Followup on Yesterday’s Post About the Ransomware Attacks, More Oceanography, Mobile Site

Folks,

Mea culpa. It looks more and more like the “ransomware” attacks were not after money, but destruction. That, coupled with the timing in Ukraine right before their Constitution Day, would tend to indicate it was Russian operatives that did this. At first, I assumed that a major attack in Ukraine was Russian-sourced, but as the day unfolded with reports from around the world, I surmised that it was actually NK hackers, making it look like an anti-Ukraine operation, and after even more Bitcoin like the previous wave of ransomware. The fact that there was a major dip in Bitcoin value right before the attack started seemed like an echo from a previous attack.

Well, it looks like I was wrong – the attacks had a poorly-designed ransom function that didn’t work, and in reality, the payload destroyed files of certain types without recording the encryption key used. In other words, it was irreversible – the payload was destructive and not ransomware, it was just built to resemble one. So in this case, paying or not paying had the same result – if you contracted it, your files were toast.

 

Still, the suggestions I made about updating current systems, using good security software, backups, not clicking on ANY link in email, etc. hold. And, should you be running a dead Windows operating system, do plan to upgrade soon – either get a newer pc, upgrade to Windows 10, or install something like Linux Mint or Ubuntu. Right now, you’re a sitting target with adversaries that are evolving while your old machine likely doesn’t have functional anti-virus software, much less modern defenses built into operating systems.

 


 

And now an overdue announcement – tomorrow at noon Eastern, we’ll have part 2 of Boussinesque’s Intro to Oceanography, this time on Ocean Acidification. As a huge fan of all forms of seafood, learning of the effects of this trend on plankton, the root source of all life in the sea, has me quite concerned.

It will be interesting, and he’ll be manning staffing in the comments to answer questions, etc.  – thanks to both for nudges

 


 

A brief note to mobile site users – expect some changes over the next day or three. I intend to bring a lot of the tweaks and tools from the desktop site to the mobile site, where appropriate. I’m sure some will complain, feel free to do so and I’ll adjust it like always! Should you have any mobile site complaints or suggestions, this is the thread for them; I’ll come back here a few times to see if any late readers have added their 2 cents.

 

 


 

Finally, about 3:30 today I will do some backend tweaking and that may make the site boogered for a few seconds. Should this happen, comments you just submitted might get eaten, so if it’s important, around that time, copy comments to notepad or something in case it doesn’t go through. I’ll comment right before and after the change.

Open thread!



Site Maintenance and Tech Suggestion: You Have Been Warned

Folks,

Item the first: small site changes

  1. The blogroll
    This was a classic case of “no good options”. Currently, and for months, the Blogroll opens in the same window. This causes some users to complain and ask that it open in a new page. I finally caved, knowing that in doing so, I would cause IOS users a headache as it blocks pop-ups by default. After making that change, I began to receive emails complaining that for them, Blogroll was no longer working. One report was from a FireFox user, so this is no longer just an IOS issue.
    That got me thinking – one choice means inconvenience, the other means it doesn’t work. So the choice became clear: the blogroll will open in the current page. I’m sorry for the hassle this causes some, but hassle for some is better than not working for some!
  2. Later this afternoon, I’ll be making a few small back-end tweaks related to security. This may make the site hiccup for a moment as the changes take hold. If you have an issue, count to 10 and reload the page and all should be well.  It is possible during this brief time that comments-being-submitted may disappear into the aether. If so, my apologies, and please re-submit it/them.

 

Now, a brief comment on the current wave of hacking going on:

I’m sure you’ve heard about the wave of ransomware/hacking that began yesterday morning in Ukraine and has now spread around the world.  In my opinion, this is another effort by North Korean-affiliated hackers to generate a huge amount of Bitcoin that will likely be used to purchase more tech and hacking exploits. I bet that a significant chunk of the proceeds from these hacks goes back to NK’s coffers, but these likely foreign-based operations need funding, and I think that they likely resort to these types of hacking to keep the electricity on, as it were. I don’t think it coincident that NK re-commenced their numerical code broadcasts about 2 weeks before the last big hack happened.

