Most Votes
- What's the highest dollar price will Bitcoin reach in 2024? Posted on February 28th, 2024 | 8475 votes
- Will ByteDance be forced to divest TikTok Posted on March 20th, 2024 | 6978 votes
Most Comments
- What's the highest dollar price will Bitcoin reach in 2024? Posted on March 20th, 2024 | 68 comments
- Will ByteDance be forced to divest TikTok Posted on March 20th, 2024 | 20 comments
Love my VM (Score:4, Funny)
I have a VM set up with a static hard disk (that throws away changes on every VM restart) just for the occasion when I get contacted by one of these scammers.
The frustration, when they reboot and my system actually comes right back to where it was, is priceless.
Re: (Score:3)
At least it will keep them busy for a while and prevent them from contaminate other computers.
Re:Love my VM - Microsoft Support Scammers (Score:2)
I kept one of the fake Microsoft Windows Support scammers busy for an hour that way. I neglected to mention to him that my VM was running Linux, though I did tell him that my work IT department made us use Firefox instead of IE (forgot to tell him I had NoScript running on it :-) and for some reason all the different remote operations tools he had me download either didn't work or couldn't download at all. Eventually he realized I was scamming him, spent a while trying to convince me that his business was
Re: (Score:3)
"You're wasting my guy's time!"
"Then my work here is done"
Re:Love my VM - Microsoft Support Scammers (Score:4, Insightful)
No, it's only started. After wasting the peon's time, you need to waste as much of the boss's time as possible, too.
Re: (Score:2)
I'm retired. I have a phone number that's listed. I've posted my phone number on the web. Yet, I never get any of these calls! I've even posted my cell phone number on the web by now (I'm assuming I have, I used to drink - a lot). I'd *love* to get some calls like this. It'd keep me amused for hours.
I should add, I'm easily amused. Also, for once, I gave the real answer to a poll. Usually, I Cowboy it up but that's not an option so I figured they can have the real data just this one time.
Re: (Score:2)
Re: (Score:3)
VMs are a help with this. The biggest two attack vectors are Trojans and security issues with the web browser or browser add-ons. Placing those in a VM is a useful front line of defense, as it not just helps with mitigating malware, but attacks directed against hardware devices (flashing code onto USB controllers, etc.)
With SSDs becoming more commonplace, the performance hit (mainly due to multiple operating systems vying for the affection of the drive head stack in a HDD) is relatively minimal, so one ca
Re: (Score:2)
Oh, definitely. Ransomware is worse, because could get infected by making lots of different mistakes, not just by believing a phone call. But the defenses against it include good backups as well as good security, and you need backups anyway because hardware can fail and trash your system in lots of creative different ways.
Re: (Score:2)
Most cloud based backup services will dutifully backup the encrypted versions of your files over the original. For anything essential, offline backup is the only way.
Re: (Score:2)
One of these guys told me that he was going to send the FBI for not having a, "computer repair license". I asked for Fox Mulder.
backups! (Score:5, Interesting)
I support a medium business. Cryptowall 2.0 found its way onto a key system and spread through mapped drives to the fileserver. The panic was epic. Boss near tears.
I nuked the compromised systems and restored from backups. No big deal. The unenlightened around me had pretty much given up hope and I was hailed as a hero the next day.
Got a fat bonus and some OT.
10/10 would restore from backups again.
Re: (Score:3)
you got a fat bonus and some Off Topic? please elaborate.
Re: (Score:2)
Re: (Score:2)
why would he want a one time pad?
Re:backups! (Score:5, Funny)
Operating Thetan.
Re: (Score:2)
So the fat bonus was gone in a flash, I get it?
Re:backups! (Score:4, Interesting)
To be fair, it was PROPERLY CONFIGURED INCREMENTAL VERSIONS of my backups that saved us in the story above. I have seen many a backup made useless by overwriting the good stuff with the now-compromised stuff.
The versions made my job even easier as the encryption of our files counted as a modification, and made for a handy list of every compromised documents in my backup logs the next day. Nuked them all and restored from the last version created before and was good to go.
The whole ordeal was a real eye opener for the powers-that-be. Within a month I had us moving from W Server 2003 to "the OS formerly known as SBS..."
