On Wed, 17 May 2017 12:43:21 +0100 Richard Clayton <richard@highwayman.com> wrote:
WannaCry: Advice to consumers should place a lot more focus on Web Browsers (than on email - although email transports links, sometimes the payload, etc as well - this is well known...- What is not known is that the consumers favorite PORN website also installs 'monitor ware'...) by all means proffer advice to consumers ... but Wannacry spreads entirely over the network (sending traffic to open tcp/445 ports to exploit CVE-2017-0145) <http://cert.europa.eu/static/SecurityAdvisories/2017/CERT-EU- SA2017-012.pdf> No-one (and a lot of folk have been looking very hard) has found any examples of it being spread by email. Early reports suggested this was the initial vector, but they were just guessing -- and the large amount of Jaff being sent at the end of last week added to the confusion. So linking advice about email or web browsers to Wannacry just invites laughing and pointing :(
linking advice about web browsers & email to ransom ware is a good thing, it serves to oppress FUD and it serves to reduce anxiety and as the same advice is usually accompanied by 'install updates' - the media attention span is a few seconds long. Simply saying, the truth: That Microsoft & Apple clients are hostages. means nothing to anyone. Similarly, saying that people are addicted to twitter, facebook, google, snap, etc. also means nothing. I just getting lost. Truth or not. You do know that we are in 'post truth' now? Maybe remind the laughing and pointy peeps that it is a hearts and minds thing and not about what is true or factual. **************************************************************************** In truth the EU should outlaw social media as the body reaction to social media is exactly the same as that of a gambling addict. **************************************************************************** Does the truth and actual facts matter? - No, of course not and there is no way that the public will accept or even think about regulating access to social media websites and apps :) I guess it is a bit like the terminology 'hacker' the media & hollywood simply took the term and did with it as they please. With regards WannaCry - where there is nothing a consumer can actually do when they have been infected and in general people are very ignorant about what actually harms them (like social media for example: One can actually argue that social media is abuse of the Internet?) Best is to do some general education and be opportunistic about getting your own agenda out :) 2c Andre