The issue of concern from my perspective is that this is the second wave of ransomware-hacking on a global scale. I suspect that many of you have read about how a bunch of NSA exploits and hacking tools were stolen, likely from a contractor, and are being released. If a nation state’s hackers were behind the theft, then perhaps they are using these exploits to generate money before systems are all patched.  If this is the case, then these first ransomware attacks are probably using the least-valuable exploits, ones that have already been patched in most systems. I fear that, in the coming weeks, we’ll see more and more of these attacks, and that they will be much more effective, when they begin to use 0-day exploits that no one except the NSA knows about. (On a side note, is the NSA/US Government financially liable for the effects of their stolen cyber weapons?)

So the question is, what can you do/not do?

These important things:

  1. Ensure that your computer(s) are fully up-to-date. This means Windows, Mac, Linux, phones/tablets. Automatic updates are a requirement in this era, embrace them. As soon as an update is released, bad guys analyze it to see what was fixed. Then they target that issue in hopes of catching machines that aren’t yet patched.
  2. Ensure you are running quality Anti-Malware/Anti-Virus software on all appropriate machines. I don’t like to recommend certain brands, but I’d stay away from Russian brands (bye-bye Kaspersky, I cannot trust your great products ever again) and avoid the cheap/free/no-name options.

    I buy an annual 5 computer license via Amazon, use the digital download option, and it’s like $25 a year. DO IT NOW if you do not have such software. Although I use Norton Security, McAfee is another trustworthy name. Neither product is ideal, and I know many of you hate them with a passion for their performance, but for many lay-users, they are sufficient. They are not better than other options, but I prefer them to any free or no-name solution.

    Please try to start your Amazon purchases using the link here or in the sidebar on the desktop site, or in the comment area or top of a post on the mobile site. Every purchase made using these links generates a bit of $ for the site!

  3. Ensure that all important files are backed up. I love cloud storage/backup because it means there’s a copy off-site, so if my local copy gets screwed up, I can get a good copy. I also like a local backup of my files, so I use a on old Raspberry PI with a hard drive as a Samba-powered backup server. It’s simple, effective, and silent.
    For my most important machine, I backup the entire hard drive (I use CloneZilla to copy the entire disk to an external USB drive) every week. That way, worst-case scenario, I can restore my Windows and programs, downloading my files from local or cloud backup.
  4. If you have an old PC or two on your home network, say for the kids to use or for guests, take them off the network if they are running the following operating systems: Windows 95/98/ME/2000/XP/Vista. All of these are no longer supported which means that any exploit that comes out that targets them will be successful. Email and website are the most likely vectors, and, especially with teens, website visits include some gnarly, crap-ridden sites. Ideally, update old computers to a modern version of Windows, or replace the operating system with a more-secure, free option. Linux Mint is a great operating system that works on almost any old machines. I’m quite partial to Ubuntu, both the GUI version and the “headless” server version that I use for my home media server.
    I love the idea of a Chrome Book and similar paradigms – they do seem to have a very good security model.
  5. If you are running an Android tablet or phone, ensure that you’ve got good security software installed. In IOS, we’re ok because of Apple’s walled-garden approach, but with Android, things are much more dangerous. Related to my suggestion of Norton or McAfee, both include options for installing on your devices.
  6. Never click on a link in any email about any account. Always use a new tab in your browser and type in the site’s address yourself and login as you normally do. Often, well-crafted emails purporting to be from a bank or other financial institution will contain links to sites that look and behave much like the real one, but record your username, password, secret questions/answers, etc. and then use that data to steal your money from the real site. Such emails are also often ways that trojans and other nasties get loaded onto your machine.
  7. NEVER put a found USB stick into a connected, important machine. Bad guys are clever – they know people love to find free stuff, and when they do, they hope that there’s something valuable or neat. So bad guys will drop a few poisoned USB sticks in areas where people will find them, then rush home/to the office to see what’s on it, how much room it has, etc. Such a technique will often infect a machine and perhaps other machines on the network faster than you can believe.
    I use a Linux machine to investigate such things, since I’m sure that Windows is the real target, though these days I just break them and dispose of them without even looking – better safe than sorry, and hopefully if it’s legit, I’ve saved someone’s important data from being found by someone not-so-benign.
  8. Don’t leave machines running all the time if you’re not using them daily – an unattended machine is a sitting target. Always check machines at least once a day or so to ensure all looks ok. Nothing like checking your machine after ignoring it for two weeks, only to realize that the deadline for paying ransom expired last week!

