OSX or any of the Apple products for reasons outside of security. It doesn't mean I do not recognize the reality, however.

blues | Oct 11, 2017 4:39:24 PM | 28
Well sure if the NSA or some super-hacker specifically targets your machine, you will get owned (unless you invest in some kind of cyber Fort Knox, and are very lucky as well). These people who rant that Linus is "unsafe" are 100% full of it. In the end NOTHING is "safe". But Linux has astonishing advantages! Pay no heed to those naysayers!

I could write a book about how colossally dreadful Microsoft Windows is.

The BSD systems were clunky as hell so far.

So that leaves Linux. Big Problem: 98% of the Linuxes out there have been coerced into adopting "systemd" (yikes!). This is an allegedly open source (so it might be "audited" for trap doors and such) giant blob of 500,000+ lines of code (!) that has sneakily been infiltrated into 98% of the Linux distributions (distros) by the Red Hat Corporation and their NSA buddies. Obviously no one is ever going to "audit" it!

This Windows-like monster infests all of the Ubuntu and Linux Mint brand distros. The real question becomes "how many teams are you going to trust?"

Presumably the easiest distro to install and use "designed for home computer users" is Devuan based, systemd-free "Refracta Linux":
https://sourceforge.net/projects/refracta/files/isohybrid/
(I suggest ONLY the "refracta8.3_xfce_amd64-20170305_0250.iso" version for modern machines.)

You can "unlock" the upper panel, and move it to the bottom with the mouse.

You have to launch Konqueror five seconds before Firefox or it will crash :(

My very best alternative is the systemd-free "Void Linux":
https://repo.voidlinux.eu/live/current/
(I suggest ONLY the "void-live-x86_64-20171007-xfce.iso" version for most modern machines.)

I think Void Linux is just as nice as Refracta Linux, and they have different available programs (but they can work together) but it requires a bit more Linux chops to install. I needed to get the "live DVD file" GParted, which is a free partition editor DVD that you can burn yourself for free:
http://linux.softpedia.com/get/System/System-Administration/GParted-3725.shtml

Look up "Troubleshooters.Com®" -- Quick and Reliable Void Linux Installation:
http://www.troubleshooters.com/linux/void/quickinst.htm

I had to create a "MS-DOS"-style primary ext4 partition (could be between 80 to 200 GiB) with "boot" flag set, and a 20 GiB "Linux swap partition" with GParted before the install (may have to fiddle with the "BIOS" first). Then insert the Void DVD, open the "command window" and type "void-install". At some point the options look hopeless, but continue, and when it starts to repeat go back and back and continue on to completion. It's a BEAUTIFUL system! Have TWO passwords ready to use before starting (any Linux install) -- they might be of the form: "hermitcabbagetorus

I would get a book(s) about Linux. Maybe "Linux Cookbook" from Alibris. This will all prove to be VERY MUCH WORTH THE THE TROUBLE as time goes on!

psychohistorian | Oct 11, 2017 4:39:53 PM | 29
In the network security world there is this concept of a honeypot where you entice/allow the world to attack/invade your honeypot so you can study the tools they use and insure the trail back to them is useful.

If I were a security vendor I would set up a honeypot that looked like my business as simply one of many best practices. It is a great way to learn what others are doing while honing your skills at staying secure and invisible to potential perps.

If I had to wade into the "which OS is more secure" discussion I would just note that, IMO, in the long run open source is going to win the war world wide for most stuff but there will always be room for proprietary OS's and application software.

[Oct 08, 2017] Create and Use a Virtual Hard Disk on Windows 7

Notable quotes:
"... Windows 7 Resource Kit ..."
Oct 08, 2017 | technet.microsoft.com

Virtual hard disks (VHDs) are a file type that acts like a hard disk. In previous versions of Windows, VHDs were used by virtual machines, such as those created by Microsoft Virtual Server 2005 or Microsoft Virtual PC. Additionally, Complete PC Backup in Windows Vista created a copy of the computer's hard disk as a VHD disk image.

Follow Our Daily Tips RSS | Twitter | Blog | Facebook

Tell Us Your Tips Share your tips and tweaks .

Beginning with Windows 7, you can now mount VHDs exactly like a physical disk. By mounting a VHD, you can easily copy files to and from the virtual disk. Additionally, Windows 7 can be configured to boot from a VHD.

You can create a VHD from either the Disk Management snap-in or the command line. After you create the VHD, you must attach it and then format it before you can use it, just like a physical partition.

From the Disk Management console, follow these steps:
1. Right-click Disk Management and then click Create VHD. Follow the prompts that appear.
2. Right-click the new disk and then click Initialize Disk. Click OK.
3. Right-click the new disk and then click New Simple Volume (or select a different volume type, if available). Follow the prompts that appear.

The new virtual disk is ready to be used, just like any other disk.

From the DiskPart command-line tool at an elevated command prompt, run the create vdisk command and specify the file (to name the file) and maximum (to set the maximum size in megabytes) parameters. The following code demonstrates how to create a VHD file at C:\vdisks\disk1.vdh with a maximum file size of 16 GB (or 16,000 MB).

Copy

DiskPart 
Microsoft DiskPart version 6.1.7100 
Copyright (C) 1999-2008 Microsoft Corporation. 
On computer: WIN7 
DISKPART> create vdisk file="C:\vdisks\disk1.vhd" maximum=16000 

Volume ###      Ltr     Label           Fs      Type            Size    Status          Info    
----------      ---     -----------     -----   ----------      ------- ---------       -------- 
Volume 0        F       New Volume      NTFS    Simple          20 GB   Healthy 
Volume 1        E       New Volume      NTFS    Simple          40 GB   Healthy 
Volume 2        R                               DVD-ROM         0 B     No Media 
Volume 3        C                       NTFS    Partition       75 GB   Healthy         System 
Volume 4        D       New Volume      NTFS    Partition       52 GB   Healthy 
DISKPART> select volume 0
 
Volume 0 is the selected volume. 
DISKPART> delete volume 

DiskPart successfully deleted the volume.
For additional options, run the command help create vdisk at the DiskPart command prompt. After you create a VHD, you must attach it, create a partition, assign it a drive letter, and format it before it can be used. The following script (which must be run within a DiskPart session) demonstrates how to do this.

Copy

create vdisk file="C:\vdisks\disk1.vhd" maximum=16000 
attach vdisk 
create partition primary 
assign letter=g 
format
From the Microsoft Press book Windows 7 Resource Kit by Mitch Tulloch, Tony Northrup, Jerry Honeycutt, Ed Wilson, and the Windows 7 team. Looking for More Tips?

For more tips on Windows 7 and other Microsoft technologies, visit the TechNet Magazine Tips library .

[Oct 05, 2017] Russian Hackers Stole NSA Data on U.S. Cyber Defense by Gordon Lubold, Shane Harris

The irony of stealing data from agency with which rational for existence is stealing data from foreign governments (and as Snowden reveled not only foreign governments) was missed by the authors of this propaganda peace.
While WSJ authors are probably just following talking point as for exaggerating Russian cyber threat (as Trump correctly defined it this is a "witch hunt" which is a part of color revolution launched to depose him) , the truth is that any antivirus software is a backdoor to your computer. Be it Microsoft, MacAfee, Semantic (in the past this was especially spying prone company with personal product being real spyware), or Kaspersky. So exfiltrating files from your computer via anti-virus software is not only possible, but quite probable vector of attack. All all major three letter agencies probably have dedicated teams which probe weaknesses in the way major anti-virus program communicate with the "mothership" to exploit those weaknesses for their own purposes.
The same is true about million of various updaters (such as Adobe -- a pretty nasty one, but generally one per each major commercial application installed) which are also backdoors into your system. So it is reasonable to view Windows as a "system that open user data to malicious third parties". Actually to any more or less professional intruder. Thinking otherwise is just stupid.
From security standpoints the terms "networked Windows computer" and "protection of personal information" are incompatible.
Notable quotes:
"... Mr. Trump denies any impropriety and has called the matter a "witch hunt." ..."
"... Write to Gordon Lubold at Gordon.Lubold@wsj.com and Shane Harris at shane.harris@wsj.com ..."
Oct 05, 2017 | www.msn.com

The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The theft, which hasn't been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S.

The incident occurred in 2015 but wasn't discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky's own account it has more than 400 million users world-wide.

The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a U.S. special counsel's investigation into whether Donald Trump's presidential campaign sought or received assistance from the Russian government. Mr. Trump denies any impropriety and has called the matter a "witch hunt."

Intelligence officials have concluded that a campaign authorized by the highest levels of the Russian government hacked into state election-board systems and the email networks of political organizations to damage the candidacy of Democratic presidential nominee Hillary Clinton.

A spokesman for the NSA didn't comment on the security breach. "Whether the information is credible or not, NSA's policy is never to comment on affiliate or personnel matters," he said. He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus software with another company, not Kaspersky.

In a statement, Kaspersky Lab said it "has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation."

Kremlin spokesman Dmitry Peskov in a statement didn't address whether the Russian government stole materials from the NSA using Kaspersky software. But he criticized the U.S. government's decision to ban the software from use by U.S. agencies as "undermining the competitive positions of Russian companies on the world arena."

The Kaspersky incident is the third publicly known breach at the NSA involving a contractor's access to a huge trove of highly classified materials. It prompted an official letter of reprimand to the agency's director, Adm. Michael Rogers, by his superiors, people familiar with the situation said.

Adm. Rogers came into his post in 2014 promising to staunch leaks after the disclosure that NSA contractor Edward Snowden the year before gave classified documents to journalists that revealed surveillance programs run by the U.S. and allied nations.

The Kaspersky-linked incident predates the arrest last year of another NSA contractor, Harold Martin, who allegedly removed massive amounts of classified information from the agency's headquarters and kept it at his home, but wasn't thought to have shared the data.

Mr. Martin pleaded not guilty to charges that include stealing classified information. His lawyer has said he took the information home only to get better at his job and never intended to reveal secrets.

The name of the NSA contractor in the Kaspersky-related incident and the company he worked for aren't publicly known. People familiar with the matter said he is thought to have purposely taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

The man isn't believed to have wittingly worked for a foreign government, but knew that removing classified information without authorization is a violation of NSA policies and potentially a criminal act, said people with knowledge of the breach.

It is unclear whether he has been dismissed from his job or faces charges. The incident remains under federal investigation, said people familiar with the matter.

Kaspersky software once was authorized for use by nearly two dozen U.S. government agencies, including the Army, Navy and Air Force, and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice and Treasury.

NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against these employees or contractors using it at home, they were advised not to before the 2015 incident, said people with knowledge of the guidance the agency gave.

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company's assistance in intercepting communications as they move through Russian computer networks.

Kaspersky said in its statement: "As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts."

Suspicions about the company prompted the Department of Homeland Security last month to take the extraordinary step of banning all U.S. government departments and agencies from using Kaspersky products and services. Officials determined that "malicious cyber actors" could use the company's antivirus software to gain access to a computer's files, said people familiar with the matter.

The government's decision came after months of intensive discussions inside the intelligence community, as well as a study of how the software works and the company's suspected connections to the Russian government, said people familiar with the events. They said intelligence officials also were concerned that given the prevalence of Kaspersky on the commercial market, countless people could be targeted, including family members of senior government officials, or that Russia could use the software to steal information for competitive economic advantage.

"The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security," the DHS said Sept. 13 in announcing the government ban.

All antivirus software scans computers looking for malicious code, comparing what is on the machine to a master list housed at the software company. But that scanning also gives makers of the software an inventory of what is on the computer, experts say.

"It's basically the equivalent of digital dumpster diving," said Blake Darché, a former NSA employee who worked in the agency's elite hacking group that targets foreign computer systems.

Kaspersky is "aggressive" in its methods of hunting for malware, Mr. Darché said, "in that they will make copies of files on a computer, anything that they think is interesting." He said the product's user license agreement, which few customers probably read, allows this.

"You're basically surrendering your right to privacy by using Kaspersky software," said Mr. Darché, who is chief security officer for Area 1, a computer security company.

"We aggressively detect and mitigate malware infections no matter the source and we have been proudly doing it for 20 years," the company said in its statement. "We make no apologies for being aggressive in the battle against malware and cybercriminals."

U.S. investigators believe the contractor's use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

Investigators did determine that, armed with the knowledge that Kaspersky's software provided of what files were suspected on the contractor's computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter.

The breach illustrates the chronic problem the NSA has had with keeping highly classified secrets from spilling out, former intelligence personnel say. They say they were rarely searched while entering or leaving their workplaces to see if they were carrying classified documents or removable storage media, such as a thumb drive.

The incident was considered so serious that it was given a classified code name and set off alarms among top national security officials because it demonstrated how the software could be used for spying. Members of Congress also were informed, said people familiar with the matter.

Then-Defense Secretary Ash Carter and then-Director of National Intelligence James Clapper pushed President Barack Obama to remove Adm. Rogers as NSA head, due in part to the number of data breaches on his watch, according to several officials familiar with the matter.

The NSA director had fallen out of White House favor when he traveled to Bedminster, N.J., last November to meet with president-elect Donald Trump about taking a job in his administration, said people familiar with the matter. Adm. Rogers didn't notify his superiors, an extraordinary step for a senior military officer, U.S. officials said.

Adm. Rogers wasn't fired for a number of reasons, including a pending restructuring of the NSA that would have been further complicated by his departure, according to people with knowledge of internal deliberations. An NSA spokesman didn't comment on efforts to remove Adm. Rogers.

Write to Gordon Lubold at Gordon.Lubold@wsj.com and Shane Harris at shane.harris@wsj.com

[Oct 01, 2017] Are you being watched FinFisher government spy tool found hiding as WhatsApp and Skype

Notable quotes:
"... When a target of surveillance was downloading the software, they would be silently redirected to a version infected with FinFisher, research found. ..."
"... The software's brochure boasted: "FinFly ISP is able to patch files that are downloaded by the target on-the-fly or send fake software updates for popular software. ..."
Oct 01, 2017 | www.ibtimes.co.uk

Legitimate downloads of popular software including WhatsApp, Skype and VLC Player are allegedly being hacked at an internet service provider (ISP) level to spread an advanced form of surveillance software known as "FinFisher", cybersecurity researchers warn.

FinFisher is sold to global governments and intelligence agencies and can be used to snoop on webcam feeds, keystrokes, microphones and web browsing. Documents, previously published by WikiLeaks, indicate that one tool called "FinFly ISP" may be linked to the case.

The digital surveillance tools are peddled by an international firm called Gamma Group and have in the past been sold to repressive regimes including Bahrain, Egypt and the United Arab Emirates (UAE). In March this year, the company attended a security conference sponsored by the UK Home Office.

This week (21 September), experts from cybersecurity firm Eset claimed that new FinFisher variants had been discovered in seven countries, two of which were being targeted by "man in the middle" (MitM) attacks at an ISP level – packaging real downloads with spyware.

Companies hit included WhatsApp, Skype, Avast, VLC Player and WinRAR, it said, adding that "virtually any application could be misused in this way."

When a target of surveillance was downloading the software, they would be silently redirected to a version infected with FinFisher, research found.

When downloaded, the software would install as normal – but Eset found it would also be covertly bundled with the surveillance tool. The stealthy infection process was described as being "invisible to the naked eye." The seven countries were not named for security reasons, Eset said. WhatsApp and VLC Player did not respond to request for comment by the time of publication. A Microsoft spokesperson, referencing the Skype infections, told IBTimes UK : "Windows Defender antivirus cloud protection already automatically identifies and blocks the malware. "For non-cloud customers, we've deployed signatures to protect against this in our free antivirus software," the statement added.

An Avast spokesperson said: "Attackers will always focus on the most prominent targets. "Wrapping official installers of legitimate apps with malware is not a new concept and we aren't surprised to see the PC apps mentioned in this report. "What's new is that this seems to be happening at a higher level. "We don't know if the ISPs are in cooperation with the malware distributors or whether the ISPs' infrastructure has been hijacked."

The latest version of FinFisher was spotted with new customised code which kept it from being discovered, what Eset described as "tactical improvements." Some tricks, it added, were aimed at compromising end-to-end (E2E) encryption software and known privacy tools. One such application was Threema, a secure messaging service.

"The geographical dispersion of Eset's detections of FinFisher variants suggests the MitM attack is happening at a higher level – an ISP arises as the most probable option," the team said. "One of the main implications of the discovery is that they decided to use the most effective infection method and that it actually isn't hard to implement from a technical perspective," Filip Kafka, a malware researcher at Eset, told IBTimes UK. "Since we see have seen more infections than in the past surveillance campaigns, it seems that FinFisher is now more widely utilised in the monitoring of citizens in the affected countries."

Breaking encryption has become a major talking point of governments around the world, many of which conduct bulk communications collection. Politicians argue, often without evidence, that software from companies such as WhatsApp has become a burden on terror probes .

Whatsapp, Skype and VLC all targeted by FinFisher spyware.

One WikiLeaks document on FinFly ISP touted its ability to conduct surveillance at an ISP level. The software's brochure boasted: "FinFly ISP is able to patch files that are downloaded by the target on-the-fly or send fake software updates for popular software. " It added that it "can be installed on an internet service provider's network" and listed one use case when it was previously deployed by an unnamed intelligence agency. Eset found that all affected targets within one of the countries were using the same ISP.

[Sep 25, 2017] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine)

Notable quotes:
"... Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management Technology, on 1 May 2017.[12] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine) ..."
Jun 04, 2017 | turcopolier.typepad.com
Gordon Wilson , 31 May 2017 at 09:39 PM
Colonel I have refrained from any posting anywhere for any reason for months, but since the discussion seems to turn to decryption so often I thought you might be interested in knowing about network management systems built into Intel and AMD based machines for years, https://en.wikipedia.org/wiki/Intel_Active_Management_Technology
Hardware-based management does not depend on the presence of an OS or locally installed management agent. Hardware-based management has been available on Intel/AMD based computers in the past, but it has largely been limited to auto-configuration using DHCP or BOOTP for dynamic IP address allocation and diskless workstations, as well as wake-on-LAN (WOL) for remotely powering on systems.[6] AMT is not intended to be used by itself; it is intended to be used with a software management application.[1] It gives a management application (and thus, the system administrator who uses it) access to the PC down the wire, in order to remotely do tasks that are difficult or sometimes impossible when working on a PC that does not have remote functionalities built into it.[1][3][7]
...
Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management Technology, on 1 May 2017.[12] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine) .[13][14]
I think our second O in OODA is getting fuzzed if we don't consider some of the observations found in "Powershift" by Toffler as well.

The point being is that many Intel and AMD based computers can and have been owned by various governments and groups for years, and at this level have access to any information on these machines before the encryption software is launched to encrypt any communications.

If this known software management tool is already on board, then extrapolation Toffler's chipping warning to unannounced or unauthorized by various actors, one begins to see where various nation states have gone back to typewriters for highly sensitive information, or are building their own chip foundries, and writing their own operating systems and TCP/IP protocols, and since these things are known knowns, one would not be too far fetched in assuming the nation state level players are communicating over something entirely different than you and I are using. How that impacts the current news cycle, and your interpretation of those events, I leave to your good judgment.

I would urge all of my fellow Americans, especially those with a megaphone, to also take care that we are not the subject of the idiom divide and conquer instead of its' master. To that end I think the concept of information overload induced by the internet may in fact be part of the increasing polarization and information bubbles we see forming with liberals and conservatives. This too fuzzes the second O in OODA and warps the D and thus the A, IMHO.

[Sep 24, 2017] Hackers Using iCloud's Find My iPhone Feature To Remotely Lock Macs, Demand Ransom Payments

Sep 24, 2017 | apple.slashdot.org

(macrumors.com) Posted by BeauHD on Friday September 22, 2017 @10:05PM from the remote-control dept. AmiMoJo shares a report from Mac Rumors: Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on , and that's what's going on here. Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device. The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers. Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

[Sep 24, 2017] Major Cyber-Attack Will Happen Soon, Warns UK's Security Boss

Sep 24, 2017 | tech.slashdot.org

(theguardian.com) 66 Posted by msmash on Friday September 22, 2017 @02:41PM from the up-next dept. Alex Hern, writing for The Guardian: A "category one" cyber-attack, the most serious tier possible, will happen "sometime in the next few years" , a director of the National Cybersecurity Centre has warned. According to the agency, which reports to GCHQ and has responsibly for ensuring the UK's information security, a category one cybersecurity incident requires a national government response. Speaking at an event about the next decade of information security, Levy warned that "sometime in the next few years we're going to have our first category one cyber-incident." The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity. Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.

[Sep 24, 2017] Popular Chrome Extension Embedded A CPU-Draining Cryptocurrency Miner

Sep 24, 2017 | slashdot.org

(bleepingcomputer.com) Posted by EditorDavid on Saturday September 23, 2017 @02:34PM from the yours-and-mining dept. An anonymous reader writes: SafeBrowse, a Chrome extension with more than 140,000 users, contains an embedded JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent. The additional code drives CPU usage through the roof, making users' computers sluggish and hard to use. Looking at the SafeBrowse extension's source code, anyone can easily spot the embedded Coinhive JavaScript Miner, an in-browser implementation of the CryptoNight mining algorithm used by CryptoNote-based currencies, such as Monero, Dashcoin, DarkNetCoin, and others. This is the same technology that The Pirate Bay experimented with as an alternative to showing ads on its site. The extension's author claims he was "hacked" and the code added without his knowledge.

[Sep 22, 2017] U.S. ban on Russian software may stoke mistrust of cyber firms

Notable quotes:
"... But whether Russia retaliates or not, mistrust of the cybersecurity field has risen, and U.S. adversaries are likely to avoid U.S.-built software, believing that U.S. intelligence agencies may have special access ..."
"... "If you're China, if you're Russia, do you want to run American-built stuff? Probably not," Clark said at a presentation hosted by the Center for Cyber & Homeland Security at The George Washington University. ..."
McClatchy Washington Bureau
The Trump administration's ban on the use of a Russian cybersecurity firm's software is heightening suspicion worldwide that private internet firms might be in league with their home governments, an industry leader said Wednesday.

The Trump administration last week told U.S. government agencies to remove Kaspersky Lab products from their networks, citing alleged ties between officials at Moscow-based Kaspersky and Russian intelligence. Non-government entities and individuals may still use Kaspersky products.

But whether Russia retaliates or not, mistrust of the cybersecurity field has risen, and U.S. adversaries are likely to avoid U.S.-built software, believing that U.S. intelligence agencies may have special access , Greg Clark, chief executive of Symantec , said Wednesday.

"If you're China, if you're Russia, do you want to run American-built stuff? Probably not," Clark said at a presentation hosted by the Center for Cyber & Homeland Security at The George Washington University.

[Sep 19, 2017] CCleaner hack affects 2.27 million computers ! here's what to do

Sep 19, 2017 | www.msn.com

Computer-optimization software is supposed to keep your computer running smoothly. Well, in this case, maybe not so much. Monday, the company that makes CCleaner, Avast's Piriform, announced that their free software was infected with malware . If you use CCleaner, here's what you need to know.

What does the malware do?

It gathers information like your IP address, computer name, a list of installed software on your computer, a list of active software and a list of network adapters and sends it to a third-party computer server. Your credit card numbers, social security number and the like seem to be safe.

"Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done," said the company in the announcement .

Who was infected?

According to Piriform, around 3 percent -- roughly 2.27 million computers -- used the infected software. Specifically, computers running 32-bit Windows 10. If that applies to you, don't panic. The company believes that they were able to disarm the malware before any harm was done.

How do I know if I have the corrupted version?

The versions that were affected are CCleaner v5.33.6162 or CCleaner Cloud v1.07.3191 for 32-bit Windows PCs. The Android version for phones doesn't seem to be affected.

If you've updated your software since September 12, you should be okay. This is when the new, uncorrupted version was released. Also, if you have the Cloud version, it should have automatically updated itself by now to the clean version.

I don't use the cloud version. What should I do?

CCleaner v5.33.6162 does not update on its own, so if you use the non-cloud version you may have the corrupted software. Piriform recommends deleting your current version and downloading a clean version from their website .

After you have your new software downloaded, run a check on your system using malware protection software to be sure that CCleaner didn't leave any nasty invader behind.

[Sep 16, 2017] ShadowBrokers Releases NSA UNITEDRAKE Manual That Targets Windows Machines

Notable quotes:
"... "Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information. ..."
"... The malware's modules -- including FOGGYBOTTOM and GROK -- can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed. ..."
Sep 16, 2017 | yro.slashdot.org

(schneier.com)

Posted by BeauHD on Monday September 11, 2017

AmiMoJo shares a report from Schneier on Security:

The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines :

"Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information.

UNITEDRAKE, described as a 'fully extensible remote collection system designed for Windows targets,' also gives operators the opportunity to take complete control of a device .

The malware's modules -- including FOGGYBOTTOM and GROK -- can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed."

[Sep 16, 2017] BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices

Notable quotes:
"... Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. ..."
Sep 16, 2017 | mobile.slashdot.org

(bleepingcomputer.com) BeauHD on Tuesday September 12, 2017

An anonymous reader quotes a report from Bleeping Computer:

Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device.

They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux , impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email.

"Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device."

Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately.

When a pat oid App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).ch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Andr

[Sep 16, 2017] Equifax Lobbied For Easier Regulation Before Data Breach

Notable quotes:
"... Equifax has also lobbied Congress and regulatory agencies on issues around "data security and breach notification" and "cybersecurity threat information sharing," according to its lobbying disclosures. ..."
"... The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company's reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. ..."
Sep 16, 2017 | politics.slashdot.org

(wsj.com) Posted by msmash on Tuesday September 12, 2017

WSJ reports: Equifax was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting companies in the months before its massive data breach. Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017 , according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies.

That issue is the subject of a bill that a panel of the House Financial Services Committee, which oversees the industry, discussed the same day Equifax disclosed the cyberattack that exposed personal financial data of as many as 143 million Americans.

Equifax has also lobbied Congress and regulatory agencies on issues around "data security and breach notification" and "cybersecurity threat information sharing," according to its lobbying disclosures.

The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company's reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities.

While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.

[Aug 30, 2017] How to Install and Use the Linux Bash Shell on Windows 10

Aug 30, 2017 | www.howtogeek.com
Windows 10's Anniversary Update offers a big new feature for developers: A full, Ubuntu-based Bash shell that can run Linux software directly on Windows. This is made possible by the new "Windows Subsystem for Linux" Microsoft is adding to Windows 10. What You Need to Know About Windows 10's Bash Shell RELATED ARTICLE Everything You Can Do With Windows 10's New Bash Shell

This isn't a virtual machine , a container, or Linux software compiled for Windows (like Cygwin ). Instead, Windows 10 gains a Windows Subsystem for Linux, which is based on Microsoft's abandoned Project Astoria work for running Android apps on Windows.

Think of it as the opposite of Wine . While Wine allows you to run Windows applications directly on Linux, the Windows Subsystem for Linux allows you to run Linux applications directly on Windows.

Microsoft has worked with Canonical to offer a full Ubuntu-based Bash shell that runs atop this subsystem. Technically, this isn't Linux at all. Linux is the underlying operating system kernel, and that isn't available here. Instead, this allows you to run the Bash shell and the exact same binaries you'd normally run on Ubuntu Linux. Free-software purists often argue the average Linux operating system should be called "GNU/Linux" because it's really a lot of GNU software running on the Linux kernel. The Bash shell you'll get is really just all those GNU utilities and other software.

There are some limitations here. This won't work with server software, and it won't work with graphical software. It's intended for developers who want to run Linux command-line utilities on Windows. These applications get access to the Windows file system, but you can't use Bash commands to automate normal Windows programs, or launch Bash commands from the standard Windows command-line. They get access to the same Windows file system, but that's it. Not every command-line application will work, either, as this feature is still in beta.

How to Install Bash on Windows 10 RELATED ARTICLE What's New in Windows 10's Anniversary Update

To get started, ensure you've installed the Windows 10 Anniversary Update. This only works on 64-bit builds of Windows 10, so it's time to switch to the 64-bit version of Windows 10 if you're still using the 32-bit version.

Once you're sure you're using the correct version of Windows 10, open the Settings app and head to Update & Security > For Developers. Activate the "Developer Mode" switch here to enable Developer Mode.

[Aug 30, 2017] Install the Linux Subsystem on Windows 10

Aug 30, 2017 | msdn.microsoft.com
For Windows Insiders: Install Linux distribution of choice

This section is for Windows Insiders (build 16215 or later). Follow these steps to Check your build . For earlier versions of Windows 10, follow these instructions using lxrun .

  1. Open the Windows Store and choose your favorite Linux distribution.
    Here are links directly to the store installers:
  2. Select "Get"

    Troubleshooting: Installation failed with error 0x80070003
    The Windows Subsystem for Linux only runs on your system drive (usually this is your C: drive). Make sure that new apps are stored on your system drive.
    Open Settings -> Storage -> More Storage Settings: Change where new content is saved

  3. Once the download has completed, select "Launch".
    This will open a console window. Wait for installation to complete then you will be prompted to create your UNIX user account.

    Troubleshooting: Installation failed with error 0x8007007e
    This error occurs when your system doesn't support Linux from the store. Make sure that:

  4. Create your UNIX username and password. This user account can be different from, and has no relationship to, your Windows username and password. Read more .

You're done! Now you can use your Linux environment.

For Anniversary Update and Creators Update: Install using lxrun

lxrun installs Ubuntu user-mode by default on top of the Windows subsystem for Linux.

Since moving to the store, we have stopped keeping this user-mode image up to date. When you're done, run apt-get update.

  1. Turn on Developer Mode

    Open Settings -> Update and Security -> For developers

    Select the Developer Mode radio button

  2. Open a command prompt. Run bash

    After you have accepted the License, the Ubuntu user-mode image will be downloaded and extracted. A "Bash on Ubuntu on Windows" shortcut will be added to your start menu.

  3. Launch a new Ubuntu shell by either:
    • Running bash from a command-prompt
    • Clicking the start menu shortcut
  4. Create a UNIX user

    The first time you install the Windows subsystem for Linux, you will be prompted to create a UNIX username and password.

    This UNIX username and password can be different from, and has no relationship to, your Windows username and password. Learn more about your UNIX account. .

After installation your Linux distribution will be located at: %localappdata%\lxss\ .

Avoid creating and/or modifying files in %localappdata%\lxss\ using Windows tools and apps! If you do, it is likely that your Linux files will be corrupted and data loss may occur. Avoid this issue by using a directory located under /mnt/.
Read this blog post for more information.

You're done! Go use your new Linux environment!

[Aug 30, 2017] Windows 10 Anniversary Update in August 2016 included Bash for Windows, or Windows Subsystem for Linux

Iether Ubuntu utilities or OpenSuse utilities including bash can be installed. That essentially makes Cygwin redundant.
Aug 30, 2017 | www.theregister.co.uk

Back in the desktop world, Windows 10 will now run SUSE Linux. Windows 10 Anniversary Update in August 2016 included Bash for Windows, or Windows Subsystem for Linux, to run Ubuntu Linux apps natively.

Now, however, SUSE Linux has updated the Windows Subsystem to work with its shell. You can install openSUSE Leap 42.2 or SUSE Linux Enterprise Server 12 SP2.

Instructions are here .

[Aug 28, 2017] As Prosecutors Submit Evidence, WannaCry Hero's Legal Fund Returns All Donations

Aug 28, 2017 | yro.slashdot.org

(buzzfeed.com) 128 Posted by EditorDavid on Monday August 28, 2017 @06:30AM from the fraudulent-funding dept. An anonymous reader quote BuzzFeed: The vast majority of money raised to pay for the legal defense of beloved British cybersecurity researcher Marcus Hutchins was donated with stolen or fake credit card numbers , and all donations, including legitimate ones, will be returned, the manager of the defense fund says. Lawyer Tor Ekeland, who managed the fund, said at least $150,000 of the money collected came from fraudulent sources, and that the prevalence of fraudulent donations effectively voided the entire fundraiser. He said he'd been able to identify only about $4,900 in legitimate donations, but that he couldn't be certain even of those. "I don't want to take the risk, so I just refunded everything," he said. Two days later, Hutchins posted the following on Twitter . "When sellouts are talking shit about the 'infosec community' remember that someone I'd never met flew to Vegas to pay $30K cash for my bail." Hutchins is facing up to 40 years in prison, and at first was only allowed to leave his residence for four hours each week. Thursday a judge lifted some restrictions so that Hutchins is now allowed to travel to Milwaukee, where his employer is located. According to Bloomberg, government prosecutors complain Hutchins now " has too much freedom while awaiting trial and may skip the country." Clickthrough for a list of the evidence government prosecutors submitted to the court this week.

[Jul 11, 2017] Author of Original Petya Ransomware Publishes Master Decryption Key

Jul 08, 2017 | yro.slashdot.org

(bleepingcomputer.com)

An anonymous reader writes: The author of the original Petya ransomware -- a person/group going by the name of Janus Cybercrime Solutions -- has released the master decryption key of all past Petya versions . This key can decrypt all ransomware families part of the Petya family except NotPetya,

Most (original) Petya campaigns happened in 2016, and very few campaigns have been active this year. Users that had their files locked have wiped drives or paid the ransom many months before. The key will only help those victims who cloned their drives and saved a copy of the encrypted data. Experts believe that Janus released Petya's decryption key as a result of the recent NotPetya outbreak, and he might have decided to shut down his operation to avoid further scrutiny, or being accused of launching NotPetya.

[Jul 08, 2017] Russia Behind Cyber-attack, Says Ukraines Security Service

Slashdot degenerated to primitive anti-Russian propaganda site
Jul 03, 2017 | politics.slashdot.org

tinkerton ( 199273 ) , Monday July 03, 2017 @05:19PM ( #54738011 )

Re:The Russians ate my homework... ( Score: 4 , Insightful)

The article's central message is plausible: Russia running a cyberwar against Ukraine and at the same time trying to build up knowhow. But at the same time the author knows that he can write anything about Russia and it will be believed. At the same time the story is part of a large anti-Russia and anti Trump campaign.

I don't keep track so I don't have a lot of links ready but I know the news about a russian cyberattack on US powerplant was bogus. Russian hacking of DNC was bogus.Russian-Trump links are bogus. Russian hacking of french elections was bogus. But these debunkings only come through very slowly. On the other side there is a barrage of claims that is so overwhelming nobody can begin to debunk them.

And I see good reasons why the democrats and the military industrical complex prefer to have high tensions with Russia and why they want to blame Russia for the failed elections. And I see why the press goes along with it.

And I think that whatever Russia is doing(a lot less than claimed, but certainly a lot of business as usual nasty stuff) it's a good idea to improve the ties with them rather than deteriorate them. That is my opinion about policy. That it's in the west's interest. I also think they're open for chances for improvement , at least as long as Putin is there.

But look at this thread. It's almost unanimous against Russia. Any outsider looking here without any knowledge of the situation would know, this is bad. It means no good thinking will come out of it.(there's more reasons for that though). It also means propaganda is still very effective here and now.

So the article of the topic here may have a good degree of truth, but it's all part of an anti-russian frenzy which I think is a very bad idea.

Here's a new link about a lot of the hacking stories. It covers quite some ground. I'd have to dig for the rest. The ones I mentioned are some I'm pretty certain of although one can debate how convincing the proof is. https://consortiumnews.com/201... [consortiumnews.com]

I didn't discuss Trump. I'd like to get rid of him but I'm convinced the current campaign to link him to Russia is extremely dishonest. He's right about that. Maybe he'll go down because in his efforts to stop them he'll do something very illegal. Or maybe he'll stay in power because he made the right friends. The Saudis and the weapons manufacturers for instance. Then all that the anti Russia campaign will have achieved is to give us the worst of both worlds. Thanks for cooperating everyone.

bogaboga ( 793279 ) , Monday July 03, 2017 @01:17PM ( #54736005 )
Wow...wait a moment... ( Score: 2 )
Russia Behind Cyber-attack, Says Ukraine's Security Service

I think it's premature to jump to such conclusions since we know that our very own CIA has also been implicated...

Vault 7 [wikileaks.org] and more. [wired.com]

atomlib ( 2618043 ) writes: on Monday July 03, 2017 @01:05PM ( #54735925 ) Homepage
Russian companies were hit by that Petya thing ( Score: 1 , Troll)

Whatever it was, that Petya thing hit bunch of Russian companies as well. For example, it hit Russia's top oil providers Rosneft and Bashneft. Some of them suffered quite a bit. Invitro, a nationwide network of private medical laboratories, temporarily ceased samples collection due to the cyberattack.

qaz123 ( 2841887 ) writes: on Monday July 03, 2017 @02:42PM ( #54736649 )
Ukraine says... ( Score: 1 )

Of course Ukraine would say that. No matter it's true or not. Because that hurts Russia and that what Ukraine wants now

Re:The only true security is renewables ( Score: 2 ) by tinkerton ( 199273 ) writes: on Monday July 03, 2017 @05:24PM ( #54738061 )

Because we don't fear the bear.

Exactly.When we're enthusiastically demonizing some party it means we're not scared of them. There have been exceptions, but that's long ago.

[Jul 04, 2017] Foisting Blame for Cyber-Hacking on Russia by Gareth Porter

Notable quotes:
"... Recent hearings by the Senate and House Intelligence Committees reflected the rising tide of Russian-election-hacking hysteria and contributed further to it. Both Democrats and Republicans on the two committees appeared to share the alarmist assumptions about Russian hacking, and the officials who testified did nothing to discourage the politicians. ..."
"... The Department of Homeland Security (DHS) has a record of spreading false stories about alleged Russian hacking into US infrastructure , such as the tale of a Russian intrusion into the Burlington, Vermont electrical utility in December 2016 that DHS later admitted was untrue. There was another bogus DHS story about Russia hacking into a Springfield, Illinois water pump in November 2011. ..."
"... So, there's a pattern here. Plus, investigators, assessing the notion that Russia hacked into state electoral databases, rejected that suspicion as false months ago. Last September, Assistant Secretary of DHS for Cybersecurity Andy Ozment and state officials explained that the intrusions were not carried out by Russian intelligence but by criminal hackers seeking personal information to sell on the Internet. ..."
"... Illinois is the one state where hackers succeeded in breaking into a voter registration database last summer. The crucial fact about the Illinois hacking, however, was that the hackers extracted personal information on roughly 90,000 registered voters, and that none of the information was expunged or altered. ..."
"... "Any time you more carefully monitor a system you're going to see more bad guys poking and prodding at it," he observed, " because they're always poking and prodding." [Emphasis added] ..."
"... Reagan further revealed that she had learned from the FBI that hackers had gotten a user name and password for their electoral database, and that it was being sold on the "dark web" – an encrypted network used by cyber criminals to buy and sell their wares. In fact, she said, the FBI told her that the probe of Arizona's database was the work of a "known hacker" who had been closely monitored "frequently." ..."
"... The sequence of events indicates that the main person behind the narrative of Russian hacking state election databases from the beginning was former FBI Director James Comey. In testimony to the House Judiciary Committee on Sept. 28, Comey suggested that the Russian government was behind efforts to penetrate voter databases, but never said so directly. ..."
"... The media then suddenly found unnamed sources ready to accuse Russia of hacking election data even while admitting that they lacked evidence. The day after Comey's testimony ABC headlined , "Russia Hacking Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrating 4." The story itself revealed, however, that it was merely a suspicion held by "knowledgeable" sources. ..."
"... But that claim of a "likely" link between the hackers and Russia was not only speculative but highly suspect. The authors of the DHS-ODNI report claimed the link was "supported by technical indicators from the US intelligence community, DHS, FBI, the private sector and other entities." They cited a list of hundreds of I.P. addresses and other such "indicators" used by hackers they called "Grizzly Steppe" who were supposedly linked to Russian intelligence. ..."
"... But the highly classified NSA report made no reference to any evidence supporting such an attribution. The absence of any hint of signals intelligence supporting its conclusion makes it clear that the NSA report was based on nothing more than the same kind of inconclusive "indicators" that had been used to establish the original narrative of Russians hacking electoral databases. ..."
"... Russian intelligence certainly has an interest in acquiring intelligence related to the likely outcome of American elections, but it would make no sense for Russia's spies to acquire personal voting information about 90,000 registered voters in Illinois. ..."
Jul 04, 2017 | original.antiwar.com
Cyber-criminal efforts to hack into U.S. government databases are epidemic, but this ugly reality is now being exploited to foist blame on Russia and fuel the New Cold War hysteria

Recent hearings by the Senate and House Intelligence Committees reflected the rising tide of Russian-election-hacking hysteria and contributed further to it. Both Democrats and Republicans on the two committees appeared to share the alarmist assumptions about Russian hacking, and the officials who testified did nothing to discourage the politicians.

On June 21, Samuel Liles, acting director of the Intelligence and Analysis Office's Cyber Division at the Department of Homeland Security, and Jeanette Manfra, acting deputy under secretary for cyber-security and communications, provided the main story line for the day in testimony before the Senate committee - that efforts to hack into election databases had been found in 21 states.

Former DHS Secretary Jeh Johnson and FBI counterintelligence chief Bill Priestap also endorsed the narrative of Russian government responsibility for the intrusions on voter registration databases.

But none of those who testified offered any evidence to support this suspicion nor were they pushed to do so. And beneath the seemingly unanimous embrace of that narrative lies a very different story.

The Department of Homeland Security (DHS) has a record of spreading false stories about alleged Russian hacking into US infrastructure , such as the tale of a Russian intrusion into the Burlington, Vermont electrical utility in December 2016 that DHS later admitted was untrue. There was another bogus DHS story about Russia hacking into a Springfield, Illinois water pump in November 2011.

So, there's a pattern here. Plus, investigators, assessing the notion that Russia hacked into state electoral databases, rejected that suspicion as false months ago. Last September, Assistant Secretary of DHS for Cybersecurity Andy Ozment and state officials explained that the intrusions were not carried out by Russian intelligence but by criminal hackers seeking personal information to sell on the Internet.

Both Ozment and state officials responsible for the state databases revealed that those databases have been the object of attempted intrusions for years. The FBI provided information to at least one state official indicating that the culprits in the hacking of the state's voter registration database were cyber-criminals.

Illinois is the one state where hackers succeeded in breaking into a voter registration database last summer. The crucial fact about the Illinois hacking, however, was that the hackers extracted personal information on roughly 90,000 registered voters, and that none of the information was expunged or altered.

The Actions of Cybercriminals

That was an obvious clue to the motive behind the hack. Assistant DHS Secretary Ozment testified before the House Subcommittee on Information Technology on Sept. 28 ( at 01:02.30 of the video ) that the apparent interest of the hackers in copying the data suggested that the hacking was "possibly for the purpose of selling personal information."

Ozment 's testimony provides the only credible motive for the large number of states found to have experienced what the intelligence community has called "scanning and probing" of computers to gain access to their electoral databases: the personal information involved – even e-mail addresses – is commercially valuable to the cybercriminal underworld.

That same testimony also explains why so many more states reported evidence of attempts to hack their electoral databases last summer and fall. After hackers had gone after the Illinois and Arizona databases, Ozment said, DHS had provided assistance to many states in detecting attempts to hack their voter registration and other databases.

"Any time you more carefully monitor a system you're going to see more bad guys poking and prodding at it," he observed, " because they're always poking and prodding." [Emphasis added]

State election officials have confirmed Ozment's observation. Ken Menzel, the general counsel for the Illinois Secretary of State, told this writer, "What's new about what happened last year is not that someone tried to get into our system but that they finally succeeded in getting in." Menzel said hackers "have been trying constantly to get into it since 2006."

And it's not just state voter registration databases that cybercriminals are after, according to Menzel. "Every governmental data base – driver's licenses, health care, you name it – has people trying to get into it," he said.

Arizona Secretary of State Michele Reagan told Mother Jones that her I.T. specialists had detected 193,000 distinct attempts to get into the state's website in September 2016 alone and 11,000 appeared to be trying to "do harm."

Reagan further revealed that she had learned from the FBI that hackers had gotten a user name and password for their electoral database, and that it was being sold on the "dark web" – an encrypted network used by cyber criminals to buy and sell their wares. In fact, she said, the FBI told her that the probe of Arizona's database was the work of a "known hacker" who had been closely monitored "frequently."

