Make everything static. Unless you really need some sort of dynamic content. If you do need dynamic content, make sure to stress test it. There are tools out there to load test your website to see if it breaks.
Put it on Cloudflare. Cloudflare can absorb huge volumes of traffic with ease. Keep in mind there are other WAFs (Web Application Firewalls) you can check out.
Use as little third party widgets / bells and whistles as possible, and self host assets when you can. If these go down (which they will when your site is trending on Hackernews), then your site may not load correctly and leave your users frustrated. Remember the recent S3 failure? It broke thousands upon thousands of sites.
I think it's because it's cool to use the word "cyber" now in the news. It makes news outlets appear edgy and with it. Infact these cyber attacks are nothing new, and have been an ongoing problem for organizations like the NHS, the only difference being there is a remarkable uptick in the scale of the attack. The reason it stands out is because it's a cluster, instead of a slow, trickling problem for the NHS and other organizations.
> What's so special now?
The sophistication and worm capabilities. Were it not for the Shadowbrokers leak, small time malware authors had to use tired old strains of malware to spread. Now they can draw upon the vast arsenal of the Shadowbrokers leak and appear like state actors, which they are not.
If anything, the leaks were a blessing, because now we can mitigate against such attacks. NSA's mantra 'NOBUS' (No-one-but-us) does not apply here.
To mitigate, Install Security Patches in a Timely manner.
Also note that only works on windows 7 and later, dism is not a tool for XP or Windows 2003 which seem to be the largest numbers hit by this since there is/was no patches for them
After the recent so called 'cyber attacks' of WannaCry, I was careful to update any Windows machine I have and install things like EMET and MalwareBytes on them. I switched to Linux years ago because I've heard nothing but bad news concerning Windows, but one thing struck me about the WannaCry infections: I heard the attackers used an exploit pulled from the recent ShadowBrokers leak, something related to 'SMB'. A few questions:
Explain it to me like I'm five please
1.) What is SMB? And is it easy to remove from systems by simply uninstalling it (like I have done[0])?
2.) Does WannaCry just land on a machine through a simple point-and-click exploit? Do they just enter a vulnerable IP address and they can plant the exploit on the machine and run it?
3.) I am aware that it also gets onto machines by people randomly clicking on shady e-mail attachments, but I am very curious about how it simply lands on computers with very little or no user stupidity at all?
[0] I uninstalled SMB by going to > Add or remove programs > Remove windows features
First of all, SMB is a network protocol for sharing files. It's sometimes known by the name samba, which is an implementation of the protocol. If you have a remote drive mounted for sharing documents with your coworkers there's a good chance you're using SMB.
This exploit worked in two stages. First, there was a massive email campaign. Then, when employees would click on the attachment, the malware would worm its way onto other computers on the local network using an exploit in the SMB file sharing stack (which orignally came from leaked NSA malware). Then it would encrypt the user's files and demand the ransom.
Thanks for sharing. I really liked the idea behind https://hypothes.is in particular, but I haven't found any site that really is enhanced by it. With the right user base though it could be awesome.
Certain Linux live CDs usually have a read only filesystem and are useful for tasks where you don't want to leave a trace, and everything is flushed from RAM after use. Ubuntu, for example, allows a user to try out the O.S without installing and is a great way to 'trash the hotel room' and then shutdown leaving no trace of your actions. Any files you create, for example will be wiped, and the kernel is exactly the same when you restart the system cleanly. Just to be safe, I would recommend booting from read-only media like an actual read-only CD so nothing can persist.
