Subj : Issue with URL shortener To : August Abolins From : Brian Rogers Date : Wed May 12 2021 22:52:00 Hello August; -=> August Abolins wrote to Brian Rogers <=- AA> I'm not too overly concerned anymore about short links. It's AA> been about 20 yrs now since TinyUrl launched. Weren't they the AA> first with that idea? Anyway.. They've built a vetting process AA> into them and block links that have nefarious purposes. They still crop up from time to time. Remember it's not necessarily TinyURL itself doing the dirty deeds but the users who may decide to use it. AA> The only thing I won't do is click on a short link from AA> unsoliced email or if something arrives from someone I do not AA> know. That should be standard operating practice in today's world :) AA> I have to wonder if that or a similar technique was used to be AA> the vector for inviting the ransomeware that shut down the east AA> coast pipeline. Unless a formal explanation is given it'll be uncertain. AA> Krebbs article "A Closer Look at the DarkSide Ransomware Gang AA> May 11, 2021" talks about the end result of that, but I wonder AA> what the vector was for infection. It may have been anything. AA> This is a pretty good article that examines the techinal AA> tricks: AA> https://securityintelligence.com/posts/darkside-oil-pipeline- AA> ransomware-attack/ Security online is like a hurdle to a runner, you can only hope that you can build a hurdle so high they tire out trying to get over it. AA> "A favorite entry point appears to be connecting via RDP on AA> port 443 typically routing via a TOR browser." TOR is evil. 'nuff said. AA> And.. I did not know that VPNs and Linux were not immune: I think you're confusing a VPN with a VM. AA> "The malware can attack both Windows and Linux environments, AA> making enterprise servers just as `encryptable' as an AA> employee's endpoint. DarkSide can also attack virtual machines AA> and encrypt data on their hard drives." There's NO OS or platform that's 100% immune to viri/warez of any kind. There are those which may be less immune than others. Even a virtual machine has to run some form of OS on them! A VPN on the other hand is a transport mechanism that uses a combination of ipencapsulation AND encryption. These are used to hide your information and possibly your IP. This is why companies like to have VPNs set up for those who work-from-home. AA> Apparently all the activity of making backups is no guarantee AA> that you could just ignore the ransomeware attack and just AA> restore an ealier backup. Apparently, the "attack" lurks in AA> the background for an amount of time that might represent a AA> typical schedule for several backups - so, when it comes time AA> to use a previous backup, all those backups will have already AA> have copies of the infection. If one is in need of doing a restore due to a virus or ransomware hit, then they should restore on a platform: - not connected to the internet - not the same machine as the infected one - look for and patch the security hole that was exploited before deploying that drive back into production Some, not all, viri are on a time trigger and may be lurking around. Others are not. This is why after a restore you wish to do a scan from a BOOTABLE media -not- that of the local hard drive(s). No one said being a sysadmin was easy work even if it's on a hobby machine. .... Gone crazy, be back later, please leave message. --- MultiMail/Linux v0.52 * Origin: SBBS - Carnage! (1:142/103) .