James Comey's Role

The sequence of events indicates that the main person behind the narrative of Russian hacking state election databases from the beginning was former FBI Director James Comey. In testimony to the House Judiciary Committee on Sept. 28, Comey suggested that the Russian government was behind efforts to penetrate voter databases, but never said so directly.

Comey told the committee that FBI Counterintelligence was working to "understand just what mischief Russia is up to with regard to our elections." Then he referred to "a variety of scanning activities" and "attempted intrusions" into election-related computers "beyond what we knew about in July and August," encouraging the inference that it had been done by Russian agents.

The media then suddenly found unnamed sources ready to accuse Russia of hacking election data even while admitting that they lacked evidence. The day after Comey's testimony ABC headlined , "Russia Hacking Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrating 4." The story itself revealed, however, that it was merely a suspicion held by "knowledgeable" sources.

Similarly, NBC News headline announced, "Russians Hacked Two US Voter Databases, Officials Say." But those who actually read the story closely learned that in fact none of the unnamed sources it cited were actually attributing the hacking to the Russians.

It didn't take long for Democrats to turn the Comey teaser - and these anonymously sourced stories with misleading headlines about Russian database hacking - into an established fact. A few days later, the ranking Democrat on the House Intelligence Committee, Rep. Adam Schiff declared that there was "no doubt" Russia was behind the hacks on state electoral databases.

On Oct. 7, DHS and the Office of the Director of National Intelligence issued a joint statement that they were "not in a position to attribute this activity to the Russian government." But only a few weeks later, DHS participated with FBI in issuing a "Joint Analysis Report" on "Russian malicious cyber activity" that did not refer directly to scanning and spearphishing aimed of state electoral databases but attributed all hacks related to the election to "actors likely associated with RIS [Russian Intelligence Services]."

Suspect Claims

But that claim of a "likely" link between the hackers and Russia was not only speculative but highly suspect. The authors of the DHS-ODNI report claimed the link was "supported by technical indicators from the US intelligence community, DHS, FBI, the private sector and other entities." They cited a list of hundreds of I.P. addresses and other such "indicators" used by hackers they called "Grizzly Steppe" who were supposedly linked to Russian intelligence.

But as I reported last January, the staff of Dragos Security, whose CEO Rob Lee, had been the architect of a US government system for defense against cyber attack, pointed out that the vast majority of those indicators would certainly have produced "false positives."

Then, on Jan. 6 came the "intelligence community assessment" – produced by selected analysts from CIA, FBI and National Security Agency and devoted almost entirely to the hacking of e-mail of the Democratic National Committee and Hillary Clinton's campaign chairman John Podesta. But it included a statement that "Russian intelligence obtained and maintained access to elements of multiple state or local election boards." Still, no evidence was evinced on this alleged link between the hackers and Russian intelligence.

Over the following months, the narrative of hacked voter registration databases receded into the background as the drumbeat of media accounts about contacts between figures associated with the Trump campaign and Russians built to a crescendo, albeit without any actual evidence of collusion regarding the e-mail disclosures.

But a June 5 story brought the voter-data story back into the headlines. The story, published by The Intercept, accepted at face value an NSA report dated May 5, 2017 , that asserted Russia's military intelligence agency, the GRU, had carried out a spear-phishing attack on a US company providing election-related software and had sent e-mails with a malware-carrying word document to 122 addresses believed to be local government organizations.

But the highly classified NSA report made no reference to any evidence supporting such an attribution. The absence of any hint of signals intelligence supporting its conclusion makes it clear that the NSA report was based on nothing more than the same kind of inconclusive "indicators" that had been used to establish the original narrative of Russians hacking electoral databases.

A Checkered History

So, the history of the US government's claim that Russian intelligence hacked into election databases reveals it to be a clear case of politically motivated analysis by the DHS and the Intelligence Community. Not only was the claim based on nothing more than inherently inconclusive technical indicators but no credible motive for Russian intelligence wanting personal information on registered voters was ever suggested.

Russian intelligence certainly has an interest in acquiring intelligence related to the likely outcome of American elections, but it would make no sense for Russia's spies to acquire personal voting information about 90,000 registered voters in Illinois.

When FBI Counterintelligence chief Priestap was asked at the June 21 hearing how Moscow might use such personal data, his tortured effort at an explanation clearly indicated that he was totally unprepared to answer the question.

"They took the data to understand what it consisted of," said Priestap, "so they can affect better understanding and plan accordingly in regards to possibly impacting future election by knowing what is there and studying it."

In contrast to that befuddled non-explanation, there is highly credible evidence that the FBI was well aware that the actual hackers in the cases of both Illinois and Arizona were motivated by the hope of personal gain.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com . Reprinted from Consortium News with the author's permission.

Read more by Gareth Porter Why Afghanistan? Fighting a War for the War System Itself – June 13th, 2017 The Kissinger Backchannel to Moscow – June 4th, 2017 Will Trump Agree to the Pentagon's Permanent War in Iraq, Afghanistan and Syria? – May 14th, 2017 US 'Deep State' Sold Out Counter-Terrorism To Keep Itself in Business – April 23rd, 2017 New Revelations Belie Trump Claims on Syria Chemical Attack – April 14th, 2017

View all posts by Gareth Porter

[Jul 01, 2017] Hacks Raise Fear Over N.S.A.s Hold on Cyberweapons

We should introduce pretty harsh penalty for lying about hacking by government officials... Because this became their favorite pasture. NYT presstitutes, of course, try to push "Putin-did-it" meme. What else you can expect from neocon stooges...
Notable quotes:
"... The N.S.A. has kept quiet, not acknowledging its role in developing the weapons. White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons. ..."
"... But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands. ..."
"... On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul . Representative Ted Lieu, a California Democrat and a former Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A. to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which these weapons rely ..."
"... "When these viruses fall into the wrong hands, people can use them for financial gain, or whatever incentive they have - and the greatest fear is one of miscalculation, that something unintended can happen," Mr. Panetta said. ..."
Jul 01, 2017 | www.nytimes.com

Twice in the past month, National Security Agency cyberweapons stolen from its arsenal have been turned against two very different partners of the United States - Britain and Ukraine .

The N.S.A. has kept quiet, not acknowledging its role in developing the weapons. White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons.

But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands.

On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul . Representative Ted Lieu, a California Democrat and a former Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A. to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which these weapons rely.

Though the original targets of Tuesday's attacks appear to have been government agencies and businesses in Ukraine, the attacks inflicted enormous collateral damage, taking down some 2,000 global targets in more than 65 countries, including Merck, the American drug giant, Maersk, the Danish shipping company, and Rosneft, the Russian state owned energy giant. The attack so crippled operations at a subsidiary of Federal Express that trading had to be briefly halted for FedEx stock.

"When these viruses fall into the wrong hands, people can use them for financial gain, or whatever incentive they have - and the greatest fear is one of miscalculation, that something unintended can happen," Mr. Panetta said.

[Jun 30, 2017] The worlds most reprehensible newspaper, The New York Times, is quick to blame the ransomeware attack which crippled computers in Ukraine on Russia.

Notable quotes:
"... The New York Times ..."
"... Washington Post ..."
Jun 30, 2017 | marknesop.wordpress.com
marknesop , June 28, 2017 at 10:57 pm
The world's most reprehensible newspaper, The New York Times , is quick to blame the ransomeware attack which crippled computers in Ukraine on Russia . Never mind the evidence; Ukrainians say Russia did it, and Ukrainians never lie. Moreover, they say it was Russia because just a couple of days ago a senior government official was blown up in a car bomb attack, and that was Russia, so they probably did this, too. QED.

Curiously enough, another Times story from just a little over a month ago reported a near-identical attack, which it said was executed using malicious software 'stolen' from the NSA's tickle trunk .

Uh huh. Sure it was. And Cisco Systems is right there in Kiev, 'helping' Ukraine pin down the origin of the attack.

For what it's worth, one of our favouritest authors, Molly McKew – at the Washington Post , the world's second-most-reprehensible newspaper – quickly makes the connection between Shapoval's murder and Russia , which she says is the wide assumption of experts.

[Jun 30, 2017] the first target of the attack: MEDoc, a Ukrainian company that develops tax accounting software and malware initially spead through a system updater process

Jun 30, 2017 | www.msn.com

While there are still plenty of unknowns regarding Petya, security researchers have pinpointed what they believe to be the first target of the attack: M.E.Doc, a Ukrainian company that develops tax accounting software.

The initial attack took aim the software supply chain of the tax software MEDoc, which then spread through a system updater process that carried malicious code to thousands of machines, including those who do business in Ukraine.

[Jun 28, 2017] New computer virus spreads from Ukraine to disrupt world business

Small sum of money demanded might suggest Ukranian origin as $300 is big money in this country empioverished by Maydan coup detat.
Jun 28, 2017 | www.msn.com

U.S. delivery firm FedEx Corp said its TNT Express division had been significantly affected by the virus, which also wormed its way into South America, affecting ports in Argentina operated by China's Cofco.

The malicious code locked machines and demanded victims post a ransom worth $300 in bitcoins or lose their data entirely, similar to the extortion tactic used in the global WannaCry ransomware attack in May.

More than 30 victims paid up but security experts are questioning whether extortion was the goal, given the relatively small sum demanded, or whether the hackers were driven by destructive motives rather than financial gain.

Hackers asked victims to notify them by email when ransoms had been paid but German email provider Posteo quickly shut down the address, a German government cyber security official said.

While the malware seemed to be a variant of past campaigns, derived from code known as Eternal Blue believed to have been developed by the U.S. National Security Agency (NSA), experts said it was not as virulent as May's WannaCry attack.

Security researchers said Tuesday's virus could leap from computer to computer once unleashed within an organisation but, unlike WannaCry, it could not randomly trawl the internet for its next victims, limiting its scope to infect.

Bushiness that installed Microsoft's latest security patches from earlier this year and turned off Windows file-sharing features appeared to be largely unaffected. A number of the international firms hit have operations in Ukraine, and the virus is believed to have spread within global corporate networks after gaining traction within the country. ... ... ...

Shipping giant A.P. Moller-Maersk, which handles one in seven containers shipped worldwide, has a logistics unit in Ukraine.

Other large firms affected, such as French construction materials company Saint Gobain and Mondelez International Inc, which owns chocolate brand Cadbury, also have operations in the country.

Maersk was one of the first global firms to be taken down by the cyber attack and its operations at major ports such as Mumbai in India, Rotterdam in the Netherlands and Los Angeles on the U.S. west coast were disrupted.

Other companies to succumb included BNP Paribas Real Estate , a part of the French bank that provides property and investment management services.

"The international cyber attack hit our non-bank subsidiary, Real Estate. The necessary measures have been taken to rapidly contain the attack," the bank said on Wednesday.

Production at the Cadbury factory on the Australian island state of Tasmania ground to a halt late on Tuesday after computer systems went down.

Russia's Rosneft, one of the world's biggest crude producers by volume, said on Tuesday its systems had suffered "serious consequences" but oil production had not been affected because it switched to backup systems. (Additional reporting by Helen Reid in London, Teis Jensen in Copenhagen, Maya Nikolaeva in Paris, Shadia Naralla in Vienna, Marcin Goettig in Warsaw, Byron Kaye in Sydney, John O'Donnell in Frankfurt, Ari Rabinovitch in Tel Aviv and Noor Zainab Hussain in Bangalore; writing by Eric Auchard and David Clarke; editing by David Clarke)

[Jun 28, 2017] Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World

Notable quotes:
"... ( a non-paywalled source ) ..."
Jun 28, 2017 | it.slashdot.org

(vice.com) 97

Posted by msmash on Tuesday June 27, 2017

A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world.

From a report:

A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations ( a non-paywalled source ) , the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement.

BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland ." According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A .

Here's how Petya encrypts files on a system (video).

News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well .

From the report:

"We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

[Jun 28, 2017] Heritage Valley Health System Target Of Cyber Attack

Jun 28, 2017 | it.slashdot.org
(cbslocal.com) 23 Posted by msmash on Tuesday June 27, 2017 @03:20PM from the aggressive-expansion dept. The Heritage Valley Health System says it has been hit with a cyber attack. From a report: A spokeswoman confirmed the attack Tuesday morning. "Heritage Valley Health System has been affected by a cyber security incident . The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded." Heritage Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia. Also read: Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World .

[Jun 28, 2017] Hacker Behind Massive Ransomware Outbreak Cant Get Emails From Victims Who Paid

Jun 28, 2017 | it.slashdot.org
(vice.com) 143 Posted by msmash on Tuesday June 27, 2017 @04:41PM from the interesting-turns dept. Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere . The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files . [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

[Jun 28, 2017] Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software

Jun 28, 2017 | tech.slashdot.org

An anonymous reader quotes a report from Bleeping Computer:

Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc , a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos , ESET , MalwareHunter , Kaspersky Lab , and others , an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory . Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware .

[Jun 28, 2017] Petya cyber attack Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down

Jun 28, 2017 | telegraph.co.uk

Ransomware is 2016-programme 'Petya'

Ransomware known as Petya seems to have re-emerged to affect computer systems across Europe, causing issues primarily in Ukraine, Russia, England and India, a Swiss government information technology agency has told Reuters.

"There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability," the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) said in an e-mail.

I t said it had no information that Swiss companies had been impacted, but said it was following the situation. The Petya virus was blamed for disrupting systems in 2016.

Russia's top oil producer Rosneft said a large-scale cyber attack hit its servers on Tuesday, with computer systems at some banks and the main airport in neighbouring Ukraine also disrupted. 3:48PM 'A multi-pronged attack' "This appears to be a multi-pronged attack that started with a phishing campaign targeting infrastructure in the Ukraine," said Allan Liska, a security analyst at Recorded Future.

"There is some speculation that, like WannaCry, this attack is being spread using the EternalBlue exploit which would explain why it is spreading so quickly (having reached targets in Spain and France in addition to the Ukraine).

[Jun 28, 2017] Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down

Jun 28, 2017 | marknesop.wordpress.com
Moscow Exile , June 27, 2017 at 11:42 am
Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down

Huge cyber attack cripples firms, airports, banks and government departments in Ukraine

Hack may have spread to Britain, with the advertising firm WPP affected

Danish and Spanish multinationals also paralysed by attack

Michael Fallon warns UK could respond to cyber attacks with military force

The Defence Secretary has said the UK would be prepared to retaliate against future cyber attacks using military force such as missile strikes.

He warned cyber attacks against UK systems "could invite a response from any domain – air, land, sea or cyberspace".

Tough guy, huh?

What a tosser!

Blah, blah, fucking-blah.

And the firm where I was working this afternoon, MSD Pharmaceuticals, has been down all day.

That's in Moscow.

In Russia.

Anyone said "Putin done it!" yet?

Moscow Exile , June 27, 2017 at 11:46 am
Comment to same story in the Independent:

This story was being reported as an attack on Ukraine alone by this a- wipe earlier today (and Russia were being put in the frame for it)

The attack was always a global one and indeed many Russian companies have been hit – but of course the 1% want the world to believe it is all down to the Russian government.

Add to that bit of knowledge – the extra bits of knowledge that the 1% are all buying up properties in New Zealand all of a sudden – and the US are suddenly pushing hard against the Syrian government, notwithstanding the fact that Russia are allied to Syria and Iran in their fight against terrorism (i.e. the US)

Can you all now see what is going on in the minds of those that would rule the world?

Moscow Exile , June 27, 2017 at 1:52 pm
Kremlin says its computers not affected by hacker attack

Well there you are, then!

The Kremlin must have been behind the attacks.

Stands to reason, don't it?

marknesop , June 27, 2017 at 3:50 pm
Actually, they blame North Korea for it, although that seems pretty unlikely to me and is more likely just capitalizing on an event to do a little bashing.

Why is Fallon only prepared to respond militarily to the next attack? Why not this one? Come on, Mikey, get your finger out! What're they paying you for?

kirill , June 27, 2017 at 6:58 pm
Trash talking chihuahua.

[Jun 28, 2017] Huge ransomware outbreak spreads in Ukraine and beyond • The Register

tech.slashdot.org
Updated A huge ‪ransomware‬ outbreak has hit major banks, utilities and telcos in Ukraine as well as victims in other countries.

Check out our full analysis of the software nasty, here .

Early analysis of the attack points towards a variant of the known Petya ransomware , a strain of malware that encrypts the filesystem tables and hijacks the Master Boot Record to ensure it starts before the operating system on infected Windows PCs. Early reports suggest the malware is spreading using by network shares and email but this remains unconfirmed. The outbreak is centred but not confined to the Ukraine. Victims in Spain, France and Russia have also been reported.

Victims include Ukrainian power distribution outfit Ukrenergo, which said the problem is confined to its computer network and is not affecting its power supply operations, Reuters reports . Other victims include Oschadbank, one of Ukraine's largest state-owned lenders.

Global shipping outfit Maersk Group is also under the cosh.

Hackers behind the attack are demanding $300 (payable in Bitcoin) to unlock each computer. It's easy to ascribe any computing problem in Ukraine to Russia because of the ongoing conflict between the two countries, but the culprits behind the latest attack are just as likely to be cybercriminals as state-sponsored saboteurs, judging by the evidence that's emerged this far.

"While ransomware can be (and has been) used to cover other attacks, I think it's wise to consider Ukraine attack cybercriminal for now," said Martijn Grooten, editor of Virus Bulletin and occasional security researcher. ®

Updated at 1500 UTC to add : Allan Liska, intelligence architect at Recorded Future, said the attack has multiple components including an attack to steal login credentials as well as trash compromised computers.

"This appears to be a multi-pronged attack that started with a phishing campaign targeting infrastructure in the Ukraine," Liska said. "The payload of the phishing attack is twofold: an updated version of the Petya ransomware (older version of Petya are well-known for their viciousness, rather than encrypt select files Petya overwrote the master boot record on the victim machine, making it completely inoperable)."

There is some speculation that, like WannaCrypt, this attack is being spread using the EternalBlue exploit, which would explain why it is spreading so quickly (having reached targets in Spain and France in addition to the Ukraine). "Our threat intelligence also indicated that we are now starting to see US victims of this attack," according to Liska.

There are also reports that the payload includes a variant of Loki Bot in addition to the ransomware. Loki Bot is a banking Trojan that extracts usernames and passwords from compromised computers. This means this attack not only could make the victim's machine inoperable, it could steal valuable information that an attacker can take advantage of during the confusion, according to Recorded Future.

Updated at 1509 UTC to add : Reg sources from inside London firms have been notifying us that they've been infected. We were sent this screenshot (cropped to protect the innocent) just minutes ago:

[Jun 24, 2017] Obama Ordered Cyberweapons Implanted Into Russias Infrastructure by Jason Ditz

Jun 23, 2017 | news.antiwar.com

Former Official: Implants Designed to 'Cause Them Pain and Discomfort'

A new report from the Washington Post today quoted a series of Obama Administration officials reiterating their official narrative on Russia's accused hacking of the 2016 election. While most of the article is simply rehashes and calls for sanctions, they also revealed a secret order by President Obama in the course of "retaliation" for the alleged hacking.

This previously secret order involved having US intelligence design and implant a series of cyberweapons into Russia's infrastructure systems, with officials saying they are meant to be activated remotely to hit the most important networks in Russia and are designed to " cause them pain and discomfort ."

The US has, of course, repeatedly threatened "retaliatory" cyberattacks against Russia, and promised to knock out broad parts of their economy in doing so. These appear to be the first specific plans to have actually infiltrate Russian networks and plant such weapons to do so.

Despite the long-standing nature of the threats, by the end of Obama's last term in office this was all still in the "planning" phases. It's not totally clear where this effort has gone from there, but officials say that the intelligence community, once given Obama's permission, did not need further approval from Trump to continue on with it, and he'd have actually had to issue a countermanding order, something they say he hasn't.

The details are actually pretty scant on how far along the effort is, but the goal is said to be for the US to have the ability to retaliate at a moment's notice the next time they have a cyberattack they intend to blame on Russia.

Unspoken in this lengthy report, which quotes unnamed former Obama Administration officials substantially, advocating the effort, is that in having reported that such a program exists, they've tipped off Russia about the threat.

This is, however, reflective of the priority of the former administration, which is to continuing hyping allegations that Russia got President Trump elected, a priority that's high enough to sacrifice what was supposed to be a highly secretive cyberattack operation.

[Jun 17, 2017] Erebus Ransomware Targets Linux Servers by Jahanzaib Hassan

Jun 17, 2017 | www.hackread.com
The IT security researchers at Trend Micro recently discovered malware that has the potential to infect Linux-based servers. The malware, called Erebus, has been responsible for hijacking 153 Linux-based networks of a South Korean web-hosting company called NAYANA. NAYANA's clients affected

Erebus is a ransomware capable of infecting Linux operating systems. As such, around 3,400 of NAYANA's clients were affected due to the attack with databases, websites and other files being encrypted.

The incident took place on 10th June. As of now, NAYANA has not received the keys to decrypt their files despite having paid three parts of the ransom. The fourth one, which is allegedly the last installment, is yet to be paid. However, according to NAYANA, the attackers claimed to provide the key after three payments.

Related How To Prevent Growing Issue of Encryption Based Malware (Ransomware) What is Erebus?

According to Trend Micro's report , Erebus was originally found back in September 2016. At the time, the malware was not that harmful and was being distributed through malware-containing advertisements. Once the user clicked on those ads, the ransomware would activate in the usual way.

The initial version of the Erebus only affected 423 file types and did so using the RSA-2048 encryption algorithm, thereby encrypting the files with the .encrypt extension. Furthermore, it was this variant that was using a number of websites in South Korea as a command-&-control (C&C) center.

Later, in February 2017, the malware had seemingly evolved as now it had the ability to bypass User Account Control (UAC). For those who may be unfamiliar with UAC, it is primarily a Windows privacy protection system that restricts anyone who is not authorized, to alter the user's computer.

However, this later version of the Erebus was able to do so and inject ransomware ever so conveniently. The campaign in which this version was involved demanded a ransom of 0.085 bitcoins – equivalent to USD 216 at present – and threatened to delete the files in 96 hours if the ransom was not paid.

Now, however, Erebus has reached new heights by having the ability to bypass not only UAC but also affect entire networks that run on Linux. Given that most organizations today use Linux for their networks, it is no surprise to see that the effects of the malware are far-reaching.

How does the latest Erebus work?

According to Trend Micro, the most recent version of Erebus uses RSA algorithm to alter the AES keys in Windows and change the encryption key as such. Also, the attack is accompanied by a Bluetooth service so as to ensure that the ransomware does not break, even after the computer is rebooted.

This version can affect a total of 433 file types including databases, archives, office documents, email files, web-based files and multimedia files. The ransom demanded in this campaign amounts to 5 bitcoins, which is USD 12,344 currently.

Related New Linux SSH Brute-force LUA Bot Shishiga Detected in the Wild Erebus is not the first of its kind

Although ransomware affecting Linux based networks are rare, they are, however, not new. Erebus is not the first ransomware to have affected networks running on Linux. In fact, Trend Micro claims that such ransomware was discovered as far back as in 2014.

Some of the ransomware include Linux.Encoder, Encrypter RaaS, KillDisk, KimcilWare and much more. All of these were allegedly developed from an open-source code project that was available as part of an educational campaign.

The ransomware for Linux, despite being somewhat inferior to those for Windows , are still potent enough to cause damage on a massive scale. This is because, a number of organizations and data centers use Linux, and hijacking such high-end systems can only mean catastrophe.

Safety precautions

To avoid any accidents happening, IT officials and organizations running Linux-based networks need to take some serious precautions. The most obvious one is to simply keep the server updated with the latest firmware and anti-virus software.

Furthermore, it is always a good idea to keep a back-up of your data files in two to three separate locations. It is also repeatedly advised to avoid installing unknown third-party programs as these can act as potential gateways for such ransomware.

Lastly, IT administrators should keep monitoring the traffic that passes through the network and looks for anomalies by identifying any inconsistencies in event logs.

[Jun 09, 2017] Task force tells Congress health IT security is in critical condition by Sean Gallagher

Jun 08, 2017 | arstechnica.com

6/8/2017

Report warns lack of security talent, glut of legacy hardware pose imminent threat.

A congressionally mandated healthcare industry task force has published the findings of its investigation into the state of health information systems security, and the diagnosis is dire.

The Health Care Industry Cybersecurity Task Force report (PDF), published on June 1, warns that all aspects of health IT security are in critical condition and that action is needed both by government and the industry to shore up security. The recommendations to Congress and the Department of Health and Human Services (HHS) included programs to drive vulnerable hardware and software out of health care organizations. The report also recommends efforts to inject more people with security skills into the healthcare work force, as well as the establishment of a chain of command and procedures for dealing with cyber attacks on the healthcare system.

The problems healthcare organizations face probably cannot be fixed without some form of government intervention. As the report states, "The health care system cannot deliver effective and safe care without deeper digital connectivity. If the health care system is connected, but insecure, this connectivity could betray patient safety, subjecting them to unnecessary risk and forcing them to pay unaffordable personal costs. Our nation must find a way to prevent our patients from being forced to choose between connectivity and security."

At the same time, government intervention is part of what got health organizations into this situation-by pushing them to rapidly adopt connected technologies without making security part of the process.

The report, mandated by the 2015 Cybersecurity Act , was supposed to be filed to Congress by May 17. However, just five days before it was due, the WannaCry ransomware worm struck the UK's National Health Service , affecting 65 hospitals.

"The HHS stance is pretty much that we got incredibly lucky in the US [with WannaCry], and our luck is going to run out," Joshua Corman, co-founder of the information security non-profit organization I Am The Cavalry and a member of the task force, told Ars. The report was delayed by the WannaCry outbreak, Corman said, who observed that the task force members were disappointed that they hadn't gotten the report out sooner: "because if the report had been out a week or two prior to WannaCry, you could have bet that every Congressional staffer would have been reading it during the outbreak."

The task force was co-chaired by Emery Csulak, the chief information security officer for the Centers for Medicare and Medicaid Services, and Theresa Meadows, who is a registered nurse and chief information officer of the Cook Children's Health Care System. The task force also included representatives from the security industry, government and private health care organizations, pharmaceutical firms, medical device manufacturers, insurers, and others from the wider health care industry-as well as healthcare data journalist and patient advocate Fred Trotter . Corman said that the task force was "probably the hardest thing I've ever done and maybe the most important thing I'll ever do-especially if some of these recommendations are acted upon."

But it's not certain that the report will spur any immediate action, given the current debate over healthcare costs in Congress and the stance of the Trump administration on regulation. Even so, Corman explained:

When we were working on this, we realized that if it was summarily ignored by the next administration, or if it was ignored for being too costly, the report could still be a backstop-in that when the first crisis happens, this will be the most recently available report that will be the blueprint for what to do next. It's just an indicator of how many minutes to midnight we are on this particular clock-we may be out of time to get in front of it, but we can certainly try to see which of these measures can be put in place in parallel [with a security crisis].

Brace for impact

The ransomware attack on Hollywood Presbyterian Medical Center, which happened just a few weeks after President Obama signed the legislation that established the task force, helped establish the urgency of the work the group was doing ( Ars' coverage of the ransomware attack is cited in the task force's final report). At the task force's first in-person meeting in April, Corman said he brought up the Boston Marathon bombing. "I said, imagine if you combined something like this physical attack with something like the logical attack [at Hollywood Presbyterian]." The impact-disrupting the ability to give urgent medical care during a physical attack-could potentially magnify the loss of life and shatter public confidence, he suggested.

The recommendations generated by the task force amount to a Herculean to-do list:

Define and streamline leadership, governance, and expectations for health care industry cybersecurity. Increase the security and resilience of medical devices and health IT. Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities. Increase health care industry readiness through improved cybersecurity awareness and education. Identify mechanisms to protect research and development efforts, as well as intellectual property, from attacks or exposure. Improve information sharing of industry threats, weaknesses, and mitigations.

That list is no short order. And it may already be too late to prevent another major incident. In the wake of the Hollywood Presbyterian ransomware attack last year, "the obscurity we've enjoyed is gone," Corman explained. "We've always been prone, we've always been prey-we just lacked predators. Once the Hollywood Presbyterian attack happened, there were a lot more sharks because they smelled blood in the water." As a result, hospitals went from being off attackers' radar to "the number-one attacked industry in less than a year," he said.

The task force's long-term target is to get the health industry to adopt the risk management strategies of NIST's Critical Infrastructure Cybersecurity Framework . But that's a long way off, considering the potential costs associated and the bare-bones nature of many health providers' IT. Many healthcare delivery organizations "are target rich and resource poor, and [they] can't fathom further investment in cyber hygiene, period," said Corman.

The challenges to securing health IT identified by the task force, including some of the problems exposed by the Hollywood Presbyterian attack, are substantial:

A severe lack of security talent in the industry. As the report points out, "The majority of health delivery organizations lack full-time, qualified security personnel." Small, mid-sized, and rural health providers may not even have full-time IT staff, or they depend on a service provider and have little in the way of resources to attract and retain a skilled information security staff.

Premature and excessive connectivity. Health providers rapidly embraced networked systems, in many cases without thought to secure design and implementation. As the report states, "Over the next few years, most machinery and technology involved in patient care will connect to the Internet; however, a majority of this equipment was not originally intended to be Internet accessible, nor designed to resist cyber attacks."

In some significant ways, this is a problem that Congress helped create with the unintended consequences of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Passed in 2009 as part of the American Recovery and Reinvestment Act, it gave financial incentives for hospitals to rapidly deploy electronic health records and offered billions of dollars in incentives for quickly demonstrating "meaningful use" of EHRs. Combined with the Merit-Based Incentive Payment System used by Medicare and Medicaid, the HITECH Act forced many health providers to quickly adopt technology they didn't fully understand. While EHRs have likely improved patient care, they also introduced technology that care providers couldn't properly secure or support.

Legacy equipment running on old, unsupported, and vulnerable operating systems . Since a large number of medical systems rely on older versions of Windows-Windows 7, and in many cases, Windows XP-"there's zero learning curve for an ideological adversary," Corman said. "There's nothing new to learn." The systems were never intended to be connected to the Internet in many cases-or to any network at all. Some systems, Corman said, "have such interoperability issues-forget security issues-that they're so brittle, most hospitals will say that, even if you just do a port scan, you'll crash them-you don't even need to hack them."

On top of that, some of the legacy medical devices on hospitals' networks now are unpatchable or unsecurable, and they would have to be completely retired and replaced. The task force recommended government incentives to get rid of these devices, following a "cash for clunkers" model. But that may not be effective in luring some health organizations to get rid of them, simply because of the other costs associated with getting new hardware in. And many of the newer systems they would use to replace older ones with are still based on legacy software anyway.

A wealth of vulnerabilities, and it only takes one to disrupt patient care. The increased connectivity of health providers without proper network segmentation and other security measures exposed other systems that were never meant to touch the network-medical devices powered by embedded operating systems that may never have been patched and have 20-year lifecycles. According to the task force report, one legacy medical technology system they documented had more than 1,400 vulnerabilities on its own. And the exploitation of a single vulnerability on a single system was able to affect patient care during the Hollywood Presbyterian attack.

Furthermore, because these legacy systems are often based on older, common technologies, virtually no special set of skills is required to perform such an attack. Basic, common hacking tools could be used to gain access and wreak havoc. This is demonstrated in attacks like the one at MedStar hospitals in Maryland last March, in which an old JBoss vulnerability was exploited (likely with an open source tool) to give attackers access to the medical network's servers.

It was clear to everyone on the task force, Corman noted, that there were no technical barriers to a "sustained denial of patient care like what happened at Hollywood Presbyterian, on purpose" at virtually any healthcare facility in the United States. "I said we all make fun of security through obscurity, but what if that's all we have?" Corman recounted. "Seriously. What if that's all we have?"

Planning for "right of boom"

Given that untargeted and incidental attacks on hospitals have already happened, it seems inevitable that someone will carry out a targeted attack at some point. Corman said that increases the importance of doing disaster planning and simulations now to optimize responses, "so we can see who needs to have control-is it FEMA, the White House, DHS, HHS, the hospitals? We drill with our kids what you're supposed to do in a fire. Before we have a boom, we need to prioritize simulations, practice, and disaster planning."

Another part of planning for the post-attack scenario-or "right of boom"-is to make sure that the right supports are in place to quickly recover. "We need to make sure that we've done enough scaffolding now so that we can have a more elegant response," Corman said, "because if this looks like Deepwater Horizon, and we're on the news every night, every week, gushing into the Gulf, that's going to shatter confidence. If we have a prompt and agile response, maybe we can mitigate the harm."

Sean Gallagher
Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.

[Jun 09, 2017] Sneaky hackers use Intel management tools to bypass Windows firewall

Notable quotes:
"... the group's malware requires AMT to be enabled and serial-over-LAN turned on before it can work. ..."
"... Using the AMT serial port, for example, is detectable. ..."
"... Do people really admin a machine through AMT through an external firewall? ..."
"... Businesses demanded this technology and, of course, Intel beats the drum for it as well. While I understand their *original* concerns I would never, ever connect it to the outside LAN. A real admin, in jeans and a tee, is a much better solution. ..."
Jun 09, 2017 | arstechnica.com
When you're a bad guy breaking into a network, the first problem you need to solve is, of course, getting into the remote system and running your malware on it. But once you're there, the next challenge is usually to make sure that your activity is as hard to detect as possible. Microsoft has detailed a neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade firewalls and other endpoint-based network monitoring.

The group, which Microsoft has named PLATINUM, has developed a system for sending files -- such as new payloads to run and new versions of their malware-to compromised machines. PLATINUM's technique leverages Intel's Active Management Technology (AMT) to do an end-run around the built-in Windows firewall. The AMT firmware runs at a low level, below the operating system, and it has access to not just the processor, but also the network interface.

The AMT needs this low-level access for some of the legitimate things it's used for. It can, for example, power cycle systems, and it can serve as an IP-based KVM (keyboard/video/mouse) solution, enabling a remote user to send mouse and keyboard input to a machine and see what's on its display. This, in turn, can be used for tasks such as remotely installing operating systems on bare machines. To do this, AMT not only needs to access the network interface, it also needs to simulate hardware, such as the mouse and keyboard, to provide input to the operating system.

But this low-level operation is what makes AMT attractive for hackers: the network traffic that AMT uses is handled entirely within AMT itself. That traffic never gets passed up to the operating system's own IP stack and, as such, is invisible to the operating system's own firewall or other network monitoring software. The PLATINUM software uses another piece of virtual hardware-an AMT-provided virtual serial port-to provide a link between the network itself and the malware application running on the infected PC.

Communication between machines uses serial-over-LAN traffic, which is handled by AMT in firmware. The malware connects to the virtual AMT serial port to send and receive data. Meanwhile, the operating system and its firewall are none the wiser. In this way, PLATINUM's malware can move files between machines on the network while being largely undetectable to those machines.

PLATINUM uses AMT's serial-over-LAN (SOL) to bypass the operating system's network stack and firewall.

Enlarge / PLATINUM uses AMT's serial-over-LAN (SOL) to bypass the operating system's network stack and firewall. Microsoft

AMT has been under scrutiny recently after the discovery of a long-standing remote authentication flaw that enabled attackers to use AMT features without needing to know the AMT password. This in turn could be used to enable features such as the remote KVM to control systems and run code on them.

However, that's not what PLATINUM is doing: the group's malware requires AMT to be enabled and serial-over-LAN turned on before it can work. This isn't exploiting any flaw in AMT; the malware just uses the AMT as it's designed in order to do something undesirable.

Both the PLATINUM malware and the AMT security flaw require AMT to be enabled in the first place; if it's not turned on at all, there's no remote access. Microsoft's write-up of the malware expressed uncertainty about this part; it's possible that the PLATINUM malware itself enabled AMT-if the malware has Administrator privileges, it can enable many AMT features from within Windows-or that AMT was already enabled and the malware managed to steal the credentials.

While this novel use of AMT is useful for transferring files while evading firewalls, it's not undetectable. Using the AMT serial port, for example, is detectable. Microsoft says that its own Windows Defender Advanced Threat Protection can even distinguish between legitimate uses of serial-over-LAN and illegitimate ones. But it's nonetheless a neat way of bypassing one of the more common protective measures that we depend on to detect and prevent unwanted network activity. potato44819 , Ars Legatus Legionis Jun 8, 2017 8:59 PM Popular

"Microsoft says that its own Windows Defender Advanced Threat Protection can even distinguish between legitimate uses of serial-over-LAN and illegitimate ones. But it's nonetheless a neat way of bypassing one of the more common protective measures that we depend on to detect and prevent unwanted network activity."

It's worth noting that this is NOT Windows Defender.

Windows Defender Advanced Threat Protection is an enterprise product.

aexcorp , Ars Scholae Palatinae Jun 8, 2017 9:04 PM Popular
This is pretty fascinating and clever TBH. AMT might be convenient for sysadmin, but it's proved to be a massive PITA from the security perspective. Intel needs to really reconsider its approach or drop it altogether.

"it's possible that the PLATINUM malware itself enabled AMT-if the malware has Administrator privileges, it can enable many AMT features from within Windows"

I've only had 1 machine that had AMT (a Thinkpad T500 that somehow still runs like a charm despite hitting the 10yrs mark this summer), and AMT was toggled directly via the BIOS (this is all pre-UEFI.) Would Admin privileges be able to overwrite a BIOS setting? Would it matter if it was handled via UEFI instead? 1810 posts | registered 8/28/2012

bothered , Ars Scholae Palatinae Jun 8, 2017 9:16 PM
Always on and undetectable. What more can you ask for? I have to imagine that and IDS system at the egress point would help here. 716 posts | registered 11/14/2012
faz , Ars Praefectus Jun 8, 2017 9:18 PM
Using SOL and AMT to bypass the OS sounds like it would work over SOL and IPMI as well.

I only have one server that supports AMT, I just double-checked that the webui for AMT does not allow you to enable/disable SOL. It does not, at least on my version. But my IPMI servers do allow someone to enable SOL from the web interface.

xxx, Jun 8, 2017 9:24 PM
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit has a beachhead? That is not a small thing, but it would give us a way to gauge the severity of the threat.

Do people really admin a machine through AMT through an external firewall? 178 posts | registered 2/25/2016

zogus , Ars Tribunus Militum Jun 8, 2017 9:26 PM
fake-name wrote:
Quote:
blockquote

Hi there! I do hardware engineering, and I wish more computers had serial ports. Just because you don't use them doesn't mean their disappearance is "fortunate".

Just out of curiosity, what do you use on the PC end when you still do require traditional serial communication? USB-to-RS232 adapter? 1646 posts | registered 11/17/2006

bthylafh , Ars Tribunus Angusticlavius Jun 8, 2017 9:34 PM Popular
zogus wrote:
Just out of curiosity, what do you use on the PC end when you still do require traditional serial communication? USB-to-RS232 adapter?
tomca13 , Wise, Aged Ars Veteran Jun 8, 2017 9:53 PM
This PLATINUM group must be pissed about the INTEL-SA-00075 vulnerability being headline news. All those perfectly vulnerable systems having AMT disabled and limiting their hack. 175 posts | registered 8/9/2002
Darkness1231 , Ars Tribunus Militum et Subscriptor Jun 8, 2017 10:41 PM
Causality wrote:
Intel AMT is a fucking disaster from a security standpoint. It is utterly dependent on security through obscurity with its "secret" coding, and anybody should know that security through obscurity is no security at all.
Businesses demanded this technology and, of course, Intel beats the drum for it as well. While I understand their *original* concerns I would never, ever connect it to the outside LAN. A real admin, in jeans and a tee, is a much better solution.

Hopefully, either Intel will start looking into improving this and/or MSFT will make enough noise that businesses might learn to do their update, provisioning in a more secure manner.

Nah, that ain't happening. Who am I kidding? 1644 posts | registered 3/31/2012

Darkness1231 , Ars Tribunus Militum et Subscriptor Jun 8, 2017 10:45 PM
meta.x.gdb wrote:
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit has a beachhead? That is not a small thing, but it would give us a way to gauge the severity of the threat. Do people really admin a machine through AMT through an external firewall?
The interconnect is via W*. We ran this dog into the ground last month. Other OSs (all as far as I know (okay, !MSDOS)) keep them separate. Lan0 and lan1 as it were. However it is possible to access the supposedly closed off Lan0/AMT via W*. Which is probably why this was caught in the first place.

Note that MSFT has stepped up to the plate here. This is much better than their traditional silence until forced solution. Which is just the same security through plugging your fingers in your ears that Intel is supporting. 1644 posts | registered 3/31/2012

rasheverak , Wise, Aged Ars Veteran Jun 8, 2017 11:05 PM
Hardly surprising: https://blog.invisiblethings.org/papers ... armful.pdf

This is why I adamantly refuse to use any processor with Intel management features on any of my personal systems. 160 posts | registered 3/6/2014

michaelar , Smack-Fu Master, in training Jun 8, 2017 11:12 PM
Brilliant. Also, manifestly evil.

Is there a word for that? Perhaps "bastardly"?

JDinKC , Smack-Fu Master, in training Jun 8, 2017 11:23 PM
meta.x.gdb wrote:
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit has a beachhead? That is not a small thing, but it would give us a way to gauge the severity of the threat. Do people really admin a machine through AMT through an external firewall?
The catch would be any machine that leaves your network with AMT enabled. Say perhaps an AMT managed laptop plugged into a hotel wired network. While still a smaller attack surface, any cabled network an AMT computer is plugged into, and not managed by you, would be a source of concern. 55 posts | registered 11/19/2012
Anonymouspock , Wise, Aged Ars Veteran Jun 8, 2017 11:42 PM
Serial ports are great. They're so easy to drive that they work really early in the boot process. You can fix issues with machines that are otherwise impossible to debug.
sphigel , Ars Centurion Jun 9, 2017 12:57 AM
aexcorp wrote:
This is pretty fascinating and clever TBH. AMT might be convenient for sysadmin, but it's proved to be a massive PITA from the security perspective. Intel needs to really reconsider its approach or drop it altogether.

"it's possible that the PLATINUM malware itself enabled AMT-if the malware has Administrator privileges, it can enable many AMT features from within Windows"

I've only had 1 machine that had AMT (a Thinkpad T500 that somehow still runs like a charm despite hitting the 10yrs mark this summer), and AMT was toggled directly via the BIOS (this is all pre-UEFI.) Would Admin privileges be able to overwrite a BIOS setting? Would it matter if it was handled via UEFI instead?

I'm not even sure it's THAT convenient for sys admins. I'm one of a couple hundred sys admins at a large organization and none that I've talked with actually use Intel's AMT feature. We have an enterprise KVM (raritan) that we use to access servers pre OS boot up and if we have a desktop that we can't remote into after sending a WoL packet then it's time to just hunt down the desktop physically. If you're just pushing out a new image to a desktop you can do that remotely via SCCM with no local KVM access necessary. I'm sure there's some sys admins that make use of AMT but I wouldn't be surprised if the numbers were quite small. 273 posts | registered 5/5/2010
gigaplex , Ars Scholae Palatinae Jun 9, 2017 3:53 AM
zogus wrote:
fake-name wrote:
blockquote Quote: blockquote

Hi there! I do hardware engineering, and I wish more computers had serial ports. Just because you don't use them doesn't mean their disappearance is "fortunate".

Just out of curiosity, what do you use on the PC end when you still do require traditional serial communication? USB-to-RS232 adapter?
We just got some new Dell workstations at work recently. They have serial ports. We avoid the consumer machines. 728 posts | registered 9/23/2011

GekkePrutser , Ars Centurion Jun 9, 2017 4:18 AM
Quote:
Physical serial ports (the blue ones) are fortunately a relic of a lost era and are nowadays quite rare to find on PCs.
Not that fortunately.. Serial ports are still very useful for management tasks. It's simple and it works when everything else fails. The low speeds impose little restrictions on cables.

Sure, they don't have much security but that is partly mitigated by them usually only using a few metres cable length. So they'd be covered under the same physical security as the server itself. Making this into a LAN protocol without any additional security, that's where the problem was introduced. Wherever long-distance lines were involved (modems) the security was added at the application level.

