Petya Ass It's Ransomware Again!

the twitter #petya is REALLY NSFW now.. Might want to remove that link on the front page.
 
FalconSS said:
Kaspersky just mentioned its not a variant of Petya but something new. 2k infections so far, mostly in russia/ukraine.

Edit: Link:

hahaha, Kaspersky has named it NotPetya, lol.
Click to expand...

Just a little bit of info... Petya means Peter in Russian so it was likely made by a guy named Peter. :p Most likely why the majority of the attacks are in Russia/Ukraine.
 
nilepez said:
I'm no fan of the NSAs part in this, but AFAICT, this is a case of negligence by IT or management. there's just no excuse for not applying patches that are almost 4 months old. People who don't apply patches are like parents who don't vaccinate their kids.
Click to expand...


So if you work in a development lab and you are still supporting older versions of your product, you know, for older OS's that are still not End Of Life yet, or not too far past their EOL date. What do you do when your software is too "old" for the patches?

Now in our labs it's less of a deal cause we keep the labs cut off from the world but not all dev labs do that. I do agree with you as a rule. But there really are some exceptions.
 
BulletDust said:
And all so people can use the world's least compatible office suite.
Click to expand...

If you mean MS Office, it's perfectly compatible with everything as long as you only have to use it within your own organization. Take the US Army for instance, the largest domain in the world and they have no problems with MS Office compatibility because it's part of the base image the Army uses, AGM/UGM FTW.
 
I don't have any .dll file on my computer, how do I protect myself now? :oldman:
 
B00nie said:
I don't have any .dll file on my computer, how do I protect myself now? :oldman:
Click to expand...

No .dlls you say, what weird version of Windows do you have son ? You need to get you one of them there Windows 10 programs on your PC. I hear it is installed as a suppository these days.
 
Thank's Kyle for spreading the news how to immunize machines !!!!!!

I "patched" the servers with this file + my own machines that run Windows.


Keep on the brave work right at the frontier ;)
 
Last edited:
BulletDust said:
i don't need to Heatlesssun, and you know this as we've been over it before. Standards, remember?
Click to expand...

Yes and Office 2013+ supports both non-strict and strict OpenXML as well as OpenDoc. What you often confuse with file standards interoperability are actually product features that sometimes don't translate across applications. File standards AREN'T features.
 
heatlesssun said:
Yes and Office 2013+ supports both non-strict and strict OpenXML as well as OpenDoc. What you often confuse with file standards are actually product features that sometimes don't translate across applications. File standards DON'T dictate features.
Click to expand...

Yeah, nice brain fade.:rolleyes:
 
BulletDust said:
Yeah, nice brain fade.:rolleyes:
Click to expand...

So where are all of these non-standard documents that don't open in LibreOffice because of issues with compliance with file standards? I've had exactly this same argument with someone here a month ago. He pointed to Excel spreadsheet that deal with WoW that he swore didn't open MS Office but would in LibreOffice and it opened fine in MS Office. Indeed the formatting was significantly cleaner. The formulas however seemed to work correctly in both.

Really, it's simple. All one has to do is point to specfic XML code that say "Ah hah! It doesn't work because Microsoft broke the standards!" Those standards documents for OpenDoc and OpenXML are huge and complex, particularly OpenXML.
 
heatlesssun said:
So where are all of these non-standard documents that don't open in LibreOffice because of issues with compliance with file standards? I've had exactly this same argument with someone here a month ago. He pointed to Excel spreadsheet that deal with WoW that he swore didn't open MS Office but would in LibreOffice and it opened fine in MS Office. Indeed the formatting was significantly cleaner. The formulas however seemed to work correctly in both.

Really, it's simple. All one has to do is point to specfic XML code that say "Ah hah! It doesn't work because Microsoft broke the standards!" Those standards documents for OpenDoc and OpenXML are huge and complex, particularly OpenXML.
Click to expand...

Hey, settle down. We've been over it before, Office does not comply with certain ISO standards and this is not the place for discussion. Furthermore, you know only too well that we've been over it before.

Let it go little Microsoft crusader! ;)
 
Last edited:
heatlesssun said:
Again just which ones? https://msdn.microsoft.com/en-us/library/gg134034.aspx. You keep say over and over the same thing without specific references to the problem. The only thing you've ever specifically mentioned is OpenXML strict and non-strict versions and Office 2013+ supports both. And also the latest version of ODF.
Click to expand...

This is not the place, we've been over it before. You've really gotta start paying attention.
 
BulletDust said:
This is not the place, we've been over it before. You've really gotta start paying attention.
Click to expand...

And you gotta stop making extraordinary claims about how Office handles thousands of pages of complex documented standards without evidence. Yes you've said the same thing over and over without any evidence, just a complaint about strict vs non-strict OpenXML with are both supported in Office 2013+.
 
