The latest ransomware attack, referred to as WannaCry was accidentally stopped in its tracks some days ago by an amateur researcher that tripped a kill switch by registering a domain name hard-coded in the hacker’s routines that was essentially a GUID. The safeties have now been taken off and the latest and greatest instantiation of this malware has already gobsmacked the Ukraine. Here’s the D&D:
The bad guy(s) search the Internet for machines with the TCP port 445 open. Server Message Blocks (SMB), a file sharing protocol used by printers, routers, scanners, and such use this port. SMBv1.0 is the original protocol in Windows, that has used the port, at least since the W2K days, has been deprecated since W7, but the code is still in all the OS’s, as well as v2.0 and v3.0. The v1.0 code contains THE buffer overflow vulnerability, whereas a specifically formed packet rammed up port 445 trips the onerr routine, crashes the system stack, and gives the perp the ability to remotely execute code outside of the UAC(User Account Control); you know– that system modal box that asks if its OK for Windows to make changes to the system YES? or NO?. The code then seeks out any workstations on the LAN and infects them as it encrypts all data files it can find. BTW this general vulnerability has been around since before forever and if anyone is stupid enough to believe that Windows has been completely re-written since NT…well here’s exhibit Z. I have lost count of the number of exploits known to use the onerr goto system stack crash vulnerability.
So stop what you are doing– Go to Control Panel -> Programs -> Windows Features —
uncheck the bloody SMB 1.0/CIFS File Sharing Support checkbox
bow your head
wait for the ricochet
think about LINUX
cause it ain’t gonna end here
My W7 machines didn’t have this feature but my W10s did.
It’s the W7 machines that caught most of the hell.
Most XP machines just crashed.
Special thanks to the NSA for not telling anyone about this.
M$ found out about it from a stolen NSA data dump to WikiLeaks
and issued a security patch in March. Europe is getting hit hard
probably because no-one’s got good validation codes. bad code – no update.
M$ has even issued a WannaCry security update for XP and W2003 servers.
I am always on the lookout for new tech items with low user ratings. No doubt- the device is quickly discounted to get it out of the retail stream while the manufacturer corrects the issue. These devices will also show up in the re-manufactured market at a significant discount owing to the many user returns. Often, the bad reviews have nothing to do with quality, capability, fit or finish. Continue reading
Transcribed without permission from PCWorld February 2013 – Editor’s Letter by Jon Phillips the editor of PCWorld
I can’t remember the last time I saw an email or article comment in which a PCWorld reader professed love – or any measure of affection – for Microsoft. In fact, I’ve been covering PCs as a journalist since 1995, and I cant recall any reader ever sharing even the smallest bit of warmth for the company that has been instrumental to the health and welfare of the PC platform. Continue reading
Installing WordPress on a Windows 7 Ultimate development system
Virtually all active web sites operate on remote servers. Remote server management makes it difficult to create, install, maintain, and repair a remote web site. A local web development system makes web site management easier and more efficient. Microsoft provides just such an app on most Windows 7 versions with IIS 7.x; Internet Information Servies. Continue reading