mySecurityHole 2.0

Posted On: Friday - March 19th 2021 12:38PM MST
In Topics: 
  Globalists  China  Artificial Stupidity  Big-Biz Stupidity

Peak Stupidity has warned our readers multiple times: We don't guarantee timely news, and our wise investment strategy advice is generally done retroactively. Caveat emptyor goes your wallet. In this case, this 2-week old news about Chinese hacking of email server programs may be just a wee too late to save that secure information regarding your plans for the next insurrection on the US Capitol.

That is, for the Microsoft Windows users, this could have been a problem. Commenter Adam Smith has advised you and me to go to Linux many times. It's MS Exchange Server that has been hacked by the Chinese through 4 security holes, per some dude named Chris Krebs (Krebs On Security is his web site). He reports At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software. 30,000 organizations probably runs into the 10's of millions of people, Basically, 30,000 copies of those versions of non-secure software have been sold in the US and over a hundreds of thousands worldwide:
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.
Great.... it was bad enough keeping the NSA and Deep State in mind when you email your friends, but now we have to worry about what the Chinese will get out of it. So, no insurrection plans and no bright new ideas would be the way to go.
On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange.

Microsoft said the Exchange flaws are being targeted by a previously unidentified Chinese hacking crew it dubbed “Hafnium,” and said the group had been conducting targeted attacks on email systems used by a range of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.

In the three days since then, security experts say the same Chinese cyber espionage group has dramatically stepped up attacks on any vulnerable, unpatched Exchange servers worldwide.
[My bolding there.] Interesting... perhaps the Chinese have already hacked some brilliant new face-diapering technology from the CDC, or, failing that, just information on how to raise another cool virus like the COVID-one-niner.

White House press secretary Jen Psaki told reporters today the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant,” and “could have far-reaching impacts.”

“We’re concerned that there are a large number of victims,” Psaki said.
I'll just bet you're concerned. I'm not at all trying to tell you how to do your job, Miss Psaki, but the first person I'd call would be former Secretary of State Hillary Clinton. We don't know for sure the Hildabeast has a handle on this, or whether she ever actually successfully wiped that hard driver of hers. I mean, isopropyl alcohol and some elbow grease SHOULD do it, but at the level of security involved, "Evil Level Class IV Secret", her staff may want to try something stronger, say hydroflouric acid.

This is a comprehensive systematic hacking job, not some one-time breach:
In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.


“We’ve worked on dozens of cases so far where web shells were put on the victim system back on Feb. 28 [before Microsoft announced its patches], all the way up to today,” Adair said. “Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server. The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”
What to do? What to do?
Meanwhile, CISA has issued an emergency directive ordering all federal civilian departments and agencies running vulnerable Microsoft Exchange servers to either update the software or disconnect the products from their networks.

Adair said he’s fielded dozens of calls today from state and local government agencies that have identified the backdoors in their Exchange servers and are pleading for help. The trouble is, patching the flaws only blocks the four different ways the hackers are using to get in. But it does nothing to undo the damage that may already have been done.
Uhhh, yeah-uh! The information is out. As cheap as memory is today, just as the NSA can do, the CCP can save every last email and attachment file, and the information can be looked at when the need arises.
“On the call, many questions were from school districts or local governments that all need help,” the source said, speaking on condition they were not identified by name. “If these numbers are in the tens of thousands, how does incident response get done? There are just not enough incident response teams out there to do that quickly.”
I'm guessing these organizations made the most calls because they have the highest level of Affirmative Action, hence the smallest proportion of smart White people. As Steve Sailer says, we're running out of White people.
“It’s a question worth asking, what’s Microsoft’s recommendation going to be?,” the government cybersecurity expert said. “They’ll say ‘Patch, but it’s better to go to the cloud.’ But how are they securing their non-cloud products? Letting them wither on the vine.”
Whoa, do they think I feel any better knowing all the info is on the cloud? When the Chinese ever get the humidity and instability how they want it in this cloud, I foresee a thunder-hackstorm throwing out information the size of golf balls.

Peak Stupidity has written before on the stupidity of a country that practically begs for espionage from the darker elements out of China - See ICE Jail Chinese Spy Si Chen* and Current-Era Espionage and Immigration. Instead of working from the mainland of China, how much easier would it be to create a back door, or the framing for one, in Microsoft software, as a Member of the Technical Staff? There's no end to the benefits of Diversity.

PS: "Oh, wait", you say, "there's only one guy in that picture who looks Chinese." Yeah, but that's because the rest are a bunch of slackers who would rather be paid in that diversity parade, rather than be on the Redmond campus that day hacking away.

* This is the post about the LA Woman, "LA Woman Si Chen", that is.


Adam Smith
Thursday - April 1st 2021 8:01PM MST
PS: Happy April Fools Day!

23:01 EST
21:01 MST

Adam Smith
Sunday - March 21st 2021 11:14AM MST
PS: Good afternoon Mr. Blanc...

“We should simply install the Red Chinese govt in DC...”

Somehow I prefer incompetent evil over competent evil.
Competent evil sounds more dangerous to me. Incompetent evil seems like the lesser evil.
It's one of the few circumstances where incompetence can be a good thing.

