A glimpse inside CryptoWall 3.0 (opens in new tab)

(blog.brillantit.com)

51 pointscodesuela10y ago19 comments

19 comments

13 comments · 2 top-level

politician10y ago· 8 in thread

I wonder whether various browser vendors are investigating ways to disable loading Wordpress sites given their propensity to being taken over by exploits. The browser vendors collectively disabled/stunted Flash, maybe it's time for Wordpress to go down?

Karunamon10y ago

Is Wordpress really that insecure, or is it the fact that it's the single most popular blogging platform out there, requires very minimal technical competence to set up, and therefore its users are doing dumb things with the configuration?

eugenekolo210y ago

I'd call it a combination of it being extremely popular (attackers want it), minimal technical competence, PHP, and a history of really bad bugs.

1 more reply

woah10y ago

How can a browser practice voodoo to find out what's running on the server? Flash is a client side technology, and the browsers (clients) got rid of it. There is absolutely no way to tell that a website is running Wordpress. Also, why would the browser even care what happens on the server? Blocking websites that use Wordpress is about as doable as blocking websites whose sysadmins have mohawks.

politician10y ago

Voodoo? It's easy enough for automated toolkits to determine when Wordpress is running on a server by querying well known paths. Having client browsers perform the same trick when connecting to new domains isn't the black magic you're trying to make it out to be.

michaelbuckbee10y ago

Better to collectively track which domains are serving malware (aka 'This Site May Contain Harmful Things') than pick a particular CMS.

drzaiusapelord10y ago

The blame should be on MS here. Why does this OS happily run unsigned executables from random sites, random emails, etc? The days where that's a common use case are long behind us and for legitimate uses, end users can go into the control panel and whitelist exe's on a per exe basis. Its way, way too easy to fool a Windows user into running your code.

throwaway776710y ago

Browsers are not the internet police, and browser vendors should not be in the business of deciding which server software it wants to talk to.

Flash and other plugins are a completely different thing. Running flash is not a core functionality of the browser. Making HTTP requests and rendering HTML is.

politician10y ago

> Browsers are not the internet police.

Browser vendors have already inserted themselves into this role by selectively blocking Flash, messing around with how certificates are presented by the browser to imply certain things ("green lock == safe") when no such implication can be made, blocking and/or allowing ad blockers, etc.

Maybe you're too young to remember when everyone had to update their Flash installations every week because that product was improperly sandboxed, so you think that the issue was purely battery related. Blocking and restricting flash is as much about security as battery, more-so in my opinion.

But OK, let's compromise -- rather than preventing connections to Wordpress sites, maybe they could draw a big red line through a picture of the Wordpress logo, and then perhaps warn the user that this site is or soon will be serving malware.

1 more reply

netheril9610y ago· 3 in thread

> Deactivating: Shadow Copies Startup repair Windows error recovery

> And stopping: Windows Security Center Service Windows Defender Windows Update Service Windows Error Reporting Service and BITS

Won't these actions require administrator privileges? How do the program escalate its privilege if it starts by user clicking on a js file?

ploxiln10y ago

UAC gave Windows Vista a bad reputation for annoying prompts all the time, so in the interest of user experience and convenience, starting with Windows 7 Microsoft intentionally made it much less bulletproof: any Microsoft signed executable can bypass UAC. This includes common system executables which can be caused to load arbitrary dlls, this includes the control panel to turn off UAC entirely. It hasn't and won't be "fixed", it's just how it all works.

http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

noinsight10y ago

> any Microsoft signed executable can bypass UAC.

If UAC is set to Medium (the default).

If you're serious about security you should set it to High.

1 more reply

eugenekolo210y ago

Many people have UAC disabled.

j / k navigate · click thread line to collapse

19 comments

13 comments · 2 top-level

politician10y ago· 8 in thread

Karunamon10y ago

eugenekolo210y ago

I'd call it a combination of it being extremely popular (attackers want it), minimal technical competence, PHP, and a history of really bad bugs.

1 more reply

woah10y ago

politician10y ago

michaelbuckbee10y ago

Better to collectively track which domains are serving malware (aka 'This Site May Contain Harmful Things') than pick a particular CMS.

drzaiusapelord10y ago

throwaway776710y ago

Browsers are not the internet police, and browser vendors should not be in the business of deciding which server software it wants to talk to.

Flash and other plugins are a completely different thing. Running flash is not a core functionality of the browser. Making HTTP requests and rendering HTML is.

politician10y ago

> Browsers are not the internet police.

1 more reply

netheril9610y ago· 3 in thread

> Deactivating: Shadow Copies Startup repair Windows error recovery

> And stopping: Windows Security Center Service Windows Defender Windows Update Service Windows Error Reporting Service and BITS

Won't these actions require administrator privileges? How do the program escalate its privilege if it starts by user clicking on a js file?

ploxiln10y ago

http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

noinsight10y ago

> any Microsoft signed executable can bypass UAC.

If UAC is set to Medium (the default).

If you're serious about security you should set it to High.

1 more reply

eugenekolo210y ago

Many people have UAC disabled.

j / k navigate · click thread line to collapse