Re: Please run windows update now

In article you write: >fyi, current opinion in the security community seems to be that win10 is >better secured than linuxes, bsds, ... see http://cyber-itl.org/; still >pretty sparse, but getting flushed out. Not against Microsoft. R's, John

Re: Please run windows update now

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2017-05-16 at 10:33 -0500, Brad Knowles wrote: > > In the American approach, if there are a significant number of road > fatalities, then it's the drivers own fault and they should have taken > more care. They are automatically to blame

Re: Please run windows update now

Can we end this thread? I think the original intent has come and gone. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On May 16, 2017 11:40 PM, wrote: > On Tue, 16 May 2017 20:55:37 -0600, "Keith Medcalf" said: > > > >

Re: Please run windows update now

On Tue, 16 May 2017 20:55:37 -0600, "Keith Medcalf" said: > > On Tuesday, 16 May, 2017 18:13, Valdis Kletnieks wrote: > > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > > >> Of course Microsoft knew, since they wrote in the backdoor in the first > >> place. That is

RE: Please run windows update now

On Tuesday, 16 May, 2017 18:13, Valdis Kletnieks wrote: > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: >> Of course Microsoft knew, since they wrote in the backdoor in the first >> place. That is why when informed by their employers that the backdoor >> was going to

Re: Please run windows update now

On Wed, 17 May 2017, Matt Palmer wrote: > > > > Do you have any actual evidence or citations that in fact, this was an > > intentionally inserted backdoor? > > You'll have to speak up, he can't hear you over the rustling of the tin > foil. > > - Matt > Pretty low blow considering if I saw

Re: Please run windows update now

On Tue, May 16, 2017 at 08:12:41PM -0400, valdis.kletni...@vt.edu wrote: > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > > Of course Microsoft knew, since they wrote in the backdoor in the first > > place. That is why when informed by their employers that the backdoor was > > going

Re: Please run windows update now

On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > Of course Microsoft knew, since they wrote in the backdoor in the first > place. That is why when informed by their employers that the backdoor was > going to be made public, they could undo the changes they had introduced so > rapidly.

RE: Please run windows update now

> What would be more of an interesting discussion, to me, would be why > doesn't Microsoft know about these hoarding of vulnerabilities by State > actors and plug them up? Some state actors they do know. They custom write the security flaws on the state actors request. > Are they really that

Re: Please run windows update now

YOU WENT THERE (ignores enough to run for president) On May 15, 2017 1:48:51 AM PDT, Randy Bush wrote: >> Or BSD, or anything but Windows. Anyone running Microsoft products >> is quite clearly an unprofessional, unethical moron and fully >deserves >> all the pain they get --

Re: Please run windows update now

On Tue, 16 May 2017 09:40:50 -0700, JoeSox said: > What would be more of an interesting discussion, to me, would be why > doesn't Microsoft know about these hoarding of vulnerabilities by State > actors and plug them up? It's pretty hard for Microsoft to know about an exploit the NSA is sitting

Re: Please run windows update now

On Tue, 16 May 2017 12:23:36 -0500, Brad Knowles said: > On May 16, 2017, at 11:40 AM, JoeSox wrote: > > Isn't it true, with any tech product, the more complex features, the less > > secure it is? Ask yourself why this is the case, and I believe the true > > issue with tech

Re: Please run windows update now

On May 16, 2017, at 11:40 AM, JoeSox wrote: > LOL. I think that is a really bad example and I see many facilities in it, > including a hasty generalization, as intersections, and roads for that > matter, in America have been resigned to improve safety. So, if you want to talk

Re: Please run windows update now

On Tue, May 16, 2017 at 8:33 AM, Brad Knowles wrote: > On May 15, 2017, at 4:31 PM, Jonathan Roach > wrote: > > > What's key is that administrators need to know how to secure their > > estates. If they've failed to apply the patch, that's their

Re: Please run windows update now

On May 15, 2017, at 4:31 PM, Jonathan Roach wrote: > What's key is that administrators need to know how to secure their > estates. If they've failed to apply the patch, that's their failure, not > Microsoft's, but patching was not the only way to have curtailed this >

