Win10

For the generic offtopic chit-chat
Killua

Re: Win10

Post by Killua »

My laptop isn't that fast so can't play AAA games, don't need Windows anymore, I'm fine with Linux Mint  8)
Also unrelated but you guys need to update the "What yr it is now" question for registering/posting, or even better install google's recaptcha?
Hehehe yeah, it happened when i registered a few days ago, i was about to give up, but got the idea to try with previous years  ::)
Tomaso

Re: Win10

Post by Tomaso »

For Win7/8.1 users who doesn't want to mess around too much with gpedit/regedit, this handy tool will set you up real quick!..

Never10 (Freeware):
https://www.grc.com/never10.htm
Never 10 is an easy to use utility which gives users control over whether their Windows 7 or 8.1 will upgrade itself to Windows 10.
Image
KitKat

Re: Win10

Post by KitKat »

Tomaso wrote: For Win7/8.1 users who doesn't want to mess around too much with gpedit/regedit, this handy tool will set you up real quick!..

Never10 (Freeware):
https://www.grc.com/never10.htm
Never 10 is an easy to use utility which gives users control over whether their Windows 7 or 8.1 will upgrade itself to Windows 10.
Image
I found that simply taking ownership of the GWX folder in system32 and then deleting everything in it does the trick ;)
Very easy to batch script aswell if you accidently a GWX update.. (you can just uninstall all the KBs related to windows10, which i dont think your utility does?)
That was until microsoft pushed the next "recommended" update to re-install GWX a few weeks later.
You really need to read those/disable automatic now if you dont want windows 10.

Speaking of unwanted updates, linux mint in cinnamon flavor got rekt last month.
Only noticed when i recommended mint as a "secure" and "easy to use" flavour of linux to a friend.
Was quite amusing..
Tomaso

Re: Win10

Post by Tomaso »

[quote="KitKat"]you can just uninstall all the KBs related to windows10, which i dont think your utility does?)[/quote]

It's not "my" utility.
I actually prefer to do things manually too..
Which should be apparent from my posts here:
index.php/topic,2872.msg13610.html#msg13610
index.php/topic,3688.msg19029.html#msg19029
:)
KitKat

Re: Win10

Post by KitKat »

Tomaso wrote:
KitKat wrote:you can just uninstall all the KBs related to windows10, which i dont think your utility does?)
It's not "my" utility.
I actually prefer to do things manually too..
Which should be apparent from my posts here:
index.php/topic,2872.msg13610.html#msg13610
index.php/topic,3688.msg19029.html#msg19029
:)
I believe that was a slang "your" as in you linked it, my knowledge of it came from you thus it belongs to you!

There was another KB update under a different name that was pushed last tuesday for GWX on windows 8 than what you have listed btw (according to an RSS feed of mine at least..)
My laptop isn't that fast so can't play AAA games, don't need Windows anymore, I'm fine with Linux Mint  8)
IIRC wine can still emulate windows well enough to play triple A games (friend is currently playing GTA5 on his ubuntu machine) Its actually arch linux, my mistake..
Requires like twice the specs that native windows does tho..

/e: Apparantly hes done some magic with his kernel to allow VMs to fully utilize his GPU and is using qemu + windows 10

/e2: Whats everyones favourite flavour of *nix? *proceeds to hijack a windows thread*
Last edited by KitKat on Tue Mar 29, 2016 4:44 pm, edited 1 time in total.
Tomaso

Re: Win10

Post by Tomaso »

[quote="KitKat"]There was another KB update under a different name that was pushed last tuesday for GWX on windows 8 than what you have listed btw[/quote]

Nah, it was just a new revision of one of the old ones.
That being said, my blacklist isn't half as long as some of the most paranoid ones out there.
..But really, considering the way M$ has been acting lately, I can't blame people for being suspicious!

Also, recently there was the mysterious phantom update KB3103709..
M$ never released any documentation for it (so I obviously never installed it).
Several days later, they actually removed it!
KitKat

Re: Win10

Post by KitKat »

[quote="Tomaso"]
[quote="KitKat"]There was another KB update under a different name that was pushed last tuesday for GWX on windows 8 than what you have listed btw[/quote]

Nah, it was just a new revision of one of the old ones.
That being said, my blacklist isn't half as long as some of the most paranoid ones out there.
..But really, considering the way M$ has been acting lately, I can't blame people for being suspicious!