[Jun 08, 2017] NSA Denies Everything About Latest Intercept Leak, Including Denying Something That Was Never Claimed

Notable quotes:
"... Targeting telco and ISP systems administrators goes well outside the bounds of "national security." These people aren't suspected terrorists. They're just people inconveniently placed between the NSA and its goal of " collecting it all ." ..."
"... The NSA's own documents say that QUANTUMHAND "exploits the computer of a target that uses Facebook." The man-on-the-side attack impersonates a server , not the site itself. The NSA denies impersonating, but that's not what The Intercept said or what its own documents state. This animated explanation, using the NSA's Powerpoint presentation, shows what the attack does -- it tips the TURBINE servers, which then send the malware payload before the Facebook servers can respond. ..."
"... To the end user, it looks as though Facebook is just running slowly. ..."
"... When the NSA says it doesn't impersonate sites, it truly doesn't. It injects malware by beating Facebook server response time. It doesn't serve up faux Facebook pages; it simply grabs the files and data from compromised computers. ..."
"... The exploit is almost wholly divorced from Facebook itself. The social media site is an opportunity for malware deployment, and the NSA doesn't need to impersonate a site to achieve its aims. This is the NSA maintaining deniability in the face of damning allegations -- claiming something was said that actually wasn't and resorting to (ultimately futile) attempts to portray journalists as somehow less trustworthy than the agency. ..."
"... At this point, the mere fact that the NSA denies doing something is almost enough to convince me that they are doing it. I'm trying not to be paranoid. They just make it so difficult. ..."
"... considering how much access they seemed to have I think it is entirely possible for them to do that. And the criminal energy to do it definitely there as well. ..."
"... And there is still the question if Facebook and similar sites might be at least funded, if not run by intelligence agencies altogether. If that is the case that would put this denial in an entirely different light. It would read "We don't impersonate companies. We ARE the companies."... ..."
"... Max level sophistry. I wonder if anyone at the NSA even remembers what the truth is, it's been coated in so many layers of bullshit. ..."
"... As for its "national security directive," it made a mockery of that when it proudly announced in its documents that "we hunt sys admins." ..."
Jun 08, 2017 | www.techdirt.com
The recent leaks published at Glenn Greenwald's new home, The Intercept, detailed the NSA's spread of malware around the world, with a stated goal of sabotaging "millions" of computers. As was noted then, the NSA hadn't issued a comment. The GCHQ, named as a co-conspirator, had already commented, delivering the usual spiel about legality, oversight and directives -- a word salad that has pretty much replaced "no comment" in the intelligence world.

The NSA has now issued a formal statement on the leaks, denying everything -- including something that wasn't even alleged. In what has become the new "no comment" on the NSA side, the words "appropriate," "lawful" and "legitimate" are trotted out, along with the now de rigueur accusations that everything printed (including, apparently, its own internal documents) is false.

Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate. NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities. Technical capability must be understood within the legal, policy, and operational context within which the capability must be employed.
First off, for the NSA to claim that loading up "millions" of computers with malware is somehow targeted (and not "indiscriminate") is laughable. As for its "national security directive," it made a mockery of that when it proudly announced in its documents that "we hunt sys admins."

Targeting telco and ISP systems administrators goes well outside the bounds of "national security." These people aren't suspected terrorists. They're just people inconveniently placed between the NSA and its goal of " collecting it all ."

Last, but not least, the NSA plays semantic games to deny an accusation that was never made, calling to mind Clapper's denial of a conveniently horrendous translation of a French article on its spying efforts there.

NSA does not use its technical capabilities to impersonate U.S. company websites.
This "denial" refers to this portion of The Intercept's article.
In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target's computer and exfiltrate files from a hard drive... In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target's computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.

The NSA's own documents say that QUANTUMHAND "exploits the computer of a target that uses Facebook." The man-on-the-side attack impersonates a server , not the site itself.

The NSA denies impersonating, but that's not what The Intercept said or what its own documents state. This animated explanation, using the NSA's Powerpoint presentation, shows what the attack does -- it tips the TURBINE servers, which then send the malware payload before the Facebook servers can respond.

To the end user, it looks as though Facebook is just running slowly.

https://player.vimeo.com/video/88822483

When the NSA says it doesn't impersonate sites, it truly doesn't. It injects malware by beating Facebook server response time. It doesn't serve up faux Facebook pages; it simply grabs the files and data from compromised computers.

The exploit is almost wholly divorced from Facebook itself. The social media site is an opportunity for malware deployment, and the NSA doesn't need to impersonate a site to achieve its aims. This is the NSA maintaining deniability in the face of damning allegations -- claiming something was said that actually wasn't and resorting to (ultimately futile) attempts to portray journalists as somehow less trustworthy than the agency.

sorrykb ( profile ), 14 Mar 2014 @ 9:39am

Denial = Confirmation?
NSA does not use its technical capabilities to impersonate U.S. company websites.

At this point, the mere fact that the NSA denies doing something is almost enough to convince me that they are doing it. I'm trying not to be paranoid. They just make it so difficult.

Anonymous Coward , 14 Mar 2014 @ 9:48am
Re: Denial = Confirmation?

considering how much access they seemed to have I think it is entirely possible for them to do that. And the criminal energy to do it definitely there as well.

By now you have to assume the worst when it comes to them, and once the truth comes out it tends to paint and even worse picture then what you could imagine.

And there is still the question if Facebook and similar sites might be at least funded, if not run by intelligence agencies altogether. If that is the case that would put this denial in an entirely different light. It would read "We don't impersonate companies. We ARE the companies."...

Mark Wing , 14 Mar 2014 @ 10:35am

Max level sophistry. I wonder if anyone at the NSA even remembers what the truth is, it's been coated in so many layers of bullshit.

art guerrilla ( profile ), 14 Mar 2014 @ 12:06pm
Re: NSA Word-Smithing

I can not stress this poster's sentiment, as well as voiced in the article itself, of the CHILDISH semantic games the alphabet spooks will play... they WILL (metaphorically speaking) look you straight in the eye, piss on your leg, and INSIST it is raining; THEN fabricate evidence to 'prove' it was rain...

In my readings about the evil done in our name, with our money, *supposedly* to 'protect and serve' us, by the boys in black, you can NOT UNDERESTIMATE the most simplistic, and -to repeat myself -- CHILDISH ways they will LIE AND DISSEMBLE...

They are scum, they are slime, they are NOT the best and the brightest, they are the worst and most immoral...

YOU CAN NOT OVERSTATE THEIR MORAL VACUITY...

we do NOT deserve these pieces of shit...

Anonymous Coward , 14 Mar 2014 @ 11:17am

We know that the NSA, with the cooperation of the companies involved, has equipment co-located at major backbones and POPs to achieve the goals for QUANTUMHAND, QUANTUMINSERT, and etc.

At what point will we start confronting these companies and pressuring them to discontinue such cooperation? I know it's no easy task, but just as much as the government is reeling from all the public pressure, so too will these companies if we press their hands. Make it affect their bottom line.

Anonymous Coward , 14 Mar 2014 @ 1:49pm
is techdirt an hack target?

this page of your site tries to run scripts from
google
amazonaws
twitter
facebook
ajax.googleapis
techdirt

and install cookies from
techdirt
imigur

and request resources from
rp-api
vimeo

and install/use tracking beacons from
facebook connect
google +1
gravitar
nativo
quantcast
redit
repost.us
scorecard research beacon
twitter button.

...and who knows what else would run if all that was allowed to proceed. (I'm not going to run them to find out the 2nd level stuff)

for all the great reporting techdirt does on spying/tracking/privacy- you need to get you shit together already with this site; it seams like you're part of the problem. Please explain the technical facts as to why these same types of hacks couldn't be done to your readers through this clusterfuck of off site scripts/beacons/cookies/resources your forcing on people to ignorant to know how to block them.

Matthew Cline ( profile ), 14 Mar 2014 @ 1:50pm

As for its "national security directive," it made a mockery of that when it proudly announced in its documents that "we hunt sys admins."

Well, heck, that's easy. Since the computers of the sys admins are just means to an ends, simply define "target" in a way that excludes anyone whose computers are compromised as a means to an end.

Anonymous mouse , 14 Mar 2014 @ 1:56pm

I seem to remember some articles about why people who don't use Facebook are suspect. To wit,

Are these possible signs that the NSA and GHCQ planted those stories?

Anonymous Coward , 14 Mar 2014 @ 3:49pm
The fun has yet to really begin

On April 8th, this year, Microsoft will stop installing new security patches from Windows XP, leaving computers running it totally vulnerable to such hacks. Anybody want to place bets on the fact that the alphabet soup agencies of our wonderful gummint are going to be first in line to exploit them? Just think what NSA could do with 300,000,000+ computers to play with!

[Jun 06, 2017] Trend Micro AV gave any website command-line access to Windows PCs

Jun 06, 2017 | theregister.co.uk

So a part from writing fake secutiry software, they also make fake statements and perform fake research.

> > > >

[May 29, 2017] It might make sense to use a separate Linux computer ot VM on laptop for internet browsing; you just can't secure Windows

Notable quotes:
"... But the point is that no matter where you turn the stuff is plain ass insecure and the probable most secure is Linux, and of all the distros if you remove the services you don't need, printing, etc.. most secure, and if it isn't perfect well you paid nothing! But most importantly you can control what is shared and communicated with very easy controls. ..."
"... What the NSA did in respect to recently disclosed leaks and congressional oversight in respect to their spying or collecting data upon Americans was wrong, but to be honest? ..."
"... They didn't need to because they could buy better data from Google, Facebook, Microsoft, and the cell companies. ..."
"... Using Linux and Firefox correctly with standard addons for privacy protects you pretty damn well. Just saying, and you can update a computer in less than one agonizing "Don't turn off your computer" screens from Microsoft with yet another Net Framework, Browser edge, Microsoft store, Bing.. all that shit we really just don't F0cking need! ..."
"... Shit is shit, and it was made with the INTENTION of exploitation. Why I'd say that was it's HIGHER purpose, to exploit .. and now of course that sword cuts both ways. The level of bullshit, is equal and proportionate to the level of actual shit. And hell, honesty being at shall we say a premium. folks just can't come out and admit to such things. Why whatever would people think!? So, so many ways, the masses of people, the sea of humanity, has been sold out, and sold down the river. ..."
"... Insecurity cuts both ways: For and against the surveillance state. For anonymity for those who know how to use it, against for everyone else. For those with the right tools, there is freedom in the dark spaces of that insecurity. And a base for rebelion. Think Everyman Hacker vs The Deep State. You should really read Thieves Emporium. It's a primer on where the dots are going delivered using technically-accurate fiction to keep you interested to the last page. ..."
May 29, 2017 | www.zerohedge.com

Dilluminati , May 27, 2017 11:02 PM

I have sat through about 5 hours of MSFT loading up a VM getting ready to run a SQL SERVER 2016 lab/VM. I believe nothing except that all tech with the exception of Linux is pretty f0cked up.

... ... ...

That's just the truth. Most software is such garbage, designed to leak information for corporate greed, you really have to blame Microsoft and Google.

HRH Feant2 - Dilluminati , May 27, 2017 11:19 PM

Damn, dude, I feel your pain! I have done more than one wipe of my OS and a fresh install. It sucks.

I am looking to cut the cord, too. Found a nice handset that uses Bluetooth so I can have a decent convo using my cellphone without actually holding the damned thing up to my skull! Less than $50 on Amazon.

Comcast sucks and costs too much.

Dilluminati - HRH Feant2 , May 27, 2017 11:39 PM

I guess reading over my comments and the responses is that new tech sucks, is insecure, old tech sucks and is insecure, and no matter how much you spend on MSFT it sucks and is insecure. (most people don't know better) Android is improving an a Linux derivative, but the Google store tyranny has me thinking getting as bad as MSFT.

But the point is that no matter where you turn the stuff is plain ass insecure and the probable most secure is Linux, and of all the distros if you remove the services you don't need, printing, etc.. most secure, and if it isn't perfect well you paid nothing! But most importantly you can control what is shared and communicated with very easy controls.

What the NSA did in respect to recently disclosed leaks and congressional oversight in respect to their spying or collecting data upon Americans was wrong, but to be honest?

They didn't need to because they could buy better data from Google, Facebook, Microsoft, and the cell companies.

And guess what? Because these systems collect information that is the basis for leaked information.

http://www.omgubuntu.co.uk/2016/01/ubuntu-online-search-feature-disabled...

Using Linux and Firefox correctly with standard addons for privacy protects you pretty damn well. Just saying, and you can update a computer in less than one agonizing "Don't turn off your computer" screens from Microsoft with yet another Net Framework, Browser edge, Microsoft store, Bing.. all that shit we really just don't F0cking need!

It's just F0cking redonkulous, and I'm going to cert 2016 and I look at the courseware and I'm like wtf? Redmond still shilling mobile data from SQL SERVER, as if nobody got the F0cking message at MSFT that their phones are DEAD!

Or R inside Sql Server, yeah daddy.. I'm going to run some R on SQL SERVER just to buy some more damn licenses... anybody smart enough for R not dumb enough to buy lottsa SQL SERVER.. just f0cking saying the dumb shit, additional shit, that adds really very little value except insecure stuff.

But yeah locked down Ubuntu loads up in about 1/10 the time and more secure.. and that is a fact.

Giant Meteor - Dilluminati , May 27, 2017 11:23 PM

Excellent excellent points ... Not as plugged in tech wise as you seem to be, but understand the hightlights .. Shit is shit, and it was made with the INTENTION of exploitation. Why I'd say that was it's HIGHER purpose, to exploit .. and now of course that sword cuts both ways.

The level of bullshit, is equal and proportionate to the level of actual shit.

And hell, honesty being at shall we say a premium. folks just can't come out and admit to such things. Why whatever would people think!? So, so many ways, the masses of people, the sea of humanity, has been sold out, and sold down the river.

Funny thing is, aside from those on the government dole payroll (which is an extensive list) lot's of folks will admit to the case, ie; "we been robbed!" and are starting to wake up to the fact ...

But the ramifications as you have laid out, so simple to see, and understand, and yet ... Well, like I mentioned, they're fightin for THEIR way of life, and THEIR freedumbs ... Well done ..

Sam.Spade - Dilluminati , May 28, 2017 1:22 AM

So project the dots. Insecurity cuts both ways: For and against the surveillance state. For anonymity for those who know how to use it, against for everyone else.

For those with the right tools, there is freedom in the dark spaces of that insecurity. And a base for rebelion.

Think Everyman Hacker vs The Deep State.

You should really read Thieves Emporium. It's a primer on where the dots are going delivered using technically-accurate fiction to keep you interested to the last page. Not nearly as detailed as your post, nor as specific, but explains the broad-brush concepts on both sides of the new internet freedom struggle very well.

The Daily Bell thought it was so good they published it as a serial which you can read for free at http://www.thedailybell.com/editorials/max-hernandez-introducing-thieves... .

Or you can guy a copy on Amazon (rated 4.6 in 120 reviews), Nook (same rating, fewer reviews), Smashwords (ditto), or iBooks.

Please take a look, I think you will like the book.

[May 23, 2017] Sysinternals Sync

May 23, 2017 | technet.microsoft.com

See Sysinternals Sync.

UNIX provides a standard utility called Sync, which can be used to direct the operating system to flush all file system data to disk in order to insure that it is stable and won't be lost in case of a system failure. Otherwise, any modified data present in the cache would be lost. Here is an equivalent that I wrote, called Sync, that works on all versions of Windows. Use it whenever you want to know that modified file data is safely stored on your hard drives. Unfortunately, Sync requires administrative privileges to run. This version also lets you flush removable drives such as ZIP drives.

Using Sync

Usage: sync [-r] [-e] [drive letter list]

-r Flush removable drives.
-e Ejects removable drives.

Specifying specific drives (e.g. "c e") will result in Sync only flushing those drives.

[May 23, 2017] FogBugz - discuss.joelonsoftware.com

May 23, 2017 | Unmount hard drives from Windows command line?

Is there a command to unmount an HDD from the command line or a tool to do so?

Tuesday, January 31, 2006

I believe that you're looking for NET USE:

NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
[/USER:[domainname\]username]
[/USER:[dotted domain name\]username]
[/USER:[username@dotted domain name]
[/SMARTCARD]
[/SAVECRED]
[[/DELETE] | [/PERSISTENT:{YES | NO}]]

NET USE {devicename | *} [password | *] /HOME

NET USE [/PERSISTENT:{YES | NO}]

Mark Lubischer

well... that is if it's a mapped network drive Mark Lubischer


Tuesday, January 31, 2006

mountvol X: /d Roland Kaufmann

"Well, mostly I'm interested in unmounting a USB drive - quickly and easily (sans mouse clicks)."

Oh, Microsoft calls this "ejecting [a] device", not unmounting a drive. The system help files only provide instructions on how to do it graphically.

Googling for the relevant terms returns http://www.robvanderwoude.com/index.html and you might be interested in the fifth entry down from the top. The tenth entry might also help.

(I don't make any recommendations about this software, I'm just following the first link that looked relevant.)

Google also suggested a few other links when I used "Windows eject device command line" as my search terms.

TheDavid, Tuesday, January 31, 2006

My posting crossed with the OP's answer.

Mark Russinovish's Sync is the right thing to use:

http://www.sysinternals.com/Utilities/Sync.html

See also:

http://ask-leo.com/is_there_a_way_to_safely_remove_hardware_from_a_batch_file.html


Post SP1, I think Windows XP automatically disables write caching on USB storage devices, so you can just pull them with no ill effects.

If you want to leave the device connected but not see a drive letter, you can do this through the Disk Management snap-in in Manage Computer. But this is not click-free.

The same thing could be accomplished through the management APIs with a script (wshost or monad), I should think.

Windows in general doesn't go for the concept of mounting/unmounting. USB storage is generally auto-mounted, and SCSI/IDE storage is either detected at startup or mediated through a RAID array which implements a SCSI miniport driver. You can dynamically assign / remove drive letters from drives or volumes, and mount volumes under a folder on another volume. The system is quite flexible, but to retain a degree of backwards compatibility it doesn't quite approach the Unix model.

.NET Guy
Wednesday, February 01, 2006

devcon is exactly what I was looking for - thanks. (eject, hmmm, smells like floppy disks).

I have used sync from sysinternals.com previously, but in this case it was not insuring a disconnect (which, it turns out, the USB device requires to flush its own buffers).

Thanks,

hoser
Wednesday, February 01, 2006

The current version of Sync has an 'Eject' option on it - does even that not work?

Will Dean
Thursday, February 02, 2006

[May 23, 2017] Command line to Safely Remove a USB drive

May 23, 2017 | technet.microsoft.com

Greetings!

I have a Windows 7 Professional PC with a backup routine that runs on boot-up in a batch file. It copies various files to a USB hard drive, then sends me a message on another PC saying the backup is complete.

I need a command to put in the batch file to safely remove the USB drive after the copying is done and before the "finished" message is sent.

I want the "Safely Remove Hardware" process to run, but I don't want to have to log in to the PC to click the "Safely Remove Hardware" icon. I already have the "Optimize for quick removal" set.

I have seen this thread: http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/a163abeb-f4d6-425e-b30b-e900ab118f0a and do not need to show a missing box. I'd like to have the whole thing happen in the batch file without my interaction.

I realize there isn't an actual command line command, like COPY or DEL, but there must be something the OS runs when the "Safely Remove" icon is clicked and a choice from the popup menu is chosen.

Example: there's no command to lock the PC, even in Shutdown.exe. But this text in a command line:

%windir%\system32\rundll32.exe user32.dll,LockWorkStation

locks the PC.

What's the line of text needed to eject a USB drive safely, preferably with feedback (if %Errorlevel% style) to show success or failure? (VBscript or WMI commands would be fine, too)

Edited by ScottGus1 Wednesday, February 15, 2012 1:12 PM

Wednesday, February 15, 2012 1:10 PM

Reply

|

Quote

Avatar of ScottGus1

ScottGus1

Avatar of ScottGus1

65 Points

Answers

Question

Sign in to vote
6

Sign in to vote

I did ask on the Scripting Guys forum (http://social.technet.microsoft.com/Forums/en/ITCG/thread/964f7d82-8810-4c18-93a3-0e5de1a3f006) and the answer is that there isn't one. No Microsoft-only command can eject a usb drive just like "Safely Remove Hardware" does it.

I finally settled on "RemoveDrive" (http://www.uwe-sieber.de/drivetools_e.html) because it returns an %errorlevel% in a batch file, based on whether it was successful in ejecting the USB hard drive or not. My batch file now works perfectly, and it automatically ejects the drive after writing the backups to it.

Thanks to All for your help!

Thanks, folks, for the suggestions. I tried the links suggested.

The script mentioned in the Neowin link returns "404 file not found" when I try to download it. Dead link.

I got Devcon from Microsoft as AskLeo mentioned. I was able to use "Devcon hwids" to find my USB drive (hardware ID was "USBSTOR\WD______0528AS_External_1", but...

"Devcon remove USBSTOR\WD______0528AS_External_1" returned "Remove failed"

"Devcon disable USBSTOR\WD______0528AS_External_1" returned "Disable failed"

"Devcon remove USBSTOR\DISK" and "Devcon disable USBSTOR\DISK" also failed.

Looking thru comments on AskLeo's article I found DevEject. This also failed to eject my USB drive.

I will ask on the scripting forum.

Meanwhile, any other thoughts?

====

I tried again this morning to use devcon. I got the hardware id of the drive using "devcon hwids *WD*" (without quotes, and I knew the WD was good since it's a Western Digital drive). Devcon returned the hardware IDs of the drive. I copied a unique hardware ID to the clipboard, typed "devcon remove " and then pasted the hardware ID. Devcon showed the whole hardware ID of the drive and responded, "remove failed". There were no errors in the Event Viewer, Application or System.

I tried this both in a normal and a "run as admin" command prompt, same results.

I then tried a third-party utility called "USB Disk Eject" (http://quick.mixnmojo.com/usb-disk-eject-1-2-beta-5), which worked properly, achieveing the same thing as "Safely Remove Hardware" on a command line. The way the author of USB Disk Eject speaks, it sounds like ejecting a disk is a lot more than just removing an item from the Device manager, which usually calls for a reboot anyway.

Microsoft / Sysinternals really needs to have an in-house utility for command-line safe-removal of USB drives...

===

See Sysinternals Sync.

UNIX provides a standard utility called Sync, which can be used to direct the operating system to flush all file system data to disk in order to insure that it is stable and won't be lost in case of a system failure. Otherwise, any modified data present in the cache would be lost. Here is an equivalent that I wrote, called Sync, that works on all versions of Windows. Use it whenever you want to know that modified file data is safely stored on your hard drives. Unfortunately, Sync requires administrative privileges to run. This version also lets you flush removable drives such as ZIP drives.

Using Sync

Usage: sync [-r] [-e] [drive letter list]

-r Flush removable drives.
-e Ejects removable drives.

Specifying specific drives (e.g. "c e") will result in Sync only flushing those drives.
===

In windows, at command line write "RunDll32.exe shell32.dll,Control_RunDLL hotplug.dll" and select the drive You want to eject.

[May 20, 2017] While Microsoft griped about NSA exploit stockpiles, it stockpiled patches Fridays WinXP fix was built in February by Iain Thomson

Notable quotes:
"... However, our analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt. ..."
May 16, 2017 | theregister.co.uk
And it took three months to release despite Eternalblue leak 16 May 2017 at 01:44, When the WannaCrypt ransomware exploded across the world over the weekend, infecting Windows systems using a stolen NSA exploit, Microsoft president Brad Smith quickly blamed the spy agency . If the snoops hadn't stockpiled hacking tools and details of vulnerabilities, these instruments wouldn't have leaked into the wild, sparing us Friday's cyber assault, he said.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," said Smith.

Speaking of hoarding, though, it's emerged Microsoft was itself stockpiling software – critical security patches for months.

Around January this year, Microsoft was tipped off by persons unknown that the NSA's Eternalblue cyber-weapon, which can compromise pre-Windows 10 systems via an SMBv1 networking bug, had been stolen and was about to leak into the public domain. In March, Microsoft emitted security fixes for supported versions of Windows to kill off the SMB vulnerability, striking Eternalblue dead on those editions.

In April, exactly a month later, an NSA toolkit of hacking weapons , including Eternalblue, was dumped online by the Shadow Brokers: a powerful loaded gun was now in the hands of any willing miscreant.

In May, just last week in fact, the WannaCrypt ransomware, equipped with this weapon, spread across networks and infected tens of thousands of machines worldwide, from hospital computers in the UK and Fedex terminals in the US, to railways in Germany and Russia, to cash machines in China.

On Friday night, Microsoft issued emergency patches for unsupported versions of Windows that did not receive the March update – namely WinXP, Server 2003, and Windows 8 RT. Up until this point, these systems – and all other unpatched pre-Windows 10 computers – were being menaced by WannaCrypt, and variants of the software nasty would be going after these systems in the coming weeks, too.

The Redmond tech giant was praised for issuing the fixes for its legacy Windows builds. It stopped supporting Windows XP in April 2014 , and Server 2003 in July 2015 , for instance, so the updates were welcome.

However, our analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt.

Here's the dates in the patches:

The SMBv1 bug is trivial , by the way: it is a miscalculation from a 32-bit integer to a 16-bit integer that can be exploited by an attacker to overflow a buffer, push too much information into the file networking service, and therefore inject malicious code into the system and execute it. Fixing this programming blunder in the Windows codebase would have been easy to back port from Windows 8 to XP.

If you pay Microsoft a wedge of cash, and you're important enough, you can continue to get security fixes for unsupported versions of Windows under a custom support license. It appears enterprises and other organizations with these agreements got the legacy fixes months ago, but us plebs got the free updates when the house was already on fire.

Smith actually alluded to this in his blog post over the weekend: "We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only , including Windows XP, Windows 8, and Windows Server 2003." [Italics are ours.]

Money talks

Custom support is a big earner: Microsoft charged Britain's National Health Service $200 per desktop for year one, $400 for year two and $800 for a third year as part of its contract. UK Health Secretary Jeremy Hunt cancelled the contract after a year as a cost-saving measure. The idea was that a year would give NHS trusts time to manage their upgrades and get modern operating systems, but instead it seems some trusts preferred to spend the money not on IT upgrades but on executive remuneration, nicer offices, and occasionally patient care. Defence Secretary Michael Fallon claimed on Sunday that "less than five per cent of [NHS] trusts" still use Windows XP.

Naturally, Microsoft doesn't want to kill the goose that lays such lovely golden eggs, by handing out patches for old gear for free. And supporting a 16-year-old operating system like Windows XP must be a right pain in the ASCII for its engineers. And we appreciate that computers still running out-of-date operating systems are probably doing so for a reason – perhaps it's a critical device or an MRI scanner that can't be upgraded – and thus it doesn't matter if a patch landed in February, March or May: while every little helps, the updates are unlikely to be applied anyway.

On the other hand, we're having to live with Microsoft's programming mistakes nearly two decades on, mistakes that Microsoft is seemingly super reluctant to clean up, unless you go the whole hog and upgrade the operating system.

Most crucially, it's more than a little grating for Microsoft, its executives, and its PR machine, to be so shrill about the NSA stockpiling zero-day exploits when the software giant is itself nesting on a pile of fixes – critical fixes it's keeping secret unless you pay it top dollar. Suddenly, it's looking more like the robber baron we all know, and less like the white knight in cyber armor.

We asked Microsoft to comment on the timing of its patching, but its spokespeople uselessly referred us back to Smith's blog. Meanwhile, here's some more technical analysis of the WannaCrypt worm and how a kill switch for the nasty was found and activated over the weekend.

[May 19, 2017] Global Cyberattack Are Private Interests Using States: The global cyberattack, the NSA and Washingtons war propaganda against Russia by Bill Van Auken

Notable quotes:
"... Thus, amid the hysterical propaganda campaign over Russian hacking, Washington has been developing an array of cyber-weapons that have the capability of crippling entire countries. Through the carelessness of the NSA, some of these weapons have now been placed in the hands of criminals. US authorities did nothing to warn the public, much less prepare it to protect itself against the inevitable unleashing of the cyber weapons it itself had crafted. ..."
"... There was no question then of an investigation taking months to uncover the culprit, much less any mystery going unsolved. Putin and Russia were declared guilty based upon unsubstantiated allegations and innuendo. Ever since, the Times ..."
"... Since Trump's inauguration, the Democratic Party has only intensified the anti-Russian propaganda. It serves both as a means of pressuring the Trump administration to abandon any turn toward a less aggressive policy toward Moscow, and of smothering the popular opposition to the right-wing and anti-working class policies of the administration under a reactionary and neo-McCarthyite campaign painting Trump as an agent of the Kremlin. ..."
May 16, 2017 | www.defenddemocracy.press

The cyberattack that hit some 200,000 computers around the world last Friday, apparently using malicious software developed by the US National Security Agency, is only expected to escalate and spread with the start of the new workweek.

The cyber weapon employed in the attack, known as "WannaCrypt," has proven to be one of the most destructive and far-reaching ever. Among the targets whose computer systems were hijacked in the attack was Britain's National Health Service, which was unable to access patient records and forced to cancel appointments, treatments and surgeries.

Major corporations hit include the Spanish telecom Telefonica, the French automaker Renault, the US-based delivery service Fedex and Germany's federal railway system. Among the worst affected countries were reportedly Russia, Ukraine and Japan.

The weaponized software employed in the attacks locks up files in an infected computer by encrypting them, while demanding $300 in Bitcoin (digital currency) to decrypt them and restore access.

Clearly, this kind of attack has the potential for massive social disruption and, through its attack on institutions like Britain's NHS, exacting a toll in human life.

This event, among the worst global cyberattacks in history, also sheds considerable light on issues that have dominated the political life of the United States for the past 10 months, since WikiLeaks began its release of documents obtained from the hacked accounts of the Democratic National Committee and John Podesta, the chairman of Hillary Clinton's presidential campaign.

The content of these leaked documents exposed, on the one hand, the DNC's machinations to sabotage the presidential campaign of Bernie Sanders, and, on the other, the subservience of his rival, Hillary Clinton, to Wall Street through her own previously secret and lavishly paid speeches to financial institutions like Goldman Sachs.

Read also: Obama Warned to Defuse Tensions with Russia

This information, which served to discredit Clinton, the favored candidate of the US military and intelligence apparatus, was drowned out by a massive campaign by the US government and the corporate media to blame Russia for the hacking and for direct interference in the US election, i.e., by allegedly making information available to the American people that was supposed to be kept secret from them.

Ever since then, US intelligence agencies, Democratic Party leaders and the corporate media, led by the New York Times , have endlessly repeated the charge of Russian hacking, involving the personal direction of Vladimir Putin. To this day, none of these agencies or media outlets have provided any probative evidence of Russian responsibility for "hacking the US election."

Among the claims made to support the allegations against Moscow was that the hacking of the Democrats was so sophisticated that it could have been carried out only by a state actor. In a campaign to demonize Russia, Moscow's alleged hacking was cast as a threat to the entire planet.

Western security agencies have acknowledged that the present global cyberattack-among the worst ever of its kind-is the work not of any state agency, but rather of a criminal organization. Moreover, the roots of the attack lie not in Moscow, but in Washington. The "WannaCrypt" malware employed in the attack is based on weaponized software developed by the NSA, code-named Eternal Blue, part of a bundle of documents and computer code stolen from the NSA's server and then leaked by a hacking group known as "Shadow Brokers."

Read also: The End of Freedom? Secret Services developing like a Cancer

Thus, amid the hysterical propaganda campaign over Russian hacking, Washington has been developing an array of cyber-weapons that have the capability of crippling entire countries. Through the carelessness of the NSA, some of these weapons have now been placed in the hands of criminals. US authorities did nothing to warn the public, much less prepare it to protect itself against the inevitable unleashing of the cyber weapons it itself had crafted.

In its report on the global cyberattacks on Saturday, the New York Times stated: "It could take months to find out who was behind the attacks-a mystery that may go unsolved."

The co-author of these lines was the New York Times chief Washington correspondent David E. Sanger, who, in addition to writing for the "newspaper of record," finds time to lecture at Harvard's Kennedy School of Government, a state-connected finishing school for top political and military officials. He also holds membership in both the Council on Foreign Relations and the Aspen Strategy Group, think tanks that bring together capitalist politicians, military and intelligence officials and corporate heads to discuss US imperialist strategy.

All of this makes Sanger one of the favorite media conduits for "leaks" and propaganda that the CIA and the Pentagon want put into the public domain.

It is worth contrasting his treatment of the "WannaCrypt" ransomware attack with the way he and the Times dealt with the allegations of Russian hacking in the run-up to and aftermath of the 2016 US presidential election.

There was no question then of an investigation taking months to uncover the culprit, much less any mystery going unsolved. Putin and Russia were declared guilty based upon unsubstantiated allegations and innuendo. Ever since, the Times, serving as the propaganda outlet of the US intelligence services, has given the lead to the rest of the media by endlessly repeating the allegation of Russian state direction of the hacking of the Democratic Party, without bothering to provide any evidence to back up the charge.

Read also: Political Coverup of Iraq Atrocities

With the entire world now under attack from a weapon forged by Washington's cyberwarfare experts, the hysterical allegations of Russian hacking are placed in perspective.

From the beginning, they have been utilized as war propaganda, a means of attempting to promote popular support for US imperialism's steady escalation of military threats and aggression against Russia, the world's second-largest nuclear power.

Since Trump's inauguration, the Democratic Party has only intensified the anti-Russian propaganda. It serves both as a means of pressuring the Trump administration to abandon any turn toward a less aggressive policy toward Moscow, and of smothering the popular opposition to the right-wing and anti-working class policies of the administration under a reactionary and neo-McCarthyite campaign painting Trump as an agent of the Kremlin.

SOURCE www.wsws.org

[May 19, 2017] There are other search engines, browsers, email services besides those operated by the giants. DuckDuckGo, protonmail, and the Opera browser (with free built-in VPN!) work well for me

As soon as DuckDuckGo shows ads and you have Javascript enabled your privacy evaporate the same way it evaporated in Google, unless you use VPN. But even in this case there are ways to "bound" your PC to you via non IP based methods.
May 19, 2017 | www.nakedcapitalism.com

lyman alpha blob , May 19, 2017 at 1:58 pm

There are other search engines, browsers, email services, etc. besides those operated by the giants. DuckDuckGo, protonmail, and the Opera browser (with free built-in VPN!) work well for me.

The problem is, if these other services ever do get popular enough, the tech giants will either block them by getting their stooges appointed to Federal agencies and regulating them out of existence, or buy them.

I've been running from ISP acquisitions for years, as the little guys get bought out I have to find an even littler one.

Luckily I've found a local ISP, GWI, that I've used for years now. They actually came out against the new regulations that would allow them to gather and sell their customers' data. Such anathema will probably wind up with their CEO publicly flayed for going against all that is good and holy according to the Five Horsemen.

[May 17, 2017] How to Enable Volume Shadow Copy in windows 7 - Microsoft Community

May 17, 2017 | answers.microsoft.com
The title and message were edited so now we know what is needed.

How to Create a System Restore Point in Windows 7
http://www.sevenforums.com/tutorials/697-system-restore-point-create.html

How to Do a System Restore in Windows 7
http://www.sevenforums.com/tutorials/700-system-restore.html


System Protection - Change Disk Space Usage
http://www.sevenforums.com/tutorials/335-system-protection-change-disk-space-usage.html


How to Turn System Protection On or Off in Windows 7
http://www.sevenforums.com/tutorials/330-system-protection-turn-off.html

Adjusting the amount of disk space System Restore uses to hold restore points
http://bertk.mvps.org/html/diskspacev.html


How To Change How Much Space System Restore Can Use
http://www.vistax64.com/tutorials/76227-system-restore-disk-space.html
http://www.petri.co.il/change_amount_of_disk_space_used_by_system_restore_in_vista.htm


Vssadmin ShadowStorage Commands
http://technet.microsoft.com/en-us/library/cc755866(WS.10).aspx


Volume Shadow Copy Service
http://technet.microsoft.com/en-us/library/ee923636(WS.10).aspx

Volume Shadow Copy Service
http://msdn.microsoft.com/en-us/library/bb968832(VS.85).aspx


VSSADMIN
http://technet2.microsoft.com/windowsserver/en/library/89d2e411-6977-4808-9ad5-476c9eaecaa51033.mspx?mfr=true


Windows Vista System Restore Guide
http://www.bleepingcomputer.com/tutorials/tutorial143.html


Controlling Shadow Copies in Vista (and Windows 7!)
http://www.pcmag.com/article2/0,2817,2342534,00.asp


A good utility :

Shadow Explorer - Free
http://www.shadowexplorer.com/


Hope this helps.
--------------------------------------------------------------------------------------------
Rob Brown - Microsoft MVP <- profile - Windows and Devices for IT: Bicycle - Mark Twain said it right.

[May 17, 2017] Microsoft blocks Kaby Lake and Ryzen PCs from Windows 7 updates

May 17, 2017 | www.techconnect.com
The time has finally come: Microsoft is dropping the banhammer on mixing modern processors with classic Windows operating systems.

Users are reporting their Windows 7 and 8.1 PCs with Kaby Lake and Ryzen processors are being blocked from receiving updates, according to Ars Technica and Tech Report .

That means all updates, including security updates, will be unavailable on PCs with brand new hardware running the two older operating systems. The first hints of this were revealed in March, when a Microsoft support page appeared detailing the policy of blocking updates for Kaby Lake and Ryzen-toting PCs using Windows 7 or 8.1.

Microsoft's stance on PCs running a classic Windows build with newer processors actually goes back to January 2016. At that time, Microsoft announced a plan to ease the transition to Windows 10 for enterprises by certifying some Skylake processors to run Windows 7 and Windows 8.1 for a limited time. The company also added that Intel's Kaby Lake, Qualcomm's 8996 Snapdragon processsors, and what we now call AMD Ryzen would all require Windows 10.

Since then, Microsoft has proved more flexible on the Skylake front . Select members of that processor generation will be able to run Windows 7 and Windows 8.1 until both systems reach the end of their extended support periods in 2020 and 2023 respectively. For Ryzen and Kaby Lake, however, Microsoft hasn't budged, with Intel and AMD willing to play along .

[May 17, 2017] How to avoid the WannaCrypt virus if you run Windows XP in VM

May 17, 2017 | www.techconnect.com
WannaCrypt may be exclusively a problem for Windows users, but the worm/virus combination could hit a Mac user with a Boot Camp partition or Windows virtual machines in VMware Fusion, Parallels, or other software. If you fit that bill and haven't booted your Windows system since mid-March or you didn't receive or install Microsoft's vital security update (MS17-010) released at that time, read on.

It's critical that you don't start up a Windows XP or later installation that's unpatched and let it connect to the Internet unless you're absolutely sure you have the SMB file-sharing service disabled or firewall or network-monitoring software installed that will block any attempt from an outside connection.

Also, if you use Windows XP or a few later releases of Windows that are past Microsoft's end of support since mid-March, you wouldn't have received the security updates that Microsoft was reserving only for corporate subscribers until last Friday . At that point, they made these updates generally available. If you booted any of those systems between mid-March and Friday, you're unprotected as well.

If your Mac is on a network that uses NAT and DHCP to provide private IP addresses, which is most home networks and most small-office ones, and your router isn't set up to connect the SMB file service from outside the local private network to your computer (whether Boot Camp or a VM), then the WannaCrypt worm can only attack your system from other computers on the same network. If they're already patched or there are no other Windows instances of any kind, you can boot up the system, disable SMBv1, and apply the patches.

If you don't want to take that chance or you have a system that can be reached from the greater Internet directly through whatever method (a routable IP or router port mapping to your Mac), you should disable networking on your computer before restarting into Boot Camp or launching a VM. This is easy with ethernet, but if you're using Wi-Fi for your Windows instance, you need to unplug your network from the Internet.

After booting, disable SMBv1. This prevents the worm from reaching your computer, no matter where it is. Microsoft offers instructions for Windows 7 and later at this support note . If you have a Windows XP system, the process requires directly editing the registry, and you will want to install firewall software to prevent incoming connections to SMB (port 445) before proceeding. The firewall approach is a good additional method for any Windows instance.

Once you've either disabled SMBv1 or have a firewall in place, you can enable network access and install all the patches required for your release, including MS17-010.

In some cases, you no longer need SMBv1, already known to be problematic, and can leave it disabled. If for legacy reasons you have to re-enable it, make sure you have both networking monitoring and firewall software (separately or a single app) that prevents unwanted and unexpected SMB access.

[May 16, 2017] Ransomware scum have already unleashed kill-switch-free WannaCry pt variant • The Register

Notable quotes:
"... Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some dispute. ..."
"... Other researchers, including Kevin Beaumont, are also telling us they haven't yet seen a variant of WannaCrypt without a kill switch. ..."
"... Certainly the NSA should have reported it to Microsoft but they apparently didn't ... ..."
"... Implying that Windows 8, and Windows 10 are better than an unmaintained Windows XP SP3 Installation. Which can still do it's job. Probably better than those other Two numbskull OSs. Assuming Microsoft were kind enough to continue supporting it. But, alas that way only madness lay. As XP does not contain Tracker's, and (Cr)App Stores to take your Moneyz. ..."
"... It's clear the NSA intended to not inform Microsoft at all as this was part or their arsenal, a secret tool on their version of a Bat Belt. We must blame the NSA as they developed it, hoarded it and then lost control of it when it got out. This should be an example of how such organisations should not be using such methods. ..."
"... The NSA found it. Kept it secret, then lost the code due to real humans making mistakes or breaking in who discover a pot of "hacker gold" runnable and mature from the fist double click. ..."
"... In my experience with embedded systems there is nothing particularly fancy about the way the PC talks to the special hardware. There is nothing that says it can't be upgraded to say 32 bit Windows 7 or even rewritten for Linux. Much of the code is written in C or Delphi. It would take a bit of work but not impossible. ..."
"... The problem is that like Microsoft the manufacturers have moved on. They are playing with their next big thing and have forgotten about that old stuff. ..."
"... And in a few years it will all be forgotten. Nachi / Blaster anyone? ..."
"... Patching and AV inevitably often is bolting the stable door after horses gone for the first hit. Yet proper user training and proper IT configuration mitigates against almost all zero day exploits. I struggle to think of any since 1991. ..."
"... Firewalls, routers, internal email servers (block anything doubtful), all superfluous services and applications removed, no adhoc sharing. users not administrators, and PROPER training of users. ..."
"... Went to the doctor's surgery this morning. All the computers were down. I queried if they'd been hit with the malware, but apparently it was as a preventative measure as their main NHS trust has been badly hit, so couldn't bring up any records or even know what the wife's blood test was supposed to be for. Next I'm expecting the wife's hospital appt to be canceled due to the chaos it is causing. ..."
"... The answer is not to avoid Windows. It's for our so-called security agencies to get to understand that they are not supposed to be a dirty tricks department collecting weapons for use against others, but that they are supposed to work on our national security - which includes public and private services and businesses as well as the Civil Service. ..."
"... Windows 10 STILL has SMBv1 needlessly enabled by default. Should either be disabled by default or removed all together. Wonder when someone will find another exploitable weakness. Staying secure means turning off protocols you don't need. ..."
"... Instead of that, criminally stupid idots at NHS IT in the affected trusts as well as other enterprises which were hit: 1. Put these unpatchable and unmaintainable machines in the same flat broadcast domain with desktop equipment. There was no attempt at isolation and segmentation whatsoever. ..."
"... Each of these should be a sackable offense for the IT staff in question. ..."
"... Systems vendors to the NHS are borderline criminal. In pharmacy, there are only 1 of 4 mandated systems vendors you can choose. The 3 desktop based ones have so much legacy crap etc that they still only work on windows 7. They also insist on bundling in a machine to just a stupid high cost to a tech illiterate customer base - generally a cut down crappier version of something you could by uin argos for 300 quid they will charge over a grand for. Their upgrade cycles are a f**king joke and their business model makes their customers very reluctant to do so as they have fork out silly money ..."
"... Firstly, a state actor attack would be far better targeted. Stuxnet, for example, actually checked the serial numbers of the centrifuges it targeted to ensure that it only hit ones created in the right date span to impact only those bought by Iran. The vector on this attack, on the other hand, literally just spammed itself out to every available IP address that had port 445 open. ..."
"... most of the original bits of this were actually quite shittily written. Oh sure, there was a genuine bit of high-tech NSA code in there from the shadow broker leak... but there was also a fair load of primitive crap there too. It's a bit like an 16 year old came into possession of an F-16; it was destructive as hell but he didn't really know how to fly it. ..."
"... there's literally 5 different layers of my SMB's security that blocked this (patching, permissions, firewall, commercial AV, VLANs). And we're not exactly cutting-edge - just running best practice. ..."
"... In short, if this was state-backed, then the state in question would have to be somewhere like Honduras, not one of the big-league infosec powers. ..."
"... I read the Malwaretech log (excellent description of why you'd look for a nonexistent domain to determine if you're sandboxed) and thought: OK, so the virus writer should check a randomly generated domain, instead of a fixed one. That way, they can't all be registered, your virus can't be kill-switched the way this one was, and your virus can still tell if it's being run in a sandbox. ..."
"... the code is not proxy aware and the kill switch would not work in well structured environments where the only access to the net is via a configured non transparent proxy. ..."
"... In this case, knowing there are a number of nation state backed cyber defence teams looking into this... they either a) have balls big enough to need a wheelbarrow and believe that they wont get caught no matter what and cyber defence is really too hard to deliver effectively, regardless of backers. or b) that they are insanely stupid and greedy and are not following the news... ..."
"... Given that the only safe/undetected way of laundering the bitcoins will be to buy drugs or guns or other such illegal goods on the darkweb and then turn that into cash by selling it on then the perps are as you say both greedy and insanely (criminally) stupid. ..."
"... If Microsoft had an update channel for security patches only, not unwanted features and M$'s own brand of malware, people would but alot more inclined to stay up to date. ..."
"... Rumors running around that this is Deep State sponsored coming out of various cliques in intelligence agencies in retaliation for the Vault 7 leaks. ..."
May 16, 2017 | theregister.co.uk
15 May 2017 at 09:42, John Leyden Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware .

Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some dispute.

"As far as I know there's only been two variants (one this morn) and none without [a kill]switch," security researcher Dave Kennedy told El Reg . Other researchers, including Kevin Beaumont, are also telling us they haven't yet seen a variant of WannaCrypt without a kill switch.

What isn't in question is that follow-up attacks based on something similar to WannaCrypt are likely and that systems therefore really need protecting. Black hats might well create a worm that attacks the same Windows vulnerability more stealthily to install a backdoor on the many vulnerable systems still out there, for example.

The WannaCrypt ransomware spread to devastating effect last week using worm -like capabilities that relied on a recently patched vulnerability in Microsoft's SMB file-sharing services (MS17-010). WannaCrypt used a purloined EternalBlue exploit originally developed by the US National Security Agency before it was leaked by the Shadow Brokers last month.

WannaCrypt's victims included the National Health Service, Spain's Telefónica and numerous other organisations across the world. A techie at Telefónica confirmed that the initial infection vector was a phishing email . The scale of the attack prompted Microsoft to take the highly unusual step of releasing patches for unsupported operating systems , including Windows XP. ®

Re: Inevitable

Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly the NSA should have reported it to Microsoft but they apparently didn't ... who knows.

The real issue here is that Microsoft stopped has patching XP and Vista systems in an attempt to force users to upgrade -- that's where the real money is in these vulnerabilities. So who's going to make out like a bandit from WannaCry et al? Expect Microsoft Win 10 share to increase over the next few months - they are the real winners here.

Mage

Re: The real issue here is that Microsoft stopped has patching XP

Actually technically they haven't stopped. (Vista yes).

BUT THE PATCHING IS NEARLY IRRELEVANT!

Like most other spam borne "attacks" this would be totally mitigated by

1) User training and common sense.

2) Better configured systems.

XP use by NHS is a red herring.

Even if EVERYONE used Linux* and it was updated daily, it will NOT stop this until the USERs are better trained and use email properly.

[*Because all the spam based attacks would be aimed at Linux]

Ken Hagan

Re: Inevitable

"Because the likes of the FSB & PLA must be too stupid to have also discovered these types of vulnerabilities."

If they knew about them, they didn't do a very good job of protecting their own gear from them.

M.
Re: Inevitable

Your Comment: "Yes, the NSA is criminal for making these immoral and unlawful cyber weapons..."

Unlawful? By what law, specifically? (NOTE: Title 10 and Title 50 authorities directly - and legally - trump certain US laws.) As an analogy - It's not "illegal" for a policeman to speed to catch up to a criminal. It's not "illegal" for the NSA to create tools to compromise computers.

You can argue all day as to whether it is illegal to DEPLOY tools, once created, against CERTAIN computers, but I don't think you have a leg to stand on calling the fact that NSA *creates* such a tool - if they even did create one themselves - in any way an illegal act.

Michael Habel
Re: Inevitable

Implying that Windows 8, and Windows 10 are better than an unmaintained Windows XP SP3 Installation. Which can still do it's job. Probably better than those other Two numbskull OSs. Assuming Microsoft were kind enough to continue supporting it. But, alas that way only madness lay. As XP does not contain Tracker's, and (Cr)App Stores to take your Moneyz.

DuncanLarge
Re: Inevitable

"Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly the NSA should have reported it to Microsoft but they apparently didn't ... who knows."

It's clear the NSA intended to not inform Microsoft at all as this was part or their arsenal, a secret tool on their version of a Bat Belt. We must blame the NSA as they developed it, hoarded it and then lost control of it when it got out. This should be an example of how such organisations should not be using such methods.

The only way Microsoft knew about this and patched this was because the NSA lost control of the code to ShadowBrokers who then reported it to Microsoft giving them enough time to roll out a patch before a public release.

As you correctly say, anyone could have developed code that exploits the flaw. But who detected that flaw first? So who should have the social responsibility to improve the "cyber" defense of at least their own nation by disclosing such a flaw?

The NSA found it. Kept it secret, then lost the code due to real humans making mistakes or breaking in who discover a pot of "hacker gold" runnable and mature from the fist double click.

For this very reason Apple, correctly, refused to create a version of iOS that could be installed on an iphone to weaken the pin entry screen to allow the FBI entry. Apple knew they could not simply trust that this hacked version of iOS could be kept under control.

inmypjs
Re: Inevitable

"blaming a commercial company for not patching a 13 year"

I think blaming and criticising a company that sold you buggy vulnerable crap and refuses to fix bugs because someone else didn't find and advise them of them soon enough is entirely justified.

I have some compilers from a company with a policy that finding a bug in an obsolete unsupported version of the compiler entitles you to a free upgrade to a current supported version. That would be the policy of a decent company (which Microsoft clearly isn't). Of course Microsoft's current supported version being a piece of shit that no one wants would stymie such a policy.

Wayland
Re: So you're blaming a commercial company for not patching a 13 year old OS?

In my experience with embedded systems there is nothing particularly fancy about the way the PC talks to the special hardware. There is nothing that says it can't be upgraded to say 32 bit Windows 7 or even rewritten for Linux. Much of the code is written in C or Delphi. It would take a bit of work but not impossible.

The problem is that like Microsoft the manufacturers have moved on. They are playing with their next big thing and have forgotten about that old stuff.

What is needed is a commitment from the manufacturers to either support the gear for 30 years or share the code and the schematics. Obviously a consideration would be required from the buyer, I don't see why they should do that for free.

The easiest thing would be to keep XP going and Microsoft will do that if you pay them. The next thing would be to fit each XP system with a hardware firewall. Don't expect XP to protect itself, put a packet sniffing firewall in between.

Dr Who
You could look at an event such as that of the last few days as the Internet's version of a wildfire. In the short run some damage is done but in the long run the fire's job is to clear out dead wood and enable the regrowth of a stronger, healthier ecosystem. Short term pain for long term gain.
Lost all faith...
And in a few years it will all be forgotten. Nachi / Blaster anyone?
katrinab
Not really.

"We've installed the MS security patch, we've restored from back-up. Everything's OK now".

Papworth NHS Trust has had something like 16 of these ransomware attacks in the last 12 months, and hasn't done anything. It is going to take a lot more than this to change management attitudes.

Mage
Internet's version of a wildfire.

No, because very few organisations and users will learn the real lessons.

Patching and AV inevitably often is bolting the stable door after horses gone for the first hit. Yet proper user training and proper IT configuration mitigates against almost all zero day exploits. I struggle to think of any since 1991.

Firewalls, routers, internal email servers (block anything doubtful), all superfluous services and applications removed, no adhoc sharing. users not administrators, and PROPER training of users.

Anonymous Coward

I wish! The idiots who think it's fine to run XP are paid ten times more than me and they'll still be in the same role this time next year. They'll be no getting rid of dead wood, just more winging it and forcing underpaid Techies to work more weekends after more screw ups.

Stuart 22
Is it just me?

Its surely incredible that a lone pizza stuffed actor could get immediate access to the worm and spend a night before he spotted the 'call home' vector? Is that really that hard? And beat the best resourced detection agencies worldwide?

Surely every IT detective agency including GCHQ would have sandboxed it on first sight, thrown their best at it if only to beat their friends across the pond, to save Jeremy Hunt & Mother Theresa's bacon just ahead of a new funding opportunity (aka new government).

It all smells not only of pizza but planted news. And if it is genuine what on earth are we paying this organisation and every anti-virus firm for?

Andy Non
Re: Experts all giving advice how how to stay secure

Went to the doctor's surgery this morning. All the computers were down. I queried if they'd been hit with the malware, but apparently it was as a preventative measure as their main NHS trust has been badly hit, so couldn't bring up any records or even know what the wife's blood test was supposed to be for. Next I'm expecting the wife's hospital appt to be canceled due to the chaos it is causing.

I wonder if we can get a go-fund-me page set up to hire someone to track down this hacker scum and take out a hit on them? A bullet to the brain may give other scumbags something to think about.

Voyna i Mor
Re: Experts all giving advice how how to stay secure

The answer is not to avoid Windows. It's for our so-called security agencies to get to understand that they are not supposed to be a dirty tricks department collecting weapons for use against others, but that they are supposed to work on our national security - which includes public and private services and businesses as well as the Civil Service.

The fact that May and Rudd seem totally unable to get what could go wrong post-Snowden suggests that when one of them became PM, a school somewhere missed the bullet of a particularly anal retentive geography teacher.

Anonymous Coward

Re: Experts all giving advice how how to stay secure

Actually Windows 10 was affected, but because it patches more aggressively the March fix was already applied to must unless they had different WSUS settings in a business/edu environment.

Ferry Michael
Re: Experts all giving advice how how to stay secure

Windows 10 STILL has SMBv1 needlessly enabled by default. Should either be disabled by default or removed all together. Wonder when someone will find another exploitable weakness. Staying secure means turning off protocols you don't need.

I have a dual boot laptop that has not booted to Windows since before March - I need to review what services it has enabled to make it a bit more secure before I connect it to the Internet to download latest patches.

Patching and anti-virus software take time to apply after a vulnerability has been discovered. That can be too late.

roblightbody
Re: Experts all giving advice how how to stay secure

From https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

"Customers running Windows 10 were not targeted by the attack today."

Voland's right hand
Re: Experts all giving advice how how to stay secure

Some people do not have any choice. When the X-ray machines in the affected hospital trusts were bought using Windows XP (or even 2001) imaging software, that was state of the art. The issue is that the life of a piece of equipment like this vastly exceeds the lifespan of the OS that was used for the control system. On top of that, quite often these cannot be patched as the software is written so badly that it will work only with a specific patch-level of the core OS.

That CAN and SHOULD be mitigated by:

0. Considering each and every one of those a Typhoid Mary in potentia

2. Preventing any communication except essential management and authentication/authorization going out

3. Providing a single controlled channel to ship out results to a location which we CAN maintain and keep up to date.

Instead of that, criminally stupid idots at NHS IT in the affected trusts as well as other enterprises which were hit:

1. Put these unpatchable and unmaintainable machines in the same flat broadcast domain with desktop equipment. There was no attempt at isolation and segmentation whatsoever.

2. In some cases allowed use of unrelated desktop applications (at ridiculously ancient patch-levels) such as Outlook or even Outlook Express.

3. Opened file sharing on the machines in question.

Each of these should be a sackable offense for the IT staff in question.

mcpharm
Re: Experts all giving advice how how to stay secure

It's more than incompetent IT people and way worse and virtually impossible to fix.

There is a lot of niche or specialist custom software used in the nhs that can only work on XP and ie 6 period. Most of the people who wrote are dead or retired etc

Systems vendors to the NHS are borderline criminal. In pharmacy, there are only 1 of 4 mandated systems vendors you can choose. The 3 desktop based ones have so much legacy crap etc that they still only work on windows 7. They also insist on bundling in a machine to just a stupid high cost to a tech illiterate customer base - generally a cut down crappier version of something you could by uin argos for 300 quid they will charge over a grand for. Their upgrade cycles are a f**king joke and their business model makes their customers very reluctant to do so as they have fork out silly money

for a new shit machine just cos their vendors tells they have to .. our superdupa crap shit fuck software will only work on a machine we provide. Emis/proscript have alot to answer for ..

Lots of the staff and their employers are basically proud of being a digital numbskull. "I am healthcare professional, why should i have to know anything about this" and the drones are so poorly paid / bitched at incessantly about everything they just have an" i dunno i just work here, that's not my job attitude" I have to screenshare to train people how to use our websites .. this means i have to get them stick a url into their browser, that's it ... you have no idea how many can't do that .. then get all offended when i ask them what browser they are using .. "i don;t know, why should i know that, i just use google" is always the response .. when half the nhs work force doesn't know what a f**king browser is and peversely proud of the fact they can't type a url into a brower address bar, how on earth are we ever going to hav any sunnvbnf0ijgogjrnb;vzjnav;kjnnf;kqgfnjv;jnf;jjvn;w

Data Security has turned into one of these tick box things, everyone has dire warning, you will be fined loads of money for doing something wrong that you don't understand and actively don't want to understand so no one gives a f**k as long as they can say they ticked the right boxes.

Anonymous Coward

A dish best served cold

Now, I would *hate* to start an internet rumour... but didn't the USA promise a retaliation? :-)

Yupp, there was some collateral damage amongst their allies, but thats the new normal.

Anon because I might be right ;-)

Naselus
Re: A dish best served cold

"Anon because I might be right"

You aren't.

Firstly, a state actor attack would be far better targeted. Stuxnet, for example, actually checked the serial numbers of the centrifuges it targeted to ensure that it only hit ones created in the right date span to impact only those bought by Iran. The vector on this attack, on the other hand, literally just spammed itself out to every available IP address that had port 445 open.

Second, US retaliation would almost certainly involve using a few zero-days. If you want to prove that you have vastly more power than your opponent, then you want to do something that literally resembles friggin' magic from his point of view. You want to show him that he can do nothing whatsoever to defend his critical infrastructure from your attacks. This did not; nothing in this hadn't already been discovered and patched. If the best thing the US can throw at Russia could be taken out by just switching on your WSUS server in the past three months, then there's no point even doing it because it would make them look weak, not strong.

Thirdly, and most importantly, most of the original bits of this were actually quite shittily written. Oh sure, there was a genuine bit of high-tech NSA code in there from the shadow broker leak... but there was also a fair load of primitive crap there too. It's a bit like an 16 year old came into possession of an F-16; it was destructive as hell but he didn't really know how to fly it.

I've just finished in a webinar on the incident, and there's literally 5 different layers of my SMB's security that blocked this (patching, permissions, firewall, commercial AV, VLANs). And we're not exactly cutting-edge - just running best practice.

In short, if this was state-backed, then the state in question would have to be somewhere like Honduras, not one of the big-league infosec powers.

Anonymous Coward

On the topic of NSA exploits being used by WannaCry, was the DOUBLEPULSAR exploit patched with MS17-010?

Commswonk
I can't help thinking that announcing the discovery of the kill switch might not have been a good idea.

And you should see the number of downvotes I got in another thread for suggesting exactly that.

Another commentator stated (if I understood him correctly) that the "public announcement" was more or less irrelevant because security experts' chatter on blogs would have given the game away anyway.

In turn that made me think along the lines of " FFS what sort of security experts swap notes on blogs that may be / almost certainly are open to being read by the hackers "

I think I despair... if the above is true then there is simply no hope.

Norman Nescio
Possibly not an intentional kill switch

As the Malwaretech blog entry here:

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

points out, it was quite possibly not an intentional kill switch.

Some malware probes for the existence of a selection of randomly generated domains. Some sandbox VMs respond to all DNS lookups by providing back the IP address of the sandbox VM instance. If the malware sees a positive response to the DNS lookups (which should fail), then the logic is that it is probably running in a sandbox VM, which may well be being used to analyse/investigate the malware, so the malware stops running.

The single lookup of the unusual domain name was possibly a poor implementation of this technique.

Alternatively, it is an intentional kill switch, used during development, with a local DNS server on the malware developer's LAN, the function of which was to prevent infection of other devices on the same LAN. If anyone keeps records of DNS lookups, it might be interesting to see where the first lookups came from.

Bill Gray
Re: Possibly not an intentional kill switch

@Norman Nescio : "...The single lookup of the unusual domain name was possibly a poor implementation of this [sandbox detection] technique."

I read the Malwaretech log (excellent description of why you'd look for a nonexistent domain to determine if you're sandboxed) and thought: OK, so the virus writer should check a randomly generated domain, instead of a fixed one. That way, they can't all be registered, your virus can't be kill-switched the way this one was, and your virus can still tell if it's being run in a sandbox.

Except the folks creating sandboxes might take the precaution of checking the domain. Instead of returning a valid result for any garbage domain, check to see if it's been registered first. Suddenly, the virus can no longer tell that it's running in a sandbox.

Except then, the virus author checks four or five valid domains; if they all return identical results, you know you're running in a sandbox. (Reading further, I see that this method is actually used in some cases.)

Except that _then_, the sandbox authors do some revisions so that seemingly accurate results are returned that are actually remapped by the sandbox code.

This is all outside my area of expertise. Still, I could see a nearly endless cycle of fix/counter-fix going on here.

Blotto
Ransome code is not proxy aware, kill switch won't work in most enterprises.

the code is not proxy aware and the kill switch would not work in well structured environments where the only access to the net is via a configured non transparent proxy.

Enterprises will need to think a bit harder about how they ensure the kill switch is effective this time. The miscreants wont make this same mistake next time.

Talking about the kill switch is good, wouldn't have taken the miscreants long to work out something was not right anyway.

Anonymous Coward

What is the motivation here? Is all it seems to be...

<Black Helicopter Icon>

Ransomware usually works on a relatively widespread basis but usually SMB, and domestic users. Big organisations and governments, generally are defended (although clearly some well publicised exceptions)

The beneficiaries are usually relatively safe as law enforcement cannot usually be bothered to investigate and the cash rolls in for the most desperate victims.

In this case, knowing there are a number of nation state backed cyber defence teams looking into this... they either a) have balls big enough to need a wheelbarrow and believe that they wont get caught no matter what and cyber defence is really too hard to deliver effectively, regardless of backers. or b) that they are insanely stupid and greedy and are not following the news...

Or is this already a state backed exercise from somewhere and is simply a global experiment at our expense? The fact the original flaw was used by the NSA is not really relevant, it simply got it publicity but was clearly available for a long time.

Anonymous Coward

Re: What is the motivation here? Is all it seems to be...

Given that the only safe/undetected way of laundering the bitcoins will be to buy drugs or guns or other such illegal goods on the darkweb and then turn that into cash by selling it on then the perps are as you say both greedy and insanely (criminally) stupid. No doubt they'll have their comeuppance shortly - without being "caught" by any nation state backed cyber defense team - probably up some dark alley being stiffed by gangbangers.

Probably just some kid :-(

gerritv
The warning was there in Sep 2016!!

We were told to stop using SMB v1 in Sep 2016. The only reason to keep it enabled is to use it with XP!

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

IanMoore33
MS should hire the NSA hackers

maybe they can teach them something about software

Anonymous Coward

In light of this threat I just got around to patching a somewhat neglected Windows 7 PC. And now it's got a message from Microsoft (falsely) saying it's not genuine. It may not be registered but it's certainly a legitimately purchased copy. So far it's just a tiny message in the corner of the screen but who knows what else it'll do. I don't have time for this. Guess I'll roll back the update and take my chances.

This bullshit is what I blame more than anything, even the NSA, for outbreaks like this. If Microsoft had an update channel for security patches only, not unwanted features and M$'s own brand of malware, people would but alot more inclined to stay up to date.

Anonymous Coward

The goal here was 2 fold.

1. Hurt Russia.

2. Hurt NSA credibility.

Everything else is gravy for the attackers. Rumors running around that this is Deep State sponsored coming out of various cliques in intelligence agencies in retaliation for the Vault 7 leaks.

Lion
Peer creds

The scum are obviously in hiding - either on a luxury yacht on the Black Sea or in a basement somewhere. I'd hazard a guess it is the latter. There must be other scum in the same racket who know who the are. I wonder if they have earned any street creds for what they did?

Their reward beyond the $30K they collected will be prison (blackmail and extortion are felonies).

John Smith 19
So the haul from this little operation is currently what $60K?

V. Poor criminal work. Extortion technique needs more work. Clean up costs have probably been in the $m.

Jim Birch
Re: So the haul from this little operation is currently what $60K?

This is a fairly typical ratio of realized proceeds of crime to cost of crime and prevention measures. The economic case for crime reduction is overwhelming. But it's easier said than done. People are creative, even (especially?) criminals.

truloxmyth
Its a sign of the times that no government is actually interested in Universal security, for the greater good of human kind. We're at a point where everything is now based online, and everyone in the world is connected.

The internet has removed the idea of 'borders' in the traditional sense!! I don't have to get on a plane to Italy, to see Italy. I can log onto remote cameras and a host of other online services, which mean I can be in the country without having to physically be in the country!

The NSA wasn't even bothered about protecting their own country... They didn't release this data, to allow the problem to be solved. If I were American I would be Pissed that my own government has been complicit in this entire debacle by keeping this quiet, and didn't release the information to the wider security community when they found the holes!!

If your doctor found you had terminal cancer, but they had a product that would guaranteed slowing of the cancer or entire removal of the disease then you would expect them to tell you wouldn't you?! But when the shady NSA finds a potentially life threatening exploit, they keep it to themselves?!... the middle letter of NSA stands for SECURITY for effs sake!!

There is no such thing as trust anymore between so called 'allies' as the NSA has just proved. It has also proved that life is worthless to them. This is clearly due to their inability to see the bigger picture of what they have A. Created, and B. Allowed to be released into the wild!!

Yes someone in their bedroom could have found the exploit, but that's a bedroom hacker/cracker. But you put pretty much unlimited resources and man power behind a department, then they are clearly going to come up with the exploit a billion times faster than a sole agent. Or even a collective of agents separated over the globe.

So all this stupidity that the NSA shouldn't be held accountable should be rethought. Because they CLEARLY are at fault here, for NOT DISCLOSING THE INFORMATION LAST YEAR!!!

[May 15, 2017] In the Wake Of Ransomware Attacks, Should Tech Companies Change Policies To Support Older OSs Indefinitely

Notable quotes:
"... At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, " pay extra money to us or we will withhold critical security updates " can be seen as its own form of ransomware. ..."
"... This attack happened because the US Government didn't do it's job. It's primary task is national defense. It kept a vulnerability to itself to attack foreigners instead of protecting it's own infrastructure, businesses and individuals. The government had these tools taken and passed around for everyone to use. And crap like this is why governments can never be allowed to have backdoors. The secrets will always get out. Everyone is vulnerable. ..."
"... There are more than enough XP users in the world for Microsoft to dedicate resources and turn a profit supporting it. Arbitrary sunset dates disconnected from reality of who is still using software amount to nothing more than sales tools intended to extort upgrade revenue.... buy this or get owned. ..."
"... I personally don't believe vendors should be allowed to walk away from safety defects in products in order to make money on upgrades. Buffer overflows are entirely preventable classes of software failures. It is a tractable problem to solve. That it may not be in the case of XP isn't the end users problem. ..."
"... XP was far easier to lock down and fully secure than 8 or 10 with that bullshit telemetry, and it had far fewer hardware restrictions. It is smaller and faster and more capable at most of my tasks than most modern systems (example: I use ManyCam 3.0.80 - 2000/XP-Era multi-cam software. Runs like a champ on XP with 4 webcams, I go 7 [Ultimate] or higher, I can no longer use more than 2 webcams despite the software having the ability to access them and me having more than enough USB bandwidth for the uncompressed video streams.) ..."
"... Most real IT pros know that XP was far superior to the locked-down and (quite often) over-optimized (as in the optimizations go so far as to make the code more complex and actually runs slower due to shit like cache misses and what not) bullshit that is anything after Windows 7. ..."
"... Forever support isn't reasonable, but at the same time vendors using security update channels to push unwanted upgrades for the benefit of the vendor is equally bad. ..."
"... They already exist. They're called routers. Network routers can be configured to provide great deal of protection to machines that are older and cannot be patched. Many contain firewall software. Even simple ones can be configured to block traffic on vulnerable ports. ..."
"... Abandoning Operating Systems is a cruel trick played by vendors who want the new revenue from upgrades...no matter what the cost in lost-business, learning-curves, and incompatibilities with existing practices may be to the customers.. Spending money on maintaining the security (even excluding features) of superceded products distracts from development of improved products, and is not in the vendors' self-interest. ..."
"... do those devices NEED internet connection? serious question as i don't know. if not, no problem ..."
"... Bad car analogy. Firstly many old cars are banned from using critical infrastructure like highways (or in some cases any roads) for their obvious threat to third parties and their owners. ..."
www.theserverside.com

In the aftermath of ransomware spread over the weekend, Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, writes an opinion piece for The New York Times:

At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, "pay extra money to us or we will withhold critical security updates" can be seen as its own form of ransomware.

In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms.

However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more.

Microsoft supported Windows XP for over a decade before finally putting it to sleep.

In the wake of ransomware attacks, it stepped forward to release a patch -- a move that has been lauded by columnists. That said, do you folks think it should continue to push security updates to older operating systems as well?

acoustix ( 123925 ) on Monday May 15, 2017 @01:01PM (#54419597)

Wrong Approach (Score:2)

This attack happened because the US Government didn't do it's job. It's primary task is national defense. It kept a vulnerability to itself to attack foreigners instead of protecting it's own infrastructure, businesses and individuals. The government had these tools taken and passed around for everyone to use. And crap like this is why governments can never be allowed to have backdoors. The secrets will always get out. Everyone is vulnerable.

WaffleMonster ( 969671 ) on Monday May 15, 2017 @12:09PM (#54419177)

Artificial scarcity (Score:2)

There are more than enough XP users in the world for Microsoft to dedicate resources and turn a profit supporting it. Arbitrary sunset dates disconnected from reality of who is still using software amount to nothing more than sales tools intended to extort upgrade revenue.... buy this or get owned.

I personally don't believe vendors should be allowed to walk away from safety defects in products in order to make money on upgrades. Buffer overflows are entirely preventable classes of software failures. It is a tractable problem to solve. That it may not be in the case of XP isn't the end users problem.

jrifkin ( 100192 ) on Monday May 15, 2017 @11:55AM (#54419015)

Yes. It's like vaccinations (Score:2)

If the number of older systems is large enough, then Yes, Microsoft should release patches for them.

They should do this for two reasons:

1) Reducing the number of infected systems helps protect others from infections

2) It protects the innocent, like those whose Medical Care was interrupted in the UK, from collateral damage.

Who pays for it? Microsoft. They have benefited from the sale of all those systems, and certainly have enough cash to divert some to supported old but prevalent systems. Also, the fact that people still use MS systems, even if they're old, benefits MS in some way by helping them maintain market share (and "mindshare"). Odds are that these systems will eventually be replaced by more MS systems, representing future revenue for MS.

Khyber ( 864651 ) <techkitsune@gmail.com> on Monday May 15, 2017 @11:50AM (#54418981) Homepage Journal

Re: Silly idea (Score:2)

"I think there is clearly one party at fault, and it is IT."

Why so? XP was far easier to lock down and fully secure than 8 or 10 with that bullshit telemetry, and it had far fewer hardware restrictions. It is smaller and faster and more capable at most of my tasks than most modern systems (example: I use ManyCam 3.0.80 - 2000/XP-Era multi-cam software. Runs like a champ on XP with 4 webcams, I go 7 [Ultimate] or higher, I can no longer use more than 2 webcams despite the software having the ability to access them and me having more than enough USB bandwidth for the uncompressed video streams.)

Most real IT pros know that XP was far superior to the locked-down and (quite often) over-optimized (as in the optimizations go so far as to make the code more complex and actually runs slower due to shit like cache misses and what not) bullshit that is anything after Windows 7.

swb ( 14022 ) on Monday May 15, 2017 @12:20PM (#54419293)

It's an existential problem (Score:2)

Forever support isn't reasonable, but at the same time vendors using security update channels to push unwanted upgrades for the benefit of the vendor is equally bad.

My guess is that we're going to be getting to the end of the road of the "nasty, brutish and short" state of nature in the software industry and start seeing more regulations.

Vendors will be able to EOL their products, but will also have to supply security updates for N years after the product is officially ended. Vendors will be required to maintain a security update channel which may not be used for pushing upgrades or unrequested new products.

An interesting solution would be to let vendors "expire" a version by inserting a patch that boots the OS at a warning page requiring a firm verbal commitment ("I agree this is obsolete") before booting any further. Vendors would be REQUIRED to do this for operating systems they had obsoleted but only after their N years of post-EOL support had ended.

This way, nobody escapes the product being EOL. Customers can still use it, but must affirmatively acknowledge it is obsolete. Vendors are required to keep supporting it for a really long time after official EOL, but they can kill it more completely but only after the EOL support period.

Anonymous Coward on Monday May 15, 2017 @10:44AM (#54418429)

No (Score:5, Insightful)

No. You can't support legacy software forever. If your customers choose to stay with it past it's notified EOL then they are SOL. Any company using XP that got hit by this can only blame themselves.

jellomizer ( 103300 ) on Monday May 15, 2017 @10:48AM (#54418451)

Re:No (Score:4, Insightful)

I will need to agree with conditions. If the Tech company is selling service contracts for that product, they will need to update it. However like XP and older, where the company isn't selling support, and had let everyone know that it off service, they shouldn't need to keep it updated. Otherwise I am still waiting for my MS DOS 6 patch as it is still vulnerable to the stoner virus.

AmiMoJo ( 196126 ) <mojo AT world3 DOT net> on Monday May 15, 2017 @12:11PM (#54419217) Homepage Journal

Re:No (Score:4, Insightful)

The people providing support should be the ones making MRI scanners, ATMs and other expensive equipment that only works with XP. Even when XP was brand new, did they really expect those machines to only have a lifetime of around 10 years? Microsoft was clear about how long support was going to be provided for.

It seems that people are only just waking up to the fact that these machines have software and it needs on-going maintenance. The next decade or two will be littered with software bricked but mechanically sound hardware, everything from IoT lightbulbs to multi-million Euro medical equipment.

In fact it's already happening. You can buy DNA sequencers on eBay, less than a decade old and original price $500,000, now barely worth the shipping because the manufacturer abandoned support.

number6x ( 626555 ) on Monday May 15, 2017 @12:18PM (#54419269)

They already exist (Score:4, Insightful)

They already exist. They're called routers. Network routers can be configured to provide great deal of protection to machines that are older and cannot be patched. Many contain firewall software. Even simple ones can be configured to block traffic on vulnerable ports.

In this case, a router could be configured to keep the SMB port (445) blocked. A router, with updated software, and a firewall gateway can help protect even older devices with embedded code that may no longer be supported.

Of course, it goes to say, that you must keep the router's software updated and not use default credentials on the router.

The NHS decided to not upgrade many old systems because the threat was deemed minimal. Offices were urged to upgrade but funds were not made available and infrastructure budgets were cut again and again. Multiple bad decisions led to this result.

Many things could have prevented it. Better funding, better threat assessment, the NSA informing Microsoft of the vulnerability so it could have been patched years ago, and on and on...

In the end we are here, and hopefully threats will be re-prioritized and better protections will be put in place in the future (I could not keep a straight face while typing that and finally burst out laughing).

bugs2squash ( 1132591 ) on Monday May 15, 2017 @10:45AM (#54418433)

Don't be silly (Score:2)

this did not need to be fixed with an OS patch, it could have been prevented with better network security policies. I would be surprised if someone hadn't said something about addressing the vulnerability earlier but probably got ignored because of some budgetary issue.

It would be more reasonable to call for continued money to be made available to address these vulnerabilities after a system has gone into production and a move to use more open source solutions where users can share patches.

CAOgdin ( 984672 ) on Monday May 15, 2017 @11:07AM (#54418613)

I recommend a Subscription model... (Score:3)

Abandoning Operating Systems is a cruel trick played by vendors who want the new revenue from upgrades...no matter what the cost in lost-business, learning-curves, and incompatibilities with existing practices may be to the customers.. Spending money on maintaining the security (even excluding features) of superceded products distracts from development of improved products, and is not in the vendors' self-interest.

Given that a new Operating system (retail) is in the $100-$150 range, I'd propose "Life Extension" service subscription, solely for security updates in the $30-35/year range...with a required minimum of 10,000 customers to keep maintaining the service. That provides enough revenue ($1,000,000+ per annum) to support a small, dedicated staff.

Frankly, there's no reason that a M$ couldn't engage in a Joint Venture with a small qualified, independent security firm to provide the service, with special access to proprietary information within the O.S. vendor.

It would be an investment in the rehabilitation of the O.S. vendors' reputation, because M$ has gotten quite high-handed in recent years, dictating (or even forcing) software on unwilling customers.who have existing businesses to run.

ToTheStars ( 4807725 ) on Monday May 15, 2017 @11:29AM (#54418801)

What if we tied support to copyright? (Score:5, Interesting)

Slashdot generally doesn't like ludicrously-long copyright terms, right? What if we made maintenance a requirement for retaining copyright over software? If Microsoft (or whoever) wants to retain a copyright on their software for 70 years, then they'd better be prepared to commit to 70 years of support. If they want to EOL it after 5 years or 20 years or whatever, and wash their hands of responsibility, that's fine, but then it's public domain. Why should we let companies benefit from software they don't support anymore?

This could also work for art works, as well -- because copyright exists "To promote the Progress of Science and useful Arts," we could make it a requirement that an author (or company, or whatever) needs to be distributing (or licensing for distribution) a work to have copyright on it. When it's out of print, it enters the public domain.

Hartree ( 191324 ) on Monday May 15, 2017 @11:07AM (#54418625)

Yes, because WinXP was never killed off. (Score:2)

It also lives on in many scientific instruments. An old mass spec that runs XP (or even older. I regularly maintain X Ray diffraction machines that still run DOS) usually can still do the day to day job just fine. The software usually hasn't been supported for many years and won't run on anything newer. But replacing the instrument could cost a large amount of money (250K or up in many cases).

Research budgets aren't growing and I work for a university in a state that can't pass a budget. We just don't have the money to throw out older systems that work well just because the software is outdated. We just take them off the network and use other means to get the data transferred off of them.

ganjadude ( 952775 ) on Monday May 15, 2017 @11:37AM (#54418873) Homepage

Yes, because WinXP was never killed off. (Score:2)

do those devices NEED internet connection? serious question as i don't know. if not, no problems

DontBeAMoran ( 4843879 ) on Monday May 15, 2017 @11:22AM (#54418727)

Re:Bitcoin is the problem (Score:2)

Because ransomware did not exist before Bitcoin. :rolleyes:

jellomizer ( 103300 ) on Monday May 15, 2017 @11:12AM (#54418661)

Re:Silly idea (Score:2)

What happens if a still used software isn't owned by anyone any more. The Company is out of business, There is no source code available. There is a point where the end user has some responsibility to update their system. Like the Model-T they may still keep it, and use it for a hobby, but knowing full well if you take it on the Highway and get in an accident you are probably going to get killed.

thegarbz ( 1787294 ) on Monday May 15, 2017 @12:08PM (#54419169)

Re:Silly idea (Score:3)

Bad car analogy. Firstly many old cars are banned from using critical infrastructure like highways (or in some cases any roads) for their obvious threat to third parties and their owners.

Also this isn't hobbies we're talking about. No one gives a crap if someone's Model T toy breaks down, just like no one will cry about the Windows XP virtual machine I play with at home.

The only complaints are against critical services, internet connected machines that operate and provide livelihoods for the owners. If the software isn't owned by anyone, ... well I'm sure the owner provided an unbiased risk assessment as to whether they should migrate to something that is supported by someone right? Didn't think so.

The end user has 100% of the responsibility, and dollars don't change that.

[May 15, 2017] Further Analysis of WannaCry Ransomware McAfee Blogs

May 15, 2017 | securingtomorrow.mcafee.com

WannaCry offers free decryption for some random number of files in the folder C:\Intel\<random folder name>\f.wnry. We have seen 10 files decrypted for free.

In the first step, the malware checks the header of each encrypted file. Once successful, it calls the decryption routine, and decrypts all the files listed in C:\Intel\<random folder name>\ f.wnry.

A code snippet of the header check:

The format of the encrypted file:

To decrypt all the files on an infected machine we need the file 00000000.dky, which contains the decryption keys. The decryption routine for the key and original file follows:

Bitcoin activity

WannaCry uses three Bitcoin wallets to receive payments from its victims. Looking at the payment activity for these wallets gives us an idea of how much money the attackers have made.

The current statistics as of May 13 show that not many people have paid to recover their files:

The attackers appear to have earned a little over BTC 15.44 (US$27,724.22). That is not much considering the number of infected machines, but these numbers are increasing and might become much higher in the next few days. It's possible that the sink holing of two sites may have helped slow things down:

Multiple organizations across more than 90 countries have been impacted, according to reports.

We will update this blog as we learn more.

[May 14, 2017] Cyber-attack could escalate as working week begins, experts warn by Robert Booth

May 14, 2017 | www.theguardian.com

"Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice," said Oliver Gower from the National Crime Agency.

A computer security expert credited with stopping the spread of the ransomware on Saturday by activating a digital "kill switch" warned on Sunday that a fresh attack was likely.

The expert, known only as MalwareTech on Twitter, said hackers could upgrade the virus. "Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw," he said on Twitter . "You're only safe if you patch ASAP."

On Sunday, Microsoft issued a security bulletin marked "critical" including security updates that it said "resolves vulnerabilities in Microsoft Windows".

It emerged over the weekend that NHS Digital last month emailed 10,000 individuals in NHS organisations warning them to protect themselves against the specific threat of ransomware and included a software patch to block such hacks on the majority of systems. However, it would not work with outdated Windows XP systems that still run on about 5% of NHS devices.

NHS Digital said it did not yet know how many organisations installed the update and this would be revealed in a later analysis of the incident.

... ... ...

Amber Rudd, the home secretary, who is leading the response to the attack, said the same day: "I don't think it's to do with ... preparedness. There's always more we can all do to make sure we're secure against viruses, but I think there have already been good preparations in place by the NHS to make sure they were ready for this sort of attack."

[May 14, 2017] More disruptions feared from cyberattack; Microsoft slams US secrecy

May 14, 2017 | www.atimes.com

In a blog post late Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the US National Security Agency, that leaked online in April.

He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Smith wrote. He added that governments around the world should "treat this attack as a wake-up call" and "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

The NSA and White House did not immediately respond to requests for comment about the Microsoft statement.

A general view of the Dharmais hospital in Jakarta, Indonesia May 14, 2017. REUTERS/Darren Whiteside
The Dharmais hospital in Jakarta was targeted by the Wannacry "ransomware" worm. Photo: Reuters/Darren Whiteside

US President Donald Trump on Friday night ordered his homeland security adviser, Tom Bossert, to convene an "emergency meeting" to assess the threat posed by the global attack, a senior administration official told Reuters.

Senior US security officials held another meeting in the White House Situation Room on Saturday, and the FBI and the National Security Agency were working to help mitigate damage and identify the perpetrators of the massive cyber attack, said the official, who spoke on condition of anonymity to discuss internal deliberations.

The investigations into the attack were in the early stages, however, and attribution for cyberattacks is notoriously difficult.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as "Eternal Blue," was released on the internet last month by a hacking group known as the Shadow Brokers.

The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number would grow when people return to work on Monday.

[May 14, 2017] International manhunt to find criminals behind global cyber attack

Notable quotes:
"... French police said there were "more than 75,000 victims" around the globe, but cautioned that the number could increase "significantly". ..."
May 14, 2017 | timesofindia.indiatimes.com

International investigators hunted for those behind an unprecedented cyber-attack that affected systems in dozens of countries, including at banks, hospitals and government agencies, as security experts sought to contain the fallout.

The assault, which began on Friday and was being described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world - from Russian banks and British hospitals to FedEx and European car factories.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol, Europe's police agency. Europol said a special task force at its European Cybercrime Centre was "specially designed to assist in such investigations and will play an important role in supporting the investigation".

The attacks used ransomware that apparently exploited a security flaw in Microsoft operating systems, locking users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin. Images appeared on victims' screens demanding payment of $300 in Bitcoin, saying: "Ooops, your files have been encrypted!" Payment is demanded within three days or the price is doubled, and if none is received within seven days the files will be deleted, according to the screen message.

But experts and government alike warn against ceding to the hackers' demands. "Paying the ransom does not guarantee the encrypted files will be released," the US Department of Homeland Security's computer emergency response team said.

Mikko Hypponen, chief research officer at the Helsinki- based cyber security company F-Secure, told AFP it was the biggest ransomware outbreak in history, saying that 130,000 systems in more than 100 countries had been affected.

... .... ....
French police said there were "more than 75,000 victims" around the globe, but cautioned that the number could increase "significantly".

[May 14, 2017] A global outbreak of computer extortion virus: Tianjin enterprise release letter WannaCry worm infection emergency treatment

May 14, 2017 | www.aiainews.com
on May 12, called "encryption" (Wannacry) "worm" blackmail software in large-scale spread around the world.The software using the Windows SMB services vulnerabilities, documents, pictures, etc. Of computer implementation of high-strength encryption, and ransom.Currently, including universities, energy and other important information system, more class user attack, have serious security threat to China's Internet network.

a, infected host emergency isolation methods given WannaCry worm has a great risk, all the known infected host must isolate their work from the current network.

in view of the file has been damaged by worms, as of 2017/5/14 haven't found any effective means to restore.To prevent further spread worms, it is forbidden to infected host any file copy to other host or device, it is strictly forbidden to known infected host to access any network.

2, important documents emergency handling methods in order to ensure the important document is not destroyed by WannaCry worms, minimize loss, all uninfected hosts or ban on uncertain whether infected host.

the type host need to adopt the method of physical copy for processing, i.e., the host opens by the professionals, remove all the hard disk where important files, and use the external devices mounted to determine uninfected hosts will be copied.

to prevent secondary infection, copy the file must be in the isolation zone for processing.

it is strictly forbidden to hard disk may be infected by the IDE and SATA motherboard interface mounted directly to the copy machine, in order to prevent the copying machine use the hard disk boot, leading to possible infection.

existing in the network, have access to all Windows host should adopt the method of important file backup.

after the physical copy process, in accordance with the: three, host, emergency detection strategy is used to detect the emergency treatment.

the temporary absence of these conditions or because of some must be switched on, it is important to ensure keep access to the Internet boot in out of the office network environment (such as 4 g networks, ordinary broadband, etc.), at the same time must be the entire keep clear of the Internet.(access to the Internet standard for success: can open the following web site in the browser, and see the content as shown: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

)

for classified machine cannot access to the Internet, make sure the web server, network configuration and the domain name resolution to access the Intranet server.

the Intranet server home page must return the following contents:

sinkhole. Tech - where the bots party hard and the researchers harder. & lt;!- h4 - & gt;At the end of the temporary boot process, shutdown and physical copy process.

3, host, emergency detection strategies in view of the physical copy after the host, to make the following treatment:

test be mounted hard drive Windows directory, see if there are files: mssecsvc. Exe, if there are infected.

in view of the host other boot, check whether there is a file system disk Windows directory: mssecsvc. Exe.Check whether there is a service in the system mssecsvc2.0 (see specific operation at the end of this section).Any one is exists to prove that is infected.

for there is a firewall with other logging equipment in the network, check whether there is in the log of domain name: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, if any, prove the existence of network within the infected host.In view of the infected host detect, be sure to at the end of the physical copy process format for all the hard disk.

similar to the host if there is a backup before 2017/4/13, full recovery operations can be performed (including system disk as well as other all), a backup after this time may have been infected, not for recovery.

in view of the network known to exist the infected host, prohibit open closed host, at the same time to physical copies of the host process.For the host has been switched on, immediately shut down, and the physical copy process.Attachment: the method of inspection service:

Windows + R key to open the "run" window:

input services. MSC enter, open the service administration page:

check all items in the" name "column, there mssecsvc2.0 suggests that infected.

4, uninfected hosts emergency defense strategy

to an infected host, there are four emergency defense strategy.

one strategy as the most effective means of defense, but takes longer.Other strategies for temporary solution for unable to implement strategies for temporary use.

application strategy two or three in the host will not be able to access the network sharing, please carefully use.

in no immediate application strategy and suggestion first application strategy four temporary defence.No matter use what kind of temporary strategy, all must be application strategy as soon as possible in order to achieve complete defense.

under 10 version for Windows host, suggest to upgrade to Windows 10 and update to the latest version of the system.Because of the situation cannot upgrade, be sure to use an emergency defense strategy for defense.

strategy one: install MS17-010 system patches

according to the system version, install patches MS17-010.With Windows 7 and above can be gained through the automatic updates to install all patches, Windows xp, Windows 2003 and Windows vista can be gained by installing temporary tools provided with the document.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

strategy 2: closing loopholes related services

by professionals using the following command to close loopholes related services:

sc stop LmHosts

sc stop lanmanworkstation

sc stop LanmanServer

sc config LmHosts start = DISABLED

sc config lanmanworkstation start = DISABLED

sc config LanmanServer start = DISABLE

strategy 3: configure the firewall ban vulnerabilities related port

for Windows 2003 or Windows xp system, click on the start menu, and open the "control panel".

double click the" Windows firewall "option in control panel, click on the" exception "TAB, and uncheck the" file and printer sharing ", and click ok.

for Windows 7 and above system, click on the start menu, open the control panel, click on the" system and security "" Windows firewall".

in Windows firewall configuration page, click the" allow the procedure or function through Windows firewall "option, click at the top of the" change Settings ":

in the list to find" file and printer sharing "checkbox, uncheck the, click ok in the end.

strategy 4: use the vulnerability defense tool

360 company provides tools for temporary immune defense worm, this tool can be downloaded in the 360 site.

directly to perform this tool can be simple to defence, every time to restart the host must perform this tool again.

5, emergency public server and network security defense strategy

on public server (such as web sites, public system, etc.) most can connect to the Internet, for Windows server 2008 r2 and higher versions, suggested that open system "automatically update" function, and install all patches.

for Windows server 2003, you can choose four, uninfected hosts emergency strategy of defense strategy for defense, at the same time Suggestions as soon as possible to upgrade to higher version of the server (such as Windows 2008 r2).

according to the internal network, need to ensure the safety of the host of the case to prevent possible infection.

without using the sharing function, but on firewalls, routers and other equipment 445 port access is prohibited.

since this worm using domain name: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com as "switch", instantly attacks when unable to access the domain name.Therefore, the ban on the network security devices such as firewall and IPS intercept this domain name, otherwise it will trigger the infected host encryption process, cause irreparable damage.

use Intranet private DNS, be sure to configure the domain analysis, and point to survive in the Intranet web server.The Intranet server home page should be returned the following contents:

sinkhole. Tech - where the bots party hard and the researchers harder.

& lt;!- h4 - & gt;

net letter tianjin municipal party committee office, network security and information technology evaluation center

Date:2017-05-14 Tag: do   emergency   Tianjin   global   worm   infection   WannaCry   method   virus   computer  

[May 14, 2017] Along with hospitals some automanifactures were hit

May 14, 2017 | www.atimes.com
Targets both large and small have been hit.

Renault said on Saturday it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.

Among the other victims is a Nissan manufacturing plant in Sunderland, northeast England, hundreds of hospitals and clinics in the British National Health Service, German rail operator Deutsche Bahn and International shipper FedEx Corp

A Jakarta hospital said on Sunday that the cyber attack had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.

'Ransom' paymentsmay rise

Account addresses hard-coded into the malicious WannaCry software code appear to show the attackers had received just under US$32,500 in anonymous bitcoin currency as of 1100 GMT on Sunday, but that amount could rise as more victims rush to pay ransoms of US$300 or more to regain access to their computers, just one day before the threatened deadline expires.

[May 14, 2017] Wanna Cry variant without kill switch exists in the wild since May 13

May 14, 2017 | motherboard.vice.com

"I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday.

[May 14, 2017] Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide - Slashdot

May 14, 2017 | it.slashdot.org

TiggertheMad ( 556308 ) writes: on Friday May 12, 2017 @07:19PM ( #54408293 ) Homepage Journal

National Insecurity Agency ( Score: 4 , Informative) ]

The NSA (and other ABC agencies that are undoubtedly running the same game plan) are doing what they are tasked with, finding ways to protect America and America's interests. Using hacking as a tool to this end is (relatively) new in the old game of spycraft, so there are going to be a few epic disasters like this before the black ops people start to figure out all the types of blow back they can experience.

The US was really big on foreign covert action in the 50's, and it took the bay of pigs to make people realize that there were ways that things could go horribly wrong. That didn't stop covert action from being used, but I think it was employed more carefully afterwards. Having all their shiny hacking toys stolen and having this happen is the hacking version of the 'Bay of Pigs'.

Also, while the NSA seems to have compiled a formidable array of exploits and tools to compromise enemy systems, that doesn't mean that everyone else isn't playing the exact same game. The only difference between the NSA and EVERY other state intelligence agency on the planet is that they seem to be able to properly secure their black ops toys. Being one of the largest agencies of this sort, there are going to be a lot of people in the know. And the more people involved, the harder it is to keep a secret.

Mind you, that doesn't make this any less tragic or regrettable. I sort of hope the CIA decides that it is in the US interest to find and vanish anyone connected with this ransomware to make an example of them. Alas, that sort of thing only happens in implausible Hollywood scripts.

ancientt ( 569920 ) writes: < ancientt@yahoo.com > on Friday May 12, 2017 @08:07PM ( #54408453 ) Homepage Journal
Re:National Insecurity Agency ( Score: 3 )

Remotely exploitable network vulnerabilities shouldn't happen, but there seems no practical hope that they'll stop anytime soon. It would be negligent of legitimate spy agencies to fail to search for them and arguably be able to take advantage of them. Imagine you're trying to find out when an ISIS group is planning a bombing and you discover they're running a messageboard on a Windows machine with an SMB exploit, do you tell Microsoft to patch the exploit?

You never know which of the vulnerabilities you'll be able to use, but if you dedicate sufficient resources to finding them and building exploits for them, then there is a good chance you'll be able to spy on whichever bad guy your agency needs to spy on when the need arises. Getting all the vendors to patch the exploits you find does limit your own agency's ability to spy but you have to assume it doesn't impair your enemies as significantly since the enemy doubtless will have exploits you don't have.

What's the best solution? I suspect the best thing to do is build force-patch worms for every exploit. If you write an exploit, you should also dedicate resources to the task of writing a version of the exploit which pressures the owner of the exploited system to fix the problem. So in this instance, as soon as the attacks started being seen in the wild, the NSA servers should have launched a MASSIVE attack against any and all systems with the vulnerability which would disable the vulnerable systems in the least painful ways along with alerting the owners of the need to update their systems. Instead of getting "your files are encrypted and give hackers bitcoin to recover" messages, the people with exploitable systems should be seeing warnings like "Your system has been temporarily patched by the NSA for your own protection, please secure or update your device to protect it from malicious actors."

The Hajime botnet [arstechnica.com] may actually already be just the thing I'm describing. I'd prefer to see the NSA take public responsibility, and I'm doubtful the NSA is actually responsible for that one, but it is an example of how it could be done.

If I have a vulnerable system, I'd much prefer to see it hacked by the NSA instead of some ransomware writer. Do I wish it wasn't hackable? Of course, but I accept that anything plugged into a network might be hackable. I do what I can to protect it from everyone, including the NSA. It's not that I'm worried about the NSA (because they have the resources to gain physical access if they really want it) but if I do my best to build secure systems, then it's less likely I'll wake up to a ransomware message some morning

mcswell ( 1102107 ) writes: on Friday May 12, 2017 @11:09PM ( #54409045 )
Re:Say "thanks" to your "security"-agency... ( Score: 2 )

And why do you think Microsoft was able to patch this *before* the exploit was leaked by Shadow Brokers?

Anonymous Coward writes: on Friday May 12, 2017 @08:56PM ( #54408607 )
Re:Say "thanks" to your "security"-agency... ( Score: 1 )

microsoft is partly guilty in this for sure because A LOT of people have the updates turned off since the windows 10 debacle, the lies, the telemetry, the diagtrack process, the broken windows update service that sits iddle consuming 25% of your cpu, etc

but even a monkey like me that hears about the smb vuln, even if i dont know what it means exactly because im just a user and not an engineer, i could tell it was BAD, so i patched the living shit out of my computer

sorry but if youve had experiences with blaster, conficker, etc, you should know about this kind of things already, again, not an engineer at all, but just hearing about it, looking the ports affected this thing looked really bad

Man On Pink Corner ( 1089867 ) writes: on Friday May 12, 2017 @08:29PM ( #54408529 )
Re:That only happened to idiots. ( Score: 3 )

Microsoft told lie after lie after lie about their intentions. There was absolutely no reason to believe that setting your update threshold to "Critical Only" would save you from an unsolicited Windows 10 installation.

The only rational course of action for those who didn't want Windows 10 was to turn off Windows Update entirely. Deny this all you want, but be prepared for justified accusations of victim-blaming.

Anonymous Coward , Friday May 12, 2017 @06:55PM ( #54408177 )
It hit the NHS hard ( Score: 5 , Interesting)

I'm a doctor in the NHS. It hit my hospital hard. The bosses triggered the MAJAX protocols meaning everyone off work was called to come in and help. Computers are used for everything, so blood tests, admissions, scan requests, referrals, all had to be done by hand. The public were asked to keep away from A+E because hundreds of people were waiting. It was terrifying how little failsafe infrastructure there was. The hospital just stopped working.

TroII ( 4484479 ) writes: on Friday May 12, 2017 @08:28PM ( #54408521 )
Re:It hit the NHS hard ( Score: 5 , Insightful)
And you use unpatched computers in a hospital WHY?

Because patches are often broken . Imagine these hospitals had applied the patch when Microsoft released it, but the patch was faulty in some way, and all of the hospital computers went down as a result. Instead of complaining the hospitals were running unpatched, you and/or many people like you would be bitching and moaning that they were negligent to install the patch too soon.

Updates from Microsoft frequently include at least one broken patch. There was one update last year that broke millions of peoples' webcams. There have been several updates that interfered with settings and reverted them back to default configurations, and several more updates that seemingly deleted group policy objects that had been configured by the domain administrator. There was a patch around the new year that inadvertently disabled the DHCP service, despite the update itself having nothing to do with DHCP. (Things that make you go hmmm.) This particular fuck-up rendered a lot of machines not only broken, but totally irreparable without manual human intervention, i.e. dispatching someone clueful to each of your premises to clean up the mess.

Patch deployment in any enterprise environment requires extensive testing. You have to coordinate with your software vendors to make sure their applications are compatible with the update. If you install Patch XYZ without first getting approval from Vendor123, you wind up invalidating your support contracts with them. All of this takes time. In 2016, there were several months in a row where Microsoft had to un-issue, repair, supersede, and re-release a broken patch they'd pushed out. Put yourself in the shoes of an admin team who got burned by Windows Update breaking your systems, especially repeatedly. Are you going to be in any hurry to patch? If you were bitten by the DHCP bug, do you trust that the "critical SMB patch" really only touches SMBv1, and isn't going to inexplicably corrupt Office or remove IPV4 connectivity on every computer it touches?

If the PC your kid plays Minecraft on gets hosed by a broken patch, it's not that big of a deal. The business world is a different story.

guruevi ( 827432 ) writes: < evi@evcir[ ]ts.com ['cui' in gap] > on Friday May 12, 2017 @07:03PM ( #54408215 ) Homepage
What boggles my mind ( Score: 4 , Informative)

Is that there are still 45k Windows machine that are directly connected to the Internet.

Any Windows machine I manage (mostly very specific medical software and medical machines) are either VM (and thus behind a firewall and any service proxied to a BSD or Linux host) or airgapped.

cpm99352 ( 939350 ) , Saturday May 13, 2017 @12:52AM ( #54409331 )
Plenty of blame to spread around ( Score: 2 )

1, Microsoft has always had a disclosure that their OS is not suitable for life-critical applications 2. NSA has a dual mission -- the second (neglected) mission is to ensure the security of domestic computer networks

[May 14, 2017] NHS workers and patients on how cyber-attack has affected them

May 14, 2017 | www.theguardian.com

Officials have claimed in the wake of the global ransomware attack that patient care has been unaffected despite 45 NHS sites being hit.

But hospitals across England and Scotland were forced to cancel routine procedures and divert emergency cases in the wake of the attack, which has shut down access to computers in almost 100 countries. Here, patients and NHS workers reveal how the crisis has affected them.

Bill, a doctor at a hospital in London
I have been unable to look after patients properly. However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any X-rays, which are an essential component of emergency medicine. I had a patient this evening who we could not do an X-ray for, who absolutely should have had one. He is OK but that is just one example.

My hospital is good in many ways but the IT system is appalling. I was shocked when I started in hospital at how bad the systems are. I know the staff will do their very best to keep looking after everyone, but there are no robust systems in place to deal with blackouts like this, information-sharing is hard enough in a clinical environment when everything works.

Without the IT systems I suspect test results will be missed, and definitely delayed. Handovers are much more difficult. It will absolutely certainly impact patient safety negatively, even if that impact can't be clearly measured. This is basically all the result of chronic underfunding and crap, short-sighted management.

Theresa, 44, a breast cancer patient from Lincolnshire
I was halfway through my chemotherapy infusion when the attack happened. The treatment finished without a hitch, but I then had to wait for a couple of hours for my medications to take home. That's because all drugs have to be checked against prescriptions, and they are all computerised. The hospital pharmacists worked quickly to produce paper copies, but it still took a while. The horrible side-effects (nausea, exhaustion, dizziness) kicked in while I was stuck in rush-hour traffic coming home. Fortunately, I wasn't driving.

There were other patients in the ward waiting to start their chemo whose drugs had been delivered but again couldn't be checked, so administration was delayed. In some cases treatment had to be postponed entirely for another day. The oncology nurses and the hospital staff were brilliant throughout, reassuring patients and doing their best in difficult circumstances. They were also deeply apologetic, frustrated that they couldn't do their job, and angry that such an act had put patients treatment – and lives – at risk.

Amber, 40, a community nurse from Essex
We have been unable to check patient information and scheduled visits for this afternoon. I am working this weekend and had to write down who we may see tomorrow from my own memory. Our own call centre for community services is in lockdown and unable to receive any information regarding authorisation for drug changes or referrals. We are also unable to look up patient addresses, complete any documentation or check test results.
Alun Phillips, 45, a community pharmacist from Merseyside
Doctors in Liverpool have been advised to isolate their computer systems from the wider NHS network. This has left many of our local surgeries unable to access patient records, which are cloud-based. Surgeries are unable to issue prescriptions from their systems, most of which are now issued electronically via the NHS spine. Even if they could, we (community pharmacy) are being advised to not connect to the spine. We have had quite a few requests from local surgeries to tell them what medication patient are on, as although they cannot access patient records we still have our copy of the patients' medication records. We have also made some emergency supplies of medication to patients unable to access GP services while they are down.
Kyle, 42, a patient from Maidestone
I am waiting for test results after a urine infection and pain in my kidneys. I called the doctors this afternoon. They said it looks like I need a further prescription but the doctor will need to call me back. Two hours later I get a call from the doctor advising me that they have had to shut down their systems due to this hack, and that they can't give me any results till Monday. I am now worried that my situation is going to get worse without any treatment.
Ben, 37, in the prescription team at a GP surgery in the north
We were unable to process any prescriptions for patients, including urgent requests. As a result patients could potentially be left without asthma, epilepsy or diabetes medication over the weekend. We also had a medical emergency on-site and waited over 40 minutes for an ambulance to attend.
Ali, a cardiologist from the north
I am a cardiology registrar. At work, on call for a tertiary cardiology centre. Treating patients with heart attacks, attending cardiac arrests, seeing sick patients in resus. We are unable to access to old notes, blood results, x-rays or order vital tests. Blood samples are being sent to other hospitals. We have one working x-ray viewer for the entire hospital and emergency results are being rung through already overloaded phone lines. All of which potentially delays vital treatment and could jeopardise patient safety. Those with life-threatening problems are still receiving appropriate care. Though this couldn't have happened at a worse time with the weekend looming, patients are still being looked after safely thanks to the dedication of all the members of staff at work tonight. It's been a stark reminder of the conditions we worked under over 20 years ago – and on how reliant on computers we are even to do things as simple as prescribe basic drugs.
Kaley, 30, a receptionist at a large surgery in the north-west
Friday afternoons are usually one of our busiest times at the surgery. With already full clinics and people ringing for emergency appointments there were five reception staff on duty. There was no warning that there was anything wrong with the computer systems but at around 3pm the screens all went black, indicating that the computers had crashed. We had no access to any patient information for the GPs or nurses. There was no way of checking the patients in. Phones were still ringing. The computers were down for about an hour but then we were able to get back on. We received notification that there was a virus affecting the whole of the NHS. The practice manager received a text from the CCG advising that we should invoke "emergency planning measures". This involves printing lists out of patients due to attend all clinics from Friday afternoon until Monday afternoon. Then we had to print out full medical information for each patient as the system was being taken down to investigate the virus. It's been a difficult afternoon.
Some names and details have been changed.

[May 14, 2017] AfterMidnight -- new NSA malware

May 14, 2017 | failedevolution.blogspot.gr
WikiLeaks

Today, May 12th 2017, WikiLeaks publishes "AfterMidnight" and "Assassin", two CIA malware frameworks for the Microsoft Windows platform.
"AfterMidnight" allows operators to dynamically load and execute malware payloads on a target machine.

The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of "Gremlins" via a HTTPS based Listening Post (LP) system called "Octopus".

Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute.

If there is, it downloads and stores all needed components before loading all new gremlins in memory. "Gremlins" are small AM payloads that are meant to run hidden on the target and either subvert the functionality of targeted software, survey the target (including data exfiltration) or provide internal services for other gremlins.

The special payload "AlphaGremlin" even has a custom script language which allows operators to schedule custom tasks to be executed on the target machine.

"Assassin" is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. "Assassin" (just like "AfterMidnight") will then periodically beacon to its configured listening post(s) to request tasking and deliver results.

Communication occurs over one or more transport protocols as configured before or during deployment. The "Assassin" C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively as" The Gibson" and allow operators to perform specific tasks on an infected target..

Documents:
https://wikileaks.org/vault7/#AfterMidnight

[May 14, 2017] Massive cyber attack hits hospitals, universities and businesses worldwide

May 14, 2017 | failedevolution.blogspot.gr

...The Barts Health Group, which helps manage some of the largest hospitals in London, said, " We are experiencing a major IT disruption and there are delays at all of our hospitals. "

Patients had to be turned away from surgeries and appointments at medical facilities throughout England, and ambulances had to be rerouted to other hospitals as well.

Telefonica, one of the largest telecommunications companies in Spain, was one target, though their services and clients were not affected, as the malicious software only impacted certain computers on an internal network.

Full report:
https://sputniknews.com/europe/201705121053564741-cyber-attack-targets-institutions-worldwide/

[May 13, 2017] Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

May 13, 2017 | tech.slashdot.org
(vice.com) 49 Posted by EditorDavid on Saturday May 13, 2017 @06:57PM from the wanna-cry-more? dept. Remember that "kill switch" which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. "I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.

[May 13, 2017] What you need to know about the WannaCry Ransomware

Notable quotes:
"... Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments. ..."
May 13, 2017 | www.symantec.com

After encryption the Trojan then deletes the shadow copies of the encrypted files.

The Trojan drops the following files in every folder where files are encrypted:
•!WannaDecryptor!.exe.lnk
•!Please Read Me!.txt

The contents of the !Please Read Me!.txt is a text version of the ransom note with details of how to pay the ransom.

The Trojan downloads Tor and uses it to connect to a server using the Tor network.

It then displays a ransom note explaining to the user what has happened and how to pay the ransom.

WannaCry encrypts files with the following extensions, appending .WCRY to the end of the file name:

  • .123
  • .3dm
  • .3ds
  • .3g2
  • .3gp
  • .602
  • .7z
  • .ARC
  • .PAQ
  • .accdb
  • .aes
  • .ai
  • .asc
  • .asf
  • .asm
  • .asp
  • .avi
  • .backup
  • .bak
  • .bat
  • .bmp
  • .brd
  • .bz2
  • .cgm
  • .class
  • .cmd
  • .cpp
  • .crt
  • .cs
  • .csr
  • .csv
  • .db
  • .dbf
  • .dch
  • .der
  • .dif
  • .dip
  • .djvu
  • .doc
  • .docb
  • .docm
  • .docx
  • .dot
  • .dotm
  • .dotx
  • .dwg
  • .edb
  • .eml
  • .fla
  • .flv
  • .frm
  • .gif
  • .gpg
  • .gz
  • .hwp
  • .ibd
  • .iso
  • .jar
  • .java
  • .jpeg
  • .jpg
  • .js
  • .jsp
  • .key
  • .lay
  • .lay6
  • .ldf
  • .m3u
  • .m4u
  • .max
  • .mdb
  • .mdf
  • .mid
  • .mkv
  • .mml
  • .mov
  • .mp3
  • .mp4
  • .mpeg
  • .mpg
  • .msg
  • .myd
  • .myi
  • .nef
  • .odb
  • .odg
  • .odp
  • .ods
  • .odt
  • .onetoc2
  • .ost
  • .otg
  • .otp
  • .ots
  • .ott
  • .p12
  • .pas
  • .pdf
  • .pem
  • .pfx
  • .php
  • .pl
  • .png
  • .pot
  • .potm
  • .potx
  • .ppam
  • .pps
  • .ppsm
  • .ppsx
  • .ppt
  • .pptm
  • .pptx
  • .ps1
  • .psd
  • .pst
  • .rar
  • .raw
  • .rb
  • .rtf
  • .sch
  • .sh
  • .sldm
  • .sldx
  • .slk
  • .sln
  • .snt
  • .sql
  • .sqlite3
  • .sqlitedb
  • .stc
  • .std
  • .sti
  • .stw
  • .suo
  • .svg
  • .swf
  • .sxc
  • .sxd
  • .sxi
  • .sxm
  • .sxw
  • .tar
  • .tbk
  • .tgz
  • .tif
  • .tiff
  • .txt
  • .uop
  • .uot
  • .vb
  • .vbs
  • .vcd
  • .vdi
  • .vmdk
  • .vmx
  • .vob
  • .vsd
  • .vsdx
  • .wav
  • .wb2
  • .wk1
  • .wks
  • .wma
  • .wmv
  • .xlc
  • .xlm
  • .xls
  • .xlsb
  • .xlsm
  • .xlsx
  • .xlt
  • .xltm
  • .xltx
  • .xlw
  • .zip

[May 13, 2017] WannaCry 2.0 Ransomware by Colin Hardy

Probably the best description of the worm on Youtube as of May 13, 2017...
support.microsoft.com

Andy Beez, 9 hours ago

Thanks for the forensic deconstruction - a lot more info than the experts on Sky News!
Is it interesting the popup is written in accurate English with the correct use of capitals, commas and full stops? Plus the grammar is correct. I understand the Italian version has the same grammatical exactness. So not script kiddies from Chindia? This writers are well educated.

Anton, 10 hours ago

A kill switch already has been found in the code, which prevents new infections. This has been activated by researchers and should slow the spread.

Colin Hardy, 8 hours ago

agree. Firstly, contain your network (block affected ports in/outbound), also look for compromised hosts on your network using the various IOCs from the likes of Virus Total and other analysts blogs. Remediate the machines, and rebuild the network - slowly, carefully and under good supervision!

Colin Hardy, 8 hours ago

this was an awesome find as well. see my new video https://youtu.be/d56g3wahBck on how you can see it for yourself.

[May 13, 2017] Indicators Associated With WannaCry Ransomware

Symantec provides a better description of what you need to look at.
May 13, 2017 | www.us-cert.gov

The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named "t.wry". The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user's files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.

The newly loaded DLL immediately begins encrypting files on the victim's system and encrypts the user's files with 128-bit AES. A random key is generated for the encryption of each file.

The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim's account in order to access the IPC$ share.

This malware is designed to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.

References

[May 13, 2017] WannaCry technical information

Notable quotes:
"... This vulnerability was patched in the Microsoft March update (MS17-010) ..."
"... Ensure that port 445 is blocked for firewall communications with all exceptions scrutinized and verified before adding. ..."
May 13, 2017 | www.criticalstart.com

WanaCryptor 2.0, WannaCry, WCry or WCryp is currently a world-wide ransom-ware outbreak. These are all versions of Crypto-locker, encrypting victim files and demanding payment via bit-coin. This vulnerability was patched in the Microsoft March update (MS17-010).

The following links contain information about the exploit that the new malware is using (based on ETERNAL BLUE) and the fix and temporary workaround for servers and local clients, as well as firewall configuration recommendations.

SMB v1 is the current exploit mechanism being used for moving within enterprise. Movement has been detected from Cloud Sync file-share as well. The link contains information on disabling SMBv1 (which is the only recommended service to disable) via Servers, Powershell, and local Client Firewall Configuration,

Ensure that port 445 is blocked for firewall communications with all exceptions scrutinized and verified before adding.

[May 13, 2017] Wanna Cry ransomware cyber attack 104 countries hit, India among worst affected, US NSA criticised

May 13, 2017 | indiatoday.intoday.in

India was among the countries worst affected by the Wanna Cry attack, data shared by Kaspersky, a Russian anti-virus company, showed. According to initial calculations performed soon after the malware struck on Friday night, around five per cent of all computers affected in the attack were in India.

Mikko Hypponen, chief research officer at a Helsinki-based cyber security company called F-Secure, told news agency AFP that the it was the biggest ransomware outbreak in history and estimated that 130,000 systems in more than 100 countries had been affected.

Hypponen added that Russia and India were hit particularly hard, largely because Microsoft's Windows XP - one of the operating systems most at risk - was still widely used there.

[May 13, 2017] The worm that spreads WanaCrypt0r

May 13, 2017 | blog.malwarebytes.com
WanaCrypt0r has been most effective-not only does the ransomware loop through every open RDP session on a system and run the ransomware as that user, but the initial component that gets dropped on systems appears to be a worm that contains and runs the ransomware, spreading itself using the ETERNALBLUE SMB vulnerability ( MS17-010 ).

The WinMain of this executable first tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. It doesn't actually download anything there, just tries to connect. If the connection succeeds, the binary exits.

This was probably some kind of kill switch or anti-sandbox technique. Whichever it is, it has backfired on the authors of the worm, as the domain has been sinkholed and the host in question now resolves to an IP address that hosts a website. Therefore, nothing will happen on any new systems that runs the executable. This only applies to the binary with the hash listed above; there may well be new versions released in the future. UPDATE: The second argument to InternetOpenA is 1 (INTERNET_OPEN_TYPE_DIRECT), so the worm will still work on any system that requires a proxy to access the Internet, which is the case on the majority of corporate networks.

... ... ...

[after kill switch check pass] ...

the first thing the worm does is check the number of arguments it was launched with. If it was run with less than two arguments passed, it installs a service called mssecsvc2.0 with display name Microsoft Security Center (2.0) Service (where the binary ran is itself with two arguments), starts that service, drops the ransomware binary located in the resources of the worm, and runs it.

If it was run with two arguments or more-in other words, if it was run as a service-execution eventually falls through to the worm function.

[May 13, 2017] How to Accidentally Stop a Global Cyber Attacks

This from the author "accidental kill switch discovery" : "I was able to set up a live tracking map and push it out via twitter (you can still see it here )." Fascinating...
As of May 13 9 PM worm is still spreading with the date probably a hundred hits per hour, but kill switch prevents newly found instances from running their own instance of the worm. An interesting side effect is that if network has proxy that prevent access the kill switch domain then the work will spread at full speed. So propagation into proxied network with an isolated root server network can lead to increase in the worm infection rate as kill switch site will not work. In other words the work is the most dangerous for private networks with the private DNS root.
Notable quotes:
"... When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit, which was what tipped me of to the fact this was something big. ..."
"... contrary to popular belief, most NHS employees don't open phishing emails which suggested that something to be this widespread it would have to be propagated using another method) ..."
"... Using Cisco Umbrella, we can actually see query volume to the domain prior to my registration of it which shows the campaign started at around 8 AM UTC. ..."
"... more interestingly was that after encrypting the fake files I left there as a test, it started connecting out to random IP addresses on port 445 (used by SMB). ..."
"... The mass connection attempts immediately made me think exploit scanner, and the fact it was scanning on the SMB port caused me to look back to the recent ShadowBroker leak of NSA exploits containing .an SMB exploit. ..."
May 13, 2017 | www.malwaretech.com

So finally I've found enough time between emails and Skype calls to write up on the crazy events which occurred over Friday, which was supposed to be part of my week off (I made it a total of 4 days without working, so there's that). You've probably read about the WannaCrypt fiasco on several news sites, but I figured I'd tell my story.

I woke up at around 10 AM and checked onto the UK cyber threat sharing platform where i had been following the spread of the Emotet banking malware, something which seemed incredibly significant until today. There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant yet. I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing.

When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit, which was what tipped me of to the fact this was something big.

Although ransomware on a public sector system isn't even newsworthy, systems being hit simultaneously across the country is (contrary to popular belief, most NHS employees don't open phishing emails which suggested that something to be this widespread it would have to be propagated using another method). I was quickly able to get a sample of the malware with the help of Kafeine, a good friend and fellow researcher.

Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which i promptly registered.

Using Cisco Umbrella, we can actually see query volume to the domain prior to my registration of it which shows the campaign started at around 8 AM UTC.

... ... ...

While the domain was propagating, I ran the sample again in my virtual environment to be met with WannaCrypt ransom page; but more interestingly was that after encrypting the fake files I left there as a test, it started connecting out to random IP addresses on port 445 (used by SMB).

The mass connection attempts immediately made me think exploit scanner, and the fact it was scanning on the SMB port caused me to look back to the recent ShadowBroker leak of NSA exploits containing .an SMB exploit. Obvious I had no evidence yet that it was definitely scanning SMB hosts or using the leaked NSA exploit, so I tweeted out my finding and went to tend to the now propagated domain.

... ... ...

Now one thing that's important to note is the actual registration of the domain was not on a whim. My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I'm always on the lookout to pick up unregistered malware control server (C2) domains. In fact I registered several thousand of such domains in the past year.

Our standard model goes something like this.

  1. Look for unregistered or expired C2 domains belonging to active botnets and point it to our sinkhole (a sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them).
  2. Gather data on the geographical distribution and scale of the infections, including IP addresses, which can be used to notify victims that they're infected and assist law enforcement.
  3. Reverse engineer the malware and see if there are any vulnerabilities in the code which would allow us to take-over the malware/botnet and prevent the spread or malicious use, via the domain we registered.

In the case of WannaCrypt, step 1, 2 and 3 were all one and the same, I just didn't know it yet.

A few seconds after the domain had gone live I received a DM from a Talos analyst asking for the sample I had which was scanning SMB host, which i provided. Humorously at this point we had unknowingly killed the malware so there was much confusion as to why he could not run the exact same sample I just ran and get any results at all. As curious as this was, I was pressed for time and wasn't able to investigate, because now the sinkhole servers were coming dangerously close to their maximum load.

I set about making sure our sinkhole server were stable and getting the expected data from the domain we had registered (at this point we still didn't know much about what the domain I registered was for, just that anyone infected with this malware would connect to the domain we now own, allowing us to track the spread of the infection). Sorting out the sinkholes took longer than expected due to a very large botnet we had sinkholed the previous week eating up all the bandwidth, but soon enough I was able to set up a live tracking map and push it out via twitter (you can still see it here ).

Aris Adamantiadis > greggreen29 • 12 hours ago

To be fair, he said himself he thought at some point that registering the domain name triggered the ransomware instead of disabling it. The story headline would have mentioned "Security research accidentally armed a ransomware" in that case. His experience told him it was a good thing to own domains used by C&C, his luck made it that it was a kill switch. I don't think "accidental" is undeserved in this case.

Whatever, it's good job!

Dave > greggreen29 • 13 hours ago

The media is filled with people who don't do their research. This is both true in the IT world along with the firearms world. Me being involved in both. Media however LOVES buzzwords without even knowing what that word means nor use it in context correctly.

They make conclusions about things they don't even understand or refer to a real expert in the field or multiple to get out of single sourced subjective analysis problems.

I am no total expert in either though I do know a lot, but I make my due diligience if I do write aboit a subject, I do RESEARCH vs WEBSEARCH on it to draw conclusions. I also then employ logic and personal experiences for supplimenting those conclusions if I have the experiences to draw upon.

This is why I follow people I would deem as experts in the field, to learn more about what we come across, to ask questions, and to constantly learn.

This is why I follow the Malwaretech crew and others like them in security and forensics.

Malwaretech, thank you for your service, not only for this incident, but all the research you do.

Susan O'neill > Dave • 10 hours ago

Well said Dave. Whilst I struggled to follow the report on his progress, it would seem that he is connected to people who can offer a service and using his own expertise and by a process of elimination, find the answers, but because he caught on to something very quickly(which he might easily have missed, had he not been so thorough and alert) would have allowed the worm to continue it's travels. I think a lot of people should be very thankful to MalwareTech and his expertise - even if it does generate more business for him, it's probably well deserved.

[May 13, 2017] How to enable and disable SMBv1 in Windows and Windows Server

May 13, 2017 | support.microsoft.com
How to enable or disable SMB protocols on the SMB server 0 -- Windows 8 and Windows Server 2012 Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.

Notes When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.

You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008 To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor. Windows PowerShell 2.0 or a later version of PowerShell

... ... ...

Note You must restart the computer after you make these changes. Registry Editor Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up and restore the registry in Windows To enable or disable SMBv1 on the SMB server, configure the following registry key: Registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Registry entry: SMB1

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

[May 13, 2017] Microsoft Security Bulletin MS17-010 - Critical

For customers using Windows Defender, Microsoft released an update on May 13 which detects this threat as Ransom:Win32/WannaCrypt.
SMBv1 should be blocked. How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
Defensive firewall configuration is important as Windows is full of holes. Download the update here
Notable quotes:
"... This security update is rated Critical for all supported releases of Microsoft Windows. ..."
May 13, 2017 | technet.microsoft.com

This is the vulnerability that Wanna Cry malware uses

March 14, 2017 Published: March 14, 2017

Version: 1.0

This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software and Vulnerability Severity Ratings section.

The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests.

For more information about the vulnerabilities, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 4013389 .

[May 13, 2017] How to run your own PowerShell scripts - cmdlets

May 13, 2017 | www.tech-recipes.com
How to run your own PowerShell scripts / cmdlets Posted December 3, 2010 by Ben in Batch file programming , Windows 7

By default, Microsoft has prevented the running of custom PowerShell scripts, a.k.a. cmdlets, by setting the PowerShell "ExecutionPolicy" to "Restricted". This can be changed easily.

You can change the ExecutionPolicy for PowerShell scripts/cmdlets by running the PowerShell command Set-ExecutionPolicy.

To elaborate your options for this command, simply run the following in PowerShell:

Set-ExecutionPolicy -ExecutionPolicy -?

Personally, I prefer to set the ExecutionPolicy to "RemoteSigned". This allows me to run my own scripts, but prevents unsigned scripts from others from running:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Test this as follows: Create a new PowerShell script on your Desktop. Right-click the Desktop, New > Text Document. Name it test.ps1

Right-click test.ps1 and select Edit. It should open up with PowerShell ISE (Integrated Scripting Environment). Type the following in the top pane:

Echo "Hello World!"

start-sleep 10

Save it with Ctrl + S, and close it.

Now open up powershell, change to your Desktop and try running the script:

cd "$env:userprofile\Desktop"

.\test.ps1

Then change your ExecutionPolicy to "RemoteSigned" and try again:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

.\test.ps1

Notice that the script/cmdlet is referenced using ".\". You can also use the full path, but cannot run it by simply typing its name (very Unix like, eh?).

Also note the use of "$env:userprofile" to represent the path to your user profile. In the classic Windows Command Processor, this was represented with simply "%userprofile%".

Lastly, please note that this will not work as indicated if you are not in the local Administrators group. It is, in fact, a best practice to avoid daily use of an account which is in the local Administrators group, so this may be the case for you. To work around it, simply launch powershell as an Administrator to set the execution policy. See here .

[May 12, 2017] Leaked NSA malware is helping hijack computers around the world

May 12, 2017 | failedevolution.blogspot.gr
In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the "Shadow Brokers." Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.

The malware worm taking over the computers goes by the names "WannaCry" or "Wanna Decryptor." It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin.

At this point, one's computer would be rendered useless for anything other than paying said ransom. The price rises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or hackers) will make the data permanently inaccessible (WannaCry victims will have a handy countdown clock to see exactly how much time they have left).

Ransomware is not new; for victims, such an attack is normally a colossal headache. But today's vicious outbreak has spread ransomware on a massive scale, hitting not just home computers but reportedly health care, communications infrastructure, logistics, and government entities.

Full report:
https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/

[May 12, 2017] Worst-Ever Recorded Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

Cyber attacks on a global scale took place on Friday, May 12, 2017. The notable hits include computers in 16 UK hospitals, Telefonica Telecom in Spain, Gas Natural, Iberdrola. Several thousand computer were infected in 99 countries. WannaCry ransomware attack - Wikipedia
WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency[15][16] to attack computers running Microsoft Windows operating systems. Once it invades a network, it is self-replicated and transmitted to other computers.
Initial infection vector is either via LAN, an email attachment, or drive-by download.
A kill switch has been found in the code, which since May 13 helps to prevent new infections. This swich was accidentally activated by an anti-virus researcher from GB. However, different versions of the attack may be released and all vulnerable systems still have an urgent need to be patched.
Notable quotes:
"... Hollywood Overwhelmed With Hack Attacks; FBI Advises 'Pay Ransom'... ..."
May 12, 2017 | www.zerohedge.com

The ransomware has been identifed as WannaCry

* * *

Update 4 : According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind .

The security researcher who tweets and blogs as MalwareTech told The Intercept "I've never seen anything like this with ransomware," and "the last worm of this degree I can remember is Conficker." Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,

Today's WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency's hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there's been no such assurance.

Today shows exactly what's at stake when government hackers can't keep their virtual weapons locked up.

As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, "I am actually surprised that a weaponized malware of this nature didn't spread sooner."

Update 3: Microsoft has issued a statement, confirming the status the vulnerability:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

In March, we provided a security update which provides additional protections against this potential attack.

Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

Update 2: Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours

Seventy-four countries around the globe have been affected, with the number of victims still growing, according to Kaspersky Lab. According to Avast, over 57,000 attacks have been detected worldwide, the company said, adding that it "quickly escalated into a massive spreading."

57,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry ) #ransomware by Avast today. More details in blog post: https://t.co/PWxbs8LZkk

- Jakub Kroustek (@JakubKroustek) May 12, 2017

According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY." It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.

While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn. According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.

Predictably, Edward Snowden - who has been warning about just such an eventuality - chimed in on Twitter, saying " Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients."

* * *

Update 1 : In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.

A hacking tool known as "eternal blue", developed by US spies has been weaponised by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA's eternal blue exploit allows the malware to spread through file-sharing protocols set up across organisations, many of which span the globe.

As Sam Coates summed up...

NHS hack: So NSA had secret backdoor into Windows. Details leaked few weeks ago. Now backdoor being exploited by random criminals. Nightmare

- Sam Coates Times (@SamCoatesTimes) May 12, 2017

* * *

We earlier reported in the disturbing fact that hospitals across the United Kingdom had gone dark due to a massive cyber-attack...

Hospitals across the UK have been hit by what appears to be a major, nationwide cyber-attack, resulting in the loss of phonelines and computers, with many hospitals going "dark" and some diverting all but emergency patients elsewhere. At some hospitals patients are being told not to come to A&E with all non-urgent operations cancelled, the BBC reports .

The UK National Health Service said: "We're aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware ." It added that trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected and are reporting IT failures, in some cases meaning there is no way of operating phones or computers.

At Lister Hospital in Stevenage, the telephone and computer system has been fully disabled in an attempt to fend off the attack .

NHS England says it is aware of the issue and is looking into it.

UK Prime Minister Theresa May confirms today's massive cyber hit on NHS is part of wider international attack and there is no evidence patient data has been compromised.

Hospitals say backlog will go on for some weeks after today's cyber attack #NHScyberattack pic.twitter.com/BGV5jV7KZ1

- Sky News Tonight (@SkyNewsTonight) May 12, 2017

The situation has got significantly worse as The BBC reports the ransomware attack has gone global.

Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by parties claiming to be affected.

Manthong macholatte May 12, 2017 2:19 PM

"Ransomware"?

The FBI has the solution and comes to the rescue .

Hollywood Overwhelmed With Hack Attacks; FBI Advises 'Pay Ransom'...

Manthong Manthong May 12, 2017 2:22 PM

It's just a damn good thing the US spent all that time and money developing all that stuff.

Now that it's out, just pay the ransom to the Cyber-Barbary Pirates so that the government can return to its main 1984 mass surveillance and control mission.

stormsailor pods May 12, 2017 4:52 PM
My son is an IT professional and has been inundated with new clients calling to rid their complex systems of this plague.For his clients he has divised protection from it, but most of the calls he gets are from large hospitals, corporations, etc. that have their own IT staff.

He can fix it and prevent/firewall it so it doesn't happen but some of the systems are so complex with so many open ends, his bill is sometimes as much as the hackers are asking for. He told me that in some cases he is tempted to tell them to just pay it, however, he said all of the payoffs have to be made with bitcoin on the "dark-web" and since you are dealing with known criminals he has heard that more than half the time they do not fix it.

He was in New Orleans about a month ago, Thursday through Sunday clearing up a large companies servers and systems, worked 70 hours and billed them 24k plus expenses

virgule Arnold May 12, 2017 3:21 PM
First thing I suggest to do if this happens to you, is to shut down your computer, take out the HD, and boot it into a Linux system, so at least you can make a copy in a asafe environment, before things get worse.

[May 12, 2017] What is WanaCrypt0r 2.0 ransomware and why is it attacking the NHS Technology by Alex Herb

The article was published at 12:16 EDT so the work probably was unleashed at least 24 hours before that
May 12, 2017 | www.theguardian.com

The ransomware uses a vulnerability first revealed to the public as part of a leaked stash of NSA-related documents in order to infect Windows PCs and encrypt their contents, before demanding payments of hundreds of dollars for the key to decrypt files.

How does it spread?

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.

MalwareHunterTeam (@malwrhunterteam)

There is a new version of WCry/WannaCry ransomware: "WanaCrypt0r 2.0".
Extension: .WNCRY
Note: @Please_Read_Me@.txt @BleepinComputer pic.twitter.com/tdq0OBScz4

May 12, 2017
What is WanaCrypt0r 2.0?

The malware that has affected Telefónica in Spain and the NHS in Britain is the same software: a piece of ransomware first spotted in the wild by security researchers MalwareHunterTeam , at 9:45am on 12 May.

Less than four hours later, the ransomware had infected NHS computers, albeit originally only in Lancashire , and spread laterally throughout the NHS's internal network. It is also being called Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.

How much are they asking for?

WanaCrypt0r 2.0 is asking for $300 worth of the cryptocurrency Bitcoin to unlock the contents of the computers.

Myles Longfield (@myleslongfield)

Shocking that our @NHS is under attack and being held to ransom. #nhscyberattack pic.twitter.com/1bcrqD9vEz

May 12, 2017
Who are they?

The creators of this piece of ransomware are still unknown, but WanaCrypt0r 2.0 is their second attempt at cyber-extortion. An earlier version, named WeCry, was discovered back in February this year : it asked users for 0.1 bitcoin (currently worth $177, but with a fluctuating value) to unlock files and programs.

How is the NSA tied in to this attack?