Re: (Score:2)
Were you routinely testing backups (and the restore process), or did you just get lucky?
Re:backups! (Score:4, Interesting)
I am interested to know how you guys test backup systems.
Currently I try to resore a machine (in a VM, obviously) and check if it looks ok (by booting it and then verifying the hashes of files). There may still be issues with this, suppose the backup server has a memory issue that sometimes corrupts a few files without causing any other problems.
The backup system should have its own checksum-ing, if it's worth anything. What I worry about is: backups silently failing, missing/deleted backups, unrestoreable backups, restore process doesn't work as documented and the guy who knows the work-around quit, and other sorts of total fail. That's shockingly common, and if you don't routinely test that restore works (booting and checking a few hashes sounds good to me, or for DBs it's important to mount the DB on a test server to ensure it comes up), you're signing up for a nasty surprise.
Re: (Score:2)
It reminds me of this piece of junk called Time Machine.
Every few days, it reported "Everything's perfectly fine. You could get any file any time you want if you need it."
My HDD crashed, and I tried to restore my files from Time Machine. It failed miserably in the middle of the process, and didn't restore anything.
It also has some weird directory hardlinks, so it's hard to read from Linux. Fuck Time Machine.
Re: (Score:2)
Breaking news, Apple technology turns out to be technically quirky and useless outside of simple textbook scenarios, more at 11!
Re: (Score:2)
As employees who don't trust our IT department, when we need to make sure backups are done correctly, we "accidentally" delete "important" files and ask for a restore.
The good thing is that it tests the whole process, not just the technical part.
Comment removed (Score:5, Informative)
Re: (Score:2, Interesting)
Which once again raises the question: why does anyone ever bother saving and sudo installing this kind of stuff?
If someone offered me some ransomware, the offer would have to come with more money than the ransom, just to offset the extra time and trouble. And yet, none of the stories here ("..I got hit..") mention how the sysadmin was persuaded to install it. WTF, people: tell us. Did the ransomware's EULA nullify the earlier purchase agreement, or what? Everyone talks about it like a
Re: (Score:2)
Re: (Score:2)
SPF is bullshit. It is ok to prevent spam, but certainly does not GUARANTEE that the mail came from an approved sender.
DKIM is a bit more serious because it is based on cryptography, but the end user's mail client has to care or it means nothing.
Re: (Score:2)
Re: (Score:2)
You should really check out DKIM for email. It is an asymmetrical cryptography scheme where the public key is posted via DNS, with the private key being held by authorized MXs for the domain to add a signature header to outbound email. Identity can be verified directly by the recipient using the signature header.
Re:backups! (Score:4, Funny)
Cryptowall 4.0 is out ... This fucker is NASTY!
Thanks. I guess I'll skip this update and wait for Cryptowall 4.1 or maybe 5.
Re: (Score:2)
Fat bonus and OT? Haha, this is just the IT version of "Dear Penthouse, I never thought this would happen to me..."
Re: (Score:2)
Not everybody works from the good ol' States. Here it's past 9 PM.
Backups. (Score:5, Insightful)
https://www.veeam.com/endpoint... [veeam.com] ...in addition to Windows Backup and Time Machine, both of which work very well. 2TB hard disks are under $100 now, and a number of the listed products have modes where "plugging in the hard drive" triggers the backup, and those are just the free ones. For slightly more money, there are methods that will back up once you connect to your home network, and this list doesn't include things like Carbonite, BackBlaze, Mozy, or iBackup that send backups to an online backup location.
https://www.nerobackitup.com/ [nerobackitup.com]
http://www.macrium.com/reflect... [macrium.com]
http://www.paragon-software.co... [paragon-software.com]
http://www.code42.com/products... [code42.com]
It is NOT complicated. It is NOT expensive. It should be assumed that data will be inaccessible at some point. If everyone backed their data up the way that they should, there would be no profit in ransomware.
Re: (Score:2)
Re: (Score:2)
Crypto wall trashes all mountable volumes (physical and mapped) and purges shadow copies. By design, it's coded to prevent data restores so that you fallback on paying the ransom. Your best bet is to rotate backups leaving one shelved physically detached from the computer. The other is cloud backups with a 30 day retention period.