Re: Please run windows update now

On Mon, 15 May 2017 16:19:37 -0700, "Aaron C. de Bruyn via NANOG" said: > Combine that with fail2ban. When one user has more than 60 writes in > 60 seconds *or* a write contains a well-known cryptolocker name (i.e. > *DECRYPT_INSTRUCT*) Oddly enough, we've seen *lots* of spammers that are

Re: Please run windows update now

Hi Scott As with any open forum you take the good with the bad. I've been on this list since 2001, you learn to dump the static and learn from the good advise. Too much information (whether good or bad) is better than none. -Joe On Mon, May 15, 2017 at 8:12 PM, Scott Weeks

Re: Please run windows update now

Hi Scott As with any open forum you take the good with the bad. I've been on this list since 2001, you learn to dump the static and learn from the good advise. Too much information (whether good or bad) is better than none. -Joe On Mon, May 15, 2017 at 8:12 PM, Scott Weeks

Re: Please run windows update now

Microsoft aren't stupid. They have learned lessons from the days in the 90s and early 2000s when they were a laughing stock in terms of security, and since then Windows security has improved enormously. OK, so it's not perfect, but what software is? Dirty Cow, Shellshock and Heartbleed for example

RE: Please run windows update now

--- na...@incomingmta.com wrote: From: "Phillip White" ...I have been on this list for many years...Today, though, I felt the need to create the mailbox just so I could reply since your posts have been the most irritating I have ever seen on this list.

Re: Please run windows update now

On Mon, May 15, 2017 at 2:48 PM, J. Oquendo wrote: > On Mon, 15 May 2017, b...@theworld.com wrote: >> You count the number of destructive opens in the kernel and if it >> exceeds a threshold (for example) you stop it and pop up a warning. That's basically what I did. I

Re: Please run windows update now

On Mon, 15 May 2017, b...@theworld.com wrote: > Oh great a design review! > > Hello Valdis, I am Barry Shein. I've done decades of internals and > kernel work. > > Ever use any Windows since about Vista? It throws up those warning > pop-ups when you're about to do something it decides needs >

Re: Please run windows update now

On Fri, May 12, 2017 at 10:30 AM, Royce Williams wrote: > My $0.02, for people doing internal/private triage: > > - If your use of IPv4 space is sparse by routes, dump your internal > routing table and convert to summarized CIDR. > > - Feed your CIDRs to masscan [1] to

Re: Please run windows update now

On May 15, 2017 at 16:17 valdis.kletni...@vt.edu (valdis.kletni...@vt.edu) wrote: > On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said: > > > So for example why does a client OS produced with that much money > > available even allow things like wholesale encryption of files without

Re: Please run windows update now

> On May 15, 2017, at 21:17, valdis.kletni...@vt.edu wrote: > >> So for example why does[n’t] a client OS confirm that you really >> meant to run a program on $THRESHOLD files… > How does the operating system detect that and throw a pop-up > *before* that executes? > > It's a lot harder

Re: Please run windows update now

On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said: > So for example why does a client OS produced with that much money > available even allow things like wholesale encryption of files without > at least popping up one of those warnings to confirm that you really > meant to run a program

Re: Please run windows update now

Since everyone else is bloviating I may as well also... The underlying problem is that Microsoft tried to produce basically one operating system for both servers and end-users and most anything in between. Putting some lipstick on them and names such as "server 2008" doesn't negate that. Ok so

RE: Please run windows update now

.org] On Behalf Of Keith Stokes Sent: Monday, May 15, 2017 11:49 AM To: Keith Medcalf <kmedc...@dessus.com> Cc: nanog@nanog.org Subject: Re: Please run windows update now <https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/> https://blog

RE: Please run windows update now

10:47 AM To: Rich Kulawiec <r...@gsp.org> Cc: nanog@nanog.org Subject: Re: Please run windows update now On Mon, 15 May 2017 02:12:27 -0400, Rich Kulawiec said: > Or BSD, or anything but Windows. Anyone running Microsoft products is > quite clearly an unprofessional, unethica