Once one user has unwittingly installed this particular flavour of ransomware on their own PC, it tries to spread to other computers in the same network. In order to do so, WanaCrypt0r uses a known vulnerability in the Windows operating system, jumping between PC and PC. This weakness was first revealed to the world as part of a huge leak of NSA hacking tools and known weaknesses by an anonymous group calling itself "Shadow Brokers" in April.

Was there any defence?

Yes. Shortly before the Shadow Brokers released their files, Microsoft issued a patch for affected versions of Windows, ensuring that the vulnerability couldn't be used to spread malware between fully updated versions of its operating system. But for many reasons, from lack of resources to a desire to fully test new updates before pushing them out more widely, organisations are often slow to install such security updates on a wide scale.

Who are the Shadow Brokers? Were they behind this attack?

In keeping with almost everything else in the world of cyberwarfare, attribution is tricky. But it seems unlikely that the Shadow Brokers were directly involved in the ransomware strike: instead, some opportunist developer seems to have spotted the utility of the information in the leaked files, and updated their own software accordingly. As for the Shadow Brokers themselves, no-one really knows, but fingers point towards Russian actors as likely culprits.

Will paying the ransom really unlock the files?

Sometimes paying the ransom will work, but sometimes it won't. For the Cryptolocker ransomware that hit a few years ago, some users reported that they really did get their data back after paying the ransom, which was typically around £300. But there's no guarantee paying will work, because cybercriminals aren't exactly the most trustworthy group of people.

There are also a collection of viruses that go out of their way to look like ransomware such as Cryptolocker, but which won't hand back the data if victims pay. Plus, there's the ethical issue: paying the ransom funds more crime.

What else can I do?

Once ransomware has encrypted your files there's not a lot you can do. If you have a backup of the files you should be able to restore them after cleaning the computer, but if not your files could be gone for good.

Some badly designed ransomware, however, has been itself hacked by security researchers, allowing recovery of data. But such situations are rare, and tend not to apply in the case of widescale professional hits like the WanaCrypt0r attack.

How long will this attack last?

Ransomware often has a short shelf life. As anti-virus vendors cotton on to new versions of the malware, they are able to prevent infections originating and spreading, leading to developers attempting "Big Bang" introductions like the one currently underway.

Will they get away with it?

Bitcoin, the payment medium through which the hackers are demanding payment, is difficult to trace, but not impossible, and the sheer scale of the attack means that law enforcement in multiple countries will be looking to see if they can follow the money back to the culprits.

Why is the NHS being targeted?

The NHS does not seem to have been specifically targeted, but the service is not helped by its reliance on old, unsupported software. Many NHS trusts still use Windows XP, a version of Microsoft's operating system that has not received publicly available security updates for half a decade, and even those which are running on newer operating systems are often sporadically maintained. For an attack which relies on using a hole fixed less than three months ago, just a slight oversight can be catastrophic.

Attacks on healthcare providers across the world are at an all-time high as they contain valuable private information, including healthcare records.

Ransomware threat on the rise as 'almost 40% of businesses attacked'

[Mar 29, 2017] Total Commander 9 -- what is new

If you like me have the problem, when you know that a file exists somewhere, but know neither the location, nor the exact name of the file, that might be helpful for you and your team. If also allows to compare directories for differences and two versions of the same file for differences, And since number of files that I deal with increases exponentially this problem is getting worse and worse. In this sense this tool help to remain sane and find some presentation, quote, config file, or whatever file I need more quickly. It also can be useful for copying PowerPoint presentations to your Windows phone
Notable quotes:
"... Use "Everything" tool for much faster search on NTFS drives, also on network shares if possible ..."
"... Regular expressions supported in more types: Unicode UTF-8+UTF-16, Office XML ..."
"... Opens Quick View in separate Lister window, updates contents when going to other file ..."
Mar 29, 2017 | www.ghisler.com

Here is a list of the most important additions in version 9:

User interface:

File operations:

FTPS, HTTPS:

Packer:

Search function:

Compare by content:

Multi-rename tool:

Lister:

Other operations:

Internal commands:

A list of all corrections, also for previous versions, can be found in the history file .

As usual, the update is free for all registered users.

[Dec 28, 2016] Microsoft slips user-tracking tools into Windows 7, 8 amidst Windows 10 privacy storm PCWorld

Ghacks discovered four recent KB updates for Windows 7 and 8, all designed to send Microsoft regular reports on your machine's activities.

The latter two updates are flagged as Optional, but KB3068708 holds Recommended status, which means it would be downloaded and installed if you have Windows Updates set to automatic. It's only functional in PCs that participate in Microsoft's Customer Experience Improvement Program, which already sends Microsoft information on how you use your computer.

Opting out of the CEIP isn't a single straightforward flip to switch. You have to disable it in all the software you've agreed to use it with. From Microsoft's CEIP website:

"Most programs make CEIP options available from the Help menu, although for some products, you might need to check settings, options, or preferences menus. Some pre-release products that are under development might require participation in CEIP to help ensure the final release of the product improves frequently used features and solves common problems that exist in the pre-release software."

If you use Office's default settings, it signs you up for Microsoft's CEIP.

How-to Geek has a tutorial explaining how to disable it, though if sending information to Microsoft before didn't bother you, this new update probably won't either.

Begone!

Disabling the tracking tools in the Recommended KB3068708 update isn't simple, either. It connects to vortex-win.data.microsoft.com and settings-win.data.microsoft.com, which are hard-coded to bypass the Windows HOSTS file. In other words, it's tricky to block unless you have a firewall that can block HTTPS connections as well as be configured manually, ExtremeTech explains. There are options in GPEdit.msc that allow you to disable application telemetry and CEIP participation, but it's unknown if they behave correctly after the new patches are installed.

... ... ...

[Dec 26, 2016] Does Windows 10s Data Collection Trade Privacy For Microsofts Security?

Dec 26, 2016 | yro.slashdot.org
(pcworld.com) 181 Posted by EditorDavid on Sunday December 04, 2016 @07:09PM from the peeking-through-Windows dept. jader3rd shares an article from PC World arguing that Windows 10's data collection "trades your privacy for Microsoft's security." [Anonymized] usage data lets Microsoft beef up threat protection , says Rob Lefferts, Microsoft's director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender... For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences.

Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers.
The article points out that unlike home users, enterprise users of Windows 10 can select a lower level of data-sharing, but argues that enterprises "need to think twice before turning off Windows telemetry to increase corporate privacy" because Windows Update won't work without information about whether previous updates succeeded or failed.

[Dec 26, 2016] How Microsoft Lost In Court Over Windows 10 Upgrades

Dec 26, 2016 | yro.slashdot.org
Posted by EditorDavid on Sunday December 04, 2016 @03:39PM from the winning-against-Windows dept. In June a California woman successfully sued Microsoft for $10,000 over forced Windows 10 upgrades, and she's now written a 58-page ebook about her battle (which she's selling for $9.99 ). But an anonymous Slashdot reader shares another inspiring story about a Texas IT worker and Linux geek who got Microsoft to pay him $650 for all the time that he lost. "Worley built a Windows 7 machine for his grandfather, who has Alzheimer's Disease, [customized] to look like Windows XP, an operating system his grandfather still remembered well..." writes Digital Trends. "But thanks to Microsoft's persistent Windows 10 upgrade program, Worley's grandfather unknowingly initiated the Win 10 upgrade by clicking the 'X' to close an upgrade window." After Worley filed a legal "Notice of Dispute," Microsoft quickly agreed to his demand for $650 , which he donated to a non-profit focusing on Alzheimer's patients.

But according to the article, that's just the beginning, since Worley now "hopes people impacted by the forced Windows 10 upgrade will write a complaint to Microsoft demanding a settlement for their wasted time and money in repairing the device," and on his web page suggests that if people don't need the money, they should give it to charities fighting Alzheimer's . "If Microsoft isn't going to wake up and realize that lobbing intentionally-tricky updates at people who don't need and can't use them actively damages not only the lives of the Alzheimer's sufferer, but those of their whole family, then let's cure the disease on Microsoft's dime so their tactics and those of companies that will follow their reckless example aren't as damaging."
Worley suggests each Notice of Dispute should demand at least $50 per hour from Microsoft, adding "If recent history holds steady they might just write you a check!"

[Dec 26, 2016] PowerShell Security Threats Greater Than Ever, Researchers Warn

Dec 26, 2016 | tech.slashdot.org
(computerweekly.com) 129 Posted by msmash on Thursday December 08, 2016 @01:50PM from the security-woes dept. Microsoft's Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers at Symantec, who have seen a surge in associated threats. From a report on ComputerWeekly: More than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious , with 111 threat families using PowerShell. Malicious PowerShell scripts are on the rise, as attackers are using the framework's flexibility to download their payloads, traverse through a compromised network and carry out reconnaissance, according to Candid Wueest, threat researcher at Symantec.

[Dec 26, 2016] Windows 10 Update Broke DHCP, Knocked Users Off the Internet

Dec 26, 2016 | tech.slashdot.org
(arstechnica.com) 256 Posted by msmash on Wednesday December 14, 2016 @12:25PM from the windows-updates dept. Microsoft has quietly fixed a software update it released last week, which effectively prevented Windows 10 users from connecting to the Internet or joining a local network. From a report on ArsTechnica: It's unclear exactly which automatic update caused the problem or exactly when it was released -- current (unconfirmed) signs point to KB3201845 released on December 9 -- but whatever it was appeared to break DHCP (Dynamic Host Configuration Protocol), preventing Windows 10 from automatically acquiring an IP address from the network . There's also little detail on how many people were affected or why, but multiple cases have been confirmed across Europe by many ISPs. A Microsoft spokesperson has meanwhile confirmed that "some customers" had been experiencing "difficulties" getting online, but that's about it for public statements at present. However, a moderator on the company's forums has said the fix was included in a patch released on Tuesday called KB3206632.

[Dec 26, 2016] Microsoft Exec Admits They Went Too Far With Aggressive Windows 10 Updates

Dec 26, 2016 | tech.slashdot.org
(softpedia.com) 248 Posted by msmash on Friday December 23, 2016 @10:20AM from the aggressive-updates dept. It's no secret that Microsoft has been aggressively pushing Windows 10 to users. Over the past year and a half, we have seen users complain about Windows 10 automatically getting downloaded to their computer, and in some cases, getting installed on its own as well. The automatic download irked many users who were on limited or slow data plans, or didn't want to spend gigabytes of data on Windows 10. A company executive has admitted for the first time that they may have went overboard with Windows 10 updates. From a report on Softpedia: Chris Capossela, Chief Marketing Officer at Microsoft, said in the latest edition of the Windows Weekly that this was the moment when the company indeed went too far, pointing out that the two weeks between the moment when users started complaining about the unexpected behavior and the one when a patch was released were "very painful." "We know we want people to be running Windows 10 from a security perspective, but finding the right balance where you're not stepping over the line of being too aggressive is something we tried and for a lot of the year I think we got it right, but there was one particular moment in particular where, you know, the red X in the dialog box which typically means you cancel didn't mean cancel," he said. "And within a couple of hours of that hitting the world, with the listening systems we have we knew that we had gone too far and then, of course, it takes some time to roll out the update that changes that behavior. And those two weeks were pretty painful and clearly a lowlight for us. We learned a lot from it obviously."

[Jun 09, 2016] Mcrosoft wont back down from Windows 10 nagware trick

That's pretty disingenuous approach that means that Windows 10 is a malware. Shame on Microsoft leadership. This dirty trick with assuming that closing dialof means saying yes to upgrade is actually a typical malware authors approach. Like one commenter said "Total asshattery. "We decided to screw you over and we meant it"."
Notable quotes:
"... Redmond recently created a new Windows 10 nagware reminder that presented a dialog asking you to install the OS. But if users clicked the red "X" to close the dialog - standard behaviour for dispelling a dialog without agreeing to do anything - Microsoft took that as permission for the upgrade. ..."
"... The Close button on the title bar should have the same effect as the Cancel or Close button within the dialog box. Never give it the same effect as OK. ..."
May 26, 2016 | The Register
Recent Articles

Microsoft is hurt and disappointed that people would think it was trying to "trick" them with a confusing Windows 10 upgrade dialog that scheduled an upgrade without users explicitly agreeing to do so.

Redmond recently created a new Windows 10 nagware reminder that presented a dialog asking you to install the OS. But if users clicked the red "X" to close the dialog - standard behaviour for dispelling a dialog without agreeing to do anything - Microsoft took that as permission for the upgrade.

Redmond (via its flacks) has e-mailed The Register – and, we presume, World+Dog – to say that the UI had worked like that for ages: "the UI of our 'your upgrade is scheduled' notification is nothing new (including the ability to just 'X-out' of the notification with no further action needed to schedule your upgrade) – it's been part of the notification UI for months" (their emphasis, not ours).

In this Knowledge Base article, Microsoft notes that "Based on customer feedback, in the most recent version of the Get Windows 10 (GWX) app, we confirm the time of your scheduled upgrade and provide you an additional opportunity for cancelling or rescheduling the upgrade."

+Comment: You'll have noticed that Microsoft didn't say it would re-write the app so that closing the app is taken as a "no", as happens for just about every other dialog Windows offers.

Or is Redmond saying users who didn't like the UI sleight-of-hand are at fault for delving into its Knowledge Base every time they find a dialog confusing? We'd expect commenters to have an opinion on this …

Ralph B
My opinion on this?

My opinion on this.

robidy
Re: My opinion on this?

Ralph, you post doesn't do the link justice.

You should clarify that the link is to a remarkably helpful tool that will stop the nagware, prevent inadvertent deployment of Windows 10 by desktop users, recover lost disk space and hopefully prevent mobile users busting their data limits downloading a large Windows 10 installer.

It has a helpful command line interface for use in enterprise environments which is vital for smooth and effective deployment.

It will also clear up gigabytes of disk space lost when GWX installs, some people have claimed it's freed up over 10GB!

PS. I have no connection with the author.

PPS. User beware - take the usual precautions before deploying any application...test it!

Anonymous Coward
Re: My opinion on this?

OK, so I've run the software and restarted, and the nagware is gone from my system tray but the Windows 10 update is still in the Control Panel Windows Update and still a default selection. Was I just expecting too much?

Ralph B

Re: My opinion on this?

> Was I just expecting too much?

Never10 doesn't/can't stop the Windows Update from downloading the Control Panel Windows Update. It just stops the update from being used - via Microsoft's official group policy settings.

cornz 1

Re: My opinion on this?

Hmm, this is nothing more than a tool to automate the creation/destruction of 2 registry keys.

Surrounded (as typical for GRC) with a great deal of fanfare, like its some major achievement.

He moans about the file size being 56k, well, here you go, in 244 bytes.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx]

"DisableGwx"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

"DisableOSUpgrade"=dword:00000001

Because all the program does is create or delete those 2 keys.

That's it.. And this is new information how exactly?

RayStantz

Re: My opinion on this?

Awwww Microsofts feelings are hurt.... I DOUBT IT!!!

It doesn't take a genius or even someone with a degrees in social behavior or even Engineering to point out how right out horrible an idea this is to FORCE people to download Windows 10, this is NOTHING to do with if its a good program or not, it has all to do with people and their right to choose as well as the damage this has done by ignorantly having the program install without even the knowledge of the owner of the computer even being aware of it if they happen to not be around the computer at the time it installs.

The damage it has done to some computers, the loss of personal information and money its caused not to mention how it interrupted people at work for a long period of time and more not even mentioning the stress shows how this is by no means something "good" Microsoft was doing for their customers, it was them forcing their will on people as they saw fit, something that is as close to digital rape as one can get in my opinion and to add to the insult they act like they know better then we do, for months they asked people if they want to upgrade to windows 10, harassing them with this like its an ad and people were fully aware of the choice to upgrade or not and so at this point the people who didn't were all saying NO!!! So how is this justified??? HOW!!! You have no way to opt out unless you turn off the updates MAYBE and/or go to some other outside application like i did to stop it from being forced on my system!!

So Microsoft is "hurt" BULL, its a simple case of them not caring and forcing others but in this case its caused damage and in my opinion, they are liable, class action sounds good about now!

Also, i hear a lot of good things about Apple!

Mark 85

Re: My opinion on this?

Awwww Microsofts feelings are hurt.... I DOUBT IT!!!

Sure they are, just like the advertisers' feeling are hurt that we use adblockers, or the malware writers' feelings are hurt because we won't respond to their attempts, or Microsoft Techs' feelings are hurt because we won't allow them to get rid of all the viruses on our computers.

Oh wait.. Hurt=Bottom Line... Tough.. hurt all you want, you bastards.

Ralph B

Re: so

> Thus failing Microsofts own 'Windows Certification' then?

He's right, you know.

[quote]

The Close button on the title bar should have the same effect as the Cancel or Close button within the dialog box. Never give it the same effect as OK.

[/quote]

Anonymous Coward

Re: so

Microsoft Marketing / Terry Myerson :

Nothing like Microsoft's own documentation to bring a Company down and cause it to grovel out of a situation. (One rule for them, another rule for the rest of us)

You'll be changing that Dialog Box pronto then, to avoid a Class Action Lawsuit? Thought so.

Great find (The Windows Certification Documentation)...Thank you.

For all the folk with limited eyesight, dexterity problems, or other disabilities that have put up with the MS shit for months now. Shame on you Microsoft, we have laws against this type of inequality.

[Jun 09, 2016] Never10 utility allow to control automatic and unwanted upgrade to Windows 10

Notable quotes:
"... Never10 does NOT prevent the installation of Windows updates, including the infamous Get Windows 10 (GWX) update KB3035583. Never10 simply employs Microsoft's documented and sanctioned configuration settings to instruct it NOT to change the installed version of Windows. ..."
"... Never 10 is an easy to use utility which gives users control over whether their Windows 7 or 8.1 will upgrade itself to Windows 10. ..."
"... Since this utility simply updates and/or configures the system to prevent or allow, OS upgrading, it may be deleted after it has configured the system appropriately. ..."
"... When Never10 enables automatic OS upgrading, ..."
"... To verify the current state of a system's OS Upgrade status, ..."
"... If the hidden $WINDOWS.~BT subdirectory exists, ..."
"... The GWX Control Panel ..."
"... contained built-in provisions for disabling OS upgrades ..."
www.grc.com

Never10 does NOT prevent the installation of Windows updates, including
the infamous Get Windows 10 (GWX) update KB3035583. Never10 simply
employs Microsoft's documented and sanctioned configuration settings to
instruct it NOT to change the installed version of Windows.

Easily Control Automatic and Unwanted
Windows 7 & 8.1 Upgrading to Windows 10

Never 10 is an easy to use utility which gives users control over
whether their Windows 7 or 8.1 will upgrade itself to Windows 10.

The name "Never 10" is a bit of an overstatement, since this utility may also be used to easily re-enable Windows operating system automatic upgrading. But the primary reason for using this is to disable Windows' pestering insistence upon upgrading Windows 7 or 8.1 to Windows 10.

Many users of Windows 7 and 8.1 are happy with their current version of Windows, and have no wish to upgrade to Windows 10. There are many reasons for this, but among them is the fact that Windows 10 has become controversial due to Microsoft's evolution of their Windows operating system platform into a service which, among other things, aggressively monitors and reports on its users activities. This alone makes many users uncomfortable enough to cause them to choose to wait. In line with this, a few months into 2016, Windows 10 started displaying unsolicited advertisements on its users' desktops. Others dislike the changes Microsoft made by merging their failed "tiled" smartphone user-interface into the Windows UI. And, finally, some object to being force-fed whatever Microsoft wants and simply wish to choose for themselves.

In July of 2015, responding to the significant user backlash, Microsoft added features to its Windows Update facility which allow it to be configured, on a machine-by-machine basis, to not forcibly upgrade qualifying Windows 7 and 8.1 operating systems to Windows 10. However, Microsoft did not make this configuration simple. It requires the use of the group policy editor (which is not present in some qualifying systems) and/or the system registry. In other words, they created some deep internal configuration options but chose not to provide a simple user-interface to give their users the choice. "Never10" provides that choice.

The elegance of this "Never 10" utility, is that it does not
install ANY software of its own
. It simply and quickly
performs the required system editing for its user.

Since this utility simply updates and/or configures the system to prevent or allow,
OS upgrading, it may be deleted after it has configured the system appropriately.

Using this utility, inexperienced users will be able to easily use Never10 themselves, while advanced users will likely appreciate that fact that no additional software is installed and will be able to refer friends and family, whom they support, to this easy-to-use utility.

Never10 v1.3 adds quiet command-line options for enterprise users. See the Command line options page for usage details.

Command-Line Options

Version 1.3 of Never10 adds much-requested command-line switches to perform and further automate all Never10 operations. Never10 now offers the following command-line switches:

Typical command line: never10.exe update delete disable

Note that the presence of the command verbs triggers the program's actions. There is no need for additional "escape" prefixes such as '-' or '/' though they may be added if desired.

What it does

The first thing Never10 does upon starting is verify that it's running on a non-Enterprise edition of either Windows 7, 8, or 8.1. Those are the only versions of Windows that qualify for automatic upgrading through the Windows Update facility.

If the edition and version of Windows qualifies, it then checks the file version of the Windows Update AutoUpdate Client wuauclt.exe located in the Windows system directory. For Windows 7, the wuauclt.exe version is compared against [7.6.7601.18971]. For Windows 8.x, the wuauclt.exe version is compared against [7.9.9600.17930]. In either case, those are the versions of the respective July 2015 updates to Windows Update which added the ability to disable the GWX (Get Windows 10) group policy and registry settings.

If the currently installed version of Windows update has a lower version, Never10 notifies its user that Windows Update must be updated to be able to disable automatic OS upgrading. When the user understands and instructs Never10 to update Windows Update, it chooses among one of four files for Windows 7 or 8 and 32 or 64 bits, downloads the proper file from Microsoft's Windows Update server, and runs the standalone installer to update Windows Update. This never seems to require a reboot.

Never10 manipulates the values and security permission settings of the following two registry keys: When Never10 disables automatic OS upgrading, the following actions are taken:
  1. Under the Gwx key, which will be created if it doesn't yet exist, the 32-bit DWORD value "DisableGwx" is created and set to 1.
  2. Under the WindowsUpdate key, the 32-bit DWORD value "DisableOSUpgrade" is created and set to 1.
When Never10 enables automatic OS upgrading, the following actions are taken:
  1. Under the Gwx key, the 32-bit DWORD value "DisableGwx" is deleted.
  2. Under the WindowsUpdate key, the 32-bit DWORD value "DisableOSUpgrade" is deleted.

To verify the current state of a system's OS Upgrade status, Never10 verifies that both keys have their respective disabling values set to 1. If either value is missing or not set to 1, Never10 will report that OS updating is disabled.

If the hidden $WINDOWS.~BT subdirectory exists, Never10 recursively explores the entire Windows 10 pre-download file set counting items and summing the number of bytes consumed. The user interface will show the total size of storage being consumed and provide a one-button file deletion option.

. . . and why

The GWX Control Panel (an early popular solution at 2.4 megabytes) was a useful first step. But it was wrong in too many ways. Its design and operation seemed ill suited to the simple task of preventing upgrades to Windows 10. It was confusing and offered an array of actions, options and status reports, when all anyone really wanted was simply for Windows to not upgrade itself and to leave us alone. Instead, the GWX Control Panel makes itself the center of attention. It needs to be "installed", is resident and persistent afterward, and it pops up all the time to tell us what a great job it's doing... which is exactly the kind of nonsense most people are fed up with in this era where "your attention" is what commercial interests all want to obtain more of. But more than anything, none of that was necessary . . .

Microsoft's Knowledgebase article 3080351 titled "How to manage Windows 10 notification and upgrade options" revealed that an available July 2015 update to Windows Update contained built-in provisions for disabling OS upgrades . This made it immediately clear that was the right way to solve this problem. So back on January 13th, 2016, I created a "bitly" shortcut to that Microsoft knowledgebase page ( bit.ly/no-gwx ) which explained how to do this, and began promoting that "correct," minimal and sufficient way to disable Windows OS upgrading on my weekly Security Now! podcast.

The trouble was, Microsoft did not make this easy. In fact, it was down right user-hostile. It required using the Windows Group Policy editor, which is not even present on lower-end Windows editions which were eligible for OS upgrading. Or it required manually creating keys and values in the Windows registry, which is fraught with danger if the wrong button is pressed.

For several months I resisted the temptation to steal time from other projects to fix this. But the GWX Control Panel was so annoying that I finally removed it from the one Win7 machine it was "protecting." And the final straw occurred when two non-computer-savvy friends were "upgraded" from Windows 7 against their wishes and became a bit hysterical over what had happened to the computer they had finally learned to use.

So, Never10 was born.

In testing the effects of using Microsoft's own documented "switch settings," I was very impressed to discover that setting them to "disabled" would even cause the GWX subsystem to delete the 6 gigabytes of Windows 10 upgrade files it might have already pre-downloaded. This means that although Never10 does not explicitly remove that massive, sometimes-downloaded blob, it will cause the same agent that downloaded it to delete it, which is perfect.

There have been unsubstantiated and imprecise rumors of Windows upgrading even if users were using something to inhibit or prohibit that from happening. Some claimed that Microsoft was re-enabling something that was disabled. But we've never had any details. While it's certainly possible, my guess is that people were manually avoiding and "hiding" the evil 3035583 update titled: "Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1". The trouble is that "hiding" Windows updates is very soft protection. The Windows Update hiding system does not work reliably. Things that Microsoft wants you to have tend to reappear unbidden and they are very easy to miss.

This is why, unlike the GWX Control Panel, Never10 makes no attempt to prevent the GWX technologies from entering the user's system, nor of removing them if they are present. That's an uphill battle which requires vigilance and constant monitoring, and it's unnecessary. The GWX components occupy less than 32 megabytes in the /Windows/System32/GWX directory. You can go visit them if you're curious. So long as the proper registry settings are in place to hold them at bay and keep them disabled, they will cause no trouble and they occupy almost no storage space.

So, yes. Never10 is relying upon Microsoft to obey their own provided settings, which they created a special update to Windows Update to provide. And they buried those settings where no "regular user" would ever find them. Corporations the world over are relying upon those settings to prevent unwanted upgrading of their existing systems. There is just no chance that Microsoft would ever choose to deliberately bypass the express desire of their users by ignoring their own registry settings. It's not impossible, but it'll never happen.

What about Group Policy? The "How to manage Windows 10 notification and upgrade options" knowledgebase 3080351 page mentions that Windows OS upgrading can also be applied through Windows group policy settings. I have verified that enabling the setting to disable Windows OS upgrading through the group policy editor simply sets the DisableOSUpgrade value of the WindowsUpdate key. So group policy is merely another way of achieving the same thing that Never10 does, though through the enforcement of group policy.

Never10 Version History

A final note: I'm a bit annoyed that "Never10" is as large as it is at 85 kbyte. The digital signature increases the application's size by 4k, but the high-resolution and high-color icons Microsoft now requires takes up 56k! So without all that annoying overhead, the app would be a respectable 25k. <g> And, yes, of course I wrote it in assembly language.

FAQ

The question we are most asked is how to switch over to using Never10 from the GWX Control Panel. The best answer is to simply uninstall the GWX Control Panel from the system and then run Never10 once to set the OS upgrade system to DISABLED. Then you can leave the 81k app around, or delete it and grab it later if you ever change your mind.

[Jun 09, 2016] Microsoft force-feeds Win10 by Richard Chirgwin

Notable quotes:
"... This Knowledge Base article explains that the only way to cancel the upgrade is to click on the "change upgrade schedule" link. ..."
"... Somehow, the article fails to explain why closing the dialogue (clicking the invitingly red "x" at the top right) doesn't do what the user expects, but rather, it schedules the upgrade. ..."
25 May 2016 | The Register

Microsoft is on everyone's hate-list again, because closing the Windows 10 upgrade dialogue without explicitly cancelling an installation leaves the upgrade on the schedule.

This Knowledge Base article explains that the only way to cancel the upgrade is to click on the "change upgrade schedule" link.

"If you click on OK or on the red 'X', you're all set for the upgrade and there is nothing further to do", Redmond explains.

Somehow, the article fails to explain why closing the dialogue (clicking the invitingly red "x" at the top right) doesn't do what the user expects, but rather, it schedules the upgrade.

That little bit of sneakiness will get it more downloads of Windows 10, but probably at the cost of yet more criticism. ®

[Jun 03, 2016] Giant Windows 7 roll-up patch takes the headache out of updating a new PC by Ian Paul

May 18, 2016 | PCWorld

Microsoft is finally making it easier to reinstall Windows 7 from scratch with a new Service Pack (SP) that the company refuses to call a service pack.

Windows 7 may not be available to most of us anymore, but there are many reasons to reinstall the operating system on existing Windows 7 PCs, and Microsoft never released a Service Pack after Windows 7 Service Pack 1's release in early 2011. Because of that, updating a Windows 7 PC in recent times required countless "download update-install-reboot-repeat" cycles to fully patch the system, installing five full years of updates piece by piece.

It was painful.

That problem is now history, however. Microsoft recently announced the availability of the Windows 7 SP1 convenience roll-up. That sounds more like something you'd buy from a confectioner than put on your PC, but it's essentially SP2 for Windows 7. The rollup includes all the "security and non-security fixes" since the release of Windows Service Pack 1.

The impact on you at home:Thankfully, the endless update cycle for Windows 7 is over now...as long as you know about the roll-up, that is. Microsoft won't offer the roll-up via Windows Update-I guess that would be too convenient. Instead, you have to download the roll-up directly from Microsoft's Update Catalog (Internet Explorer only please). In other words, if you don't know about the convenience roll-up you're still in for a world of tedious updates.

Monthly rollups for everyone

Adding more roll-up fun for the future, Microsoft plans to create monthly roll-ups of non-security fixes for Windows 7 and Windows 8.1 from now on. The new monthly roll-ups will be available via Windows Update.

But Microsoft didn't stop tinkering with the update process there. The company has also decided to stop making Windows updates available through the Microsoft Download Center-an online repository that offers direct downloads of single updates.

Instead, anyone looking to avoid Windows Update will have to head to the Microsoft Update Catalog (MUC)-the same site where the new Windows 7 roll-up is available. Right now the MUC only works with Internet Explorer since it requires ActiveX. Microsoft plans to support other browsers with non-ActiveX functionality later this summer.

[via Ars Technica]

[Jun 03, 2016] How to escape that forced Windows 10 upgrade you mistakenly agreed to

Of cause this is criminal behaviour on the part of Microsoft. It is called deception. Even if upgrade started you can reverse if by not agreeing on license for windows 10. In this case Windows 10 installer will restore windows 7 back.
PCWorld
On Monday, hordes of angry Windows users pelted Microsoft with complaints about being lured into upgrading their PCs over the weekend. For months, Microsoft has been urging users running Windows 7 and Windows 8.1 to upgrade to Windows 10 before the free offer expires on July 29. But the series of dialog boxes and other messages that Microsoft has sent users have become increasingly deceptive, burying the opt-out links amid text that appears to commit users to the upgrade.

Normally, closing the dialog box by clicking the red box in the upper righthand corner automatically opted out. Over the weekend, clicking that red box started opting users in to the upgrade.

That not only flies in the face of years of user-interface design, it contradicts Microsoft's own advice for dealing with suspicious dialog boxes. "Never click 'Agree' or 'OK' to close a window that you suspect might be spyware," states Microsoft's page on viruses and malware. "Instead, click the red 'x' in the corner of the window or press Alt + F4 on your keyboard to close a window."

The company was unable to explain how closing a dialog box translated into a consumer's desire to upgrade to Windows 10. Microsoft representatives pointed out, however, that if you do mistakenly trigger the upgrade, you should still have an opportunity to opt out before it begins.

Microsoft described the new procedure on an updated support page, which notes that users will be given "an additional opportunity for cancelling or rescheduling the upgrade."

How it should work

According to Microsoft's support page, Windows 7 and Windows 8.1 users are still going to see those annoying popup windows that urge you to upgrade to Windows 10, where the only opt-out option is buried: "Click here to change upgrade schedule or cancel scheduled upgrade."

[Nov 12, 2015] Microsoft is Pushing Windows 10 Just a Little Too Hard

Microsoft really has pushed Windows 10 to the point where it's getting annoying - first they automatically installed a service that ran all the time to show the Get Windows 10 icon, and then they started automatically downloading Windows 10 onto people's computers even when they didn't want it. Now because of an "accident" they automatically triggered the installer on some people's computers.

From ArsTechnica: Windows 10 upgrade installing automatically on some Windows 7, 8 systems

For the first year of its availability, Windows 10 is available for free to most Windows 7 and 8 users, and Microsoft has been trying to coax those users to make the switch by delivering the operating system through Windows Update. Until now, the OS has been delivered as an optional update; while Windows Update gives it prominent positioning, it shouldn't be installed automatically.

This system has already generated some complaints, as Windows Update will download the sizeable operating system installer even if you don't intend to upgrade any time soon, but, over the last couple of days, the situation seems to have become a little more aggressive. We've received a number of reports that people's systems are not merely downloading the installer but actually starting it up.

And from ZDNet: Windows 10 upgrade nags become more aggressive, offer no opt-out

Reports are circulating that some users are being presented with dialog boxes that only give them the option to start the upgrade process or reschedule it for a later date. Others are finding that the Windows Update screen is only offering them the option to begin the upgrade process, with other system updates being hidden from view.

We get it, Windows 10 is a free upgrade, and the security enhancements alone make it worthwhile for most people. When it was first released, we told everybody to hold off for a few months, which was good advice considering some of the problems people had. But by this point it's getting a lot more stable, and their big service release update is right around the corner. It's probably worth doing the upgrade for the average person.

But there are a lot of people that are using software that just might not be compatible. Small businesses might be running important applications and can't deal with the downtime of upgrading. It's not right to automatically push down the entire operating system upgrade when nobody has asked for it.

Seriously, do they need to push it quite this hard? When you make a good product, people will want it, especially when it's free. Over 100 million people have upgraded already, after all. There's no reason for them to try and shove it onto everybody's computer immediately.

On a completely unrelated has nothing to do with it note, some unconfirmed reports are saying that the insider builds of Windows 10 now have "suggested apps" in the Start Menu. Which sound a lot like ads for apps to us.

[Nov 12, 2015] Five ways Microsoft plans to get you to upgrade to Windows 10 By Nick Heath

That's way too pushy... Since its release it looks more and more that Windows 10 is Microsoft's Trojan horse to push windows users to "service model". Microsoft's attempts to crank up the pressure to make the switch can backfire. The thing you need to understand with win10 will never run well on older hardware and small laptops. First o all for many user it does not make any sense. Hardwarewise you should have at least 4GB of memory, and a at lease dual core CPU with a decent clock speed as well as more or less modern graphics chip. And even in this case Win 10 is not impressive.
From comments:
"...The best question is not about how to get Windows 10 on your computer. But what will happen to your computing experience after those "free upgrade". The problems with older software must be always expected on all system upgrades - there is not anything special. ..."
"...But important thing is that Microsoft is going to Software as Service business model, they even do not hide it. Apparently this will affect all new Microsoft software regardless of whether you like it or not. ..."
"... I'm surprised I hadn't already seen people screaming about MS aggressively trying to trick people into Windows 10 upgrades. Windows Update started adding Windows 10 as a pre-selected "optional update" on my Windows 7 boxes more than a month ago. I always deselected it, so I don't know whether I would have been given the option to abort the upgrade. I have since uninstalled the KB3035583 "Recommended" update that gave us the irritating Win 10 tray icon and followed the rest of the howtogeek suggestions on killing the process. That has, so far, stopped the nagging. I have successfully upgraded one of my Win 7 machines to 10 with no problems, but the lack of Windows Media Center is a deal breaker for me and I am happy enough with Windows 7 and 8 and underwhelmed by the new features in 10. ..."
"... Windows 10 will open us all to more surveillance, possibly break older applications forcing us to buy upgrades which we cannot afford, take hours of time to install and configure, and based on Microsoft's history, will come with thousands of bugs which will cut into our productivity in the coming years. Microsoft hasn't given anyone a reason to go through all that other than that is what Microsoft wants! They can't GIVE their product away any more! ..."
"... Ever since its release, I've always thought of Windows 10 as Microsoft's Trojan horse. Can't help but think they have some kind of motive to get us to install it, whether it's spyware, backdoors, decryption, NSA keys, etc. Add to that the fact that they make it inconvenient to opt out of automatic updates. Maybe it's just me, but I'm always leary when a company like Microsoft gives away something for free. ..."
"... I will remain with Windows 7 until such time as it is no longer supported by Microsoft. After that, I will re-evaluate what I intend to do. If it weren't for my gaming and the expense of Mac machines, I'd dump Microsoft. ..."
October 30, 2015 | TechRepublic

1. Windows 10 will automatically begin installing itself

From "early next year", Microsoft will change the status of the free Windows 10 upgrade so it is classified as a Recommended Update.

Given that most home machines are set up to install Recommended Updates automatically, the change to Windows 10's update status will lead to most Windows 7 and 8.1 machines beginning the upgrade.

However, Microsoft says that before Windows 10 is installed users will need to manually confirm the installation, giving them a chance to pull out.

Business users should be able to prevent the upgrade from automatically starting using tools such as Windows Server Update Services.

For those on metered connections, Terry Myerson, Microsoft's executive VP of the Windows and Devices Group, said people "have the option of turning off automatic updates" before going on to say that such a move is unwise because of "the constant risk of internet threats".

Those who don't like the new OS will have 31 days to roll back to their previous version of Windows. To go back, select "Start Button->Settings->Update and Security->Recovery and Uninstall Windows 10".

Also see

Krotow, Nov 3, 2015

The best question is not about how to get Windows 10 on your computer. But what will happen to your computing experience after those "free upgrade". The problems with older software must be always expected on all system upgrades - there is not anything special.

But important thing is that Microsoft is going to Software as Service business model, they even do not hide it. Apparently this will affect all new Microsoft software regardless of whether you like it or not.

There been rumours about possibility to get partially disabled system in near future, because Microsoft new business model will deny to get this or that for free.

For Windows 10 this is more than possible, because parts of it may be remotely disabled from its creator. Of course, wise heads will found the ways to overcome this, but most of users will pay a monthly/year fee or will stay with half-broken system.

rwjustus, Nov 3, 2015

My history only goes back to October 12th. I guess they are deleting older history.

Cumulative Update for Windows 10 for x64-based Systems (KB3105210)
Failed to Install on 11/1/2015
Failed to Install on 10/30/2015

Cumulative Update for Windows 10 for x64-based Systems (KB3097617)
Failed to Install on 10/29/2015
Failed to Install on 10/24/2015
Failed to Install on 10/23/2015
Failed to Install on 10/23/2015
Failed to Install on 10/21/2015
Failed to Install on 10/20/2015
Failed to Install on 10/19/2015
Failed to Install on 10/18/2015
Failed to Install on 10/17/2015
Failed to Install on 10/16/2015
Failed to Install on 10/16/2015
Failed to Install on 10/16/2015
Failed to Install on 10/15/2015
Failed to Install on 10/15/2015
Failed to Install on 10/14/2015

Cumulative Update for Windows 10 for x64-based Systems (KB3093266)
Failed to Install on 10/14/2015
Failed to Install on 10/13/2015
Failed to Install on 10/12/2015

UriF, Nov 4, 2015

@rwjustus

If you have problems with Windows Update please try following steps (works with Win 8 & Win 8.1)
1. Open command prompt window as administrator
2. Run command sfc /scannow
3. Run commands
Dism /Online /Cleanup-Image /CheckHealth
Dism /Online /Cleanup-Image /ScanHealth
Dism /Online /Cleanup-Image /RestoreHealth
4. Run sfc /scannow again (to verify that are no more errors)
5. Run Windows Update troubleshooter
https://support.microsoft.com/en-us/gp/windows-update-issues/en-us?wa=wsignin1.0
6. Restart computer

UriF, Nov 4, 2015

@rwjustus

By the way if you want to risk and install Win 10 anyway please do not use Windows update because you download the old version of installation package
Microsoft published media creation tool which be updated from time to time and fixed bugs. By the way owner of site dellwindowsreinstallation guide recommend to postpone installation until Microsoft would publish a Win 10 TH2 (expected this month). Of course I doubt that this latest version of Win 10 could be downloaded using Windows Update
http://windows.microsoft.com/en-us/windows-10/media-creation-tool-install

markdengler, Nov 2, 2015

I'm surprised I hadn't already seen people screaming about MS aggressively trying to trick people into Windows 10 upgrades. Windows Update started adding Windows 10 as a pre-selected "optional update" on my Windows 7 boxes more than a month ago. I always deselected it, so I don't know whether I would have been given the option to abort the upgrade. I have since uninstalled the KB3035583 "Recommended" update that gave us the irritating Win 10 tray icon and followed the rest of the howtogeek suggestions on killing the process. That has, so far, stopped the nagging. I have successfully upgraded one of my Win 7 machines to 10 with no problems, but the lack of Windows Media Center is a deal breaker for me and I am happy enough with Windows 7 and 8 and underwhelmed by the new features in 10.

Gisabun, Nov 2, 2015

You don't want W10 installed? Turn it off.

https://ebraiter.wordpress.com/2015/09/11/disabling-windows-10-upgrade-option/

Or other options if you take 2 minutes to google it...

Michael Rivero, Nov 2, 2015

Windows 10 will open us all to more surveillance, possibly break older applications forcing us to buy upgrades which we cannot afford, take hours of time to install and configure, and based on Microsoft's history, will come with thousands of bugs which will cut into our productivity in the coming years. Microsoft hasn't given anyone a reason to go through all that other than that is what Microsoft wants! They can't GIVE their product away any more!

nwalker11, Nov 2, 2015

@Michael Rivero

Ever since its release, I've always thought of Windows 10 as Microsoft's Trojan horse. Can't help but think they have some kind of motive to get us to install it, whether it's spyware, backdoors, decryption, NSA keys, etc. Add to that the fact that they make it inconvenient to opt out of automatic updates. Maybe it's just me, but I'm always leary when a company like Microsoft gives away something for free.

Gisabun, Nov 2, 2015

@DAS01 ...There are multiple ways to disable W10 upgrading. See https://ebraiter.wordpress.com/2015/09/11/disabling-windows-10-upgrade-option/


eaglewolf, Nov 2, 2015

I'm sorry, Microsoft, but you DO NOT have *any* right to demand/force that I install anything .. on MY computer. That is my determination and mine alone.

You are so desperate in your attempts to show the world that you're somehow still 'important' .. and you're failing miserably. You're driving your most knowledgeable people away. When all is said and done, all you'll be left with is a base of end-user/consumers who can be duped into following you and clicking at every command .. just like they do on Facebook.

Forcing it on users by changing it to a 'recommended update' is a sham ... and deception. Yes, they still have to agree, but lacking the knowledge of even how to research s/w, they'll just accept. After all, the defaults are to install everything and if Microsoft says it's good, gee, it must be fine .. right?

From a ZD Net article on this topic, apparently Microsoft will *start* to release what's included in the updates that it also forces onto your system without being able to stop it - unless you're at the top level of product and then it doesn't stop it .. it just postpones it.

So starting next month, they will *start* providing more documentation about the updates. BUT they "...will not be providing a full code change list, but will strive to provide the right amount of information for different audiences." This is no way to run a business - sysadmins will be at a constant disadvantage.

zman58, Nov 3, 2015

@eaglewolf

You need to carefully read the EULA that you agreed to. They have it covered completely and can do whatever they want with the software on your system.

You should be thinking about Linux for sure.

eaglewolf, Nov 3, 2015

@zman58 @eaglewolf

zman ...

I didn't, nor will I, install Win10. The security/privacy issues plus the totally uncontrolled way Microsoft wants to deal with the end users (update chaos) should be illegal. They're playing a shell game but the problem is none of the shells have anything under them. You always lose.

And I'll be heading to Linux in the near future - already decided that!

Jason Shepard, Nov 1, 2015

I will remain with Windows 7 until such time as it is no longer supported by Microsoft. After that, I will re-evaluate what I intend to do. If it weren't for my gaming and the expense of Mac machines, I'd dump Microsoft.

[Sep 24, 2015] Find Product Keys for Installed Software

Jan 26, 2009 | PCWorld

As part of my recent migration to a new PC, I needed to find the product keys for various programs I was planning to reinstall. Easier said than done. (When, when will I organize this disaster area of a home office?)

