The WannaCry ransomware has struck! But before we tackle that subject, and who we should blame for one of the highest profile malware attacks for years, we discuss how HP has been unwittingly capturing the keystrokes of its laptop users. Then we briefly discuss what might be the worst cinema date in history, before rounding things off with a discussion of hackers extorting money out of movie studios.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul “Pob” Baccas.
Smashing Security #021: 'WannaCry - Who's to blame?'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Hosts:
Graham Cluley – @gcluley
Carole Theriault – @caroletheriault
Guest:
Paul Baccas – @pobicus
Show notes:
- Hello to Jason Isaacs – Witterpedia.
- Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package – modzero Security Advisory.
- HP responds to laptop keylogger fiasco, promises ‘fix shortly’ – Trusted Reviews.
- Tweet from @__ths__ describing how HP didn’t remove the keylogging functionality – Twitter.
- Backin Up Song – YouTube.
- The Sobig Worm – Wikipedia.
- Customer Guidance for WannaCrypt attacks – Microsoft.
- Microsoft Security Bulletin MS17-010 – Microsoft.
- Microsoft: WannaCry outbreak reveals why governments shouldn’t hoard vulnerabilities – Graham Cluley.
- ‘THIS IS CRAZY’: Austin man sues date for texting during movie – Statesman.
- Hackers Seem to Dump Pirates of the Caribbean on Torrent Sites Ahead of Premiere – Softpedia.
This episode of Smashing Security is made possible by the generous support of Recorded Future – the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.
Sign up for free daily threat intelligence updates at recordedfuture.com/intel.
Thanks to Recorded Future for their support.
Follow the show:
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on iTunes or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
People concerned about WannaCry, and the security conscious in general, should disable SMB v1 in Windows. I'm not sure why this wasn't recommended in the podcast. This can be done by home users as well as corporate users. You should not disable v2 or v3.
https://blogs.technet.microsoft.com/staysafe/2017/05/17/disable-smb-v1-in-managed-environments-with-ad-group-policy/
This is so simple there is no reason not to do it. It's a case of ticking a box in Windows Features (appwiz.cpl)!
My recommendation to avoid infection by WannaCry is to update to MS17-010, disable SMB v1, and ensure you're using decent Internet Security software (AV + Firewall). Updating to MS17-010 alone won't prevent infection if you download any dodgy software / enable macros.
Microsoft recommend that you block "all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices."