Posts by Doctor Syntax

"It just seems odd that there have been 2 separate attacks, using different 'tools', within just a few weeks of each other. "

Why odd? There have been malware campaigns for a long time. Then the EternalBlue and a load of other stuff went public a while ago. Add some time for the malware writers to incorporate it and there's nothing surprising at all that a couple of specimens using it emerge at more or less the same time.

"My cat delivers faster and more reliably than TNT."

Kittens or dead birds?

Re: Bring Back

@Mark

You do realise, don't you, that there are a multiplicity of other OSs and of CPU architectures? There are also other forms of networking semantics than SMB. Each OS, CPU and networking technology you introduce into the mix raises the difficulty for an attacker more or less exponentially. As the system becomes more difficult to attack even Windows systems gain from herd immunity.

Re: Let's blame Obaka's "revenge"

Bob, you really do make it difficult for us to take any of your posts seriously.

Re: Bring Back

"malware writers *would* cater for all systems"

It raises the bar for them having to deal with all systems. It wouldn't just be a matter of recompiling the same code.

Also heterogeneous systems can have different modes of operation. For instance drop the idea of using a browser - or anything else - to apply a GUI to your server-based application. [Pauses to allow millennials to stop hyperventilating at the thought of a GUI-free application.] Now you have an old-fashioned terminal application that can be run via a link with the semantics of an RS-232 link. That really raises the bar on trying to get an infection back from a PC to the server.

Re: Backups

"but there are plenty out there that silently do their work for weeks before activating"

Do you have a citation for the frequency of this? It keeps being raised but all the reported outbreaks seem to be pretty well instant or nearly so. According to TFA this one spreads for an hour before kicking in but that's very different to working for weeks.

Re: The real blame goes to..

"it could be argued that the NSA protected the business world by keeping it a secret."

This is an argument for security through obscurity. The main problem with this is that you have to maintain the obscurity for ever. By far the best approach is for the vulnerabilities to be notified back as soon as discovered, fixed and the fixes incorporated in future products and in updates to existing ones.

Re: Let's not ask who really benefits from the Union

"There are many in the (mainland) UK would happily cut the cord"

That could have happened a century or so ago had it not been clear that the result would have been an extremely bloody civil war. It might have settled matters but at a much higher cost than anything that's happened since.

Re: didn't stick in your craw.

"Yet, bizarrely the majority of voters claim that's what they want. Obviously they don't understand how to fill in a ballot paper, or lie to pollsters."

Back in the day it was hoped that PR voting would ensure moderates and even cross-community parties such as Alliance would thrive. It didn't work.

Re: Dane Geld

"it does essentially come down to the fact that English/Dutch protestants invaded the island in the 1680s"

A bit more complex than that. You appear not to have heard of the Elizabethan plantation nor of the Ulster Scots (where do you think that name Paisley comes from?). Then, of course, the Scots did come from Ireland in the first place - there's been toing and froing across the North Channel since it opened up (e.g. Argyll is derived from the name of an Irish tribe). You simply can't put a marker into the chain of events and say everything that side is right and everything the other is wrong. Attempting to over-simplify a situation is a sure-fire way of making things worse.

Re: Or half a million Archers

Surely it should be 1,000 Bernies.

Re: Possible Password Generator to recover files etc

Useful if it works but AIUI that was for the original Petya. If that's the payload then fine but current reports say it isn't.

Re: The next stage

Try telling that to HMG. OTOH the comment about a Bitcoin exchange manager and bat sounds possible.

"someone talking about it attacking the MFT of NTFS - that's a more severe attack than the MBR."

Providing the files themselves aren't corrupted something like photorec reads the sectors, tries to work out what they are and copies the results out to fresh media. Obviously it depends on the extent to which the files are fragmented. If the files are encrypted then it depends on whether they're overwritten. The only experience I had with this was with ransomware that wrote out the encrypts as new files and deleted the old ones which, of course, just marked the files' sectors as free but didn't do anything to the contents. The only problem was sorting out real images from junk heap of odds & sods from the browser cache.

What's a depisit?

Re: Doubling up

"I presume the suggestion is that there should be new US legislation allowing them to retrieve things held overseas without bothering to consult with that nation's government/law enforcement."

Given the attitude they've taken I'd have thought they'd want US legislation that makes it quite clear that the US's jurisdiction is limited to the US and that the appropriate treaty arrangements must be used.

Re: They already have a legal route

" Even if there were anything in Irish law to prevent Microsoft's US employees handing that data over if they have access then there's no way to enforce it."

1. Big fines - and even bigger if it gets strung out until next May.

2. Privacy Figleaf completely shrivelled out of existence.

Oh what a tangled web we weave when first we practice to deceive.

"The issue, overall, is fairly complex"

It shouldn't be. There are treaties in place which lay out due processes to be followed which would have enabled the relevant prosecutor to get the information they wanted without trampling on anyone else's sovereignty. For reasons best known only to themselves - arrogance, ignorance or indolence - the US authorities have opted to ignore them. The apparent complexity arises out of that.

"${US Co} contracts with ${NonUS Co} for data center and storage service located physically outside the US ... Where does the US government go for assistance when they find a US-based (alleged) criminal enterprise is using ${US Co}'s service for its email and data processing needs?"

To exactly the same place where they should have gone in this case. To the courts of the country where the servers are operating via the MLAT which exists for this exact purpose.

It's called due process of law. Of course other countries' courts might take a dim view of that well-known US abuse of process, the fishing expedition.

Re: A member of the University Rock Climbing Club

Amateurs. In my first year at KCL the Tower of London was taken over. Someone had noticed that the guard hut door opened outwards. Smuggle in a long enough length of rope...