Re: Was the stab at RMS really necessary?
The irony is that RMS was right after all (gplv3).
Posts by Justin Goldberg
19 publicly visible posts • joined 23 Oct 2014
Open-source companies gather to gripe: Cloud giants sell our code as a service – and we get the square root of nothing
Google yanks Chrome support for Windows XP, at long last
PC World's cloudy backup failed when exposed to ransomware
Wednesday 25th May 2016 16:08 GMT
Just in case she had teslacrypt 3 to 4.2:
http://www.zdnet.com/article/teslacrypt-no-more-ransomware-master-decryption-key-released/
TeslaCrypt no more: Ransomware master decryption key released
Friday 13th May 2016 03:15 GMT
This makes me sick. Can we setup a gofundme site to raise money so that she can get her files back? I'd give something.
Perhaps the malware was able to delete her older backups somehow.
All ransomware is known to issue a vssadmin /delete command. 100% of our servers and pcs have vssadmin renamed to be inactive.
Remember Netbooks? Windows 10 makes them good again!
Thursday 11th February 2016 21:10 GMT
Why would you use anything but XP if that's what the machine came with and your software doesn't need windows 7+?
Also I'm guessing that the tablet doesn't have a DVD Drive, in which case you could create a bootable flash drive. Build 10586 can automatically detect a Windows 7 or 8 BIOS certificate and automatically register your copy of windows 10 without upgrading.
Everyone who works in IT knows better than to use an in-place upgrade. Use it to register your hardware id with Microsoft and then do a clean install. It will be much smoother. And you can skip the Microsoft hotmail Id, just choose other, etc... They hide it but it's in there. Just keep looking for it.
And Microsoft is only offering a year of free support for those users
Trend Micro AV gave any website command-line access to Windows PCs
Laid-off IT workers: You want free on-demand service for what now?
Viral virus bunfight: Dr Web tested rivals like Kaspersky Lab
Monday 21st September 2015 22:21 GMT
The article says that they "submitted clean but modified files". When the others receive the samples that match closely to a valid file with a few bytes changed, it's very hard to say it's a good or bad file. Poweliks is just a few bytes. I think that it's important to use automated malware analysis tools that can spin up a new vm for every file (like the cuckoo sandbox) to keep up with the million new malware samples every day, to at least flag suspicious files for further human review is the way to go, if they're not already doing this.
I myself have submitted files which I thought were viruses but ended up being benign. They ended up being flagged by Mcafee-Artemis on Virustotal. It was probably a heuristic scan combined with automated analysis, but went awry.
Monday 21st September 2015 22:18 GMT
Hmmm, we use dr web's post-infection scanner when a computer has unknown rootkits malware. We call it "throwing the kitchen sink" at a badly infected computer, after mbam and sas scans and subsequent reboots.
We've also seen zero-day malware that gets cleaned from the registry, and therefore cannot run, and mbam and others remove one file from appdata\roaming etc... but leave another dangerous exe file in the same folder. It's benign and doesn't start, but it's still there.
Ransomware 2.0 'crypts website databases – until victims pay up
Monday 9th February 2015 16:22 GMT
Re: Monitor the database?
It sounds like the next thing in security is something where each save to a script is also cryptographically signed. Here's an excellent idea from the comments on the original article:
Admin access should be restricted to only ssh/sftp sessions using PKI, so useless even if password known/brute forced. Of course one must keep the keys safe and its no protection against vulnerabilities in the web app/os itself, but patching/scanning/pen testing and finally log monitoring do the rest.
Biting the hand that feeds IT