Of the variants I've run into, they've had a tendency to target certain file types - JPG, DOC(X), XLS(X), QBW, and the like. I wouldn't be surprised if they targeted the more common backup archive types, which is amongst the reasons I use the Veeam product, personally. Granted, it's security through obscurity, but even if I can restore from backup on the sole merit of obscurity, I'll take it. Besides, it's very simple, pretty lightweight, handles versioning well, and supports trigger-on-connect, as well as
Re: (Score:2)
Some appliances do that so you don't even have to roll your own or know a thing about *nix.
Or of course (as said above but worth repeating) there are offine backups - tape, usb disks, whatever - so long as they are not ALL actually attached to the system when the problem hits.
Re: (Score:2)
Of course it matters - read past word 11 (Score:2)
In case that wasn't clear enough, the malware can't touch files the system it is on cannot access. That's one of the reasons snapshots exist in filesystems such as ZFS. Users can delete or change their files but the snapshots are only available to the host that physically has the disks on it (since ZFS is also volume management). Other things have snapshots as well.
Re: (Score:2)
For the network server bit, you could make a network share for backup that only a special backup user has access to and you do not.
Make sure that shadow copy is enabled on your local computer as well as your network server.
And then snapshot your backup share to the cloud and/or a USB device attached directly to the server.
Re: (Score:2)
Even better, just do backups using a pull-based approach. My workstations have NO access to the backup server whatsoever, just a public SSH key for the user that logs into them every night and backs them up. NOTHING can get to that backup server, there isn't even a remote user at all, physical access only, AND it only mounts the media the backups are on when it needs to access them. I wouldn't call it utterly impossible to defeat, but you'd have to figure out a good bit about the local network environment,
Re: (Score:2)
Do you have any guides for setting that up? I've only got mediocre server-admin competence, and it would be really nice to have something kinda off-the-shelf.
Re: (Score:3)
Well, the key is using the 'ssh -c' option. For instance a simplistic usage might be (from your backup server) ssh backupuser@workstation25.example.com -c 'tar cj /somedirectory' >workstation25.tar.bz2
Which will execute tar on the remote system, compress the output (a lot) and pipe it back over the encrypted ssh connection and write it to a local file on the backup server. Now, you really want to use something better than 'tar' (trust me, don't use tar except for small amounts of data because it really i
Re: (Score:2)
This is what rsync was designed for... intelligent copying of files over a transport like ssh.
Decide on how many remote copies you want to keep and setup a brief cron script to rsync from the source machine at time intervals. After the first rsync, you only need to copy whatever has changed to your backup machine.
Example: /backups/sourcemachine/data1/ #Copy current info from source
Initial quick setup for 3 copies using "backupuser" with configured ssh keys.
rsync -av backupuser@sourcemachine:/data
rsync -av /
Re: (Score:2)
Yeah, except you have now 3 entire (or however many) copies of all of your data. This is an option of course, but its a less efficient option. My strategy is to use tar with --newer and simply keep track of when each incremental was done. You can then of course do full backups at regular intervals also. Depending on the sorts of files you're working with this often likely to produce a lot less duplication. It is possible if you are backing up a few large files with changes only made to parts of them (log fi
Re: (Score:2)
That's why the bonus topic was deduplication on the backup machine.
i.e., use ZFS on freebsd, or something like http://www.opendedup.org/ [opendedup.org] on Linux, etc...
This is especially useful when you are backup up say, 300 cheap machines to a central server and you know 95% of everything is going to be duplicate content anyway.
Same duplication issue exists for tar when you get beyond a single machine to backup.
Re: (Score:2)
Yeah, that makes sense. I mean you probably do want certain backups pushed off to somewhere else, but there's always going to be some duplicates somewhere. I'll have to think about trying it, though ZFS is more than a bit of a PITA to set up, from what I remember. Maybe its time to play with BTRFS...
Re: (Score:2)
Elaborating on that, I'd recommend using a deduplication utility like zbackup.
This way, you can do:
ssh user@remote.host 'tar cvf - files'|zbackup --password-file ~/pw backup /path/to/repo/backups/files.tar
This will copy the files over ssh, then use zbackup to stuff them in a repo. It does byte level deduplication, then any data that is new, it uses xz to compress it. This way, only changes are saved, and anything stored will be highly compressed, as well as encrypted with AES-128.
Re: (Score:2)
I may have to play with that too. I don't have vast amounts of data, but when some of our stuff is off on the other side of WAN links it can be annoying to backup even 50 gigs of data sometimes. Particularly when you know you MUST have 95% of it in some archive somewhere already.
Re: (Score:2)
If you're big enough, have a professional backup solution. We have NetWorker, which I don't like, but is pretty much proof against things like this. Clients can back up, and they can restore from their own backups (other clients' backups only if it's specifically allowed, which it isn't by default). But they can't delete or modify in any way backups that already exist, even their own. That can only be done from the server.
Re: (Score:2)
Do your backups also go to an offline and offsite backup medium? If not then your backups aren't much good. I've always tried to design a backup system so that even if I had evil intent I couldn't as the backup admin nuke all the data. With regular backup audits and good reporting done by a second party (backup admin) my backup system would have been pretty much impossible to thwart since there was always 67 days (two months plus a week) of backups offsite with weekly fulls. The only way to get it all would
Re: (Score:2)
If my machine runs Windows and has NTFS, but the network drive is under a Linux-based NAS and files reside on EXT4, does the ransomware encrypt those files as well? Is it a file-based encryption or filesystem-based?
Re: (Score:2)
Probably a file based, anything it can open, sort of deal.
Re: (Score:2)
Depends on the mechanism, as some ransomware used EFS calls, other instances did it itself. If ransomware uses EFS, it can't touch files sitting on a Linux based NAS. If the ransomware uses its own encryption engine, it really doesn't matter if it is NTFS, ReFS, ext4, or HFS+.
What I find surprising (Score:3, Funny)
What I find surprising is that on a site that is supposed to cater to the technically savvy, so many of the users who took the poll say they were targeted and compromised. Of course we all know that ransomware can only be successful in one scenario.
You are a illiterate fucking cunt retard and you're too busy guzzling your dad's jizz out of your sister's shitshooter to not fucking zap the dancing monkey to win $10,000. Stop gaping your asshole on the fire hydrant out front, go install a fucking antivirus program and get the goddamn updates you cock-gobbling ignoramus.
Re: (Score:2, Informative)
The Aristocrats!
Re: (Score:3)
What I find surprising is that on a site that is supposed to cater to the technically savvy, so many of the users who took the poll say they were targeted and compromised. Of course we all know that ransomware can only be successful in one scenario.
From reading the comments, my guess is that most of the people voting for "I was hit but didn't pay" were not talking about their own personal machines but rather they were cleaning up for a non-tech coworker, friend, family member, etc.. that got hit.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
I am interested in your literary works and I would like to subscribe to your newsletter.
What is an antivirus program? (Score:2)
Sent from my iPad
Re: (Score:2)
I've used, in the past - I've only a Windows phone these days, Windows with no live AV application on it. I'd scan it once in a while for malware using MBAM but no, no issues. Of course, I keep my browser locked down pretty tight and don't do stupid shit but I'd still recommend that the vast majority of folks not do what I did. They're simply not that patient and willing to learn.
Tape (Score:2)
Old fashioned backups such as tape (in a business environment) and an external drive you don't have connected all the time are probably safest.
As for anti-virus, well.. a good AV application is always useful, but this stuff tends to get past most scanners at first. It's not much use having your AV program clean up the malw
Re: (Score:3)
I have yet to see AV software stop an active infection. It might be OK for scanning a downloaded program for a Trojan dropper... but why bother with that, when one can use VirusTotal and get a lot better results?
In fact, I've found that adblocking software, enabling "click to play" functionality, and sandboxing/virtualizing far more effective than any AV software made.
Re: (Score:2)
Re: (Score:2)
The problem with ONLINE backups is that the ransomware might try to encrypt those too, and even "cloud" based backups could be vulnerable.. basically anything you can drag and drop to.
Old fashioned backups such as tape (in a business environment) and an external drive you don't have connected all the time are probably safest.
[talking home use here]
You can protect yourself to some extent by not using your normal login credentials for networked storage. The NAS location that my backup software writes to uses its own user/password, which is configured in the backup software. (Whether the malware can pull those, or if the share is writeable by other processes on the system while the backup is running is another question.)