 

To conclude, let me explain briefly what a ransomware attack looks like.

The Basic Mechanism

Basically, these things get into your machine and then use high-grade encryption to encrypt all the files on your computer. This means that instead of your resume, that Word doc is a scramble of characters that makes the file unusable and unreadable. You are often given a short-term deadline (3 days) to pay $300 in Bitcoin to undo this, or can take up to 7 days to pay $600. During that period, if the payload on your machine receives a “they’ve paid” signal, it will unscramble your files. If the 7 day limit is passed, your files are re-scrambled with a random encryption key which is never saved, so your files are permanently scrambled. Or at least for the next few years until tech and decryption breakthroughs mean it will take days not decades to decrypt your files. By then, you’ll likely not care.

Signs of a Compromised System

Basically, you’re using your computer and it gets slower, and you might get errors running programs you use routinely, or messages about corrupted files. This is the infected stage – the payload is on your machine and is in the process of encrypting your files. Turning off the computer or shutting down won’t necessarily stop things, but it might. It also might result in your already-encrypted files being permanently scrambled as the tool didn’t get a chance to complete the process and present a ransom demand. If the files are important, it’s almost better to let the encryption process finish so that you can pay them off, confidant that your files are recoverable.

Once the payload has determined that its encrypting-files job is complete, it will present a screen that you cannot dismiss. It will contain instructions, links to tech help, often even live chat-based support, believe it or not. Once you see the screen, it’s time to go buy $300 of Bitcoin and send it to the file-nappers. There are no other options, sadly – the FBI, NSA, etc. cannot help.

So when you hear about a hospital or a company dealing with this, we’re talking about many-to-most-to-all computers being infected. Imagine how much a company has to pay to release all their computers! In a home user situation, having to pay for one machine is bad enough, but having to pay for multiples can quickly get very expensive. Hence the utility of having your files backed up – as long as you have them, you can pay to release the important computer or two, and for the rest, you can reformat, re-install the Operating System, and all your programs.

 

These truly are scary times – take precautions and be safe!

 



Small Site Updates, greennotGreen News

Folks,

I’ll be tweaking the sidebar a bit today and hope to add some nifty things to the comments either later today or tomorrow. Also, a rotating quote line is coming today!

On a more personal note, Terry, greennotGreen’s sister read the memorial thread and let me know how helpful it was:

Alain, I noticed the celebration thread up on BJ. Thanks so much. I’m actually going to use some of the quotations from Carol Ann for the memorial service. She would love the idea of writing part of it herself!

So there you go folks, well done!

 

Open thread!

 

ETA: OK, folks, exciting things just went live. Look below the comment form – there is now a comment help/tips section with lots of useful things (more to come, as things change).  And perhaps more importantly, a built-in pie filter. Use it to block annoying commenters and their comments. It’s harmless – enter a name or a comment number and all comments from that person will be turned into statements about pie. It works on a per-browser basis, storing your list in the browser’s site data.

All hail Major Major Major Major and cleek. Their help to convert the filter from something that you had to tack-on in a specific framework into a built-in function of the site was immense. Thanks guys, your help made this a better place for all.



Brief Site News

Just a few updates you’ll be happy to hear about:

  1. I’ve made a few small tweaks the past day or two and the site renders faster, the sidebar is improved, and a few other related things.
  2. The theme update will hit early next week. I am working on it right now. It’s a major change in the theme version, so I’m taking the time to make a few more styling changes and tweaking things that have always driven me nuts.
  3. Slight sidebar redesign will come as part of that.
  4. An improved Quotes function, more like the previous theme’s. Next week, I’m going to open a thread for suggestions to add to the current list to keep it from getting stale; I’ve already added “Not all heroes wear capes”.
  5. Coming soon, with/right after the theme update: Comment instructions/tips, new and improved
  6. Coming with that: A built-in filter to block commenters you wish to ignore*. No more Greasemonkey script, browser limitations, etc. It will work on all browsers that support local storage, but the list from one machine won’t be on another, so you’ll need to maintain your pie list on each device on which you read comments. Major thanks to cleek and Major Major Major Major.
  7. A few other treats.

