20 votes

The sinkhole that saved the internet: Keeping the 'kill switch' alive is the only thing preventing another WannaCry outbreak

10 comments

  1. [8]
    sron Link
    Reading this makes me wonder why people don't update their computers, especially when there's a patch for an exploit like this. Also makes me wonder why people still haven't done it two years...

    Reading this makes me wonder why people don't update their computers, especially when there's a patch for an exploit like this. Also makes me wonder why people still haven't done it two years after this all took place.

    6 votes
    1. [3]
      NeoTheFox Link Parent
      Blame Microsoft and Apple. Especially Microsoft. Back when Windows update got introduced in the Windows XP era, the words "update" and "fuck shit up" were interchangeble. Regressions, driver...

      Blame Microsoft and Apple. Especially Microsoft. Back when Windows update got introduced in the Windows XP era, the words "update" and "fuck shit up" were interchangeble. Regressions, driver incompatibility and other joys of using a Microsoft system established a vision that it's better not to update unless you want problems. Only recently that poor excuse for a company managed to wipe select users document folders with an update, and Apple got caught slowing down the CPUs of its phones with updates without informing users. A lot of online guides would tell you to disable updates to not have a headache. So I say the updatophobia is real and it's hard not to see it as a legitimate point knowing the history of companies serving these updates.

      12 votes
      1. teaearlgraycold Link Parent
        This is something I'm concerned about with self-driving cars. I would prefer to have a self-driving car that I update infrequently, usually after the most recent version has been proven to work by...

        This is something I'm concerned about with self-driving cars. I would prefer to have a self-driving car that I update infrequently, usually after the most recent version has been proven to work by other users' testing. But in order for that to no become a security risk the main computer would need to be air-gapped.

        On that thought, air-gapping should be an absolute legal requirement for self-driving cars. All updates should come over USB/wire. As long as those updates can come over the air it's inevitable that a terrorist will abuse the update system to kill people.

        6 votes
      2. SourceContribute Link Parent
        I hardly ever update whatever Macbook I get on the job. Only when an app stops working I'll update it because who knows how long it'll take to update and who knows what will break. With GNU/Linux...

        Blame Microsoft and Apple. Especially Microsoft. Back when Windows update got introduced in the Windows XP era, the words "update" and "fuck shit up" were interchangeble.

        I hardly ever update whatever Macbook I get on the job. Only when an app stops working I'll update it because who knows how long it'll take to update and who knows what will break.

        With GNU/Linux I can just update and much of the time shit will not break, if it does break it's a really bad break (I'll never forget getting burned by XWindows config changes in ArchLinux) but much of the time, it's painless.

        1 vote
    2. mrbig Link Parent
      Some people don’t even know what a patch is... Also: “I don’t have to update my fridge, why would I update my computer?”. Kinda make sense if you don’t know better.

      Some people don’t even know what a patch is...

      Also: “I don’t have to update my fridge, why would I update my computer?”. Kinda make sense if you don’t know better.

      6 votes
    3. [3]
      Neverland (edited ) Link Parent
      I recently binged all of the infosec Darknet Diaries podcast and yeah, somehow lots of people don't update even the most important of systems. edit: one of the most eye openening things from that...

      Also makes me wonder why people still haven't done it two years after this all took place.

      I recently binged all of the infosec Darknet Diaries podcast and yeah, somehow lots of people don't update even the most important of systems.

      edit: one of the most eye openening things from that podcast was the ex-nsa (via voice actor) interviewee saying something along the lines of: "it was a linux target, so no AV, haha."

      4 votes
      1. [2]
        sron Link Parent
        Well, the only reason I could think of were systems that need to be up 100% of the time... Like the ones in the NHS. It's very stretched for money so it wouldn't surprise me to see that they don't...

        Well, the only reason I could think of were systems that need to be up 100% of the time... Like the ones in the NHS. It's very stretched for money so it wouldn't surprise me to see that they don't have procedures in place to update critical systems. It's so bad interoperability between different parts of the NHS itself is a problem, but they're working on it.

        I even still see Windows XP every now and then. It's a big problem.

        3 votes
        1. Greg Link Parent
          I'm not convinced that funding would solve things in this case - while the NHS absolutely is underfunded as a whole, they have also spent significant amounts on IT systems over the years and have...

          I'm not convinced that funding would solve things in this case - while the NHS absolutely is underfunded as a whole, they have also spent significant amounts on IT systems over the years and have relatively little to show for it.

          It does finally seem to be improving somewhat, but well designed and well managed systems would have cost them less in the long run without exposing them to security threats that have long since been patched.

          3 votes
  2. [2]
    HanakoIsBestGirl Link
    What actually is the url of this killswitch? And why would a malware creator build one in if destruction and profit from ransoms is their goal?

    What actually is the url of this killswitch? And why would a malware creator build one in if destruction and profit from ransoms is their goal?

    1. rain1 Link Parent
      The killswitch (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) was probably built into the virus from the start during development and testing, they "should" have removed it before letting the...

      The killswitch (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) was probably built into the virus from the start during development and testing, they "should" have removed it before letting the virus worm out across the net. A version of the virus with the killswitched hex edited out was found in the wild soon after the original virus was discovered. There is some more technical info about the virus here

      It's worth mentioning that the british info security worker who quickly registered the kill switch url which completely halted the virus was harassed and doxxed by journalists and as a direct consequence of that arrested and kept prisoner in the US for months.

      2 votes