* Posts by Justin Goldberg

17 posts • joined 23 Oct 2014

Google yanks Chrome support for Windows XP, at long last

Justin Goldberg

"at long last"? Paid microsoft shill!

PC World's cloudy backup failed when exposed to ransomware

Justin Goldberg

Just in case she had teslacrypt 3 to 4.2:

http://www.zdnet.com/article/teslacrypt-no-more-ransomware-master-decryption-key-released/

TeslaCrypt no more: Ransomware master decryption key released

Justin Goldberg

Re: Single point failure

MachDiamond, you can prepare for black helicopters swooping down. Use bittorrent sync proxied through TOR.

Justin Goldberg

This makes me sick. Can we setup a gofundme site to raise money so that she can get her files back? I'd give something.

Perhaps the malware was able to delete her older backups somehow.

All ransomware is known to issue a vssadmin /delete command. 100% of our servers and pcs have vssadmin renamed to be inactive.

Remember Netbooks? Windows 10 makes them good again!

Justin Goldberg

Re: Year 2000 thinking brough forward

Heck yes, I use chromium os.

Justin Goldberg

Why would you use anything but XP if that's what the machine came with and your software doesn't need windows 7+?

Also I'm guessing that the tablet doesn't have a DVD Drive, in which case you could create a bootable flash drive. Build 10586 can automatically detect a Windows 7 or 8 BIOS certificate and automatically register your copy of windows 10 without upgrading.

Everyone who works in IT knows better than to use an in-place upgrade. Use it to register your hardware id with Microsoft and then do a clean install. It will be much smoother. And you can skip the Microsoft hotmail Id, just choose other, etc... They hide it but it's in there. Just keep looking for it.

And Microsoft is only offering a year of free support for those users

Trend Micro AV gave any website command-line access to Windows PCs

Justin Goldberg

Their password manager left a 30GB file on a customers computer because it kept reading chrome input incorrectly. It filled up their drive! TM has gone downhill since their heyday.

Laid-off IT workers: You want free on-demand service for what now?

Justin Goldberg

They're getting some bad reviews on glassdoor.com. Always check employer reviewer sites first before signing on.

Viral virus bunfight: Dr Web tested rivals like Kaspersky Lab

Justin Goldberg

The article says that they "submitted clean but modified files". When the others receive the samples that match closely to a valid file with a few bytes changed, it's very hard to say it's a good or bad file. Poweliks is just a few bytes. I think that it's important to use automated malware analysis tools that can spin up a new vm for every file (like the cuckoo sandbox) to keep up with the million new malware samples every day, to at least flag suspicious files for further human review is the way to go, if they're not already doing this.

I myself have submitted files which I thought were viruses but ended up being benign. They ended up being flagged by Mcafee-Artemis on Virustotal. It was probably a heuristic scan combined with automated analysis, but went awry.

Justin Goldberg

Hmmm, we use dr web's post-infection scanner when a computer has unknown rootkits malware. We call it "throwing the kitchen sink" at a badly infected computer, after mbam and sas scans and subsequent reboots.

We've also seen zero-day malware that gets cleaned from the registry, and therefore cannot run, and mbam and others remove one file from appdata\roaming etc... but leave another dangerous exe file in the same folder. It's benign and doesn't start, but it's still there.

Ransomware 2.0 'crypts website databases – until victims pay up

Justin Goldberg

Re: Monitor the database?

It sounds like the next thing in security is something where each save to a script is also cryptographically signed. Here's an excellent idea from the comments on the original article:

Admin access should be restricted to only ssh/sftp sessions using PKI, so useless even if password known/brute forced. Of course one must keep the keys safe and its no protection against vulnerabilities in the web app/os itself, but patching/scanning/pen testing and finally log monitoring do the rest.

Justin Goldberg

I wonder if the key can be recovered from the server's filesystem? I'm guessing they can't, they were probably smart enough to run tools that erase all freed space.

Bad dog: Redmond's new IE tool KILLS POODLE with one shot

Justin Goldberg

Don't download the fix through TOR, hah!

Justin Goldberg

Re: Might try this

Hah, they could have made half-hearted ports of Netscape to everything out there, VMS, Amiga, Sun (actually I believe there was sunos and hpux ie versions?) to get microsoft to waste their resources on porting!

Ad-borne Cryptowall ransomware is set to claim FRESH VICTIMS

Justin Goldberg

Re: Complacency

For the record, I have never been hit with malware in Google Chrome. I've intentionally downloaded malware and spyware to test various scanners in a malware environment, though, but that was intentional

Justin Goldberg

The servers are using ONIONHOST.torpayusd.com (which seems really a web redirect to the tor2web service). Mistoprav LTD is the company behind it.

They have also registered tor4pay.com and tor2pay.com

Biting the hand that feeds IT © 1998–2019