Another long night of patching Windows servers for this crap. SCCM and scripting helps of course, but think of all the man hours lost over stuff like this. Exceeds the cost folks pay to unlock their shit.
 
heatlesssun said:
And you gotta stop making extraordinary claims about how Office handles thousands of pages of complex documented standards without evidence. Yes you've said the same thing over and over without any evidence, just a complaint about strict vs non-strict OpenXML with are both supported in Office 2013+.
Click to expand...

I'm not. Obviously you're going to believe whatever pops into your little melon, so whatever.

Where compatibility issues do not exist between any other office suite, yet they exist with MS Office using open ISO standards - Than no matter what Microsoft try to claim from 2013 onwards regarding the strict standard, obviously logic dictates that it all has to be bullshit: As the purpose of standards is to remove the possibility of compatibility issues.

However, this isn't the place for such discussion, it's ok to claim that MS sucks at times, so get over it.
 
BulletDust said:
Where compatibility issues do not exist between any other office suite, yet they exist with MS Office using open ISO standards - Than no matter what Microsoft try to claim from 2013 onwards regarding the strict standard, obviously logic dictates that it all has to be bullshit: As the purpose of standards is to remove the possibility of compatibility issues.
Click to expand...

It's should be easy enough to open up a strict OpenXML document and point to exactly where an Office document is breaking a well documented and defined standard. There has to be at least ONE EXAMPLE of what you're talking about given the extraordinary claims you keep making. You're confusing file standards with implementation which isn't a standard. These standards don't enforce features or function.
 
Jim Kim said:
Would you 2 get a room, I'm buying.
Click to expand...

LOL! It's just that it's not difficult for him to make his case by just pointing to specific XML generated and showing the compliance problem. That's one of the points of the standard by which every developer uses to read OpenXML files. You can point to it and specific XML and say "Hey, that's not standard."
 
heatlesssun said:
LOL! It's just that it's not difficult for him to make his case by just pointing to specific XML generated and showing the compliance problem. That's one of the points of the standard by which every developer uses to read OpenXML files. You can point to it and specific XML and say "Hey, that's not standard."
Click to expand...

Not in this thread. If you have an issue PM me.
 
If only MS would get rid of command line none of these things would ever happen.
 
heatlesssun said:
Yes and Office 2013+ supports both non-strict and strict OpenXML as well as OpenDoc. What you often confuse with file standards interoperability are actually product features that sometimes don't translate across applications. File standards AREN'T features.
Click to expand...

Supporting standards doesn't matter when you include default formats which do not adhere to standards, which break compatibility intentionally to other office suites. It's pitiful how you try to rationalize their doings.
 
B00nie said:
It's pitiful how you try to rationalize their doings.
Click to expand...

I've asked repeatedly "Where exactly are standards being broken?" Where I have found references to complaints there's never any sample documents. This isn't a matter of rationalization, I'm just asking what exactly the issues are? And even if the formats were in total compliance by Microsoft, that still doesn't mean that features and implementations would be standard.
 
heatlesssun said:
I've asked repeatedly "Where exactly are standards being broken?" Where I have found references to complaints there's never any sample documents. This isn't a matter of rationalization, I'm just asking what exactly the issues are? And even if the formats were in total compliance by Microsoft, that still doesn't mean that features and implementations would be standard.
Click to expand...

As long as the MS Office documents are not compatible with the free alternatives on the market (which are cross compatible) then MS intentionally broke compatibility. No need for sample documents. We've all seen how even different versions of Office won't play ball together. It's all intentional to force consumers to upgrade and pay.
 
B00nie said:
As long as the MS Office documents are not compatible with the free alternatives on the market (which are cross compatible) then MS intentionally broke compatibility. No need for sample documents. We've all seen how even different versions of Office won't play ball together. It's all intentional to force consumers to upgrade and pay.
Click to expand...

Microsoft Office is extremely feature rich and Microsoft is constantly adding new features now. Regardless of file format, anyone trying to replicate it is always going to be playing catch up. I’ve been running MS office and Libreoffice side by side forever now. There’s just a big difference in what they can do. One may not use all the features in MS Office. But if they do use a lot of the feature, using Libreoffice is not just a matter of Microsoft not complying with the standards.
 
PETYA ASS, WATCH 'YO SELF! PETYA ASS, SHOW ME WHAT YOU WORKING WITH!
 
lcpiper said:
So if you work in a development lab and you are still supporting older versions of your product, you know, for older OS's that are still not End Of Life yet, or not too far past their EOL date. What do you do when your software is too "old" for the patches?