Sunday - March 21st 2021 9:07AM MST
PS We should simply install the Red Chinese govt in DC. Sure, they’re evil. But they’re competent. The outfit we have are also evil. But incompetent.
Adam Smith
Sunday - March 21st 2021 7:17AM MST
PS: Good morning everyone...

It don't worry me none either Mr. Moderator. I too hope I never see another Windows version in my life, though “Windows World Domination Nano Edition” sounds pretty interesting. I'd give that one a test drive.

My 8:11AM comment is like a big typo and a friendly reminder why I don't make important decisions or play with high voltage electricity until after noon. I hope all my future mistakes are as harmless as this.

The Alarmist
Saturday - March 20th 2021 3:13PM MST

Isn’t the next release Windows World Domination Nano Edition ?
Saturday - March 20th 2021 3:09PM MST
PS: No problem, Mr. Smith. If you want me to delete the whole comment or just a part, let me know. It don't worry me none, I hope to never see another Windows version in my life.
The Alarmist
Saturday - March 20th 2021 3:08PM MST

I don’t care if the ChiComs are reading my mail, as long as they deliver while the shrimp toast is still hot. NSA doesn’t deliver.
Adam Smith
Saturday - March 20th 2021 8:41AM MST
PS: One more thing...

I hammered out that first message with the morning sleepiness still in my head. Microsoft is not behind “Windows 12” and it is not an update to windows 10. “Windows 12 Lite” is a windows themed linux distro.

Sorry about the inaccuracies in that post from 8:11AM.

Adam Smith
Saturday - March 20th 2021 8:19AM MST
PS: Just in case someone wants to try it...

Adam Smith
Saturday - March 20th 2021 8:11AM MST
PS: Good morning Mr. Moderator...

You got lucky... I too had no ideas about any version beyond windows 10. As you know, I haven't used windows in years. I do have one office laptop running debian/puppy/windowsXP and I have one desktop running debian/quirky/Windows2008 (server version of windows7) that we use to run the tv upstairs, meaning we watch a little netflix on the way to sleep. I have never used the Windows2008 on that machine except for the install.

When I hammered “Windows 12” into the search I found this...

Apparently “Windows 12” is an update of windows 10 though it does sound like it can be installed clean. There is no Windows 11.

Interestingly, Microsoft is upgrading windows to linux...

"On 11 Feb 2020, Windows 12 Lite launched! You might assume that a new Windows-series edition has come out at first glance.

Windows 12 Lite is not what you think!

It is not a part of the Windows series system and is based on Linux Lite 4.8 of the Linux operating system. Let’s have a closer look at Windows 12 Lite features:

• No unwanted update bugs, no update failures and no obligation for users to buy new versions
• It possesses the natural immunity characteristic, and no virus or extortion software is needed
• Dual-boot operation with Windows 7/10, free copying and editing of files
• Starts up to three times faster than Windows 10 and takes about 10 seconds
• Comes with a lot of the best software, more than 80,000 models are available in the software manager
• Perfect support for Steam / NVIDIA graphics cards, and still play games
• Microsoft will not steal any authorization, no activation required, casual installation, and data"

So, “Windows 12 Lite” is really just Linux Lite 4.8 with a windows background and icons.

None of this is surprising as Microsoft has been stealing other peoples work since day 1. I guess it's not stealing when dealing with open source software, but Microsoft should make a donation to the good people who wrote the linux lite 4.8 distro, or at least offer “Windows 12 Lite” for free to the world like all other open source distros.

Thanks for the heads up.
It's good to stay informed just in case anyone asks.

Saturday - March 20th 2021 5:33AM MST
PS: I appreciate the graphic, Mr. Smith. I may be useful for another post. I was pulling the number 12 out of my ass, as the only Windows version I use regularly is 7. If they are on 12 now, I just got lucky.

Neo, thanks for the info. I am no computer whiz like commenter Adam Smith, but he (and a local friend too) have told me I ought to do some of this. It'll be on the next computer I get, for which I think I'll go retro and get a real "desktop" or at least under-the-desk machine that is powerful enough. My current main computer is in between (too big to carry around in the current era, and not powerful enough). It's pretty old too.
Adam Smith
Friday - March 19th 2021 7:34PM MST
PS: Good evening everyone...

Neo is the One
Friday - March 19th 2021 6:22PM MST
PS You can find Linux versions with a GUI that looks just like Windows.
The Guru put one on a machine and didn't say anything and most users thought it was a Winblows box.
Comrade kommissar Gates (CCP/Criminals In Action) started the genuine advantage feature because Australian hackers had made a copy of Windows with tons of free third party software built in.
You can also have a machine with more than one operating system on dedicated partitions, a screen comes up on boot asking which one you want to use.
Friday - March 19th 2021 6:10PM MST
PS: Step 5: Double down. Call for more H-1Bs, O-whatevers, in the name of CHEAPER SOFTWARE!! We all are so concerned about getting a better price on Windows 12.fucked.

Privacy? Who needs privacy? If you've got nothing to hide, then WTF, right?
Friday - March 19th 2021 1:20PM MST
Step 1: Allow millions of Chinese to enter your country and attend your universities

Step 2: Hire millions of Chinese to work in your tech companies, government agencies, and research universities.


Step 4: Act surprised
WHAT SAY YOU? : (PLEASE NOTE: You must type capital PS as the 1st TWO characters in your comment body - for spam avoidance - or the comment will be lost!)