Fortunately, I found a sweet utility that saved me hours of rummaging through boxes. Magical Jelly Bean's Keyfinder quickly and efficiently finds the product keys for installed programs, then lets you print them for safekeeping.

It's compatible with all versions of Windows and can dig up the keys for your operating system, Office apps, and various other programs. On my machine it found keys not just for Windows XP and Office 2003, but also for Command and Conquer: Generals (best RTS game ever, if you want my opinion).

Keyfinder is fast, free, and incredibly handy. It doesn't even require installation. I recommend it not just for those migrating to new PCs, but for anyone who wants to keep a hardcopy of important product keys.

Pros

It does what it claims to do... and much more that it doesn't warn you about.

[Sep 13, 2015] Microsoft pushes Windows 10 upgrade to PCs without user consent By Gregg Keizer

Microsoft with Windows 10 is doing a great job of destroying user trust. Look like Windows OS itself became a malware...
"..."For those who have chosen to receive automatic updates through Windows Update, we help customers prepare their devices for Windows 10 by downloading the files necessary for future installation," a company spokeswoman said in an email. "This results in a better upgrade experience and ensures the customer's device has the latest software. This is an industry practice that reduces time for installation and ensures device readiness." "
"...The upgrade, which can range in size from more than 3GB to nearly 6GB, is placed in the hidden "$Windows.~BT" folder, a long-used destination for Windows upgrades. It will sit there, presumably until the user expresses some kind of desire to install Windows 10. "
"..."I had to travel recently, so I took a laptop with [a] clean Windows 8.1 Pro install," wrote one such user, identified only as "X.25" on Slashdot. "At my destination, I purchased a SIM (they only had 1GB data packages) and put it into the 3G/W-Fi router I carry. I powered the laptop, connected to [the] Internet via said router, checked [a] few things, then went away for [a] few hours. When I got back to [the] apartment, my data package (and Internet connectivity) was killed because [the] Microsoft idiots decided to start downloading Windows 10 even though I have explicitly closed/rejected all the 'offers.'" "
Sep 11, 2015 | Network World

Microsoft confirms it has been silently downloading massive upgrade to Windows machines via automatic updates, chewing up bandwidth and storage space

Microsoft today confirmed it has been pre-loading the Windows 10 installation bits onto devices whose owners have not "reserved" a copy or expressed interest in the new OS.

The move has upset some users of Windows 7 and Windows 8.1, who have complained that the unsolicited downloads have caused them to exceed their Internet providers' data caps or seized storage space without their consent.

In a statement, Microsoft acknowledged the practice, which was first reported by The Inquirer on Thursday.

"For those who have chosen to receive automatic updates through Windows Update, we help customers prepare their devices for Windows 10 by downloading the files necessary for future installation," a company spokeswoman said in an email. "This results in a better upgrade experience and ensures the customer's device has the latest software. This is an industry practice that reduces time for installation and ensures device readiness."

If Windows 7 or Windows 8.1 device owners have Windows Update set to the default -- and Microsoft-recommended -- option that lets the operating system download and install security and other bug fixes automatically in the background, Microsoft will push the Windows 10 upgrade files to the drive.

The upgrade, which can range in size from more than 3GB to nearly 6GB, is placed in the hidden "$Windows.~BT" folder, a long-used destination for Windows upgrades. It will sit there, presumably until the user expresses some kind of desire to install Windows 10.

Microsoft has been pre-loading the Windows 10 upgrade on systems since late July, but it was thought that the practice had been limited to PCs whose owners had accepted Microsoft's free offer and "reserved" a copy through an app the Redmond, Wash. company automatically installed this spring and early summer on virtual all consumer PCs running Windows 7 Home and 8.1 Home, and on many machines powered by Windows 7 Professional and Windows 8.1 Pro.

After the Windows 10 upgrade was downloaded to the device, the user was notified through the app that it was ready to install.

This new scheme, however, is vastly different in that the bits are downloaded to the device even though the user has not asked for the upgrade.

Not surprisingly, among the first to notice the I-did-not-ask-for-this upgrade were people who have data caps mandated by their Internet service providers (ISPs), particularly those who relied on a cellular connection to the Internet.

Several commenters in a long thread on Slashdot claimed that they had exceeded their caps because Microsoft downloaded the massive upgrade to their hardware without their approval.

"I had to travel recently, so I took a laptop with [a] clean Windows 8.1 Pro install," wrote one such user, identified only as "X.25" on Slashdot. "At my destination, I purchased a SIM (they only had 1GB data packages) and put it into the 3G/W-Fi router I carry. I powered the laptop, connected to [the] Internet via said router, checked [a] few things, then went away for [a] few hours. When I got back to [the] apartment, my data package (and Internet connectivity) was killed because [the] Microsoft idiots decided to start downloading Windows 10 even though I have explicitly closed/rejected all the 'offers.'"

Others didn't appreciate the unwelcome guest that dropped into their limited storage space. Anyone with a 128GB SSD (solid-state drive), for example, would be concerned if 5% of their storage capacity was occupied without their okay.

Some also wondered whether Microsoft would take the next logical step by either dunning users with notifications urging them to apply the already-installed upgrade, or make the much more unlikely move of automatically triggering the upgrade.

The former would, frankly, not be that different from what Microsoft has already done with those who accepted the free upgrade and reserved a copy. It's possible that many on the receiving end of such notifications would approve the upgrade, and even appreciate the fact that they did not have to wait for a long download to complete before upgrading. The latter, however, would be unprecedented, and would almost certainly fuel a firestorm of protest.

Microsoft did not immediately reply to follow-up questions about its intensions.

What is also interesting about the upgrade-prep is Microsoft's defense, that it's an "industry practice."

Although that may be true in limited instances -- Google's Chrome browser, for example, regularly pre-loads updates, which are then automatically installed the next time the application is launched -- as far as Computerworld knows, it's never been done with either an operating system or software that demands installation files of this size. The most common practice for operating systems, by far, is to begin downloading an upgrade only after the user has been notified, and then approved the procedure.

Wes Miller, an analyst with Directions on Microsoft, agreed. "I've seen some tiny apps do it for updates. But not for an OS upgrade," Miller said in an email answer to a question asking whether he recalled any similar examples.

This story, "Microsoft pushes Windows 10 upgrade to PCs without user consent" was originally published by Computerworld.

[Aug 22, 2015]How Complex Systems Fail

"...This is really a profound observation – things rarely fail in an out-the-blue, unimaginable, catastrophic way. Very often just such as in the MIT article the fault or faults in the system are tolerated. But if they get incrementally worse, then the ad-hoc fixes become the risk (i.e. the real risk isn't the original fault condition, but the application of the fixes)."
.
"...It is that cumulative concentration of wealth and power over time which is ultimately destabilizing, producing accepted social norms and customs that lead to fragility in the face of both expected and unexpected shocks. This fragility comes from all sorts of specific consequences of that inequality, from secrecy to group think to brain drain to two-tiered justice to ignoring incompetence and negligence to protecting incumbents necessary to maintain such an unnatural order."
.
"...The problem arises with any societal order over time in that corrosive elements in the form of corruptive behavior (not principle based) by decision makers are institutionalized. I may not like Trump as a person but the fact that he seems to unravel and shake the present arrangement and serves as an indicator that the people begin to realize what game is being played, makes me like him in that specific function."
.
".... . .but it is also true that the incentives of the capitalist system ensure that there will be more and worse accidents than necessary, as the agents involved in maintaining the system pursue their own personal interests which often conflict with the interests of system stability and safety."
.
"...Globalization factors in maximizing the impact of Murphy's Law..."
.
"...Operators or engineers controlling or modifying the system are providing feedback. Feedback can push the system past "safe" limits. Once past safe limits, the system can fail catastrophically Such failure happen very quickly, and are always "a surprise"."
.
"...Where one can only say: "Forgive them Father, for they know not what they do""
.
"...The Iron Law of Institutions (agents act in ways that benefit themselves in the context of the institution [system], regardless of the effect those actions have on the larger system) would seem to mitigate against any attempts to correct our many, quickly failing complex social and technological systems."
Aug 21, 2015 | naked capitalism
August 21, 2015 by Yves Smith

Lambert found a short article by Richard Cook that I've embedded at the end of the post. I strongly urge you to read it in full. It discusses how complex systems are prone to catastrophic failure, how that possibility is held at bay through a combination of redundancies and ongoing vigilance, but how, due to the impractical cost of keeping all possible points of failure fully (and even identifying them all) protected, complex systems "always run in degraded mode". Think of the human body. No one is in perfect health. At a minimum, people are growing cancers all the time, virtually all of which recede for reasons not well understood.

The article contends that failures therefore are not the result of single causes. As Clive points out:

This is really a profound observation – things rarely fail in an out-the-blue, unimaginable, catastrophic way. Very often just such as in the MIT article the fault or faults in the system are tolerated. But if they get incrementally worse, then the ad-hoc fixes become the risk (i.e. the real risk isn't the original fault condition, but the application of the fixes). https://en.wikipedia.org/wiki/Windscale_fire#Wigner_energy documents how a problem of core instability was a snag, but the disaster was caused by what was done to try to fix it. The plant operators kept applying the fix in ever more extreme does until the bloody thing blew up.

But I wonder about the validity of one of the hidden assumptions of this article. There is a lack of agency in terms of who is responsible for the care and feeding of complex systems (the article eventually identifies "practitioners" but even then, that's comfortably vague). The assumption is that the parties who have influence and responsibility want to preserve the system, and have incentives to do at least an adequate job of that.

There are reasons to doubt that now. Economics has promoted ways of looking at commercial entities that encourage "practitioners" to compromise on safety measures. Mainstream economics has as a core belief that economies have a propensity to equilibrium, and that equilibrium is at full employment. That assumption has served as a wide-spread justification for encouraging businesses and governments to curtail or end pro-stability measures like regulation as unnecessary costs.

To put it more simply, the drift of both economic and business thinking has been to optimize activity for efficiency. But highly efficient systems are fragile. Formula One cars are optimized for speed and can only run one race.

Highly efficient systems also are more likely to suffer from what Richard Bookstaber called "tight coupling." A tightly coupled system in one in which events occur in a sequence that cannot be interrupted. A way to re-characterize a tightly coupled system is a complex system that has been in part reoptimized for efficiency, maybe by accident, maybe at a local level. That strips out some of the redundancies that serve as safeties to prevent positive feedback loops from having things spin out of control.

To use Bookstaber's nomenclature, as opposed to this paper's, in a tightly coupled system, measures to reduce risk directly make things worse. You need to reduce the tight coupling first.

A second way that the economic thinking has arguably increased the propensity of complex systems of all sorts to fail is by encouraging people to see themselves as atomized agents operating in markets. And that's not just an ideology; it's reflected in low attachment to institutions of all sorts, ranging from local communities to employers (yes, employers may insist on all sorts of extreme shows of fealty, but they are ready to throw anyone in the dust bin at a moment's notice). The reality of weak institutional attachments and the societal inculcation of selfish viewpoints means that more and more people regard complex systems as vehicles for personal advancement. And if they see those relationships as short-term or unstable, they don't have much reason to invest in helping to preserving the soundness of that entity. Hence the attitude called "IBY/YBG" ("I'll Be Gone, You'll Be Gone") appears to be becoming more widespread.

I've left comments open because I'd very much enjoy getting reader reactions to this article. Thanks!

James Levy August 21, 2015 at 6:35 am

So many ideas….
Mike Davis argues that in the case of Los Angeles, the key to understanding the city's dysfunction is in the idea of sunk capital – every major investment leads to further investments (no matter how dumb or large) to protect the value of past investments.

Tainter argues that the energy cost (defined broadly) of maintaining the dysfunction eventually overwhelms the ability of the system to generate surpluses to meet the rising needs of maintenance.

Goldsworthy has argued powerfully and persuasively that the Roman Empire in the West was done in by a combination of shrinking revenue base and the subordination of all systemic needs to the needs of individual emperors to stay in power and therefore stay alive. Their answer was endlessly subdividing power and authority below them and using massive bribes to the bureaucrats and the military to try to keep them loyal.

In each case, some elite individual or grouping sees throwing good money after bad as necessary to keeping their power and their positions. Our current sclerotic system seems to fit this description nicely.

Jim August 21, 2015 at 8:15 am

I immediately thought of Tainter's "The Complex of Complex Cultures" when I starting reading this. One point that Tainter made is that collapse is not all bad. He presents evidence that the average well being of people in Italy was probably higher in the sixth century than in the fifth century as the Western Roman Empire died. Somewhat like death being necessary for biological evolution collapse may be the only solution to the problem of excessive complexity.

xxx August 22, 2015 at 4:39 am

Tainter insists culture has nothing to do with collapse, and therefore refuses to consider it, but he then acknowledges that the elites in some societies were able to pull them out of a collapse trajectory. And from the inside, it sure as hell looks like culture, as in a big decay in what is considered to be acceptable conduct by our leaders, and what interests they should be serving (historically, at least the appearance of the greater good, now unabashedly their own ends) sure looks to be playing a big, and arguably the defining role, in the rapid rise of open corruption and related social and political dysfunction.

Praedor August 21, 2015 at 9:19 am

That also sounds like the EU and even Greece's extreme actions to stay in the EU.

jgordon August 21, 2015 at 7:44 am

Then I'll add my two cents: you've left out that when systems scale linearly, the amount of complexity, and points for failure, and therefore instability, that they contain scale exponentially–that is according to the analysis of James Rickards, and supported by the work of people like Joseph Tainter and Jared Diamond.

Ever complex problem that arises in a complex system is fixed with an even more complex "solution" which requires ever more energy to maintain, and eventually the inevitably growing complexity of the system causes the complex system to collapse in on itself. This process requires no malignant agency by humans, only time.

nowhere August 21, 2015 at 12:10 pm

Sounds a lot like JMG and catabolic collapse.

jgordon August 21, 2015 at 2:04 pm

Well, he got his stuff from somewhere too.

Synoia August 21, 2015 at 1:26 pm

There are no linear systems. They are all non-linear because the include a random, non-linear element – people.

Jim August 21, 2015 at 2:26 pm

Long before there were people the Earth's eco-system was highly complex and highly unstable.

Ormond Otvos August 21, 2015 at 4:37 pm

The presumption that fixes increase complexity may be incorrect.

Fixes should include awareness of complexity.

That was the beauty of Freedom Club by Kaczinsky, T.

JTMcPhee August 21, 2015 at 4:44 pm

Maybe call the larger entity "meta-stable?" Astro and geo inputs seem to have been big perturbers. Lots of genera were around a very long time before naked apes set off on their romp. But then folks, even these hot, increasingly dry days, brag on their ability to anticipate, and profit from, and even cause, with enough leverage, de- stability. Good thing the macrocosms of our frail, violent, kindly, destructive bodies are blessed with the mechanisms of homeostasis.

Too bad our "higher" functions are not similarly gifted… But that's what we get to chat about, here and in similar meta-spaces…

MikeW August 21, 2015 at 7:52 am

Agree, positive density of ideas, thoughts and implications.

I wonder if the reason that humans don't appreciate the failure of complex systems is that (a) complex systems are constantly trying to correct, or cure as in your cancer example, themselves all the time until they can't at which point they collapse, (b) that things, like cancer leading to death, are not commonly viewed as a complex system failure when in fact that is what it is. Thus, while on a certain scale we do experience complex system failure on one level on a daily basis because we don't interpret it as such, and given that we are hardwired for pattern recognition, we don't address complex systems in the right ways.

This, to my mind, has to be extended to the environment and the likely disaster we are currently trying to instigate. While the system is collapsing at one level, massive species extinctions, while we have experienced record temperatures, while the experts keep warning us, etc., most people to date have experienced climate change as an inconvenience - not the early stages of systemwide failure.

Civilization collapses have been regular, albeit spaced out, occurrences. We seem to think we are immune to them happening again. Yet, it isn't hard to list the near catastrophic system failures that have occurred or are currently occurring (famines, financial markets, genocides, etc.).

And, in most systems that relate to humans with an emphasis on short term gain how does one address system failures?

Brooklin Bridge August 21, 2015 at 9:21 am

Good-For-Me-Who-Effing-Cares-If-It's-Bad-For-You-And-Everyone-Else

would be a GREAT category heading though it's perhaps a little close to "Imperial Collapse"

Whine Country August 21, 2015 at 9:52 am

To paraphrase President Bill Clinton, who I would argue was one of the major inputs that caused the catastrophic failure of our banking system (through the repeal of Glass-Steagall), it all depends on what the definition of WE is.

jrs August 21, 2015 at 10:12 pm

And all that just a 21st century version of "apres moi le deluge", which sounds very likely to be the case.

Oregoncharles August 21, 2015 at 3:55 pm

JT – just go to the Archdruid site. They link it regularly, I suppose for this purpose.

Jim August 21, 2015 at 8:42 am

Civilizational collapse is extremely common in history when one takes a long term view. I'm not sure though that I would describe it as having that much "regularity" and while internal factors are no doubt often important external factors like the Mongol Onslaught are also important. It's usually very hard to know exactly what happened since historical documentation tends to disappear in periods of collapse. In the case of Mycenae the archaeological evidence indicates a near total population decline of 99% in less than a hundred years together with an enormous cultural decline but we don't know what caused it.

As for long term considerations the further one tries to project into the future the more uncertain such projections become so that long term planning far into the future is not likely to be evolutionarily stable. Because much more information is available about present conditions than future conditions organisms are probably selected much more to optimize for the short term rather than for the largely unpredicatble long term.

Gio Bruno August 21, 2015 at 1:51 pm

…it's not in question. Evolution is about responding to the immediate environment. Producing survivable offspring (which requires finding a niche). If the environment changes (Climate?) faster than the production of survivable offspring then extinction (for that specie) ensues.

Now, Homo sapien is supposedly "different" in some respects, but I don't think so.

Jim August 21, 2015 at 2:14 pm

I agree. There's nothing uniquely special about our species. Of course species can often respond to gradual change by migration. The really dangerous things are global catastrophes such as the asteroid impact at the end of the Cretaceous or whatever happened at the Permian-Triassic boundary (gamma ray burst maybe?).

Ormond Otvos August 21, 2015 at 4:46 pm

Interesting that you sit there and type on a world-spanning network batting around ideas from five thousand years ago, or yesterday, and then use your fingers to type that the human species isn't special.

Do you really think humans are unable to think about the future, like a bear hibernating, or perhaps the human mind, and its offspring, human culture and history, can't see ahead?

Why is "Learn the past, or repeat it!" such a popular saying, then?

diptherio August 21, 2015 at 9:24 am

The Iron Law of Institutions (agents act in ways that benefit themselves in the context of the institution [system], regardless of the effect those actions have on the larger system) would seem to mitigate against any attempts to correct our many, quickly failing complex social and technological systems.

jgordon August 21, 2015 at 10:40 am

This would tend to imply that attempts to organize large scale social structures is temporary at best, and largely futile. I agree. The real key is to embrace and ride the wave as it crests and callapses so its possible to manage the fall–not to try to stand against so you get knocked down and drowned. Focus your efforts on something useful instead of wasting them on a hopeless, and worthless, cause.

Jim August 21, 2015 at 2:21 pm

Civilization is obviously highly unstabe. However it should remembered that even Neolithic cultures are almost all less than 10,000 years old. So there has been little time for evolutionary adaptations to living in complex cultures (although there is evidence that the last 10,000 years has seen very rapid genetic changes in human populations). If civilization can continue indefinitely which of course is not very clear then it would be expected that evolutionary selection would produce humans much better adapted to living in complex cultures so they might become more stable in the distant future. At present mean time to collapse is probably a few hundred years.

Ormond Otvos August 21, 2015 at 4:50 pm

But perhaps you're not contemplating that too much individual freedom can destabilize society. Is that a part of your vast psychohistorical equation?

washunate August 21, 2015 at 10:34 am

Well said, but something I find intriguing is that the author isn't talking so much about civilizational collapse. The focus is more on various subsystems of civilization (transportation, energy, healthcare, etc.).

These individual components are not inherently particularly dangerous (at a systemic/civilizational level). They have been made that way by purposeful public policy choices, from allowing enormous compensation packages in healthcare to dismantling our passenger rail system to subsidizing fossil fuel energy over wind and solar to creating tax incentives that distort community development. These things are not done for efficiency. They are done to promote inequality, to allow connected insiders and technocratic gatekeepers to expropriate the productive wealth of society. Complexity isn't a byproduct; it is the mechanism of the looting. If MDs in hospital management made similar wages as home health aides, then how would they get rich off the labor of others? And if they couldn't get rich, what would be the point of managing the hospital in the first place? They're not actually trying to provide quality, affordable healthcare to all Americans.

It is that cumulative concentration of wealth and power over time which is ultimately destabilizing, producing accepted social norms and customs that lead to fragility in the face of both expected and unexpected shocks. This fragility comes from all sorts of specific consequences of that inequality, from secrecy to group think to brain drain to two-tiered justice to ignoring incompetence and negligence to protecting incumbents necessary to maintain such an unnatural order.

Linus Huber August 21, 2015 at 7:05 pm

I tend to agree with your point of view.

The problem arises with any societal order over time in that corrosive elements in the form of corruptive behavior (not principle based) by decision makers are institutionalized. I may not like Trump as a person but the fact that he seems to unravel and shake the present arrangement and serves as an indicator that the people begin to realize what game is being played, makes me like him in that specific function. There may be some truth in Thomas Jefferson's quote: "The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants. It is its natural manure." Those presently benefiting greatly from the present arrangement are fighting with all means to retain their position, whether successfully or not, we will see.

animalogic August 22, 2015 at 2:18 am

Well said, washunate. I think an argument could be run that outside economic areas, the has been a drive to de-complexity.
Non economic institutions, bodies which exist for non market/profit reasons are or have been either hollowed out, or co-opted to market purposes. Charities as vast engines of self enrichment for a chain of insiders. Community groups, defunded, or shriveled to an appendix by "market forces". The list goes on…and on.
Reducing the "not-market" to the status of sliced-white-bread makes us all the more dependant on the machinated complexities of "the market"….god help us….

Jay Jay August 21, 2015 at 8:00 am

Joseph Tainter's thesis, set out in "The Collapse of Complex Societies" is simple: as a civilization ages its use of energy becomes less efficient and more costly, until the Law of Diminishing Returns kicks in, generates its own momentum and the system grinds to a halt. Perhaps this article describes a late stage of that process. However, it is worth noting that, for the societies Tainter studied, the process was ineluctable. Not so for our society: we have the ability -- and the opportunity -- to switch energy sources.

Moneta August 21, 2015 at 5:48 pm

In my grandmother's youth, they did not burn wood for nothing. Splitting wood was hard work that required calories.

Today, we heat up our patios at night with gas heaters… The amount of economic activity based on burning energy not related to survival is astounding.

A huge percentage of our GDP is based on economies of scale and economic efficiencies but are completely disconnected from environmental efficiencies.

This total loss is control between nature and our lifestyles will be our waterloo .

TG August 21, 2015 at 8:20 am

An interesting article as usual, but here is another take.

Indeed, sometimes complex systems can collapse under the weight of their own complexity (Think: credit default swaps). But sometimes there is a single simple thing that is crushing the system, and the complexity is a desperate attempt to patch things up that is eventually destroyed by brute force.

Consider a forced population explosion: the people are multiplied exponentially. This reduces per capita physical resources, tends to reduce per-capita capital, and limits the amount of time available to adapt: a rapidly growing population puts an economy on a treadmill that gets faster and faster and steeper and steeper until it takes superhuman effort just to maintain the status quo. There is a reason why, for societies without an open frontier, essentially no nation has ever become prosperous with out first moderating the fertility rate.

However, you can adapt. New technologies can be developed. New regulations written to coordinate an ever more complex system. Instead of just pumping water from a reservoir, you need networks of desalinization plants – with their own vast networks of power plants and maintenance supply chains – and recycling plans, and monitors and laws governing water use, and more efficient appliances, etc.etc.

As an extreme, consider how much effort and complexity it takes to keep a single person alive in the space station.

That's why in California cars need to be emissions tested, but in Alabama they don't – and the air is cleaner in Alabama. More people needs more controls and more exotic technology and more rules.

Eventually the whole thing starts to fall apart. But to blame complexity itself, is possibly missing the point.

Steve H. August 21, 2015 at 8:30 am

No system is ever 'the'.

Jim Haygood August 21, 2015 at 11:28 am

Two words, Steve: Soviet Union.

It's gone now. But we're rebuilding it, bigger and better.

Ormond Otvos August 21, 2015 at 4:54 pm

If, of course, bigger is better.

Facts not in evidence.

Ulysses August 21, 2015 at 8:40 am

"But because system operations are never trouble free, human practitioner adaptations to changing conditions actually create safety from moment to moment. These adaptations often amount to just the selection of a well-rehearsed routine from a store of available responses; sometimes, however, the adaptations are novel combinations or de novo creations of new approaches."

This may just be a rationalization, on my part, for having devoted so much time to historical studies– but it seems to me that historians help civilizations prevent collapse, by preserving for them the largest possible "store of available responses."

aronj August 21, 2015 at 8:41 am

Yves,

Thanks for posting this very interesting piece! As you know, I am a fan Bookstaber's concept of tight coupling. Interestingly, Bookstaber (2007) does not reference Cook's significant work on complex systems.

Before reading this article, I considered the most preventable accidents involve a sequence of events uninterrupted by human intelligence. This needs to be modified by Cook's points 8, 9. 10 and 12.

In using the aircraft landing in the New York river as an example of interrupting a sequence of events, the inevitable accident occurred but no lives were lost. Thus the human intervention was made possible by the unknowable probability of coupling the cause with a possible alternative landing site. A number of aircraft accidents involve failed attempts to find a possible landing site, even though Cook's point #12 was in play.

Thanks for the post!!!!!

Brooklin Bridge August 21, 2015 at 8:47 am

A possible issue with or a misunderstanding of #7. Catastrophic failure can be made up of small failures that tend to follow a critical path or multiple critical paths. While a single point of origin for catastrophic failure may rarely if ever occur in a complex system, it is possible and likely in such a system to have collections of small failures that occur or tend to occur in specific sequences of order. Population explosion (as TG points out) would be a good example of a failure in a complex social system that is part of a critical path to catastrophic failure.

Such sequences, characterized by orders of precedence, are more likely in tightly coupled systems (which as Yves points out can be any system pushed to the max). The point is, they can be identified and isolated at least in situations where a complex system is not being misused or pushed to it's limits or created due to human corruption where such sequences of likelihood may be viewed or baked into the system (such as by propaganda->ideology) as features and not bugs.

Spring Texan August 21, 2015 at 8:53 am

I agree completely that maximum efficiency comes with horrible costs. When hospitals are staffed so that people are normally busy every minute, patients routinely suffer more as often no one has time to treat them like a human being, and when things deviate from the routine, people have injuries and deaths. Same is true in other contexts.

washunate August 21, 2015 at 10:40 am

Agreed, but that's not caused by efficiency. That's caused by inequality. Healthcare has huge dispariaties in wages and working conditions. The point of keeping things tightly staffed is to allow big bucks for the top doctors and administrators.

susan the other August 21, 2015 at 2:55 pm

Yes. When one efficiency conflicts with and destroys another efficiency. Eq. Your mother juggled a job and a family and ran around in turbo mode but she dropped everything when her kids were in trouble. That is an example of an efficiency that can juggle contradictions and still not fail.

JTMcPhee August 21, 2015 at 11:38 am

Might this nurse observe that in hospitals, there isn't and can't be a "routine" to deviate from, no matter how fondly "managers" wish to try to make it and how happy they may be to take advantage of the decent, empathic impulses of many nurses and/or the need to work to eat of those that are just doing a job. Hence the kindly (sic) practice of "calling nurses off" or sending them home if "the census is down," which always runs aground against a sudden influx of billable bodies or medical crises that the residual staff is expected to just somehow cope with caring for or at least processing, until the idiot frictions in the staffing machinery add a few more person-hours of labor to the mix. The larger the institution, the greater the magnitude and impact (pain, and dead or sicker patients and staff too) of the "excursions from the norm."

It's all about the ruling decisions on what are deemed (as valued by where the money goes) appropriate outcomes of the micro-political economy… In the absence of an organizing principle that values decency and stability and sustainability rather than upward wealth transfer.

Will August 21, 2015 at 8:54 am

I'll join the choir recommending Tainter as a critical source for anybody interested in this stuff.

IBG/YBG is a new concept for me, with at least one famous antecedent. "Après moi, le déluge."

diptherio August 21, 2015 at 9:17 am

The author presents the best-case scenario for complex systems: one in which the practitioners involved are actually concerned with maintaining system integrity. However, as Yves points out, that is far from being case in many of our most complex systems.

For instance, the Silvertip pipeline spill near Billings, MT a few years ago may indeed have been a case of multiple causes leading to unforeseen/unforeseeable failure of an oil pipeline as it crossed the Yellowstone river. However, the failure was made immeasurably worse due to the fact that Exxon had failed to supply that pump-station with a safety manual, so when the alarms started going off the guy in the station had to call around to a bunch of people to figure out what was going on. So while it's possible that the failure would have occurred no matter what, the failure of the management to implement even the most basic of safety procedures made the failure much worse than it otherwise would have been.

And this is a point that the oil company apologists are all too keen to obscure. The argument gets trotted out with some regularity that because these oil/gas transmission systems are so complex, some accidents and mishaps are bound to occur. This is true–but it is also true that the incentives of the capitalist system ensure that there will be more and worse accidents than necessary, as the agents involved in maintaining the system pursue their own personal interests which often conflict with the interests of system stability and safety.

Complex systems have their own built-in instabilities, as the author points out; but we've added a system of un-accountability and irresponsibility on top of our complex systems which ensures that failures will occur more often and with greater fall-out than the best-case scenario imagined by the author.

Brooklin Bridge August 21, 2015 at 9:42 am

As Yves pointed out, there is a lack of agency in the article. A corrupt society will tend to generate corrupt systems just as it tends to generate corrupt technology and corrupt ideology. For instance, we get lots of little cars driving themselves about, profitably to the ideology of consumption, but also with an invisible thumb of control, rather than a useful system of public transportation. We get "abstenence only" population explosion because "groath" rather than any rational assessment of obvious future catastrophe.

washunate August 21, 2015 at 10:06 am

Right on. The primary issue of our time is a failure of management. Complexity is an excuse more often than an explanatory variable.

abynormal August 21, 2015 at 3:28 pm

abynormal
August 21, 2015 at 2:46 pm

Am I the only hearing 9″Nails, March of the Pigs

Aug. 21, 2015 1:54 a.m. ET

A Carlyle Group LP hedge fund that anticipated a sudden currency-policy shift in China gained roughly $100 million in two days last week, a sign of how some bearish bets on the world's second-largest economy are starting to pay off.
http://www.wsj.com/articles/hedge-fund-gains-100-million-in-two-days-on-bearish-china-bet-1440136499?mod=e2tw

oink oink is the sound of system fail

Oregoncharles August 21, 2015 at 3:40 pm

A very important principle:

All systems have a failure rate, including people. We don't get to live in a world where we don't need to lock our doors and banks don't need vaults. (If you find it, be sure to radio back.)

The article is about how we deal with that failure rate. Pointing out that there are failures misses the point.

cnchal August 21, 2015 at 5:05 pm

. . .but it is also true that the incentives of the capitalist system ensure that there will be more and worse accidents than necessary, as the agents involved in maintaining the system pursue their own personal interests which often conflict with the interests of system stability and safety.

How true. A Chinese city exploded. Talk about a black swan. I wonder what the next disaster will be?

hemeantwell August 21, 2015 at 9:32 am

After a skimmy read of the post and reading James' lead-off comment re emperors (Brooklin Bridge comment re misuse is somewhat resonant) it seems to me that a distinguishing feature of systems is not being addressed and therefore being treated as though it's irrelevant.

What about the mandate for a system to have an overarching, empowered regulatory agent, one that could presumably learn from the reflections contained in this post? In much of what is posted here at NC writers give due emphasis to the absence/failure of a range of regulatory functions relevant to this stage of capitalism. These run from SEC corruption to the uncontrolled movement of massive amount of questionably valuable value in off the books transactions between banks, hedge funds etc. This system intentionally has a deliberately weakened control/monitoring function, ideologically rationalized as freedom but practically justified as maximizing accumulation possibilities for the powerful. It is self-lobotomizing, a condition exacerbated by national economic territories (to some degree). I'm not going to now jump up with 3 cheers for socialism as capable of resolving problems posed by capitalism. But, to stay closer to the level of abstraction of the article, doesn't the distinction between distributed opacity + unregulated concentrations of power vs. transparency + some kind of central governing authority matter? Maybe my Enlightenment hubris is riding high after the morning coffee, but this is a kind of self-awareness that assumes its range is limited, even as it posits that limit. Hegel was all over this, which isn't to say he resolved the conundrum, but it's not even identified here.

Ormond Otvos August 21, 2015 at 5:06 pm

Think of Trump as the pimple finally coming to a head: he's making the greed so obvious, and pissing off so many people that some useful regulation might occur.

Another thought about world social collapse: if such a thing is likely, (and I'm sure the PTB know if it is, judging from the reports from the Pentagon about how Global Warming being a national security concern) wouldn't it be a good idea to have a huge ability to overpower the rest of the world?

We might be the only nation that survives as a nation, and we might actually have an Empire of the World, previously unattainable. Maybe SkyNet is really USANet. It wouldn't require any real change in the national majority of creepy grabby people.

Jim August 21, 2015 at 9:43 am

Government bureaucrats and politicians pursue their own interests just as businessmen do. Pollution was much worst in the non-capitalist Soviet Union, East Germany and Eastern Europe than it was in the Capitalist West. Chernobyl happened under socialism not capitalism. The present system in China, although not exactly "socialism", certainly involves a massively powerful govenment but a glance at the current news shows that massive governmental power does not necessarily prevent accidents. The agency problem is not unique to or worse in capitalism than in other systems.

Holly August 21, 2015 at 9:51 am

I'd throw in the theory of cognitive dissonance as an integral part of the failure of complex systems. (Example Tarvis and Aronon's recent book: Mistakes Were Made (But Not by me))

We are more apt to justify bad decisions, with bizarre stories, than to accept our own errors (or mistakes of people important to us). It explains (but doesn't make it easier to accept) the complete disconnect between accepted facts and fanciful justifications people use to support their ideas/organization/behavior.

craazymann August 21, 2015 at 10:03 am

I think this one suffers "Metaphysical Foo Foo Syndrome" MFFS. That means use of words to reference realities that are inherently ill-defined and often unobservable leading to untestable theories and deeply personal approaches to epistemological reasoning.

just what is a 'complex system"? A system implies a boundary - there are things part of the system and things outside the system. That's a hard concept to identify - just where the system ends and something else begins. So when 'the system' breaks down, it's hard to tell with any degree of testable objectivity whether the breakdown resulted from "the system" or from something outside the system and the rest was just "an accident that could have happened to anybody'"

maybe the idea is; '"if something breaks down at the worst possible time and in a way that fkks everything up, then it must have been a complex system". But it could also have been a simple system that ran into bad luck. Consider your toilet. Maybe you put too much toilet paper in it, and it clogged. Then it overflowed and ran out into your hallway with your shit everywhere. Then you realized you had an expensive Chinese rug on the floor. oh no! That was bad. you were gonna put tthat rug away as soon as you had a chance to admire it unrolled. Why did you do that? Big fckk up. But it wasn't a complex system. It was just one of those things.

susan the other August 21, 2015 at 12:14 pm

thanks for that, I think…

Gio Bruno August 21, 2015 at 2:27 pm

Actually, it was a system too complex for this individual. S(He) became convinced the plumbing would work as it had previously. But doo to poor maintenance, too much paper, or a stiff BM the "system" didn't work properly. There must have been opportunity to notice something anomalous, but appropriate oversight wasn't applied.

Oregoncharles August 21, 2015 at 3:29 pm

You mean the BM was too tightly coupled?

craazyman August 21, 2015 at 4:22 pm

It coould happen to anybody after enough pizza and red wine

people weren't meant to be efficient. paper towels and duct tape can somettmes help

This ocurred to me: The entire 1960s music revolution would't have happened if anybody had to be efficient about hanging out and jamming. You really have to lay around and do nothing if you want to achieve great things. You need many opportunities to fail and learn before the genius flies. That's why tightly coupled systems are self-defeating. Because they wipe too many people out before they've had a chance to figure out the universe.

JustAnObserver August 21, 2015 at 3:01 pm

Excellent example of tight coupling: Toilet -> Floor -> Hallway -> $$$ Rug

Fix: Apply Break coupling procedure #1: Shut toilet door.
Then: Procedure #2 Jam inexpensive old towels in gap at the bottom.

As with all such measures this buys the most important thing of all – time. In this case to get the $$$Rug out of the way.

IIRC one of Bookstaber's points was that that, in the extreme, tight coupling allows problems to propagate through the system so fast and so widely that we have no chance to mitigate before they escalate to disaster.

washunate August 21, 2015 at 10:03 am

To put it more simply, the drift of both economic and business thinking has been to optimize activity for efficiency.

I think that's an interesting framework. I would say effeciency is achieving the goal in the most effective manner possible. Perhaps that's measured in energy, perhaps labor, perhaps currency units, but whatever the unit of measure, you are minimizing that input cost.

What our economics and business thinking (and most importantly, political thinking) has primarily been doing, I would say, is not optimizing for efficiency. Rather, they are changing the goal being optimized. The will to power has replaced efficiency as the actual outcome.

Unchecked theft, looting, predation, is not efficient. Complexity and its associated secrecy is used to hide the inefficiency, to justify and promote that which would not otherwise stand scrutiny in the light of day.

BigEd August 21, 2015 at 10:11 am

What nonsense. All around us 'complex systems' (airliners, pipelines, coal mines, space stations, etc.) have become steadily LESS prone to failure/disaster over the decades. We are near the stage where the only remaining danger in air travel is human error. We will soon see driverless cars & trucks, and you can be sure accident rates will decline as the human element is taken out of their operation.

tegnost August 21, 2015 at 12:23 pm

see fukushima, lithium batteries spontaneously catching fire, financial engineering leading to collapse unless vast energy is invested in them to re stabilize…Driverless cars and trucks are not that soon, tech buddies say ten years I say malarkey based on several points made in the article, while as brooklyn bridge points out public transit languishes, and washunate points out that trains and other more efficient means of locomotion are starved while more complex methods have more energy thrown at them which could be better applied elsewhere. I think you're missing the point by saying look at all our complex systems, they work fine and then you ramble off a list of things with high failure potential and say look they haven't broken yet, while things that have broken and don't support your view are left out. By this mechanism safety protocols are eroded (that accident you keep avoiding hasn't happened, which means you're being too cautious so your efficiency can be enhanced by not worrying about it until it happens then you can fix it but as pointed out above tightly coupled systems can't react fast enough at which point we all have to hear the whocoodanode justification…)

susan the other August 21, 2015 at 12:34 pm

And the new points of failure will be what?

susan the other August 21, 2015 at 3:00 pm

So here's a question. What is the failure heirarchy. And why don't those crucial nodes of failsafe protect the system. Could it be that we don't know what they are?

Moneta August 22, 2015 at 8:09 am

While 90% of people were producing food a few decades ago, I think a large percentage will be producing energy in a few decades… right now we are still propping up our golf courses and avoiding investing in pipelines and refineries. We are still exploiting the assets of the 50s and 60s to live our hyper material lives. Those investments are what gave us a few decades of consumerism.

Now everyone wants government to spend on infra without even knowing what needs to go and what needs to stay. Maybe half of Californians need to get out of there and forget about building more infra there… just a thought.

America still has a frontier ethos… how in the world can the right investments in infra be made with a collection of such values?

We're going to get city after city imploding. More workers producing energy and less leisure over the next few decades. That's what breakdown is going to look like.

Moneta August 22, 2015 at 8:22 am

Flying might get safer and safer while we get more and more cities imploding.

Just like statues on Easter Island were getting increasingly elaborate as trees were disappearing.

ian August 21, 2015 at 4:02 pm

What you say is true, but only if you have a sufficient number of failures to learn from. A lot of planes had to crash for air travel to be as safe as it is today.

wm.annis August 21, 2015 at 10:19 am

I am surprised to see no reference to John Gall's General Systematics in this discussion, an entire study of systems and how they misbehave. I tend to read it from the standpoint of managing a complex IT infrastructure, but his work starts from human systems (organizations).

The work is organized around aphorisms - Systems tend to oppose their own proper function - The real world is what it is reported to the system - but one or two from this paper should be added to that repertoire. Point 7 seems especially important. From Gall, I have come to especially appreciate the Fail-Safe Theorem: "when a Fail-Safe system fails, it fails by failing to fail safe."

flora August 21, 2015 at 10:32 am

Instead of writing something long and rambling about complex systems being aggregates of smaller, discrete systems, each depending on a functioning and accurate information processing/feedback (not IT) system to maintain its coherence; and upon equally well functioning feedback systems between the parts and the whole - instead of that I'll quote a poem.

" Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold; "

-Yates, "The Second Coming"

flora August 21, 2015 at 10:46 am

erm… make that "Yeats", as in W.B.

Steve H. August 21, 2015 at 11:03 am

So, naturalists observe, a flea
Has smaller fleas that on him prey;
And these have smaller still to bite 'em,
And so proceed ad infinitum.

– Swift

LifelongLib August 21, 2015 at 7:38 pm

IIRC in Robert A. Heinlein's "The Puppet Masters" there's a different version:

Big fleas have little fleas
Upon their backs to bite 'em,
And little fleas have lesser fleas
And so, ad infinitum.

Since the story is about humans being parasitized and controlled by alien "slugs" that sit on their backs, and the slugs in turn being destroyed by an epidemic disease started by the surviving humans, the verse has a macabre appropriateness.

LifelongLib August 21, 2015 at 10:14 pm

Original reply got eaten, so I hope not double post. Robert A. Heinlein's (and others?) version:

Big fleas have little fleas
Upon their backs to bite 'em
And little fleas have lesser fleas
And so ad infinitum!

Lambert Strether August 21, 2015 at 10:26 pm

The order Siphonoptera….

Oregoncharles August 21, 2015 at 10:59 pm

"And what rough beast, its hour come round at last,
slouches toward Bethlehem to be born?"

I can't leave that poem without its ending – especially as it becomes ever more relevant.

Oldeguy August 21, 2015 at 11:02 am

Terrific post- just the sort of thing that has made me a NC fan for years.
I'm a bit surprised that the commentators ( thus far ) have not referred to the Financial Crisis of 2008 and the ensuing Great Recession as being an excellent example of Cook's failure analysis.

Bethany McLean and Joe Nocera's

All The Devils Are Here www.amazon.com/All-Devils-Are-Here-Financial/dp/159184438X/

describes beautifully how the erosion of the protective mechanisms in the U.S. financial system, no single one of which would have of itself been deadly in its absence ( Cook's Point 3 ) combined to produce the Perfect Storm.

It brought to mind Garett Hardin's The Tragedy Of The Commons https://en.wikipedia.org/wiki/Tragedy_of_the_commons . While the explosive growth of debt ( and therefore risk ) obviously jeopardized the entire system, it was very much within the narrow self interest of individual players to keep the growth ( and therefore the danger ) increasing.

Ormond Otvos August 21, 2015 at 5:14 pm

Bingo. Failure of the culture to properly train its members. Not so much a lack of morality as a failure to point out that when the temple falls, it falls on Samson.

The next big fix is to use the US military to wall off our entire country, maybe include Canada (language is important in alliances) during the Interregnum.

Why is no one mentioning the Foundation Trilogy and Hari Seldon here?

Deloss August 21, 2015 at 11:29 am

My only personal experience with the crash of a complex, tightly-coupled system was the crash of the trading floor of a very big stock exchange in the early part of this century. The developers were in the computer room, telling the operators NOT to roll back to the previous release, and the operators ignored them and did so anyway. Crash!

In Claus Jensen's fascinating account of the Challenger disaster, NO DOWNLINK, he describes how the managers overrode the engineers' warnings not to fly under existing weather conditions. We all know the result.

Human error was the final cause in both cases.

Now we are undergoing the terrible phenomenon of global warming, which everybody but Republicans, candidates and elected, seems to understand is real and catastrophic. The Republicans have a majority in Congress, and refuse–for ideological and monetary reasons–to admit that the problem exists. I think this is another unfolding disaster that we can ascribe to human error.