Now in our labs it's less of a deal cause we keep the labs cut off from the world but not all dev labs do that. I do agree with you as a rule. But there really are some exceptions.
Click to expand...
Sorry, but I don't follow. Are you saying you have software that's unable to work on patched systems?
 
nilepez said:
Sorry, but I don't follow. Are you saying you have software that's unable to work on patched systems?
Click to expand...

nilepez, the short answer is yes. The longer answer involves explaining that many many computers are running in environments which never ever see the internet and exist within enclosed ecosystems, controlled, and sterile. The reason is because some specific applications are developed at a slower pace, the rest of the world moves too fast and frankly, they have a reduced need to keep up because they don't depend on it.

An example, say I have a special system used to collect, analyze, and data base biometric data. None of these systems connect to the internet, ever. I only have to make things work, and I only need to improve on functionality and performance while making adjustments on the user interface aspect of the software. The only time I have to innovate and "catch up" is when hardware developments that promise significant performance benefits demand changes in software. Then I have to set out to play catch up and incorporate patches for those elements of this enclosed system that we use. If my system doesn't require Flash Player, I have no need of patching my software to keep up with it, etc.

Furthermore, I may have specific customers who are still using older hardware and are still using the older operating systems and software to match. I would also have to maintain this software even though the rest of the world has left it in the dust.

Is it clearer now?
 
Simmonz said:
No .dlls you say, what weird version of Windows do you have son ? You need to get you one of them there Windows 10 programs on your PC. I hear it is installed as a suppository these days.
Click to expand...

B00nie's running Mr. Torvald's baby :D
 
B00nie said:
As long as the MS Office documents are not compatible with the free alternatives on the market (which are cross compatible) then MS intentionally broke compatibility. No need for sample documents. We've all seen how even different versions of Office won't play ball together. It's all intentional to force consumers to upgrade and pay.
Click to expand...


Wait up. You are saying that Microsoft, who sells a product they developed, has to maintain compatibility with free open source software because they constitute a standard?

I'm going to explain something in a way I hope you grasp. No serious business depends on free shit. If you pay for it, you can demand support for it. If it's some free open source bullshit standard no one is under any gun to make changes and provide support.

This is why open standards and products have poor adoption rates with business.

This is why a company like Red Hat can take something that is an open source product and successfully commercialize it. Because by taking money for it, and for the promised support and development to maintain it, they provide the security in service that businesses need in order to take products seriously.

It's the way it is B00nie. Free is great for people who, as individuals, want something that's free and maybe works good enough for being free.

But for businesses and people who want to stake their lively hood on something, free is a loser's game, unless you are taking free so you can sell it to a chump, then it's a low cost development vehicle :D
 
Backup your shit. Backup that backup. Test those backups! Then put at least one of them offline!
 
lcpiper said:
nilepez, the short answer is yes. The longer answer involves explaining that many many computers are running in environments which never ever see the internet and exist within enclosed ecosystems, controlled, and sterile. The reason is because some specific applications are developed at a slower pace, the rest of the world moves too fast and frankly, they have a reduced need to keep up because they don't depend on it.

An example, say I have a special system used to collect, analyze, and data base biometric data. None of these systems connect to the internet, ever. I only have to make things work, and I only need to improve on functionality and performance while making adjustments on the user interface aspect of the software. The only time I have to innovate and "catch up" is when hardware developments that promise significant performance benefits demand changes in software. Then I have to set out to play catch up and incorporate patches for those elements of this enclosed system that we use. If my system doesn't require Flash Player, I have no need of patching my software to keep up with it, etc.

Furthermore, I may have specific customers who are still using older hardware and are still using the older operating systems and software to match. I would also have to maintain this software even though the rest of the world has left it in the dust.

Is it clearer now?
Click to expand...
Yes, but is it really relevant if it's a system that's never exposed to the outside world? Seems like it'd be pretty much impossible for this attack to affect these machines.
 
nilepez said:
Yes, but is it really relevant if it's a system that's never exposed to the outside world? Seems like it'd be pretty much impossible for this attack to affect these machines.
Click to expand...

You threw me there, I had to go reread the chain to figure out your comment. My part in this came from you saying there was negligence involved and I was trying to explain that sometimes, it's by design that systems are unpatched.

Let's see, I want to try and say it better taking in the progress of the discussion so far;

Let's try it this way.

There are situations where systems remain unpatched by design and not through negligence. Such systems should remain unconnected to the internet in lab environments but if they are going to be connected to the internet then strong measures should be taken to mitigate risk of attack, VPN only connections would be a good starting point along with other strong measures like restricted ACLs, tight firewalls, and point to point encryption. I would include removing or disabling all applications and services not required for the systems basic functions. Reduce everything to it's most fundamental purpose.

If you are going to ride bareback, make damn sure the pony is clean (y)
 
You must log in or register to reply here.
Back
Top