I do the same sort of thing for my media shares. 99% of the time, I don't need write access, so there's a read-o
Re: (Score:2)
Offline external backups are also a good idea because power surges and lightning still exist.
Re: (Score:3)
Chrome is getting to be a pita by itself "Tftpd32-4.52-setup.exe is not commonly downloaded and could be dangerous"
No shift its not commonly downloaded but that doesn't mean its dangerous. How about blocking those installer enabled sourceforge downloads? Now that would be helpful.
If I was attacked.. (Score:5, Insightful)
I would consider it exactly the same as a hardware failure
I have many layers of backup
DriveSavers and Hardware Failures (Score:3)
Many years ago I had a laptop disk drive fail. DriveSavers wanted $900 to recover what was on it, which was a highly reasonable price, but we decided not to - I had enough of my critical data on the mail server and backups, or places I could download from, so we just replaced the drive and reinstalled.
Most of the ransomware thugs charge a bit less than that, and you really need to have good backups or you're going to eventually end up paying DriverSavers or somebody like them.
They've tried and failed. (Score:2)
Re: (Score:2)
Re: (Score:2)
Agreed, I had a youtube video completely crash my machine without so much a blue screen.
"[ ] use hardware acceleration." Turned off now..
Noscript can block flash by default, flash-block seems extraneous.
Kind of 1 & 4 (Score:2)
Re: (Score:2)
Why do you let stupid people have admin privileges?
Ransomeware can have horrible consequences (Score:5, Funny)
F* ransomware.
Re: (Score:2)
Always remember, the reward for a job well done is another job.
Re: (Score:2)
Funny coincidence (Score:2)
Re: (Score:2)
Mcafee is just as bad last one I encountered with cryptowall had the full mcafee suite running and up to date and it couldn't find anything. That's not unusual though most malware anymore has a zero detection rating on virus total when I am trying to do clean up. So options are to submit the files and wait a few days for the av co's to catch up or fix it by hand either is a pita.
Moron/Idiot Tax (Score:2)
is what it is referred to in the IT support game.
2 choices to cleanup
1. Tax A; pay the fee and 95% chance of recovery, 15% chance of further extortion
2. Tax B; pay IT support to clean up and hope you had a good backup plan
But hey, it's more than 30% of all billed hours speaking to one of my friends.
my experience with ransomware (Score:2)
Family member was hit, kindof (Score:2)
Had a grandparents computer infected by some script kiddies version of ransomware, IE window popup claiming that they would remove their virus if they sent money. A virus boot disk and a few runs in safe mode of various spyware/adware cleaned it out.
i am a poor boy (Score:2)
/.'s Top Deals (Score:2)
Is that ransomware too for us now? My ad blocker didn't even block them! :(
Games (Score:2)
Pay up or you'll never advance past level 5, and don't forget to buy the downloadable content or you can't use the shiniest weapons and won't get these other sidequests.
Backup solutions not the end of the story (Score:3)
I have a physically read-only SD card with a bunch of trusted applications and a base restore image for each of my laptops. It's amazing what you can cram onto 32GB. Twenty minutes, any one of a dozen batch scripts and a nuked system becomes fully productive again. Backups in my case are on a three-tier rotation with a "live" tier in the cloud.
Re: (Score:2)
The controller chip on the sd card doesn't have access to the "switch".
It is nominally wired to a pin on the board that is honored by the OS level driver. A hacked drive could override (ignore) the status of the RO pin.
Also Micro SD [and Mini?] don't have the 'read-only] slider bit I believe there is a software version of the pin but it's been years since I've had to hack on one those drivers.
Re: (Score:2)
The controller chip on the sd card doesn't have access to the "switch".
It is nominally wired to a pin on the board that is honored by the OS level driver. A hacked drive could override (ignore) the status of the RO pin.
Also Micro SD [and Mini?] don't have the 'read-only] slider bit I believe there is a software version of the pin but it's been years since I've had to hack on one those drivers.
The micro doesn't have the slide switch but most micro to sd adapters do have the slide switch which is what most PCs would use to access a micro sd. I have not personally seen a pc with a micro slot. All the PCs and laptops I have seen only have the standard SD slot.