Also, recently there was the mysterious phantom update KB3103709..
M$ never released any documentation for it (so I obviously never installed it).
Several days later, they actually removed it!
[/quote]
Had a friend recently ask me if trustedinstaller.exe was malware.
I told him no if its in your %windir%\servicing folder and microsoft signed its legitimate.
He replied "Then why does it keep trying to replace my operating system with something i dont want?"

Thought he was telling a joke because i laughed, apparantly he was serious.
Says alot about microsoft ;/

/e: Heard about that one, my girls pc got served it + didnt install/download it though.
Probably should have for curiosity sake looking back now lol
Last edited by KitKat on Tue Mar 29, 2016 6:43 pm, edited 1 time in total.
ciaobaby

Re: Win10

Post by ciaobaby »

Speaking of unwanted updates, linux mint in cinnamon flavor got rekt last month.
Assuming 'rekt'  means "attacked" or something similar, it wasn't actually installed versions on users computers that were attacked, it was that one of the ISO  mirrors had an ISO of the distro available that had been modified to include malware, there is no concern to  any one with existing installs or .iso's downloaded before or since.

The mint blog has more details.
http://blog.linuxmint.com/?p=2994

HOWEVER: If every one downloading the iso had checked the signatures (hash sums)  of the downloaded files, before using them, absolutely nobody would have been affected.
KitKat

Re: Win10

Post by KitKat »

ciaobaby wrote:
Speaking of unwanted updates, linux mint in cinnamon flavor got rekt last month.
Assuming 'rekt'  means "attacked" or something similar, it wasn't actually installed versions on users computers that were attacked, it was that one of the ISO  mirrors had an ISO of the distro available that had been modified to include malware, there is no concern to  any one with existing installs or .iso's downloaded before or since.

The mint blog has more details.
http://blog.linuxmint.com/?p=2994

HOWEVER: If every one downloading the iso had checked the signatures (hash sums)  of the downloaded files, before using them, absolutely nobody would have been affected.
I was more referring to the month long forums/site compromise before they reacted to it.
https://twitter.com/ChunkrGames/status/ ... 0622081024
Compromised ISOs dealt with in < 1 day and quick disclosure once made aware of the issue was 10/10 handling.

Reading the link you posted it also appears the MD5 signature listed on the site to validate the ISOs was also replaced, so anyone who validated it on the day would have trusted it.
Honestly the best thing to come out of this is the inclusion of GPG signing in later releases.
http://blog.linuxmint.com/?p=3007

/e: MD5 hash as the ONLY point of authenticity (which they had/still have at point of writing) is a joke.
A "decent" not even "amazing" PC can manufacture an md5 collision in less than 1hour, had the attacker done that then its plausible (read: very likely given the community for linux mint is mainly casual users interested in ubuntu alternatives or branched off ubuntu due to unity's search and usage tracking behaviour god that was a mouthful) that the backdoor would still be undetected until the next mint iso release, and even then  the guy had site access, he could just repeat the same thing til detected.
They got "rekt" had the person attacking them thought it out more they could have done alot more damage/stayed undetected far longer.
Last edited by KitKat on Tue Mar 29, 2016 7:33 pm, edited 1 time in total.
ciaobaby

Re: Win10

Post by ciaobaby »

I was more referring to the month long forums/site compromise before they reacted to it.
That is not what you said or implied
Speaking of unwanted updates, linux mint in cinnamon flavor got rekt last month.
Only noticed when i recommended mint as a "secure" and "easy to use" flavour of linux to a friend..
Says or implies that the Linux mint updates were infiltrated and the operating system was therefore compromised. .... And that is very different from the forum database being 'stolen'
The database at THIS forum was compromised and user details MAY have been stolen (passwords were encrypted so were fairly useless to the cracker)  but THAT in absolutely no way meant that qbittorrent has a 'security problem'.
KitKat

Re: Win10

Post by KitKat »

ciaobaby wrote:
I was more referring to the month long forums/site compromise before they reacted to it.
That is not what you said or implied
Speaking of unwanted updates, linux mint in cinnamon flavor got rekt last month.
Only noticed when i recommended mint as a "secure" and "easy to use" flavour of linux to a friend..
Says or implies that the Linux mint updates were infiltrated and the operating system was therefore compromised. .... And that is very different from the forum database being 'stolen'
The database at THIS forum was compromised and user details MAY have been stolen (passwords were encrypted so were fairly useless to the cracker)  but THAT in absolutely no way meant that qbittorrent has a 'security problem'.
Qbittorent forums doesnt serve downloads, linuxmint.com does.
New downloads for linux mint came with backdoors, the official MD5 displayed on the website was altered, there was potential for a MD5 collision to mask this due to lax authentication methods from the provider.
Database breach lasted for a full month after been reported as leaked.
Actual ISO files were replaced with malicious files leading to new installations and ISO based updates been compromised.
Damage was limited frankly due to luck and fast response.

