[194567] in North American Network Operators' Group
Re: Please run windows update now
daemon@ATHENA.MIT.EDU (Joe)
Sat May 13 01:07:42 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <aa838ab4db18154893e6ff7c92871118@mail.dessus.com>
From: Joe <jbfixurpc@gmail.com>
Date: Sat, 13 May 2017 00:07:39 -0500
To: Keith Medcalf <kmedcalf@dessus.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
One word. Linux.
After this we'll probably see (yet more) additional processes running on
windows boxes safe guarding against issues like this, forcing windoze users
to upgrade memory/processor/disk space. I, for one, am not looking at
Windoze 10 S as it locks too many applications needed for work to the
Windoze store.
Getting kind of ridiculous if you ask me.
-Joe
On Fri, May 12, 2017 at 11:56 PM, Keith Medcalf <kmedcalf@dessus.com> wrote=
:
>
> Well, this one was patched (or more accurately, undone). Perhaps. Maybe=
.
>
> How many other "paid defects" do you estimate there are in Microsoft
> Windows waiting to be exploited when discovered (or disclosed) by someone
> other than the "Security Agency" buying the defect?
>
> Almost certainly more than just this one ... and almost certainly there i=
s
> more than a single "payor agency" independently purchasing the deliberate
> introduction of code defects.
>
> --
> =CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =C9=
=B9no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 no=CA=8E=
=C9=9F=C4=B1
>
>
> > -----Original Message-----
> > From: Nathan Brookfield [mailto:Nathan.Brookfield@simtronic.com.au]
> > Sent: Friday, 12 May, 2017 22:48
> > To: Keith Medcalf
> > Cc: nanog@nanog.org
> > Subject: Re: Please run windows update now
> >
> > Well it was patched by Microsoft of March 14th, just clearly people
> > running large amounts of probably Windows XP have been owned.
> >
> > Largely in Russia.
> >
> > Nathan Brookfield
> > Chief Executive Officer
> >
> > Simtronic Technologies Pty Ltd
> > http://www.simtronic.com.au
> >
> > On 13 May 2017, at 14:47, Keith Medcalf <kmedcalf@dessus.com> wrote:
> >
> >
> > The SMBv1 issue was disclosed a year or two ago and never patched.
> > Anyone who was paying attention would already have disabled SMBv1.
> >
> > Thus is the danger and utter stupidity of "overloading" the function of
> > service listeners with unassociated road-apples. Wait until the bad gu=
ys
> > figure out that you can access the same "services" via a connection to
> the
> > DNS port (UDP and TCP 53) on windows machines ...
> >
> > --
> > =CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =
=C9=B9no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 no=CA=
=8E =C9=9F=C4=B1
> >
> >
> > > -----Original Message-----
> > > From: NANOG [mailto:nanog-bounces+kmedcalf=3Ddessus.com@nanog.org] On
> > Behalf
> > > Of Karl Auer
> > > Sent: Friday, 12 May, 2017 18:58
> > > To: nanog@nanog.org
> > > Subject: Re: Please run windows update now
> > >
> > >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> > >> - In parallel, consider investigating low-hanging fruit by OU
> > >> (workstations?) to disable SMBv1 entirely.
> > >
> > > Kaspersky reckons the exploit applies to SMBv2 as well:
> > >
> > > https://securelist.com/blog/incidents/78351/wannacry-
> ransomware-used-in
> > > -widespread-attacks-all-over-the-world/
> > >
> > > I thought it was a typo in para 2 and the table, but they emailed bac=
k
> > > saying nope, SMBv2 is (was) also broken. However, they also say (same
> > > page) that the MS patch released in March this year fixes it.
> > >
> > > Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
> > >
> > > Regards, K.
> > >
> > > --
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~
> > > Karl Auer (kauer@biplane.com.au)
> > > http://www.biplane.com.au/kauer
> > > http://twitter.com/kauer389
> > >
> > > GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> > > Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> > >
> >
> >
> >
>
>
>
>
>