Re: (Score:2)
Many of the new Ultrabooks and 2-in-1 tablets have a microSD slot (Microsoft Surface 3 probably being the most prominent example)
Re: (Score:2)
how much of that 16GB is actually used by the system?
A base xp install is about 1.5GB. 7 runs about 12GB. A full Knoppix/Debian KDE desktop is 8.5GB. When you're creating mirrors you're not mirroring the entire partition, you're only mirroring the data that's on it.
As partitioning goes, my 7 installs occupy space in 100GB partitions. xp occupies space in 16GB, Debian has 32GB to play with. Most of the software I use is fairly interchangeable between the systems, so that sits in custom installer packages whi
Why pay the ransom when you have a backup? (Score:2)
Re: (Score:2)
I wish Synology, QNAP, or one of the NAS appliance makers would make a utility like Windows Home Server or Windows Server Fundamentals, where the NAS itself would initiate the backup and stash it on a deduplicated filesystem [1]. Add a point and drool front-end, and this would be an excellent way of not just doing backups, but preventing ransomware, since the malware can't touch the server, other than to have backups be corrupted.
[1]: Or just use a F/OSS program like zbackup, zpaq, or obnam for the dedupl
Not happening here.. (Score:3)
I've been running Linux on all of my home systems since this ransomware crap became a thing.. The closest I've come to seeing it affect a system was a friend I upgraded to Linux, as he was one of those types that clicked on EVERYTHING.. I got tired of him calling me and saying "my systems slow again" and then finding layer after layer of crap on the system. Since all he did was webbrowse/email/facebook, I gave him an ultimatum.. The only way I'd continue to help him was if he dumped Windows and went to Linux. I fired up a LiveCD to let him try it for a few days, and he was happy, so we flushed Windows and installed a slightly tweaked copy of XUbuntu. After getting calls from him every other week, these calls stopped, for the most part, after the upgrade.. The fun part was when he did call and tell me this email he opened was giving him a weird error message. I dropped by and it turned out to be one of the spam emails with a cryptolocker payload, and it was bitching about *trying* to encrypt his files and failing spectacularly.. I enjoyed telling him that if he was still on Windows, he'd be paying to decrypt all his files...
Missing option (Score:2)
Missing option: Yes, on a non-Windows system.
I'm not saying that it's happened to me (it hasn't) but it would be interesting to hear if anyone has encountered it on for example Android or OS X.
Missing option (Score:2)
That's my experience, happened to my dad. I got his computer functional again but it looked like it needed a format to get back to normal, so I got all his stuff off it and we used that as an excuse to upgrade.
Re:Missing: Never hit, but cleaned up after one (Score:4, Interesting)
I have never personally been hit, but a friend was hit a few months back and I cleaned up his system for him.
Same story here... a family member got bit with it. I saved off the email addy. It took a couple of hours to reinstall the OS and shove the (month-old) backup into the box, clean it up a bit, then restore a few missing photos from her phone (nothing else was really important to her). Then I put the box back online through my home router (not hers) and got it all patched-up to date. She then went home and informed the ransomware dude that he should go fuck himself.
I got a bottle of 12-year-old scotch out of it, so it wasn't that much of a time-waste IMHO.
Re: (Score:3)
Yeah, cleaned up my wife's PC from ransomware she got from a page hijack site - basically an unscrupulous web advertiser ad directing to a hijack site saying her PC was infected. I've hit two of these in the past day, but I know to kill my browser and never click on their links. And yeah, other software tells me I was not infected and they were liars. Both were from looking up Windows phone SDK deployment information, incidentally. I need to deploy some software on a Windows phone for work and was getting e
Re: (Score:2)
What file types? Pictures/videos/documents?
Re: (Score:2)
Read email in plain text - not in HTML. That'll help 'em a bit too - if they're not too stupid.
Re: (Score:2)
What's wrong with cloud based backups? It's offsite, offline as far as the clients access to the data is considered, and unlike physical backups it "just works", in almost every SMB case I saw as a consultant backup failures were human factors issues, not technology issues (ok Backup Exec did cause some technology related failures, but those were WAY less common than the people screwing up).