That level of intrustion is pretty severe no?

And yes im aware these forums were reportedly hacked, thats why i made a throwaway email for use here ;p

Back off/ontopic (bit old but i never really looked hard into win10)
https://blogs.msdn.microsoft.com/window ... indows-10/
RIP Sony Playstation Controller XInput drivers?
Last edited by KitKat on Tue Mar 29, 2016 7:59 pm, edited 1 time in total.
ciaobaby

Re: Win10

Post by ciaobaby »

Qbittorent forums doesnt serve downloads, linuxmint.com does.
I'm obviously missing the point there, having the forum user database is NOT very likely  to grant access to any higher level server operations,  so how is that relative?
KitKat

Re: Win10

Post by KitKat »

ciaobaby wrote:
Qbittorent forums doesnt serve downloads, linuxmint.com does.
I'm obviously missing the point there, having the forum user database is NOT very likely  to grant access to any higher level server operations,  so how is that relative?
I think you missed the point where the database breach wasnt solely their forums database, they got server shell access as well due to sloppy security.
The comparison you drew between qbittorents forums been breached and linux mints attack was an apples and oranges scenario.

http://thehackernews.com/2016/02/linux-mint-hack.html
"What had happened" paragraph.

Honestly im not even sure what you're argueing anymore?
Qbittorent forums database been hacked wouldnt be a major issue if it was solely the database and you were made aware before an administrative password was decrypted, and that would only be a concern if it was doubled up elsewhere.

What happened to linux mint is barely even comparable in terms of scale when related to qbit forums.
Last edited by KitKat on Tue Mar 29, 2016 9:44 pm, edited 1 time in total.
ciaobaby

Re: Win10

Post by ciaobaby »

Thanks for the link, not something I had seen before.

But on reading this bit;
Hackers believed to have accessed the underlying server via the team's WordPress blog and then got shell access to www-data.
I am not all surprised they gained access via WordPress, no matter how many times claim that Automattic say that the latest version is definitely secure nobody should seriously take that as fact, and trusting WordPress and any "Security plugins" on a 'high visibility' domain where the hosting user account has shell access is nothing short of crazy.

I have more scripts that run on our servers just  to catch 'known' WordPress exploits (seven WordPress installs out of a few hundred others)  and scripts that catch the very common "code injection" attacks that use the WordPress core functions  to manipulate permissions. Plus NO one, absolutely NO ONE (including myself) who plans to use Wordpress for their site gets 'shell' access on that account.
KitKat

Re: Win10

Post by KitKat »

ciaobaby wrote: I am not all surprised they gained access via WordPress, no matter how many times claim that Automattic say that the latest version is definitely secure nobody should seriously take that as fact, and trusting WordPress and any "Security plugins" on a 'high visibility' domain where the hosting user account has shell access is nothing short of crazy.

I have more scripts that run on our servers just  to catch 'known' WordPress exploits (seven WordPress installs out of a few hundred others)  and scripts that catch the very common "code injection" attacks that use the WordPress core functions  to manipulate permissions. Plus NO one, absolutely NO ONE (including myself) who plans to use Wordpress for their site gets 'shell' access on that account.
IIRC the word press server was the same server as linuxmint.com not shared credentials.
Could be misreading though, its from a Clem reply to a comment here:
http://blog.linuxmint.com/?p=2994
Edit by Clem: What really helps here is duplication and the community. We were alerted very fast and we were able to be alerted because people could find contradicting MD5s (and that’s mostly because the MD5s aren’t just in one place, but in many). Another thing which is going to help is to buy more servers and separate services even more. That way, if somebody hacks say wordpress, there’s only wordpress on that server and nothing else.
More WordPress related botches, ransomware fun & more info about linuxmint than the last link i posted.
https://www.wordfence.com/blog/2016/02/ ... ux-hacked/

Kinda sad/funny the hospital tech staff werent competant enough to perform an shadow volume restore and recovery :/
That method works vs latest teslacrypt..
Even sadder that they didnt have an offsite/offline/read-only backup..
Last edited by KitKat on Tue Mar 29, 2016 11:06 pm, edited 1 time in total.
Post Reply