Follow

JFC SMH WTF 

Look, pirating software is bad... but not for the reasons they tell you, usually because it's bait.

but then you decide to disable your AV when it warns you.

We can only put so many training wheels on systems before we just have to concede that you earned that one.

news.sophos.com/en-us/2021/05/

JFC SMH WTF 

@thegibson Am I reading that right, that MS's horrible X11 equivalent can install a driver *on the server* when a client connects?

How is anyone at MS allowed to ship software, and not treated as a terrorist organization?!

re: JFC SMH WTF 

@mdhughes more that when a new user session uses rdp/Citrix for the first time, it is usually set to install sprinter for the user session. This selects it’s version from metadata exchanged from the local device, and as such they knew it was a client using a Russian localization.

The print driver install is a feature often employed by any RDS service. In this case it offered a point of data to attribute the attack.

We look for this when DFIR engagements call for it.

re: JFC SMH WTF 

@thegibson Only pirate from FTP sites you trust and from release groups you know.

re: JFC SMH WTF 

@thegibson

If you must pirate, run it in a sandbox.

As an alternative to pirating, just see if you can make due with a Free/Open Source Software alternative.

re: JFC SMH WTF 

@GI_Jack

Or as I like to call it, "Dependency Bingo"!

:ablobgrimace:

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.