Jump to content
DVDVR Message Board

YOUR WI-FI IS FUCKED


Recommended Posts

As if restarts after Windows updates didn't already need heavy praying to make sure it actually reboots.  And now I'm probably turning off my Update since I'm running an AMD.

Link to comment
Share on other sites

I just got the "Fall" Creators update, which didn't give me the prompts to delay restarting or updating like any other non-Creators update. When that update rolled out last yet, it took an hour. An hour on an SSD. At times it just looked like it was frozen. So I went and did some laundry hoping my computer wasn't fucked. When I just got the update a couple weeks ago it went faster, but I have PTSD from the last time. 

I think Microsoft hit a homerun with Windows 10. Everything else has been shit.

Link to comment
Share on other sites

Yeah. I've had to rebuild 4 friends' and my Mother's comps from zero because they didn't know better and didn't realize that it was an update reboot and tried to reload during an update.  It's not fun.  On the plus side, my wife watching me curse and blow a day on the process got her to just sit and wait when she say an update hitting, so I got that going for me.

  • Like 1
Link to comment
Share on other sites

3 hours sounds like what another friend went through. He said he just went to bed and crossed his fingers that it would be done in the morning.

It was done, but then after he booted up he got that "Hey, we just updated your PC, here's what we did, but first, we're going to finish the update and that may take awhile." That lasted forever.

I was about to say that I got lucky this last time around, that it was like last year's update, but that's not really true. I forgot that at times Windows Update would use up something around 70% of my CPU. I would be playing Dota, which doesn't use that much of my CPU, and the thing would turn into a slide show. There's no reason the installation of the update or any patch should take up that much of the CPU. At least I was able to boot my computer when it was done.

Link to comment
Share on other sites

  • 3 months later...

Sorry to pull this thread up, but apparently Spectre and Meltdown were just the beginning:

https://thehackernews.com/2018/05/intel-spectre-vulnerability.html

This basically means that for the time being cloud computing in theory should be toast. When I read about this last Thursday my first thought was that I could make some money out of this by shorting shares of the biggest cloud computing providers (Amazon, Microsoft and Google) but then I realized that (a) 99.99% (or more) of investors won't realize what Spectre NG could mean and (b) no companies using said cloud services have an interest in this getting a huge topic as it would also fuck their business.

Link to comment
Share on other sites

With how hard *everyone* is pushing toward one appliance with VM's these days (cost savings within Data Center environments), yeah, this is gonna be pretty damn spectacular.

Link to comment
Share on other sites

  • 3 weeks later...
On 5/26/2018 at 4:37 PM, Lamp, broken circa 1988 said:

hey hi how're you doing why don't you take a few minutes today and like grab a book and reboot your router

As soon as I saw your post I rebooted it, thanks for the heads up.

Shit, at this point I might as well keep the thing unplugged when we're not in the house.

Link to comment
Share on other sites

  • 1 year later...
  • 1 year later...
6 hours ago, Lamp, broken circa 1988 said:

hey update your windows tonight, every version of windows has a Bad Problem involving printers and the sooner you can update the better, s/o to microsoft for getting the patch out in like three days

Yes, we just discussed the PrintNightmare print spooler exploit this morning at the daily tech meeting.   All of our print servers will be updated before close of business today.

If you don't already have Windows Update set to automatic, you probably should.  Just configure it not to process updates to JAVA automatically and you should be good.  JRE updates seem to be breaking JAVA with alarming regularity, so don't install them until you do your research and find out that the update is stable.

Edited by J.T.
  • Like 1
Link to comment
Share on other sites

13 hours ago, Lamp, broken circa 1988 said:

hey update your windows tonight, every version of windows has a Bad Problem involving printers and the sooner you can update the better, s/o to microsoft for getting the patch out in like three days

Bigger shout-out to Microsoft if the patch had actually worked.

Link to comment
Share on other sites

  • 5 months later...

Well. 0-day serverside java exploit that allows easy remote code execution. Entirely serverside, no way to fix it on your end, no way to even know what you might be using that uses it. This is the Big One.

https://apnews.com/article/technology-business-lifestyle-software-apple-inc-aed3cc628fc602079b100757974c8f01

I want to scream, but not in like an angry or stressed way? It's like finding out a river was actually an Old God, and your town is about to undergo the most incredible changes. Your foolish need for water has scarred thy DNA, and when the agents come all they have to do is hum a little tune and your flesh and bones will stretch and cancer, and open a little hatch to your mind. It is about that bad of an exploit.

Good luck, and get baked goods for your IT people because they're gonna have a rotten December.

Link to comment
Share on other sites

Apache already has a security advisory out, my brother.

Log4j – Apache Log4j Security Vulnerabilities

Fear not.

For you security guys out there like me fighting the good fight, here are the recommendations you should take as per CERT and the US Army IAVA notes I got over the week from INSCOM.  They are Unclassified and not FOUO so I can share them here.

Quote

Recommended steps you can take include:

  • Upgrade to Apache Log4j 2.15.0. If you’re using Log4j, any 2.x version from 2.14.1 earlier is apparently vulnerable by default. (If you are still using Log4j 1.x, don’t, because it’s completely unsupported.)
  • Block JNDI from making requests to untrusted servers. If you can’t update, but you’re using Log4j 2.10.0 or later, you can set the configuration value log4j2.formatMsgNoLookups to true, which prevents LDAP and similar queries from going out in the first place.
  • Check the Java runtime that you’re using. The underlying build of Java that you have may prevent this bug from triggering based on its own default configuration. For example, Apache explicitly lists Oracle Java 8u121 as providing protection against this RCE.

We upgraded to 2.15.0.  We didn't have to worry about LDAP since we have three-factor authentication for our LDAP user accounts, so we control who gets LDAP access and when and only a few LDAP accounts are active at any one time.  The passwords also expire every 3-5 days.  LDAP exploits often depend on lazy sysadmins not changing the passwords which allow the accounts to use single sign-on to access just about anything they want to, which is why we also bind LDAP to three-factor authentication.

Edited by J.T.
Link to comment
Share on other sites

5 hours ago, Technico Support said:

Three factor?  Sweet Jesus.  I get mad when I have to get up and get my phone to log in.

it's only three factor for the Top Secret / SI stuff that accesses LDAP accounts.  Everything else is CAC and password.

  • Like 1
Link to comment
Share on other sites

  • 4 months later...

Hacker dudes and COMSEC homies.  Hope you are all tracking the JAVA vulnerability du jour.

Quote

Oracle has patched a nasty vulnerability in the Java framework, the severity of which cannot be overstated, security experts say.

Tracked as CVE-2022-21449, the flaw was found in the company’s Elliptic Curve Digital Signature Algorithm (ECDSA) for Java 15 and newer. It allows threat actors to fake TSL certificates and signatures, two-factor authentication codes, authorization credentials and the like. 

As explained by ArsTechnica, ECDSA is an algorithm that digitally authenticates messages. As it generates keys, it’s often used in standards such as FIDO’s two-factor authentication, the Security Assertion Markup Language, OpenID, and JSON. 

 

  • Thanks 2
Link to comment
Share on other sites

  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...