Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Vice)   No 'Big Brother' hijinks going on here, just the FBI accessing computers around U.S. to delete Microsoft Exchange hacks   (vice.com) divider line
    More: Interesting, Federal Bureau of Investigation, Microsoft Exchange Server, Microsoft, United States Department of Justice, E-mail, web shells, Windows PowerShell, Microsoft Exchange Client  
•       •       •

717 clicks; posted to STEM » and Main » on 14 Apr 2021 at 6:20 PM (3 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



18 Comments     (+0 »)
View Voting Results: Smartest and Funniest
 
2021-04-14 5:21:13 PM  
The government fixes your computers for free?   Corporate socialism at work.
 
2021-04-14 6:25:46 PM  
It's amazing how private enterprise gets everything done right and government is nothing but dead weight. Time for more corporate tax cuts!
 
2021-04-14 6:54:42 PM  
external-content.duckduckgo.comView Full Size
 
2021-04-14 6:56:12 PM  
I work in infosec and I will tell you this much...

I used bluekeep to get into a vendor-maintained PC so that I could patch it for bluekeep. The amount of time it would take to find the system owner and convince them to give me credentials increased the risk beyond acceptable... so action was taken.
 
2021-04-14 7:11:32 PM  
These are shiat-your-pants level vulnerabilities that need to be fixed RIGHT DAMNED NOW, and the patch is available.

There exists a "fix your crap or it will be fixed for you" point, and we are past it. Would subby prefer it be the GRU infesting their network, stealing information and gathering kompromat?
 
2021-04-14 7:36:54 PM  
Fark user imageView Full Size
 
2021-04-14 7:46:44 PM  
We once got hit with what we called "the nice virus": when infected, it goes to Microsoft and downloads the patch for the vulnerability that allowed it to infect your system in the first place, then it deletes itself.

It was conjectured that it was written by one of our Network admins and accidentally escaped its environment.

For all I know, it's still out there, still merrily patching systems.
 
2021-04-14 8:13:54 PM  
The fun part is knowing that the FBI's now watching any & all access to those machines - after all, they didn't remove the vulnerabilities or patch Exchange, they just removed the hack.

Anyone dumb enough to reapply the hack on an FBI-cleaned machine might as well scream "ARREST ME DOMESTICALLY OR DRONE ME TO DEATH OVERSEAS, PLEASE!"
 
2021-04-14 8:14:45 PM  

Marcus Aurelius: The government fixes your computers for free?   Corporate socialism at work.


They're not fixing shiat. They're just smacking your shiat for acting up. It's up to you to teach your servers right from wrong.
 
2021-04-14 8:23:32 PM  
The real surprising thing here is that some anonymous security researcher didn't beat them to the punch.
 
2021-04-14 8:23:55 PM  

Sim Tree: We once got hit with what we called "the nice virus": when infected, it goes to Microsoft and downloads the patch for the vulnerability that allowed it to infect your system in the first place, then it deletes itself.

It was conjectured that it was written by one of our Network admins and accidentally escaped its environment.

For all I know, it's still out there, still merrily patching systems.

There was a science fiction story I read that involved something similar biologically. A virus was engineered to cause the immune system to develop antibodies not only to itself, but to all then-known major communicable illnesses. It itself would only be dangerous to something like 0.1% of the population who had a defective immune system. You feel like crud for a week or two, then come out immune to just about everything that then-currently exists.
 
2021-04-14 8:43:42 PM  
There's another firedrill going on now but not quite as crazy. I didn't pay attention to the details but it's more like "get this done by Monday" and not "get this done today" so progress?
 
2021-04-14 9:35:08 PM  
The human race is not advanced enough to use the technology we've created.
 
2021-04-14 10:48:50 PM  
They should release the names of these companies that are too irresponsible to have internet access and require taxpayer funded cleanup efforts.

Then they should be walled off from the internet for a time until they show they can handle infosec in an adequate manner
 
2021-04-14 10:55:57 PM  
I successfully protected my Exchange server from the CCP... by replacing it with MailInABox which runs on Linux.  And I have to say, as a Windows guy... it was basically impossible to mess up, it does everything for you including DNS (with SPF and DKIM) and encryption.

Maybe it's not suitable as an enterprise mail server, but I'd say for a small business or for personal deployment if you're tech-inclined it's so superior to Exchange there's no point in comparing them.
 
2021-04-15 12:14:22 AM  

Unsung_Hero: I successfully protected my Exchange server from the CCP... by replacing it with MailInABox which runs on Linux.  And I have to say, as a Windows guy... it was basically impossible to mess up, it does everything for you including DNS (with SPF and DKIM) and encryption.

Maybe it's not suitable as an enterprise mail server, but I'd say for a small business or for personal deployment if you're tech-inclined it's so superior to Exchange there's no point in comparing them.


Yep, I've used MIAB for about 5 years now on a $5USD/m VPS. I switched to it because Google wanted to charge me $5/m per domain PLUS $5/m per user, and I manage about 15 domains across about 5 users.

It adds new security stuff before I even know it exists. If only some of my domain hosts knew they existed (like DNSSEC).
 
2021-04-15 12:47:28 AM  

COMALite J: Sim Tree: We once got hit with what we called "the nice virus": when infected, it goes to Microsoft and downloads the patch for the vulnerability that allowed it to infect your system in the first place, then it deletes itself.

It was conjectured that it was written by one of our Network admins and accidentally escaped its environment.

For all I know, it's still out there, still merrily patching systems.
There was a science fiction story I read that involved something similar biologically. A virus was engineered to cause the immune system to develop antibodies not only to itself, but to all then-known major communicable illnesses. It itself would only be dangerous to something like 0.1% of the population who had a defective immune system. You feel like crud for a week or two, then come out immune to just about everything that then-currently exists.


And in a twist ending everyone became hyperallergic to peanuts and gluten!
 
2021-04-15 1:30:02 PM  
Removing the vulnerabilities without leaving their own backdoor?

Not a chance.
 
Displayed 18 of 18 comments

View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking





On Twitter



  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.