Ormond Otvos August 21, 2015 at 5:17 pm

"Human error" needs unpacking here. In this discussion, it's become a Deus ex Humanitas. Humans do what they do because their cultural experiences impel them to do so. Human plus culture is not the same as human. That's why capitalism doesn't work in a selfish society.

Oldeguy August 21, 2015 at 5:52 pm

" capitalism doesn't work in a selfish society "
Very true, not nearly so widely realized as it should be, and the Irony of Ironies .

BayesianGame August 21, 2015 at 11:48 am

But highly efficient systems are fragile. Formula One cars are optimized for speed and can only run one race.

Another problem with obsessing about (productive or technical) efficiency is that it usually means a narrow focus on the most measured or measurable inputs and outputs, to the detriment of less measurable but no less important aspects. Wages are easier to measure than the costs of turnover, including changes in morale, loss of knowledge and skill, and regard for the organization vs. regard for the individual. You want low cost fish? Well, it might be caught by slaves. Squeeze the measurable margins, and the hidden margins will move.

Donw August 21, 2015 at 3:18 pm

You hint at a couple fallacies.

1) Measuring what is easy instead of what is important.
2) Measuring many things and then optimizing all of them optimizes the whole.

Then, have some linear thinker try to optimize those in a complex system (like any organization involving humans) with multiple hidden and delayed feedback loops, and the result will certainly be unexpected. Whether for good or ill is going to be fairly unpredictable unless someone has actually looked for the feedback loops.

IsabelPS August 21, 2015 at 1:02 pm

Very good.

It's nice to see well spelled out a couple of intuitions I've had for a long time. For example, that we are going in the wrong direction when we try to streamline instead of following the path of biology: redundancies, "dirtiness" and, of course, the king of mechanisms, negative feedback (am I wrong in thinking that the main failure of finance, as opposed to economy, is that it has inbuilt positive feedback instead of negative?). And yes, my professional experience has taught me that when things go really wrong it was never just one mistake, it is a cluster of those.

downunderer August 22, 2015 at 3:52 am

Yes, as you hint here, and I would make forcefully explicit: COMPLEX vs NOT-COMPLEX is a false dichotomy that is misleading from the start.

We ourselves, and all the organisms we must interact with in order to stay alive, are individually among the most complex systems that we know of. And the interactions of all of us that add up to Gaia are yet more complex. And still it moves.

Natural selection built the necessary stability features into our bodily complexity. We even have a word for it: homeostasis. Based on negative feedback loops that can keep the balancing act going. And our bodies are vastly more complex than our societies.

Society's problem right now is not complexity per se, but the exploitation of complexity by system components that want to hog the resources and to hell with the whole, quite exactly parallel to the behavior of cancer cells in our bodies when regulatory systems fail.

In our society's case, it is the intelligent teamwork of the stupidly selfish that has destroyed the regulatory systems. Instead of negative feedback keeping deviations from optimum within tolerable limits, we now have positive feedback so obvious it is trite: the rich get richer.

We not only don't need to de-complexify, we don't dare to. We really need to foster the intelligent teamwork that our society is capable of, or we will fail to survive challenges like climate change and the need to sensibly control the population. The alternative is to let natural selection do the job for us, using the old reliable four horsemen.

We are unlikely to change our own evolved selfishness, and probably shouldn't. But we need to control the monsters that we have created within our society. These monsters have all the selfishness of a human at his worst, plus several natural large advantages, including size, longevity, and the ability to metamorphose and regenerate. And as powerful as they already were, they have recently been granted all the legal rights of human citizens, without appropriate negative feedback controls. Everyone here will already know what I'm talking about, so I'll stop.

Peter Pan August 21, 2015 at 1:18 pm

Formula One cars are optimized for speed and can only run one race.

Actually I believe F1 has rules regarding the number of changes that can be made to a car during the season. This is typically four or five changes (replacements or rebuilds), so a F1 car has to be able to run more than one race or otherwise face penalties.

jo6pac August 21, 2015 at 1:41 pm

Yes, F-1 allows four power planets per-season it has been up dated lately to 5. There isn't anything in the air or ground as complex as a F-1 car power planet. The cars are feeding 30 or more engineers at the track and back home normal in England millions of bit of info per second and no micro-soft is not used but very complex programs watching every system in the car. A pit stop in F-1 is 2.7 seconds anything above 3.5 and your not trying hard enough.

Honda who pride themselves in Engineering has struggled in power planet design this year and admit they have but have put more engineers on the case. The beginning of this Tech engine design the big teams hired over 100 more engineers to solve the problems. Ferrari throw out the first design and did a total rebuild and it working.

This is how the world of F-1 has moved into other designs, long but a fun read.
http://www.wired.com/2015/08/mclaren-applied-technologies-f1/

I'm sure those in F-1 system designs would look at stories like this and would come to the conclusion that these nice people are the gate keepers and not the future. Yes, I'm a long time fan of F-1. Then again what do I know.

The sad thing in F-1 the gate keepers are the owners CVC.

Brooklin Bridge August 21, 2015 at 3:25 pm

Interesting comment! One has to wonder why every complex system can't be treated as the be-all. Damn the torpedos. Spare no expense! Maybe if we just admitted we are all doing absolutely nothing but going around in a big circle at an ever increasing speed, we could get a near perfect complex system to help us along.

Ormond Otvos August 21, 2015 at 5:21 pm

If the human race were as important as auto racing, maybe. But we know that's not true ;->

jo6pac August 21, 2015 at 5:51 pm

In the link it's the humans of McLaren that make all the decisions on the car and the race on hand. The link is about humans working together either in real race time or designing out problems created by others.

Marsha August 21, 2015 at 1:19 pm

Globalization factors in maximizing the impact of Murphy's Law:

  1. Meltdown potential of a globalized 'too big to fail' financial system associated with trade imbalances and international capital flows, and boom and bust impact of volatile "hot money".
  2. Environmental damage associated with inefficiency of excessive long long supply chains seeking cheap commodities and dirty polluting manufacturing zones.
  3. Military vulnerability of same long tightly coupled 'just in time" supply chains across vast oceans, war zones, choke points that are very easy to attack and nearly impossible to defend.
  4. Consumer product safety threat of manufacturing somewhere offshore out of sight out of mind outside the jurisdiction of the domestic regulatory system.
  5. Geographic concentration and contagion of risk of all kinds – fragile pattern of horizontal integration – manufacturing in China, finance in New York and London, industrialized mono culture agriculture lacking biodiversity (Iowa feeds the world). If all the bulbs on the Christmas tree are wired in series, it takes only one to fail and they all go out.

Globalization is not a weather event, not a thermodynamic process of atoms and molecules, not a principle of Newtonian physics, not water running downhill, but a hyper aggressive top down policy agenda by power hungry politicians and reckless bean counter economists. An agenda hell bent on creating a tightly coupled globally integrated unstable house of cards with a proven capacity for catastrophic (trade) imbalance, global financial meltdown, contagion of bad debt, susceptibility to physical threats of all kinds.

Synoia August 21, 2015 at 1:23 pm

Any complex system contains non-linear feedback. Management presumes it is their skill that keeps the system working over some limited range, where the behavior approximates linear. Outside those limits, the system can fail catastrophically. What is perceived as operating or management skill is either because the system is kept in "safe" limits, or just happenstance. See chaos theory.

Operators or engineers controlling or modifying the system are providing feedback. Feedback can push the system past "safe" limits. Once past safe limits, the system can fail catastrophically Such failure happen very quickly, and are always "a surprise".

Synoia August 21, 2015 at 1:43 pm

All complex system contain non-linear feedback, and all appear manageable over a small rage of operation, under specific conditions.

These are the systems' safe working limits, and sometimes the limits are known, but in many case the safe working limits are unknown (See Stock Markets).

All systems with non-linear feedback can and will fail, catastrophically.

All predicted by Chaos Theory. Best mathematical filed applicable to the real world of systems.

So I'll repeat. All complex system will fail when operating outside safe limits, change in the system, management induced and stimulus induced, can and will redefine those limits, with spectacular results.

We hope and pray system will remain within safe limits, but greed and complacency lead us humans to test those limits (loosen the controls), or enable greater levels of feedback (increase volumes of transactions). See Crash of 2007, following repeal of Glass-Stegal, etc.

Brooklin Bridge August 21, 2015 at 4:05 pm

It's Ronnie Ray Gun. He redefined it as, "Safe for me but not for thee." Who says you can't isolate the root?

Synoia August 21, 2015 at 5:25 pm

Ronnie Ray Gun was the classic example of a Manager.

Where one can only say: "Forgive them Father, for they know not what they do"

Oregoncharles August 21, 2015 at 2:54 pm

Three quite different thoughts:

First, I don't think the use of "practitioner" is an evasion of agency. Instead, it reflects the very high level of generality inherent in systems theory. The pitfall is that generality is very close to vagueness. However, the piece does contain an argument against the importance of agency; it argues that the system is more important than the individual practitioners, that since catastrophic failures have multiple causes, individual agency is unimportant. That might not apply to practitioners with overall responsibility or who intentionally wrecked the system; there's a naive assumption that everyone's doing their best. I think the author would argue that control fraud is also a system failure, that there are supposed to be safeguards against malicious operators. Bill Black would probably agree. (Note that I dropped off the high level of generality to a particular example.)

Second, this appears to defy the truism from ecology that more complex systems are more stable. I think that's because ecologies generally are not tightly coupled. There are not only many parts but many pathways (and no "practitioners"). So "coupling" is a key concept not much dealt with in the article. It's about HUMAN systems, even though the concept should apply more widely than that.

Third, Yves mentioned the economists' use of "equilibrium." This keeps coming up; the way the word is used seems to me to badly need definition. It comes from chemistry, where it's used to calculate the production from a reaction. The ideal case is a closed system: for instance, the production of ammonia from nitrogen and hydrogen in a closed pressure chamber. You can calculate the proportion of ammonia produced from the temperature and pressure of the vessel. It's a fairly fast reaction, so time isn't a big factor.

The Earth is not a closed system, nor are economies. Life is driven by the flow of energy from the Sun (and various other factors, like the steady rain of material from space). In open systems, "equilibrium" is a constantly moving target. In principle, you could calculate the results at any given condition , given long enough for the many reactions to finish. It's as if the potential equilibrium drives the process (actually, the inputs do).

Not only is the target moving, but the whole system is chaotic in the sense that it's highly dependent on variables we can't really measure, like people, so the outcomes aren't actually predictable. That doesn't really mean you can't use the concept of equilibrium, but it has to be used very carefully. Unfortunately, most economists are pretty ignorant of physical science, so ignorant they insistently defy the laws of thermodynamics ("groaf"), so there's a lot of magical thinking going on. It's really ideology, so the misuse of "equilibrium" is just one aspect of the system failure.

Synoia August 21, 2015 at 5:34 pm

Really?

"equilibrium…from chemistry, where it's used to calculate the production from a reaction"

That is certainly a definition in one scientific field.

There is another definition from physics.

When all the forces that act upon an object are balanced, then the object is said to be in a state of equilibrium.

However objects on a table are considered in equilibrium, until one considers an earthquake.

The condition for an equilibrium need to be carefully defined, and there are few cases, if any, of equilibrium "under all conditions."

nat scientist August 21, 2015 at 7:42 pm

Equilibrium ceases when Chemistry breaks out, dear Physicist.

Synoia August 21, 2015 at 10:19 pm

Equilibrium ceases when Chemistry breaks out

This is only a subset.

Oregoncharles August 21, 2015 at 10:56 pm

I avoided physics, being not so very mathematical, so learned the chemistry version – but I do think it's the one the economists are thinking of.

What I neglected to say: it's an analogy, hence potentially useful but never literally true – especially since there's no actual stopping point, like your table.

John Merryman August 21, 2015 at 3:09 pm

There is much simpler way to look at it, in terms of natural cycles, because the alternative is that at the other extreme, a happy medium is also a flatline on the big heart monitor. So the bigger it builds, the more tension and pressure accumulates. The issue then becomes as to how to leverage the consequences. As they say, a crisis should never be wasted. At its heart, there are two issues, economic overuse of resources and a financial medium in which the rent extraction has overwhelmed its benefits. These actually serve as some sort of balance, in that we are in the process of an economic heart attack, due to the clogging of this monetary circulation system, that will seriously slow economic momentum.

The need then is to reformulate how these relationships function, in order to direct and locate our economic activities within the planetary resources. One idea to take into consideration being that money functions as a social contract, though we treat it as a commodity. So recognizing it is not property to be collected, rather contracts exchanged, then there wouldn't be the logic of basing the entire economy around the creation and accumulation of notational value, to the detriment of actual value. Treating money as a public utility seems like socialism, but it is just an understanding of how it functions. Like a voucher system, simply creating excess notes to keep everyone happy is really, really stupid, big picture wise.

Obviously some parts of the system need more than others, but not simply for ego gratification. Like a truck needs more road than a car, but an expensive car only needs as much road as an economy car. The brain needs more blood than the feet, but it doesn't want the feet rotting off due to poor circulation either.
So basically, yes, complex systems are finite, but we need to recognize and address the particular issues of the system in question.

Bob Stapp August 21, 2015 at 5:30 pm

Perhaps in a too-quick scan of the comments, I overlooked any mention of Nassim Nicholas Taleb's book, Antifragile. If so, my apologies. If not, it's a serious omission from this discussion.

Local to Oakland August 21, 2015 at 6:34 pm

Thank you for this.

I first wondered about something related to this theme when I first heard about just in time sourcing of inventory. (Now also staff.) I wondered then whether this was possible because we (middle and upper class US citizens) had been shielded from war and other catastrophic events. We can plan based on everything going right because most of us don't know in our gut that things can always go wrong.

I'm genX, but 3 out of 4 of my grandparents were born during or just after WWI. Their generation built for redundancy, safety, stability. Our generation, well. We take risks and I'm not sure the decision makers have a clue that any of it can bite them.

Jeremy Grimm August 22, 2015 at 4:23 pm

The just-in-time supply of components for manufacturing was described in Barry Lynn's book "Cornered" and identified as creating extreme fragility in the American production system. There have already been natural disasters that shutdown American automobile production in our recent past.

Everything going right wasn't part of the thinking that went into just-in-time parts. Everything going right - long enough - to steal away market share on price-point was the thinking. Decision makers don't worry about any of this biting them. Passing the blame down and golden parachutes assure that.

flora August 21, 2015 at 7:44 pm

This is really a very good paper. My direct comments are:

point 2: yes. provided the safety shields are not discarded for bad reasons like expedience or ignorance or avarice. See Glass-Steagall Act, for example.

point 4: yes. true of all dynamic systems.

point 7: 'root cause' is not the same as 'key factors'. ( And here the doctor's sensitivity to malpractice suits may be guiding his language.) It is important to determine key factors in order to devise better safety shields for the system. Think airplane black boxes and the 1932 Pecora Commission after the 1929 stock market crash.

Jay M August 21, 2015 at 9:01 pm

It's easy, complexity became too complex. And I can't read the small print. We are devolving into a world of happy people with gardens full of flowers that they live in on their cell phones.

Ancaeus August 22, 2015 at 5:22 am

There are a number of counter-examples; engineered and natural systems with a high degree of complexity that are inherently stable and fault-tolerant, nonetheless.

1. Subsumption architecture is a method of controlling robots, invented by Rodney Brooks in the 1980s. This scheme is modeled on the way the nervous systems of animals work. In particular, the parts of the robot exist in a hierarchy of subsystems, e.g., foot, leg, torso, etc. Each of these subsystems is autonomously controlled. Each of the subsystems can override the autonomous control of its constituent subsystems. So, the leg controller can directly control the leg muscle, and can override the foot subsystem. This method of control was remarkably successful at producing walking robots which were not sensitive to unevenness of the surface. In other words, the were not brittle in the sense of Dr. Cook. Of course, subsumption architecture is not a panacea. But it is a demonstrated way to produce very complex engineered systems consisting of many interacting parts that are very stable.

2. The inverted pendulum Suppose you wanted to build a device to balance a pencil on its point. You could imagine a sensor to detect the angle of the pencil, an actuator to move the balance point, and a controller to link the two in a feedback loop. Indeed, this is, very roughly, how a Segway remains upright. However, there is a simpler way to do it, without a sensor or a feedback controller. It turns out that if your device just moves the balance point sinusoidaly (e.g., in a small circle) and if the size of the circle and the rate are within certain ranges, then the pencil will be stable. This is a well-known consequence of the Mathieu equation. The lesson here is that stability (i.e., safety) can be inherent in systems for subtle reasons that defy a straightforward fault/response feedback.

3. Emergent behavior of swarms Large numbers of very simple agents interacting with one another can sometimes exhibit complex, even "intelligent" behavior. Ants are a good example. Each ant has only simple behavior. However, the entire ant colony can act in complex and effective ways that would be hard to predict from the individual ant behaviors. A typical ant colony is highly resistant to disturbances in spite of the primitiveness of its constituent ants.

4. Another example is the mammalian immune system that uses negative selection as one mechanism to avoid attacking the organism itself. Immature B cells are generated in large numbers at random, each one with receptors for specifically configured antigens. During maturation, if they encounter a matching antigen (likely a protein of the organism) then the B cell either dies, or is inactivated. At maturity, what is left is a highly redundant cohort of B cells that only recognize (and neutralize) foreign antigens.

Well, these are just a few examples of systems that exhibit stability (or fault-tolerance) that defies the kind of Cartesian analysis in Dr. Cook's article.

Marsha August 22, 2015 at 11:42 am

Glass-Steagall Act: interactions between unrelated functionality is something to be avoided. Auto recall: honking the horn could stall the engine by shorting out the ignition system. Simple fix is is a bit of insulation.

ADA software language: Former DOD standard for large scale safety critical software development: encapsulation, data hiding, strong typing of data, minimization of dependencies between parts to minimize impact of fixes and changes. Has safety critical software gone the way of the Glass-Steagall Act? Now it is buffer overflows, security holes, and internet protocol in hardware control "critical infrastructure" that can blow things up.

[Aug 21, 2015] Why this annoying icon to update to Windows 10?

[Aug 05, 2015] FTP Filesystems

[May 03, 2015] Windows 7 still a safe alternative to Windows 8

Don't rule out upgrading to Windows 10 from 7 when that ships this year. It should look much more like Windows as you've known it, including a streamlined version of the traditional Start menu. It will be a free upgrade from Win 7 as well as Win 8.
Q. My Windows 7 desktop died; is it wise to buy a new model with Win 7 if I can find one? I'd rather not have to relearn software after switching to Windows 8.

Is it possible to find Windows 7 on new computers if you're flexible in your hardware choices.

HP's site, for example, lists eight desktop configurations available with Windows 7 vs. 35 with Windows 8; among laptops, 68 versions come with Win 8 against 31 with its predecessor. Those numbers obscure how the top computer vendor in the USA offers at least one model in most of its product lines - Envy, Pavilion,

At Dell, ranked second in market-research firm IDC's latest data, a similar pattern prevails with laptops. Although you have far more choices with Windows 8 than 7 - 101 choices on the menu compared with 29 - choosing the older software still gives you choices among Dell's major product lines.

With Dell desktops, opting for Windows 7 will exclude that manufacturer's all-in-one designs.

At Lenovo, fourth in IDC's ranking after Apple, specifying Windows 7 on a laptop also requires compromises. Not only does its site list only 19 laptops with Win 7 vs. 100 with Win 8, you have to forgo more advanced models such as its Yoga and Flex series.

This selection does not represent a huge shift from what I found in late 2012, not long after Windows 8's debut.

Microsoft's support of Windows 7 has changed since then, but it's not as big of a deal as it might seem. Although that mainstream support" Jan. 13, all that means in practice is that Microsoft's updates to Windows 7 will consist only of security fixes, not new features. Those security patches will keep coming until Jan. 14, 2020, the scheduled end of "extended support" for Win 7.

That leaves potential Windows 7 shoppers few reasons to worry, Directions on Microsoft analyst

"They can buy a Windows 7 Professional PC today and receive security fixes for almost four and a half years," he said. "I also don't expect vendors to drop support for Windows 7 anytime soon - it's extremely popular with consumers and business."

Microsoft's Internet Explorer will get left behind - the Redmond, Wash., firm is retiring that browser in favor of a new app called Microsoft Edge that will ship with the upcoming Windows 10. Google Chrome or Mozilla Firefox can easily take IE's place. Since both still support Windows XP, you can expect Windows 7 to remain welcome at both browsers for years to come.

Don't rule out upgrading to Windows 10 from 7 when that ships this year. It should look much more like Windows as you've known it, including a streamlined version of the traditional Start menu. It will be a free upgrade from Win 7 as well as Win 8.

[Oct 29, 2013] More Windows command line PATH goodness pathed.exe by Justin Dearing

Just A Programmer

Readers of this blog probably think I have an obsession with editing my system path. That belief is absolutely correct. I even added a tag on this blog for the articles about path manipulation. I am a command line junkie who is constantly trying out new tools so I have to add them to my path. I've written about doing this from powershell here and here, as well as doing it with setx. While these methods are good, I wanted something better. I got better with pathed.exe.

pathed.exe is a program that lets you edit both your user and the system path. It only manipulates the path, not other environmental variables. The reason for this extreme specialization is that pathed is specifically designed for appending to and removing from the path. It treats the path as a semicolon delimited array, which is of course what it is. For example, I just ran it now on my machine as I was writing this article (note: live coding is less embarrassing when you do it on a blog).

[Oct 29, 2013] Getting the Drive Letter of a disk image mounted with WinCdEmu by Justin Dearing

May 10, 2013 | Just A Programmer

In my last post, I talked about mounting disk images in Windows 8. Both Windows 8 and 2012 include native support for mounting ISO images as drives. However, in prior versions of Windows you needed a third party tool to do this. Since I have a preference for open source, my tool of choice before Windows 8 was WinCdEmu. Today, I decided to see if it was possible to determine the drive letter of an ISO mounted by WinCdEMu with PowerShell.

A quick search of the internet revealed that WinCdEmu contained a 32 bit command line tool called batchmnt.exe, and a 64 bit counterpart called batchmnt64.exe. These tools were meant for command line automation. While I knew there would be no .NET libraries in WinCdEmu, I did have hope there would be a COM object I could use with New-Object. Unfortunately, all the COM objects were for Windows Explorer integration and popped up GUIs, so they were inappropriate for automation.

Next I needed to figure out how to use batchmnt. For this I used batchmnt64 /?.

 
1

2

3

4

5

6

7

8

9

10

11
C:\Users\Justin>"C:\Program Files (x86)\WinCDEmu\batchmnt64.exe" /?

BATCHMNT.EXE - WinCDEmu batch mounter.

Usage:

batchmnt <image file> [<drive letter>] [/wait] - mount image file

batchmnt /unmount <image file> - unmount image file

batchmnt /unmount <drive letter>: - unmount image file

batchmnt /check <image file> - return drive letter as ERORLEVEL

batchmnt /unmountall - unmount all images

batchmnt /list - list mounted

C:\Users\Justin>
 

Mounting and unmounting are trivial. The /list switch produces some output that I could parse into a PSObject if I so desired. However, what I really found interesting was batchmnt /check. The process returned the drive letter as ERORLEVEL. That means the ExitCode of the batchmnt process. If you ever programmed in a C like language, you know your main function can return an integer. Traditionally 0 means success and a number means failure. However, in this case 0 means the image is not mounted, and a non zero number is the ASCII code of the drive letter. To get that code in PowerShell is simple:

 
1

2

3

4

5
$proc = Start-Process -Wait `

"C:\Program Files (x86)\WinCDEmu\batchmnt64.exe" `

-ArgumentList '/check', '"C:\Users\Justin\SQL Server Media\2008R2\en_sql_server_2008_r2_developer_x86_x64_ia64_dvd_522665.iso"' `

-PassThru;

[char] $proc.ExitCode
 

The Start-Process cmdlet normally returns immediately without output. The -PassThru switch makes it return information about the process it created, and -Wait make the cmdlet wait for the process to exit, so that information includes the exit code. Finally to turn that ASCII code to the drive letter we cast with [char].

[Jul 19, 2013] Free BitTorrent Sync app for Linux by Jim Lynch

July 17, 2013 | ITworld

BitTorrent Sync lets you sync files and folders across Windows, Linux, Android and Mac devices. Your files and folders are encrypted, and they are never stored in the cloud or on a server.

1. Go to the BitTorrent Sync page.

2. Click the Download button.

3. A menu will appear with download options.

4. Under the "Linux and NAS Devices" section, click the link for your Linux computer or device.

5. Download the file and install it to run BitTorrent Sync on your Linux system.

[Jul 19, 2013] BitTorrent Sync

BitTorrent Labs

If the download did not begin automatically, please click here.

  1. Run BTSync.exe
  2. If necessary, allow the program to make changes and follow the install wizard
  3. After installation, BitTorrent Synс will start automatically

Check out the BitTorrent Sync user guide for more information on setup and configuration.

[Apr 18, 2013] Microsoft's Windows 8 Plan B(lue) Bring back the Start button, boot to desktop By Mary Jo Foley

April 16, 2013 | ZDNet

Reports from a couple of different forums from this past weekend raised the possibility that Microsoft might be moving toward allowing users to skip booting into the Metro-Style Start menu and instead start their PCs in desktop mode. (Winbeta.org noted the thread about this on April 14.)

BCF1968

perhaps 'puters aint your thing

have been using Windows 8 since the beta in February 2012. I don't have a laptop nor a touch screen. Works just fine. pretty simple? But heck maybe I'm just a super genius since so many seem to have so much difficulty. Perhaps a Mensa test should be required.

trumanp@...

Condecension is not a good way to get your point across

I really dislike how many people assume they are smarter, or just simply superior to their fellow computer users because they like the newest idea to come from a software company.

Did it ever occur to you that some people just don't like the new layout? I've also used Windows 8 since the developer preview, and I know it pretty much inside and out, but it only resides on one of my computers at home so I am conversant on the system. The rest of my computers remain windows 7, or linux of some flavor, (just for reference, that totals about 7 boxes among family, and media servers.)

Windows 8 as it stands is just not something I prefer on a personal level, either as touch or non-touch. A hybrid style ends up being maligned due to it's inability to capitalize on any of it's strengths. Tablets and touch centric devises have different needs than do desktops.

Tablets and touch devices are going to cut into desktop sales as many people bought desktops just to consume media. It was overkill. The desktop was too much muscle for what many people really needed or wanted. The desktop is not going away, but it's market is going to shrink for a while until tablets have replaced all the redundant PC's out there.

I personally think that the PC market will shrink to at least a third of what it is now in the consumer space, and that in certain areas a tablet will work great for many business uses as well.

I don't think this is the end of Microsoft any time soon, far too many systems used in education and business were written specifically for MS platforms. The expenses of switching are always prohibitive. But I do think that Microsoft's role as the dominant force in computing as a whole is done.

Tojuro

Separate but Obsolete

So, you see the world as silo's, with PC's and Tablets divided in inseparable containers.

Microsoft doesn't see it this way, obviously. When Google merges Chrome with Android, you'll see they agree with Microsoft (which sucks for both of the Chrome fans). When Apple merges IOS with Mac OS, you'll see it there (and all those obsolete Intel Mac owners will feel the pain). And, yes, those both of those days are coming.

Microsoft could go on making people happy......and we'd still be starting apps in the Program Manager and using a complex menu system in Office. Well, actually, Microsoft wouldn't exist if they did that. Windows 8 isn't perfect, but it's doing the right things to keep the company relevant in 5 years and in 20, and it takes guts to do that when it ticks off people here and now.

Look -- the OS will merge. The first version is never easy. I don't agree with Ad Hominem arguments, but this is a case where a lot of people just don't get it......yet.

CobraA1

thoughts

"Microsoft could go on making people happy......and we'd still be starting apps in the Program Manager and using a complex menu system in Office. "

Making people happy is part of the business. They should exist to serve their customers - what good is creating a beautiful looking UI if nobody buys it?

I seriously don't want to live in a world where businesses ignore their customers.

"and we'd still be starting apps in the Program Manager"

You actually could until Windows XP Service Pack 2. Microsoft actually included a configuration switch to allow you to do so for quite some time.

And it should be noted that neither Windows 9x nor Microsoft Office had discoverability issues - in fact, the ribbon was designed to make it easier to discover new things, not harder. Windows 8 is actually the opposite of Office 2007 in this regard.

jrbales@

Start button programs show how easy it is to add options back to Win 8

I have Windows 8 on my laptop (since the early previews in 2011/2012 and now the release version). After all that time I was not happy with the UI changes and how they affected the way I use my computer to accomplish work. Then I read up on the different apps that add the Start Button and boot to desktop options back to Win 8. I ended up with 'Start8' which was worth the $4.99 it cost me. Turns out it was really easy to add the Start button back to the desktop, to boot directly into the desktop, to get rid of the hot edges, and program keys to use IF & WHEN I want to use the Metro/Modern UI (which is rare).

I don't notice any performance hit and so far (after 6 months or more using it) I haven't experienced any problems. So if MS claims that it's not feasible to add switches to Win 8 that give the end user the option to decide how THEY want to use their computer, then they're lying to you.

bitcrazed

"nearly unusable Windows 8"

So, assuming you choose to ignore the Win8 Metro/Modern UI & apps and just use traditional desktop apps, how is Win8 "unusable"?

Since on your desktop, you no doubt pin your most frequently used apps to the taskbar and/or pin shortcuts to the desktop itself, you'll most likely rarely ever use the start screen.

So, again, how does this make Win8 "unusable"?

I'll grant you that on the desktop/laptop, especially non-touch-sensitive screens, the Win8 Metro/Modern apps aren't yet a slam-dunk home-run, but on touch-screen devices, Metro/Modern apps are fabulously usable compared to desktop apps.

Nobody is saying you have to stop using your desktop apps when you use Win8 (especially on your desktop/laptop) but if you're saying that MS should abandon/remove Metro, then you're eliminating Windows' utility on tablets and that is something that is unreasonable and unrealistic.

[Apr 17, 2013] Windows: It's over

While Steven J. Vaughan-Nichols articles are generally useless, some comments to them are really insightful
Apr 17, 2013 | ZDNet

bccasteel

clickbait

Sorry, this article is nothing but clickbait. This sort of prediction is way too premature, and the author doesn't even pretend to be balanced. Nothing to see here, move along.

Rob.sharp

ZDNET should be renamed to ZDANTIPC

Most of the bloggers here bash the PC on a daily basis avoiding the reality that Tablets and Smart-phones are not equal to the power of a PC. Hybrids like Surface Pro yes but not the crap from the other guys. Reading these articles on a daily basis has me leaning towards other news outlets because this site has a tainted and dirty feel...

It's as if Google and Apple has their hands up ZDnets ass working them over like a sweaty old puppeteer.

DadMagnum

Sunsetted Products

Man, I miss MS money too it was a great product. I miss Visual FoxPro also I loved that database development system.

slaskoske

I doubt it.

Windows isn't going anywhere. The various versions of Windows still hold on to around 90% of the market. Win 8 might not be lighting up the shelves but no new product is going phenomenally right now.

The iPad Mini is cannibalizing sales of the full-sized iPad. Does that mean that the iPad is going away? Of course not (or, at least, not in the near future).

[Nov 22, 2012] Internet Explorer 10 for Windows 7 Arriving This Month by V_R

Nov 13, 2012 | PC Review

Microsoft Group Program Manager Rob Mauceri has today revealed that Internet Explorer 10 will be bringing its bells and whistles over to Windows 7 in mid-November. The catch is that the release planned for next month is (still) a preview as the Redmond company wants to "collect developer and customer feedback" before rolling out a final version.

Internet Explorer 10 integrates Adobe Flash Player and comes with improved JavaScript performance, better HTML5 support, the Enhanced Protected Mode, plus other tweaks and fixes. IE10 can be experienced in full on Windows 8 which arrives on October 26.

Source: IEBlog

[Sep 08, 2012] XMouseButtonControl

I feel that is is more reliable and simpler to use then Microsoft Intellipoint. See X-Mouse Button Control User Guide for details

You are able to provide application or window specific mappings, which means an application or window can use the mouse buttons differently from another. For each profile you can optionally define up to 5 'layers' of different button configurations which you can switch between using hotkeys or mouse buttons.

You can also alter the behavior of the scroll and tilt wheel functions, fixing windows that don't normally respond to these controls.

Profiles are automatically activated by moving the mouse over the defined window or alternatively, when the specified application is active. This has many uses, for example:

The extensive list of functions available to map to your mouse buttons includes options such as: For more information about using and configuring X-Mouse Button Control, please check out the new user guide (mirror).

[Aug 27, 2012] Free Partition EaseUS Partition Master Home Edition

As Partition Magic alternative, EaseUS Partition Master Home Edition is a ALL-IN-ONE partition solution and disk management freeware. It allows you to extend partition (especially for system drive), manage disk space easily, settle low disk space problem on MBR and GUID partition table (GPT) disk under Windows 2000/XP/Vista/Windows 7 SP1/Windows 8 32 bit and 64 bit system.

[Jul 28, 2012] Console2 - A Better Windows Command Prompt

Jul 8, 2011 | Scott Hanselman's Blog

I was working on my Mac today and while I maintain that the OS X finder is as effective as shooting your hands fill of Novocaine, I remain envious of the simplicity of their Terminal. Not much interesting has happened in the command prompt world in Windows since, well, ever. I actually blogged about text mode as a missed opportunity in 2004. That post is still valid today, I think. Text is fast. I spend lots of time there and I will race anyone with a mouse, any day.

I blogged about Console2 as a better prompt for CMD.exe in 2005. Here we are 6 years later and I hopped over there to see Console2 was still being developed. They were on build 122 then, and they are, magically and to their extreme credit, still around and on build 147. Epic.

Open Source projects may be done, but they are never dead.

I downloaded Console2 at http://sourceforge.net/projects/console/files/ and put it c:\dev\utils which is in my PATH.

Here's how I set it up for my default awesomeness.

You'll have a nice "New Tab" option where you can make one of either shell. Note the general loveliness of this understated shell. I can open a new Tab with Ctrl-T (or lots) and use Ctrl-Tab to move between them. I took the screenshot with the background so you can see the transparency.

One final reason why Console2 rocks? It's freaking resizable in two directions, unlike the Windows CMD.exe console.

[Jul 28, 2012] Configure the open-source Console2 utility for use with PowerShell and the VI Toolkit

VCritical

The stock Windows command prompt (cmd.exe) is pretty limited–if you want to use a better font or copy text in lines instead of clunky rectangular blocks, you need something else. For Windows command-line utilities, PowerShell, and the VI Toolkit (for Windows), I have been using the open-source Console2 with much satisfaction. The tabbed interface is pretty cool:

<Image omiitted>

If that looks interesting, here is what you do:

My configuration file has a few changes to the mouse behavior:

If you prefer to not use my entire configuration file, just copy the applicable portions from the <tabs> element.

I hope you have enjoyed this slight diversion from the regular VCritical programming lineup. Thanks for reading.

[Apr 16, 2012] Leaked roadmap raises questions about Office 15, Windows 8 launch by Peter Bright

Apr 16, 2012 | Ars Technica

Earlier in the week Microsoft partner Maarten Visser published some pictures of a Microsoft roadmap document after he didn't realize that the unprotected document on a public Web server was intended to be covered under a non-disclosure agreement.

Though the roadmap leaves many questions unanswered, it did pin down a couple of release dates: it said that Office 15-and all the related products, such as Exchange 15, SharePoint 15, Visio 15, and Project 15-will be released in early 2013, with a beta in the second half of the year. This meshes with the company's existing promise to release an Office 15 beta in the summer. It's also consistent with rumors that Office 15 will RTM in November.

The roadmap leaves Windows 8's releases unspecified; the only Windows releases are the Windows 8 Developer Preview and Consumer Preview (released last September and this February, respectively), and the Windows XP end-of-life in 2014. However, Microsoft has previously stated explicitly that Windows on ARM will ship with Office.

If Office 15 isn't ready until 2013 then that implies that Windows on ARM can't be ready until 2013 either. And if Windows on ARM isn't ready until 2013, that in turn implies that the essentially identical Windows for Intel-compatible systems won't be ready until 2013 either.

This in turn contradicts previous rumors of retail availability in or around October. PC vendors and Intel are counting on a launch this year to reinvigorate a flagging PC market, with Intel in particular hoping to promote a second generation of Ultrabooks equipped with touch screens and Ivy Bridge processors.

Microsoft has not publicly committed to any particular release schedule for Windows 8. The company has alluded to the Windows 7 development process and release schedule, which would similarly place retail availability late third quarter or early fourth quarter of this year.

We've asked Microsoft for comment, and not heard anything back at the time of writing.

[Apr 15, 2012] Two years left of Windows XP support, Windows Vista ending Mainstream Support imminently by Peter Bright

April 9, 2012

All support for Windows XP and Office 2003 will end in two years as of this past Sunday. Mainstream support for two other entities ends this week however. Mainstream support for Windows Vista will end on Tuesday 10th April, and for Office 2007, today.

Microsoft divides its support lifecycle into two stages: "Mainstream" and "Extended." In the Mainstream phase, software receives the full range of free security updates, stability improvements, bug fixes, and occasional new features. In the Extended phase, only security updates are freely available, though companies with paid support contracts can receive other fixes.

Windows XP and Office 2003 are currently in Extended support. Once this ends in 2014, they'll cease receiving even security updates, leaving anyone still using that software vulnerable to whatever malware the Internet throws at them.

Windows Vista and Office 2007 will be in Extended support from now until April 2017.

Update: For some reason Office 2007 has now had its Mainstream support extended for another six months, and will enter Extended support in October.

[Jan 01, 2012] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine).

Notable quotes:
"... Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management Technology, on 1 May 2017.[12] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine) ..."
Jun 04, 2017 | turcopolier.typepad.com
Gordon Wilson , 31 May 2017 at 09:39 PM
Colonel I have refrained from any posting anywhere for any reason for months, but since the discussion seems to turn to decryption so often I thought you might be interested in knowing about network management systems built into Intel and AMD based machines for years, https://en.wikipedia.org/wiki/Intel_Active_Management_Technology
Hardware-based management does not depend on the presence of an OS or locally installed management agent. Hardware-based management has been available on Intel/AMD based computers in the past, but it has largely been limited to auto-configuration using DHCP or BOOTP for dynamic IP address allocation and diskless workstations, as well as wake-on-LAN (WOL) for remotely powering on systems.[6] AMT is not intended to be used by itself; it is intended to be used with a software management application.[1] It gives a management application (and thus, the system administrator who uses it) access to the PC down the wire, in order to remotely do tasks that are difficult or sometimes impossible when working on a PC that does not have remote functionalities built into it.[1][3][7]
...
Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management Technology, on 1 May 2017.[12] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine) .[13][14]
I think our second O in OODA is getting fuzzed if we don't consider some of the observations found in "Powershift" by Toffler as well.

The point being is that many Intel and AMD based computers can and have been owned by various governments and groups for years, and at this level have access to any information on these machines before the encryption software is launched to encrypt any communications.

If this known software management tool is already on board, then extrapolation Toffler's chipping warning to unannounced or unauthorized by various actors, one begins to see where various nation states have gone back to typewriters for highly sensitive information, or are building their own chip foundries, and writing their own operating systems and TCP/IP protocols, and since these things are known knowns, one would not be too far fetched in assuming the nation state level players are communicating over something entirely different than you and I are using. How that impacts the current news cycle, and your interpretation of those events, I leave to your good judgment.

I would urge all of my fellow Americans, especially those with a megaphone, to also take care that we are not the subject of the idiom divide and conquer instead of its' master. To that end I think the concept of information overload induced by the internet may in fact be part of the increasing polarization and information bubbles we see forming with liberals and conservatives. This too fuzzes the second O in OODA and warps the D and thus the A, IMHO.

[Dec 20, 2011] Top 20 Windows 7 Tips

PCWorld

Open a command prompt at any folder

Command prompt fans will welcome this tip. With it, when you're in Windows Explorer, you can open a command prompt to any folder. This tip does exactly what the Windows XP PowerToy "Open Command Window Here" does.

To use it, hold down the Shift key and right-click a folder, then choose "Open command window here" from the context menu that appears. (Note that this tip doesn't work in the Documents folder.)

The User Account Control security produces constant warning messages asking for permission to continue many operations. You can still tweak warning if you consider them overboard:

Here's how to turn UAC on or off, and make it less or more intrusive than the default:

1. Go to the Control Panel --> User Accounts and Family Safety.

2. Click User Accounts, then click Change User Account Control settings.

3. From the screen that appears, use the slider to select the level of protection you want. Here are the four levels and what they mean:

Always notify me. Think of this as UAC Classic. It works like Vista's UAC: When you make changes to your system, when software is installed or when a program tries to make a change to your system, an annoying prompt appears.

Default -- Notify me only when programs try to make changes to my computer. This is, obviously, the default; make a change yourself and UAC leaves you alone. When a program makes a change, a prompt appears and your desktop goes dark, just like it does in Vista. Otherwise, UAC sits there silently.

Notify me only when programs try to make changes to my computer (do not dim my desktop). This setting is identical to the default setting, with one difference: It won't dim your desktop so that you only see the UAC prompt asking you to take action. This presents a slightly elevated security risk over the default setting, because theoretically a program could allow a malicious program to interfere with the UAC prompt.

Never notify me when: In this one, UAC is completely turned off. This is, of course, an insecure option and not recommended for most users.

After you make the selection, click OK. Depending on the selection you made, you may need to restart your system for it to take effect.

[Nov 18, 2011] Mount an ISO image in Windows 7, Windows 8 or Vista

The freeware utility from Microsoft to mount ISO Images doesn't work in Windows 7 or Vista. Thankfully there's another utility that does.

The utility that we will use is called Virtual Clone Drive. This utility will let you mount .ISO, .CCD, .DVD, .IMG, .UDF and .BIN files.

[Mar 14, 2010] Where is the Windows 7 Classic Start Menu

Classic Shell

Classic Shell is free and takes up very little memory. It changes the Windows 7 start menu to classic and it looks exactly the same like what you see in Windows XP. The nice thing about it, besides being totally free, is that when you type the first letter of a program or folder it brings you to the correct menu.

Get it from here:

Classic Shell Files on SourceForge.net
http://sourceforge.net/projects/classicshell/files

[Mar 14, 2010] Console Get Console at Great replacement for cmd.exe

SourceForge.net

Console is a Windows console window enhancement. Console features include: multiple tabs, text editor-like text selection, different background types, alpha and color-key transparency, configurable font, different window styles

[Oct 24, 2009] A Tale of Two Windows 7s

Slashdot

Windows 7 improves things *just* enough for me to have little moments of 'ooh, that's nice', which is something missing from XP and Vista.

For the first time ever in a new Windows installation I didn't feel compelled to immediately set up my video drivers. Everything worked smoothly enough. Of course, I did eventually load them up, but it didn't even require a reboot. Needless to say, I'm very pleased with Windows 7 so far.

Microsoft discounts Windows 7 Home Premium to $50; deal to last two weeks By Gregg Keizer

Computerworld

For two weeks starting Friday, Microsoft will pre-sell Windows 7 upgrades for as little as $50.

"As a way of saying thanks to our loyal Windows customers, we are excited to introduce a special limited time offer," Microsoft spokesman Brandon LeBlanc said in an entry to a company blog early Thursday.

Microsoft offered a similar deal prior to the launch of Windows Vista three years ago.

"For customers in the U.S., Canada and Japan, starting tomorrow on June 26, they will be able to pre-order a copy of Windows 7 for delivery on October 22 of either Home Premium or Windows 7 Professional," said Brad Brooks, vice president for Windows consumer marketing, in a video interview posted alongside LeBlanc's blog post. "[For] Home Premium in the U.S., pricing will be $49.99, and the Professional version will be $99.99."

Those figures represent a reduction of between 50% and 58% from the standard list prices for the upgrade editions of Windows 7 Home Premium and Professional. Orders can be placed with participating retailers, such as Best Buy and Amazon.com, or at Microsoft's own online store.

The pre-order discount prices are valid from June 26 through July 11 in the U.S. and Canada, but end July 5 in Japan. Customers in the U.K., France and Germany will be offered similar pre-order discounts starting July 15, said LeBlanc.

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

Top articles

Sites

Internal

External



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: October, 01, 2017