I used to think that the name Linear Tape Open meant that it was an open standard unencumbered by patents.
15 posts • joined 2 Nov 2013
Crypto-chaps on scam rap in a flap over Slack chat tap, want court case zapped: 'Attorney-client priv info' in messages
Razer – perfectly happy to sell you a laptop for over $2,000, but when it comes to fixing security holes... tough sh*t
Citrix knew about this on 2nd December
Monday morning of 3rd December, all users of Citrix ShareFile, including clients of users, (e.g. every client of an accountancy firm that uses ShareFile to send secured emails to their clients) were unable to log in to ShareFile. Some of these users use ShareFile as their 'cloud network drive' (sigh), some just for sending secure emails, or rightsignature documents.
After a while it became apparent that Citrix had forced a password reset for all accounts.
Explanations from Citrix were at first missing altogether, and then those that did come were conflicting.
My own opinion was that a data breach had happened and Citrix were not being open about it.
Office 365 CSP ordering down for days ??
Not sure if this is news or not. I haven't needed to order any new licenses in a little while.
Just tried to, and found out from Ingram Cloud that for the past 2 - 3 days, many resellers or customers can't manage their subscriptions.
Most of my customer's subs are showing as 'Configuring' with the Manage Subscription button disabled.
The chap said it was a problem at Microsoft's side. He may have been making that up, but if not, I'm getting really sick of this. What are we at now so far this year, Office 358?
funny timing. I'm am doing some Django + Vue development at the mo. Doing it on my win10 desktop, and it's all fine except when it came time to get redis running today as I learn how to use Celery.
I tried WSL with Ubuntu and I had redis running there in 15 mins.
I will be running the finished system from a Linux box anyway, usually fedora + nginx, but WSL proved handy today. I was stingy and went with free Ubuntu instead of fedora though.
I suppose the key difference, vs Microsoft's history of being 'non standard', is that all these other browsers are available on pretty much all operating systems.
If you build something to only work on Internet Explorer or Edge, then you're forcing the users to use your operating system, and forcing them to upgrade their operating system when you stop providing updates to your browser on the customer's version of the operating system.
I'm curious what might come of their FreeSWITCH based PBX software. Forgotten the name now but it looked very tidy. Just expensive. I considered it for deploying to customers but they wanted to back-charge maintenance for appliances that I had bought, stocked for a year, and then supplied to a customer. No thanks.
Re: Anyone use a VPN?
BTnet leased lines (fibre to the prem) at two of my sites in South Manchester both lost connectivity to various destinations, while other destinations were fine.
DNS lookups were OK, using BT's resolvers as it happens, but there was no working route to the problematic destinations.
We had people in remote locations who lost access to our stuff as well. On-prem mail servers not receiving mail from a majority of sources, or sending to, etc.
Nightmare. Thankfully the SIP provider was still reachable, else I'd have been having a total meltdown :D
I had quite an admiration for tape drives & still like LTO. I confess to be a Macrium-to-disk convert now though.
Whether flash is going to be less stressful in the long term than hard drives is another matter though.
At least I have half a chance of recovering 99% of a failing hard drive's sectors.
"business as usual"
Like another commenter mentioned below - it's business as usual, or rather a nice two week bit of respite, isn't it?
Many people are panicking about what's going to happen in two weeks, thanks to these reports.
Am I missing something? All we've done is pull out the network lead as we might do during a cleanup anyway, right?
Of course it's not a bad idea to run a zbotkiller or malwarebytes periodically anyway, but the message here seems to be way wrong and out of context to me.
Here is what I sent to a customer who asked if they needed to take any urgent drastic action.
Am I off the mark? See below:
Nothing is any different to how it has been for the last couple of years.
Zeus/zbot and cryptolocker have been on/off people's computers for years and sometimes I am removing it from two different customers in the same week. In the last couple of months, having got increasingly fed up with it, I have set policies of blocking all .zip and executable attachments on email servers since this is the most common source of infection (.zip attachments on fake emails from amazon/tax/payroll/sage/sky/fed-ex/ups/etc.).
Usually it becomes apparent that a computer is infected because it tends to get straight on with the CryptoLocker part of things, files become inaccessible, and a ransom is demanded. I then have to restore data from a backup. This is the thing that Fiona got onto her computer a few months ago.
All I would say is that I have noticed the occasional attempt to distribute it through a dropbox link, so you could tell the staff not to open any "You have been sent a file through dropbox" email links, without first confirming legitimacy, since I can't block that. The other way is popups that tell you you have to update your Adobe Flash or similar. They're often on dodgy websites, but also sometimes legitimate websites get hacked and have these popups injected. This is nothing to do with the two week window thing though and is just general advice. I have wondered about some kind of safe-computing training to show people what these popups and other dodgy things look like when they come in, but for now the above advice basically covers the current trends.
From a banking point of view, some were particularly susceptible in the past (HSBC & First Direct.. you sign in once with your code, then you can freely add new payees and transfer out money to them, without having to enter any new codes from the security device/dongle). HSBC & FD have changed their systems now, and do require re-entering a code from the keypad/card every time a new payee is added or amended. Obviously this would only matter if you were infected, but it has been a source of stolen bank funds in the past (screen gets blanked after you log into the bank.. money gets transferred out in the background), but it's a bit of extra peace of mind anyway.
All that has changed is this they have disconnected the controlling systems (command & control servers), and they expect that it'll get going again in two weeks. I'm not sure why they would use the words "two weeks to prepare for massive attack", as all they mean is it's been switched off, and it'll probably get going again in two weeks. Unless I'm missing something... I don't think am though. The command/control servers being disconnected doesn't make it any easier to detect or remove from a computer. It just means it can't be commanded to do harm."
B & W lasers only
I tend to tell people to avoid inkjets, and avoid colour lasers.
The number of "consumable" items that require scheduled replacement on colour laser printers is astonishing, and their costs usually outstrip the cost of a new printer, if you can still buy the same model again to use all the toner you stocked up on.
Re: a guy who's run Linux on a hard drive motherboard:
Yes he did run Linux on the HDD. Check page 7. His hacked HDD responds to the string "HD lnx!" going through its cache, by loading the Linux kernel and an initrd from some sectors of the hard disk, and booting it on one of the HDD's ARM cores. The console is output on the HDD's serial port.