* this is known as a pie filter. It turns comments from a commenter into ravings about pie, but for you only.

Open thread, and do join in for tomorrow’s noon memorial post for greennotGreen. I will be using that thread as the final chapter in a pdf I’m building for her family. It’s your chance to put into words how she touched you, or to point to a post or comment that you feel is important to include in that set of memories.

 

ETA: forgot to add, also adding an image slider plugin that will work on both the desktop and mobile themes. The current sliders are desktop only, thus leaving mobile users missing something great. That will be after 1-7.








Open Thread

Countdown to the Start of the Weekend EDT

We just added a new Countdown Timer thinggy as per Adam’s request. It works on both desktop and mobile sites which is a win.

 

 

Open thread!

 

ETA: Learning pains








Site News: Updates and Suchlike

Good morning everyone!

This morning, I’m updating WordPress and a host of plugins and doing a bit of tweaking and site maintenance. This is in preparation for updating the theme Monday, and then releasing some new stuff once we’ve got a stable platform.

That said, I’m just in the office this morning, so I won’t be tackling any other issues, but feel free to mention them in this thread and I’ll check in later.

Next week I hope to publicly launch our Issues tracker, as well as an all-new submission form for On the Road, as well as a redone Contact a Front Pager form. There are some neat things coming soon such as a localized version of the Pie filter that runs in your browser, couple with one or more comment improvements. I am also planning on a few architectural changes to speed up the site and to reduce the morning slowdown (which is from the daily backup). Once those are in place, I’ll replace the current site search with a much better one. More on that soon.

Open thread y’all








Site News and Open Thread

Folks,

Just a brief tech update and open thread for non-healthcare conversation.

I’m pleased to report that the permanent test site is up and running. That’s allowing for much-needed fiddling and experimentation that doesn’t affect the live site. There are lots of tweaks and enhancements on the horizon, many things that will make your commenting and reading/watching experience better. I’m hoping I hope some small architectural changes will improve your experience, especially during the mid-late morning when the site seems……to…. c….r…a…w…l.

More about that soon, plus there will be a public-accessible Issues tracker that you can use to submit suggestions, complaints, etc. about the site. I’m always happy to get emails, but going forward, all issues will be entered there so things can be tracked. If nothing else, it gives us a permanent place for people to post ideas, suggestions, and gripes, and they will not get lost. So even if nothing gets done today, that report is still there, and might get looked at with a new perspective at a later time.

Later today, I hope to launch an improvement to the Site Search function. It has come to my attention that the current search isn’t doing what needs to be done as it doesn’t search comments. And yes, I know you can go to Google to search balloon-juice: XXX and it will search the site and comments for “XXX”. But really, the site’s search should also search comments, and we shouldn’t have to go off-site!

 

That all said, open thread.

 

ETA: As MissBianca Miss Bianca’s experience has shown, changing your nym (or commenting for the first time) puts your comment into moderation. We’re adding a little helper section to the comment form with some tips and this topic is explained to ensure that folks understand why some things happen.

To explain – the first comment you make with a nym and email address on a device is held in moderation; she skipped the space so the system thought MissBianca was a new commenter and so her first comment was put into Moderation. When she added the space, she was recognized as someone who had made comments previously and so that comment was not held in moderation.

Once that first comment is approved by a Front Pager, subsequent comments from that device, using that same nym and email address, are automatically published.

 

Should a comment disappear into the aether, please send me an email with the Post name (or a link to it!) and your nym and the rough time so I can investigate. When this happens, it almost always means that your comment was insta-Trashed as opposed to being held in Moderation or being marked as Spam.

Insta-Trash for comments from frequent commenters is an issue I want to solve, so please do let me know. Occasionally there are readers who have always had comments disappear and thus have never successfully commented. If that happens to you, please email me – something about your nym or the email address you’re using is triggering our detection mechanism and I’d like to solve that and add your voice to our conversation.

 

ETA again: Updated a slew of plugins that suddenly announced their upgradeable status.