https://fossbytes.com/hacking-windows-login-details-using-google-chrome-sfc-files/
6 days ago - Josh On May 23, 2017 12:46 AM, "Steve Jones" <[email protected]> wrote: > when this hit, that's what they said, then when they realized it was like > every other malware, the news tried the "wannacry not delivered via > attachements" headlines for like 40 seconds til the tech community lashed > out (btw the tech community is the only legitimately non partisan community > out there) and they STFU. > I never understood when our customers get het with malware, why the people > who don't use UPS insist on always opening the UPS attachments > granted, this propagates from an infected machine to others if you didn't > apply the three month old patch, so "technichally it doesn't have user > interaction" but unless its dropping an executable in a startup folder, > does it really? > > I just wonder if I'm missing something. I sat through a UTM webinar the > other day on this, expecting to gain insight. The gist of this one is "yer > fukt" because it was distributed by what equates to a 3 year old with an > iPhone, and paying the ransom doesn't get you a key. There was a post > webinar Q&A that disconnected because the UTM vendor didn't realize the guy > who started the session had to actually stay in it to keep it going.... > that's the level of non starter I perceive wannacry as. > > On Tue, May 23, 2017 at 12:25 AM, Josh Reynolds <[email protected]> > wrote: > >> It's very possible, I've just never heard of an exploit that doesn't >> actually require you to run the payload >> >> - Josh >> >> On May 23, 2017 12:22 AM, "Steve Jones" <[email protected]> >> wrote: >> >>> that's like super old (not that wannacry is all that new) >>> its amazing to me that malware is such a thing >>> fuckballs stuxnet is still live >>> are humans retarded? >>> >>> On Tue, May 23, 2017 at 12:15 AM, Josh Reynolds <[email protected]> >>> wrote: >>> >>>> I don't know which one that you are talking about, but there is a much >>>> more advanced exploit floating around. One of the infection methods is to >>>> auto download a file when loading a web page... When the user opens the >>>> folder, the windows handler that loads the file icon from inside the >>>> program, which then silently transmits that users credentials to a remote >>>> SMB server. >>>> >>>> Nasty stuff. >>>> >>>> - Josh >>>> >>>> On May 23, 2017 12:03 AM, "Steve Jones" <[email protected]> >>>> wrote: >>>> >>>>> lol, better not be another one >>>>> just seems like this wannacry thing is way blown out of proportion, I >>>>> haven't seen anything to indicate its any more virulent or invasive than >>>>> the standard malware, just happens it did a targeted phish of known >>>>> unprotected targets >>>>> >>>>> On Mon, May 22, 2017 at 10:16 PM, Jay Weekley < >>>>> [email protected]> wrote: >>>>> >>>>>> Is this a new way of announcing your wife is having a baby? >>>>>> >>>>>> Steve Jones wrote: >>>>>> >>>>>>> I not an absurd lack of hype over this on this list when every other >>>>>>> list is popping off >>>>>>> Am I the only one that sees this as similar to the whole UBNT >>>>>>> mishap? don't follow standard practices, pay the price? >>>>>>> I'm inclined to block the ports as a mechanism of being a good >>>>>>> steward of the interwebs, but shouldn't I have already been dropping >>>>>>> those? >>>>>>> as an ISP >>>>>>> I'm tempted to push OS migration, but shouldn't I have already been >>>>>>> doing so as an IT services guy. >>>>>>> I'm tempted to keep current patches, but shouldn't I have already >>>>>>> been doing so? >>>>>>> I have no expectation that none of my contact customers will not be >>>>>>> impacted... by choices they made in our contract. >>>>>>> This doesn't seem like its a NEW thing >>>>>>> >>>>>>> <http://www.avg.com/email-signature?utm_medium=email&utm_sou >>>>>>> rce=link&utm_campaign=sig-email&utm_content=emailclient> >>>>>>> Virus-free. www.avg.com <http://www.avg.com/email-sign >>>>>>> ature?utm_medium=email&utm_source=link&utm_campaign=sig-emai >>>>>>> l&utm_content=emailclient> >>>>>>> >>>>>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>>>>>> >>>>>> >>>>>> >>>>> >>> >
