I have seen the future.

Not hostageware, just a variant on "fake AV".

But yeah. It's reporting false HW errors. The specific bit I was looking at is the booted-up Windows machine with the error showing "boot sector unreadable".

From:

snobahr.livejournal.com

Really? If it's not Hostageware, why's it got the "Trial Version" in the lower right corner, "Click here to activate"... Or is this PRE-hostageware... where it's knocking on your proverbial door to be let in (and take your computer hostage)?

From:

Notice how that button has the little "give me admin rights" icon, to encourage you to expect it to prompt and to click "yes, okay?"

As of when that pic was taken, a bunch of the usual Windows tools had been disabled (task manager, etc) and the desktop items had been hidden, but nothing was lost, and it's not like the disk had been encrypted and the software demanded a CC number to get the encryption key. As of right then, it's fake-AV, demanding money to fix problems that don't exist - but not demanding money to get your stuff back from it. So I wouldn't call it "hostageware", yet. It might be?

From:

ice-hesitant.livejournal.com

For a typical computer user, is there a difference between rendering data inaccessible by disabling standard Windows tools and rendering data inaccessible by encrypting it?

From:

jerril

Yes, the average user doesn't use Task Manager etc. They don't use standard administrative or troubleshooting tools at all. They use a web browser, some games, a word processor, perhaps an email client.

The desktop icons being hidden would throw a lot of folks though. Does the start menu still work?

From:

torrain.livejournal.com

Yes, the average user doesn't use Task Manager etc.

I want to disbelieve. I think I've been using Task Manager for over a decade, and... I mean, my mom uses Task Manager...

I don't think I know average people. This disturbs me greatly.

From:

jerril

My mom cleans up her own viruses and installs her own RAM and disk upgrades. Geekery is clearly heritable, and probably contagious. I WORK with normal people though. It's like a National Geographic Special watching them try to troubleshoot the computer sometimes.

From:

The emails. THE EMAILS.

Subject: blank.
Body: A screenshot of notepad, in BMP, saying "email doesn't work".

I GET THESE.

From:

chaosrah.livejournal.com

A friend had that problem- it turned out her text was set to white instead of black, so you couldn't see what you were typing...

From:

In this case, there was no such issue. No, this user had gotten a bounced message because they had typo'd an email address (".com" does not have three ms), hadn't bothered to read the "that email address isn't valid" error, hadn't bothered to check, and simply assumed that all email was down for everyone. So they emailed me to tell me about it. And wanted to include a screenshot to demonstrate the error, but also wanted to EXPLAIN the error, hence notepad completely covering the actual error - because a screenshot of notepad is WAY more useful than a screenshot of the error message (which was, again, "YOU FUCKED UP. THAT EMAIL ADDRESS IS INVALID. CHECK IT AND RESEND YOUR MESSAGE"), and message BODIES and message SUBJECTS are totally redundant and useless. And, of course, there's absolutely no better way to report "email doesn't work" than by using email."

This was a complete failure of reading and thinking, from start to finish.

From:

chaosrah.livejournal.com

hahaha

From:

lederhosen.livejournal.com

A long time ago I managed to convince myself that my acquaintances are not REMOTELY representative of the human race. It went like this:

1. Holy crap, Celine Dion is selling a lot of records.
2. Do I know ANYBODY who would buy Celine Dion? Anybody? Anybody at all?
3. Read a few women's magazines to learn how women are expected to approach the world.
4. Do I know ANY women who think that way? Any at all?
...etc.

It's kinda like dark matter: we have evidence that it makes up 90% of our universe (or whatever the number is) but we don't seem to be able to observe it directly.

From:

One in five people is Chinese? That can't be, I know hardly any Chinese people!

From:

They must be hiding. Let's see.... in my family there's me, David, Malcolm, Zhang, and Barbara...

...I think it's probably Malcolm.

From:

Yes - when you take the computer to a professional, "standard windows tools are missing" is totally fixable without data loss. "entire HDD is encrypted and some Chinese script-kiddie wants a CC number before handing over the key" is not.

Semicompetent user-grade freeware encryption is not breakable, except POSSIBLY by people using supercomputers and employed by those willing to pay them enough to not spill the beans. And that kind of disclosure is the kind of thing hundreds of people worldwide have doctorates in proving is not possible.

(Of course, then you spend a month attached to CERT and you laugh at the sheer number of cases where it's impossible, and yet happens anyway because the people implementing it MADE A MISTAKE.)

From:

Actually not so.

http://ob-security.info/?p=274

Admittedly that's pretty pricey to build, but its a darned sight cheaper than Roadrunner or something.

From:

Actually, yes so. That dude's overpriced underperforming home PC still can't brute-force basic competent encryption before the heat death of the universe. Of course, since "every atom in the universe becoming a bit in an impossibly-fast computer can't brute-force basic competent encryption before the heat death of the universe", that's not all that remarkable.

Cracking encryption *requires* a failure of implementation, a failure of algorithm, an exposure fo key, or all three.

(For a fraction of the cost of that home-user piece of crap, he could have rented a hundred thousand times it's power from EC2. For MONTHS. And a hundred thousand times that machine's power, for months, can't crack PGP on a single email, let alone real encryption on something that actually matters.)