RE: Please run windows update now

. Phillip White -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rich Kulawiec Sent: Monday, May 15, 2017 4:37 AM To: nanog@nanog.org Subject: Re: Please run windows update now You make some excellent points: but I grow very, very tired of having to spend my t

Re: Please run windows update now

On May 15, 2017, at 11:21 AM, J. Oquendo wrote: >> Not everyone licks their chops and thinks "fresh meat" when they see >> worldwide panic that results from a massive security hole like this. > > Jump in the security space, where we may gladly trade our > cats and dogs

Re: Please run windows update now

On Mon, 15 May 2017, Brad Knowles wrote: > If Microsoft didn't open the security hole in the first place, then there > wouldn't be a need to patch it afterwards. You are very correct. Microsoft opened the hole because they had nothing better to do. Or, could it be that these things happen, akin

Re: Please run windows update now

On May 15, 2017, at 10:08 AM, J. Oquendo wrote: > Spot on. Shame on Microsoft for releasing patches and not > forcing the installation versus letting security managers > open up ISC^, and other nonsensical frameworks to do things > like "change/patch management" tasks. I

Re: Please run windows update now

Luthman'; 'Nathan Fink' Cc: nanog@nanog.org Subject: RE: Please run windows update now I should clarify, the link in my email below is only for windows versions that are considered unsupported. This one has links for the currently supported versions of windows https://support.microsoft.com/en-us/

RE: Please run windows update now

May, 2017 09:23 > To: 'Josh Luthman'; 'Nathan Fink' > Cc: nanog@nanog.org > Subject: RE: Please run windows update now > > I should clarify, the link in my email below is only for windows versions > that are considered unsupported. > > This one has links for the cur

RE: Please run windows update now

...@c4.net [mailto:timrutherf...@c4.net] Sent: Monday, May 15, 2017 11:12 AM To: 'Josh Luthman' <j...@imaginenetworksllc.com>; 'Nathan Fink' <nef...@gmail.com> Cc: 'nanog@nanog.org' <nanog@nanog.org> Subject: RE: Please run windows update now They even released updates f

RE: Please run windows update now

@nanog.org Subject: Re: Please run windows update now Link? I only posted it as reference to the vulnerability. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, May 13, 2017 at 2:07 AM, Nathan Fink <nef...@gmail.com> wrote: > I show

Re: Please run windows update now

On Mon, 15 May 2017, Brad Knowles wrote: > As much as I hate, loathe, and despise Microsoft, there's always going to be > someone/something out there that is "the worst". Eliminate the current > "worst", and there will be another one right behind them. > > I do believe that Microsoft is

Re: Please run windows update now

On May 15, 2017, at 5:37 AM, Rich Kulawiec wrote: > [1] There may be no such thing as a secure system, period. But it > would be better to deploy things that may have a fighting chance > instead of things that have long since proven to have none at all. As much as I hate, loathe,

Re: Please run windows update now

Link? I only posted it as reference to the vulnerability. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, May 13, 2017 at 2:07 AM, Nathan Fink wrote: > I show MS17-010 as already superseded in SCCM > > On Fri, May 12,

Re: Please run windows update now

I show MS17-010 as already superseded in SCCM On Fri, May 12, 2017 at 1:44 PM, Josh Luthman wrote: > MS17-010 > https://technet.microsoft.com/en-us/library/security/ms17-010.aspx > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St >

Re: Please run windows update now

With that kind of attitude and disconnect from reality I wonder who is the unprofessional moron... - Jorge (mobile) > On May 15, 2017, at 1:12 AM, Rich Kulawiec wrote: > >> On Sat, May 13, 2017 at 12:07:39AM -0500, Joe wrote: >> One word. Linux. > > Or BSD, or anything but

Re: Please run windows update now

Just a note folks that while this particular ransomware is using the MS17-010 exploit to help spread, it does not rely on it. This is still a regular piece of ransomware that if someone opens the malicious file, will encrypt files. SANS has some IoCs and more information:

Re: Please run windows update now

fyi, current opinion in the security community seems to be that win10 is better secured than linuxes, bsds, ... see http://cyber-itl.org/; still pretty sparse, but getting flushed out. randy

Re: Please run windows update now

You make some excellent points: but I grow very, very tired of having to spend my time and my energy -- note timestamp on my message -- dealing with the fallout. It should be painfully clear to everyone that there is no such thing as a secure Windows system. [1] It should have been painfully

Re: Please run windows update now

> Or BSD, or anything but Windows. Anyone running Microsoft products > is quite clearly an unprofessional, unethical moron and fully deserves > all the pain they get -- including being sued into oblivion by their > customers and clients for their obvious incompetence and negligence. aside from

Re: Please run windows update now

On Mon, 15 May 2017 02:12:27 -0400, Rich Kulawiec said: > Or BSD, or anything but Windows. Anyone running Microsoft products > is quite clearly an unprofessional, unethical moron and fully deserves > all the pain they get Tell you what. Go over to http://line6.com/software/ - You convince them

Re: Please run windows update now

On Sat, May 13, 2017 at 12:07:39AM -0500, Joe wrote: > One word. Linux. Or BSD, or anything but Windows. Anyone running Microsoft products is quite clearly an unprofessional, unethical moron and fully deserves all the pain they get -- including being sued into oblivion by their customers and

RE: Please run windows update now

oʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı > -Original Message- > From: Joe [mailto:jbfixu...@gmail.com] > Sent: Friday, 12 May, 2017 23:08 > To: Keith Medcalf > Cc: nanog@nanog.org > Subject: Re: Please run windows update now > > One word. Linux. > > After this we'll proba

Re: Please run windows update now

h unassociated road-apples. Wait until the bad guys > > figure out that you can access the same "services" via a connection to > the > > DNS port (UDP and TCP 53) on windows machines ... > > > > -- > > ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı >

RE: Please run windows update now

an Brookfield [mailto:nathan.brookfi...@simtronic.com.au] > Sent: Friday, 12 May, 2017 22:48 > To: Keith Medcalf > Cc: nanog@nanog.org > Subject: Re: Please run windows update now > > Well it was patched by Microsoft of March 14th, just clearly people > running large amounts of p

Re: Please run windows update now

=dessus@nanog.org] On Behalf > Of Karl Auer > Sent: Friday, 12 May, 2017 18:58 > To: nanog@nanog.org > Subject: Re: Please run windows update now > >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote: >> - In parallel, consider investigating low-hangi

RE: Please run windows update now

half > Of Karl Auer > Sent: Friday, 12 May, 2017 18:58 > To: nanog@nanog.org > Subject: Re: Please run windows update now > > On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote: > > - In parallel, consider investigating low-hanging fruit by OU > > (workstations?) to d

Re: Please run windows update now

On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote: > - In parallel, consider investigating low-hanging fruit by OU > (workstations?) to disable SMBv1 entirely. Kaspersky reckons the exploit applies to SMBv2 as well: https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in

Re: Please run windows update now

MS17-010 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, May 12, 2017 at 2:35 PM, JoeSox wrote: > Thanks for the headsup but I would expect to see some

Re: Please run windows update now

Thanks for the headsup but I would expect to see some references to the patches that need to be installed to block the vulnerability (Sorry for sounding like a jerk). We all know to update systems ASAP. -- Later, Joe On Fri, May 12, 2017 at 10:35 AM, Ca By wrote: > This

Re: Please run windows update now

My $0.02, for people doing internal/private triage: - If your use of IPv4 space is sparse by routes, dump your internal routing table and convert to summarized CIDR. - Feed your CIDRs to masscan [1] to scan for internal port 445 (masscan randomizes targets, so destination office WAN links won't

Re: Please run windows update now

Hail backups, and whoever keeps those ports accessible to the outside without a decent ACL in the firewall, or restricting it to (IPsec) VPN's should be shot on sight anyways. On Fri, May 12, 2017 7:35 pm, Ca By wrote: > This looks like a major worm that is going global > > Please run windows