Reading this makes me wonder why people don't update their computers, especially when there's a patch for an exploit like this. Also makes me wonder why people still haven't done it two years...
Reading this makes me wonder why people don't update their computers, especially when there's a patch for an exploit like this. Also makes me wonder why people still haven't done it two years after this all took place.
Blame Microsoft and Apple. Especially Microsoft. Back when Windows update got introduced in the Windows XP era, the words "update" and "fuck shit up" were interchangeble. Regressions, driver...
Blame Microsoft and Apple. Especially Microsoft. Back when Windows update got introduced in the Windows XP era, the words "update" and "fuck shit up" were interchangeble. Regressions, driver incompatibility and other joys of using a Microsoft system established a vision that it's better not to update unless you want problems. Only recently that poor excuse for a company managed to wipe select users document folders with an update, and Apple got caught slowing down the CPUs of its phones with updates without informing users. A lot of online guides would tell you to disable updates to not have a headache. So I say the updatophobia is real and it's hard not to see it as a legitimate point knowing the history of companies serving these updates.
This is something I'm concerned about with self-driving cars. I would prefer to have a self-driving car that I update infrequently, usually after the most recent version has been proven to work by...
This is something I'm concerned about with self-driving cars. I would prefer to have a self-driving car that I update infrequently, usually after the most recent version has been proven to work by other users' testing. But in order for that to no become a security risk the main computer would need to be air-gapped.
On that thought, air-gapping should be an absolute legal requirement for self-driving cars. All updates should come over USB/wire. As long as those updates can come over the air it's inevitable that a terrorist will abuse the update system to kill people.
I hardly ever update whatever Macbook I get on the job. Only when an app stops working I'll update it because who knows how long it'll take to update and who knows what will break. With GNU/Linux...
Blame Microsoft and Apple. Especially Microsoft. Back when Windows update got introduced in the Windows XP era, the words "update" and "fuck shit up" were interchangeble.
I hardly ever update whatever Macbook I get on the job. Only when an app stops working I'll update it because who knows how long it'll take to update and who knows what will break.
With GNU/Linux I can just update and much of the time shit will not break, if it does break it's a really bad break (I'll never forget getting burned by XWindows config changes in ArchLinux) but much of the time, it's painless.
Some people don’t even know what a patch is... Also: “I don’t have to update my fridge, why would I update my computer?”. Kinda make sense if you don’t know better.
Some people don’t even know what a patch is...
Also: “I don’t have to update my fridge, why would I update my computer?”. Kinda make sense if you don’t know better.
I recently binged all of the infosec Darknet Diaries podcast and yeah, somehow lots of people don't update even the most important of systems. edit: one of the most eye openening things from that...
Also makes me wonder why people still haven't done it two years after this all took place.
I recently binged all of the infosec Darknet Diaries podcast and yeah, somehow lots of people don't update even the most important of systems.
edit: one of the most eye openening things from that podcast was the ex-nsa (via voice actor) interviewee saying something along the lines of: "it was a linux target, so no AV, haha."
Well, the only reason I could think of were systems that need to be up 100% of the time... Like the ones in the NHS. It's very stretched for money so it wouldn't surprise me to see that they don't...
Well, the only reason I could think of were systems that need to be up 100% of the time... Like the ones in the NHS. It's very stretched for money so it wouldn't surprise me to see that they don't have procedures in place to update critical systems. It's so bad interoperability between different parts of the NHS itself is a problem, but they're working on it.
I even still see Windows XP every now and then. It's a big problem.
I'm not convinced that funding would solve things in this case - while the NHS absolutely is underfunded as a whole, they have also spent significant amounts on IT systems over the years and have...
I'm not convinced that funding would solve things in this case - while the NHS absolutely is underfunded as a whole, they have also spent significant amounts on IT systems over the years and have relatively little to show for it.
It does finally seem to be improving somewhat, but well designed and well managed systems would have cost them less in the long run without exposing them to security threats that have long since been patched.
The killswitch (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) was probably built into the virus from the start during development and testing, they "should" have removed it before letting the...
The killswitch (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) was probably built into the virus from the start during development and testing, they "should" have removed it before letting the virus worm out across the net. A version of the virus with the killswitched hex edited out was found in the wild soon after the original virus was discovered. There is some more technical info about the virus here
It's worth mentioning that the british info security worker who quickly registered the kill switch url which completely halted the virus was harassed and doxxed by journalists and as a direct consequence of that arrested and kept prisoner in the US for months.
Reading this makes me wonder why people don't update their computers, especially when there's a patch for an exploit like this. Also makes me wonder why people still haven't done it two years after this all took place.
Blame Microsoft and Apple. Especially Microsoft. Back when Windows update got introduced in the Windows XP era, the words "update" and "fuck shit up" were interchangeble. Regressions, driver incompatibility and other joys of using a Microsoft system established a vision that it's better not to update unless you want problems. Only recently that poor excuse for a company managed to wipe select users document folders with an update, and Apple got caught slowing down the CPUs of its phones with updates without informing users. A lot of online guides would tell you to disable updates to not have a headache. So I say the updatophobia is real and it's hard not to see it as a legitimate point knowing the history of companies serving these updates.
This is something I'm concerned about with self-driving cars. I would prefer to have a self-driving car that I update infrequently, usually after the most recent version has been proven to work by other users' testing. But in order for that to no become a security risk the main computer would need to be air-gapped.
On that thought, air-gapping should be an absolute legal requirement for self-driving cars. All updates should come over USB/wire. As long as those updates can come over the air it's inevitable that a terrorist will abuse the update system to kill people.
I hardly ever update whatever Macbook I get on the job. Only when an app stops working I'll update it because who knows how long it'll take to update and who knows what will break.
With GNU/Linux I can just update and much of the time shit will not break, if it does break it's a really bad break (I'll never forget getting burned by XWindows config changes in ArchLinux) but much of the time, it's painless.
Some people don’t even know what a patch is...
Also: “I don’t have to update my fridge, why would I update my computer?”. Kinda make sense if you don’t know better.
I recently binged all of the infosec Darknet Diaries podcast and yeah, somehow lots of people don't update even the most important of systems.
edit: one of the most eye openening things from that podcast was the ex-nsa (via voice actor) interviewee saying something along the lines of: "it was a linux target, so no AV, haha."
Well, the only reason I could think of were systems that need to be up 100% of the time... Like the ones in the NHS. It's very stretched for money so it wouldn't surprise me to see that they don't have procedures in place to update critical systems. It's so bad interoperability between different parts of the NHS itself is a problem, but they're working on it.
I even still see Windows XP every now and then. It's a big problem.
I'm not convinced that funding would solve things in this case - while the NHS absolutely is underfunded as a whole, they have also spent significant amounts on IT systems over the years and have relatively little to show for it.
It does finally seem to be improving somewhat, but well designed and well managed systems would have cost them less in the long run without exposing them to security threats that have long since been patched.
What actually is the url of this killswitch? And why would a malware creator build one in if destruction and profit from ransoms is their goal?
The killswitch (
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) was probably built into the virus from the start during development and testing, they "should" have removed it before letting the virus worm out across the net. A version of the virus with the killswitched hex edited out was found in the wild soon after the original virus was discovered. There is some more technical info about the virus hereIt's worth mentioning that the british info security worker who quickly registered the kill switch url which completely halted the virus was harassed and doxxed by journalists and as a direct consequence of that arrested and kept prisoner in the US for months.