From:

Umm.

No.

He beats any NTLM in under a few days.

GPU cracking is all the rage man. And EC2 isn't that great - particularly compared to that guy's box.

http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/

Compute done: Reference time 2950.1 seconds
Stepping rate: 249.2M MD4/s
Search rate: 3488.4M NTLM/s

vs

MD4 75.2B/sec
NTLM 70B/sec

He'd be even faster with Tahiti based GPU's (orders of magnitude).

http://hashcat.net/forum/thread-817.html

A single GPU is doing 15813M/s for NTLM - so his 8-way kit would be doing 126.5B/sec.

Roughly 36 times faster than an EC2 GPU Compute instance.

Not to mention he can pick this box up, drop it at a client, wait the 4-5 days and have a solution.

It's not going to crack a well implemented encryption in a hurry - but any MD5 is done in 10 days on a single card.

Add to the fact that the guy probably charges 2-5k/day for his services - he only needs to work for less than 3 days to purchase this kit.

Edited Date: 2012-06-13 05:13 am (UTC)

From:

more maths on the subject.

For MD5 you're looking at 45 days to crack with a single EC2 instance VS 10 days with a single 7970. 45 days EC2 time is ~$2200, a 7970 is much less than that ($479 on newegg) and if you use that $2200 on 7970's, you can have it done in 2.5 days VS the 45 days.

In short, EC2 is overpriced.

From:

NTLM is not "real encryption". Neither is MD5.

(You may be right about the pricing. But still.)

Edited Date: 2012-06-13 12:48 pm (UTC)

From:

Well, you could have errors and still boot, theoretically. It says might have failed to initialize, not that it's 100% unreadable.

From:

Still bullshit, though.

From:

Windows XP.

From:

anivair.livejournal.com

That was my thought. Any flavor of Windows, really.

From:

duskwuff.livejournal.com

"SMART Repair" is a ridiculous, meaningless concept.

SMART reports hardware problems with a hard drive. The fix for these problems is to replace the disk. You cannot repair them with software.

Also, none of the "errors" being reported are from SMART at all.

From:

thornae.livejournal.com

I'm going to go with "lots", Barry.

(Incidentally, did you ever hear about Microsoft's legitimate "Mallware signeture" message (http://blog.netnerds.net/2008/12/ms-defender-error-mallware-signeture-download-appears-legitimate-unfortunately/)? I spent bloody *ages* trying to track down what I'd been infected with, only to find it was Windows Defender.)

From:

if you think this is scary, go read about Flame.

Windows Update cert's got compromised. This is a big deal.

From:

Not "windows update". Windows terminal services. Of course, once you have a trusted MS-signed executable, and you can control DNS, you can provide Fake Windows Updates via Fake Windows Update.

From:

my understanding is that they are moving Windows Updates out of that chain asap.

Apparently security researchers have been saying this kind of attack exists for years, just nobody cared because you needed to be able to sign MS certs. The TS certs got leaked/stolen/whatever and oops.

From:

I don't think it's in the same chain at all. The problem with trusted code has always been that, if you can fake the trust, you can do anything you want to it.

Basically, it doesn't matter that the signing cert isn't supposed to sign web SSL certificates or Windows Update packages - you *can* discover that it's using the wrong trust authority chain, but there's no reason you'd ever look, and the authority chain it is using is trusted at every point all the way back to root. And once you can successfully sign code as "trusted by Microsoft", you can fake DNS to point update.microsoft.com to your fake WSUS server, you can present a fake signed cert saying that "yes, I am really update.microsoft.com, and you can present arbitrary code as updates that's signed as a valid MS update.

And yes, the whole point of trusted certificates is that, in fact, it's not an issue unless a trusted signer is compromised.

Edited Date: 2012-06-13 03:15 pm (UTC)

From:

thornae.livejournal.com

Yeah, I'd heard about that one, but at least in that case it's genuinely clever (if evil) blackhat stuff, not Microsoft's own software making itself look like a goddamn piss-poor phishing attempt.

From:

sarcasticmaster.livejournal.com

Was gonna just say "LOL IE," because I figured I'd have to be a super-geek to figure out the real answer. Then it turns out that it was a booted computer giving an error that, "THE HARD DRIVE FAILED TO BOOT AND IS ITSELF ALSO FAILING. D:" Man.

From:

Not just that, but also "your disk has hardware errors. Please give us money for our software that will fix your hardware"

From:

sarcasticmaster.livejournal.com

Heh. True.

Since Google is only giving me results for the aforementioned malware, I assume that "system blocks" is not real hard drive terminology. I mean, I know hard drives have sectors, but...

*basically knows just enough about computers to get myself out of minor situations, and has the wherewithal to shout for an expert when shit goes bad*

From:

It's about as accurate as the average CSI or Michael Bay computer explanation: Lots of words used almost (but not quite) correctly, describing something that can't possibly be happening.

From:

sarcasticmaster.livejournal.com

So essentially, the first panel. :P

(http://www.smbc-comics.com/index.php?db=comics&id=2526)

From: