Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security Software Technology

Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide (threatpost.com) 197

msm1267 quotes a report from Threatpost: A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent Shadow Brokers dump. Researchers said the attackers behind today's outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA. Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they've recorded more than 45,000 infections so far on their sensors, and expect that number to climb. Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and utilities in Spain, and other business throughout Europe have been infected. Critical services are being interrupted at hospitals across England, and in other locations, businesses are shutting down IT systems. An anonymous Slashdot reader adds: Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers. The ransomware's name is Wana Decrypt0r, but is also referenced online under various names, such as WannaCry, WannaCrypt0r, WannaCrypt, or WCry. The ransomware is using the ETERNALBLUE exploit, which uses a vulnerability in the SMBv1 protocol to infect vulnerable computers left exposed online. Microsoft issued a patch for this vulnerability last March, but there are already 36,000 Wana Decrypt0r victims all over the globe, due to the fact they failed to install it. Until now, the ransomware has laid waste to many Spanish companies, healthcare organizations in the UK, Chinese universities, and Russian government agencies. According to security researchers, the scale of this ransomware outbreak is massive and never-before-seen.
UPDATE: The Guardian reports that "An 'accidental hero' has halted the global spread of the WannaCry ransomware" by discovering a kill switch involving "a very long nonsensical domain name that the malware makes a request to." By registering that domain, the spread of the ransomware was effectively halted.
This discussion has been archived. No new comments can be posted.

Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide

Comments Filter:
  • by ffkom ( 3519199 ) on Friday May 12, 2017 @06:44PM (#54408123)
    who chose to weaponize security holes rather than having them fixed for some actual security.
    • Well nobody ever credited the NSA with an abundance of common sense.
      • by saloomy ( 2817221 ) on Friday May 12, 2017 @07:14PM (#54408277)

        But this isn't a zero-day. "Microsoft issued a patch for this vulnerability last March, but there are already 36,000 Wana Decrypt0r victims all over the globe, due to the fact they failed to install it."
         
        Blame lax IT policies and ineffective management for leaving exposed machines to the internet unmatched. Of course your going to get hosed. Most know to put a firewall, enable the machine's firewall, or air-gap their systems.

        • by dbIII ( 701233 ) on Friday May 12, 2017 @08:14PM (#54408467)

          But this isn't a zero-day. "Microsoft issued a patch for this vulnerability last March, but there are already 36,000 Wana Decrypt0r victims all over the globe, due to the fact they failed to install it."

          Since there were so many people that turned off updates to avoid getting MS Windows 10 unasked I don't think blaming the victims is a useful approach.

          • No. The update process was manageable. Maybe not for most home users, but certainly for the British NHS. Certainly they should have blocked SMB shares from the internet.

            • by dbIII ( 701233 ) on Friday May 12, 2017 @10:12PM (#54408873)

              Certainly they should have blocked SMB shares from the internet.

              That's not how it it gets on a network, even a large one like that. Somebody gets tricked into installing the malware from an email attachment or link via a vunerablity in IE or MS Office (Outlook not so good) and then it spreads across a local network via a weakness in an SMB implementation. Multiple levels of "fail" but not at the firewall, and not a lot that Microsoft's customers can do about it especially in a tight budget situation with IT as a very low priority.

              Your suggestion (while a good one that would have already been done since it's so obvious) would not have helped.

              • by shmlco ( 594907 )

                That's how most malware is spread. But WannaCry, according to reports, was a fully automated exploit that did NOT need users to open an attachment or click on a link.

                If a Windows computer running SMB was exposed to the internet, it could be infected and from there infect machines connected on the internal network.

                The lack of human interaction needed was how it spread so quickly.

                • by dbIII ( 701233 )

                  If a Windows computer running SMB was exposed to the internet

                  Maybe read something a little more credible and try again. There were dozens of ways anything like that would have got "owned" in minutes years before this new thing surfaced.

            • by Anonymous Coward

              Blocking SMBv1 protocol from the internet won't stop this attack. Any medical staff from within NHS can click a phishing site or open a malicious email attachment and the ransomware would still scatter like wildfire within NHS LAN.

          • Sure it is. If there's a hole in the wall because some idiot used a scattergun to try and kill a fly, it's still the idiot's fault.

            Microsoft has actually been quite sensible for this very reason. Way too many idiots think the solution to any problem they have is to turn off windows update. I'll wager that the majority of those who "turned off" windows update to avoid windows 10 actually knew what they were doing and didn't turn it off but rather curated them.

            Personally I think the best thing would be:
            a) not

        • by Anonymous Coward

          they stopped helping 50% of windows users

          ergo windows 7

          get ready cause to be infected "the im not migrating to crap spyware that the nsa has more holes in then swiss cheese is now swiss cheese too"
          thank microsoft too whom helps them

          btw waving from

      • by TiggertheMad ( 556308 ) on Friday May 12, 2017 @07:19PM (#54408293) Homepage Journal
        The NSA (and other ABC agencies that are undoubtedly running the same game plan) are doing what they are tasked with, finding ways to protect America and America's interests. Using hacking as a tool to this end is (relatively) new in the old game pf spycraft, so there are going to be a few epic disasters like this before the black ops people start to figure out all the types of blow back they can experience. The US was really big on foreign covert action in the 50's, and it took the bay of pigs to make people realize that there were ways that things could go horribly wrong. That didn't stop covert action from being used, but I think it was employed more carefully afterwards. Having all their shiny hacking toys stolen and having this happen is the hacking version of the 'Bay of Pigs'.

        Also, while the NSA seems to have compiled a formidable array of exploits and tools to compromise enemy systems, that doesn't mean that everyone else isn't playing the exact same game. The only difference between the NSA and EVERY other state intelligence agency on the planet is that they seem to be able to properly secure their black ops toys. Being one of the largest agencies of this sort, there are going to be a lot of people in the know. And the more people involved, the harder it is to keep a secret.

        Mind you, that doesn't make this any less tragic or regrettable. I sort of hope the CIA decides that it is in the US interest to find and vanish anyone connected with this ransomware to make an example of them. Alas, that sort of thing only happens in implausible Hollywood scripts.
        • Remotely exploitable network vulnerabilities shouldn't happen, but there seems no practical hope that they'll stop anytime soon. It would be negligent of legitimate spy agencies to fail to search for them and arguably be able to take advantage of them. Imagine you're trying to find out when an ISIS group is planning a bombing and you discover they're running a messageboard on a Windows machine with an SMB exploit, do you tell Microsoft to patch the exploit?

          You never know which of the vulnerabilities you'll

        • I sort of hope the CIA decides that it is in the US interest to find and vanish anyone connected with this ransomware to make an example of them.

          Sounds suicidal.

      • And why do you think Microsoft was able to patch this *before* the exploit was leaked by Shadow Brokers?

        • by ichthus ( 72442 )
          Congratulations. You have posted the most interesting question in this whole story.. Supposedly, this was a 0-day hole before it was leaked. So, then, how did MS know to patch it? Hmm.
    • by Anonymous Coward

      I guess the question is why wasn't there a plan in place to patch the holes going on in secret also? If you're going to weaponize something you want to be able to neutralize it also. True since rocks.

    • by Anonymous Coward on Friday May 12, 2017 @06:57PM (#54408181)

      No. Say thanks to Micro$oft for making people extremely gunshy after their concerted efforts to force Windows 10 down everyone's throats.

      It's bad enough to worry that an update to a bad driver will brick your machine without the problem of waking up to find Windows 10 on your machine.

      I'm sure there's enough blame to go around here, but don't forget that the update paranoia around Windows OS's was brought to you by none other than Micro$oft themselves.

      • by Anonymous Coward

        microsoft is partly guilty in this for sure because A LOT of people have the updates turned off since the windows 10 debacle, the lies, the telemetry, the diagtrack process, the broken windows update service that sits iddle consuming 25% of your cpu, etc

        but even a monkey like me that hears about the smb vuln, even if i dont know what it means exactly because im just a user and not an engineer, i could tell it was BAD, so i patched the living shit out of my computer

        sorry but if youve had experiences with bla

    • chose to weaponize security holes

      Like any weapon, this one is dangerous (deadly!) in the wrong hands. It was not the NSA, who placed it into the wrong hands, however.

      • by LT218 ( 2815469 )

        It was the NSA who failed to properly secure and protect their "weapon" that could wreak havoc globally if it got into the wrong hands. It was and is their responsibility.

        • by mi ( 197448 )

          It was the NSA who failed to properly secure and protect their "weapon" that could wreak havoc globally if it got into the wrong hands. It was and is their responsibility.

          Yes, they were certainly negligent. A person, whose gun is stolen can be charged with negligence. But the murderer is still responsible for the murder — not the gun's hapless owner.

      • by ffkom ( 3519199 )
        There could have hardly been any more "wrong" hands than those of the NSA, obviously. The "right" hands would have acted in favor of mankind, not like a villain stockpiling doomsday devices in a garden locker for any petty thiev to steal.
        • Re: (Score:2, Interesting)

          by mi ( 197448 )
          Whatever, dude. But I still think, the blame ought to be distributed in the following order:
          1. Those, who unleashed the stolen weapon.
          2. Those, who stole the weapon.
          3. Microsoft.
          4. NSA.
      • by HiThere ( 15173 )

        If the NSA wasn't the wrong hands, why didn't they cause this bug to be fixed years ago? It was already in the wrong hands...and probably not only those of the NSA.

    • Did you miss the part where Microsoft patched this 2 months ago [microsoft.com] and the only people being infected are the ones that are grossly (even negligently) behind?

      I honestly don't care about whether you blame the NSA for developing an exploit or not reporting it earlier. At this junction, however, 100% of the blame lies with these IT departments that can't get their shit patched.

    • Micro&Soft build their system with a crapy backdoor. No one to blame, if not them.

    • "rather than having them fixed"

      The patch for the exploit used has been been publicly available on Windows Update since March 14.

    • That hole was patched with a March update. Your thanks need to go to those who are tardy with applying updates...and to Microsoft for making it insanely difficult to determine what an update contains and does now that they no longer publish the Security Bulletins.
  • by burtosis ( 1124179 ) on Friday May 12, 2017 @06:52PM (#54408161)
    Successful NSA exploits used: maybe a handful
    Number of affected worldwide when it leaks: Tens of thousands to potentially millions
  • by Gravis Zero ( 934156 ) on Friday May 12, 2017 @06:53PM (#54408167)

    I've said it before but it bears repeating. [slashdot.org]

    When you create an exploit, you create a weapon but when you submit a fix, you make that weapon ineffective. So now instead of having the world's best armor, we have an absurd cache of weapons and those weapons have been stolen. The moral isn't to protect your weapons better, it's that you should be making better armor.

  • It hit the NHS hard (Score:5, Interesting)

    by Anonymous Coward on Friday May 12, 2017 @06:55PM (#54408177)

    I'm a doctor in the NHS. It hit my hospital hard. The bosses triggered the MAJAX protocols meaning everyone off work was called to come in and help. Computers are used for everything, so blood tests, admissions, scan requests, referrals, all had to be done by hand. The public were asked to keep away from A+E because hundreds of people were waiting. It was terrifying how little failsafe infrastructure there was. The hospital just stopped working.

    • by Anonymous Coward on Friday May 12, 2017 @07:18PM (#54408291)

      And you use unpatched computers in a hospital WHY? How the hell is it that the PC my kid plays Minecraft on is patched, but the ones you use for MEDICAL CARE are not!? WTF!?

      • by Anonymous Coward on Friday May 12, 2017 @07:44PM (#54408383)

        They may remain unpatched because of a fear that the patch could cause serious errors in the same systems. Most large organizations don't immediately apply patches throughout their infrastructure. They test the patches extensively before deciding to deploy them. In many cases there are laws and regulations in place that say systems have to be certified before they are deployed. Getting the certification for a patched systems, even when the unpatched system is certified, can be a huge and expensive task which may involve hiring specialized firms to run extensive tests.

        Some organizations are just negligent and risk problems by not patching while others are super vigilant and risk different problems by delaying patches.

        • Common sense would dictate that a system that goes unpatched for a certain period of time loses its certification automatically.
          • by Anonymous Coward

            common sense tends to get driven out by a business MBA who is an expert in efficiency.

            proprietary software created by a vendor that is 4 guys in an office somewhere on the other side of the planet, who just got bought out by megacorp which then spun off as dildicorp and fired all the original creators... does not have a flying clue about why your Blobnatz75 driver doesn't work on Windows 10, nor are they going to get an answer anytime soon.

        • However an unpatched PC or server would break laws relating to compliance. PCI compliance for example, all security patches must be installed within 30 days of the patch being released.

        • So firewall the shit out of them, don't let them access the web, don't give them USB connectors ... problem solved.

          The only computers 99% of hospital computers should be able to connect to should be the data servers for the applications and the computers handling remote management. Even those computers handling remote management shouldn't by default be able to just communicate with them on all ports, because modern IT is too fucking retarded to be relied on not to fuck that up.

      • Re: (Score:3, Informative)

        by Anonymous Coward

        Due to microsoft's continuous fuckery with win10, telemetry, updates which break shit and now rolled up updates which makes vetting them(*) an order of magnitude harder and more time consuming the last time my win 7 install was updated was sept 2016 and even that was a due to more fuckery by microsoft.
        I left my machine set to 'check for updates but don't install' yet it suddenly flips to install updates automatically after several years without any warning or change by myself - suspicious eh? Since then i h

        • Abso-fucking-lutely! I'm only on 7 because M$ made a coupla changes to Direct X and the game producing herd bleated acquiescence - so if I wanted to play most recent games I needed to be on Win 7. I installed it for the first time about the time 10 came out, thus missing the abortion called 8, and then we got hit with the bullshit about auto "upgrading". Yeah. Auto updates are OFF, still running GWX control panel, any possible telemetry nuked both in the registry and on my router. So, thanks to the sof

      • by TroII ( 4484479 ) on Friday May 12, 2017 @08:28PM (#54408521)

        And you use unpatched computers in a hospital WHY?

        Because patches are often broken. Imagine these hospitals had applied the patch when Microsoft released it, but the patch was faulty in some way, and all of the hospital computers went down as a result. Instead of complaining the hospitals were running unpatched, you and/or many people like you would be bitching and moaning that they were negligent to install the patch too soon.

        Updates from Microsoft frequently include at least one broken patch. There was one update last year that broke millions of peoples' webcams. There have been several updates that interfered with settings and reverted them back to default configurations, and several more updates that seemingly deleted group policy objects that had been configured by the domain administrator. There was a patch around the new year that inadvertently disabled the DHCP service, despite the update itself having nothing to do with DHCP. (Things that make you go hmmm.) This particular fuck-up rendered a lot of machines not only broken, but totally irreparable without manual human intervention, i.e. dispatching someone clueful to each of your premises to clean up the mess.

        Patch deployment in any enterprise environment requires extensive testing. You have to coordinate with your software vendors to make sure their applications are compatible with the update. If you install Patch XYZ without first getting approval from Vendor123, you wind up invalidating your support contracts with them. All of this takes time. In 2016, there were several months in a row where Microsoft had to un-issue, repair, supersede, and re-release a broken patch they'd pushed out. Put yourself in the shoes of an admin team who got burned by Windows Update breaking your systems, especially repeatedly. Are you going to be in any hurry to patch? If you were bitten by the DHCP bug, do you trust that the "critical SMB patch" really only touches SMBv1, and isn't going to inexplicably corrupt Office or remove IPV4 connectivity on every computer it touches?

        If the PC your kid plays Minecraft on gets hosed by a broken patch, it's not that big of a deal. The business world is a different story.

        • by Anonymous Coward

          i have a box at home, with a system made by some dude with very thick glasses in some basement somewhere, its that thing called linux

          it gives me less problems when i update than the marvelous and modern windows do on my other boxes, which is sad considering i dont know jack shit about linux

          maybe, just maybe, the affected big companies should consider moving away from microsoft, which has not been able to deliver a proper product since windows 7

        • by Z00L00K ( 682162 )

          More than patches are broken is that applications sometimes are written to handle the the unpatched version and when the patch arrives then the workaround blows up.

      • He is a doctor not an IT consultant, this is failure of IT management failure.

        NHS Digital is provided by outside private sector IT Consultancies and has been beset with failure for years.

        • by HiThere ( 15173 )

          It's not just an IT failure. It's a management failure AND a failure of law AND a failure of manufacturing. Many medical devices should NOT have IP connections. They should send and receive text streams that are ONLY data, not executable, even by an interpreter. The laws about certification of equipment should recognized that unpatched devices should be forbidden contact with the internet. Etc. And manufactures should be liable if their device connects to the internet and they don't insist that patche

    • before they had an "Internet Connection".
      I don't understand why any critical infrastructure (which, like a hospital, should function even in cases of catastrophy or war) connects any vital computer to a public network.
    • by Z00L00K ( 682162 )

      One thing that's important is to build up a segmented network where each department is insulated from the other departments and only exchange of approved information is going to be allowed.

      Same goes for internet communication. Limit that to necessary services.

      Mail services should go on virtual servers that are sandboxed, or even on a remote desktop server.

  • 45K....peanuts.
  • by guruevi ( 827432 ) <`evi' `at' `evcircuits.com'> on Friday May 12, 2017 @07:03PM (#54408215) Homepage

    Is that there are still 45k Windows machine that are directly connected to the Internet.

    Any Windows machine I manage (mostly very specific medical software and medical machines) are either VM (and thus behind a firewall and any service proxied to a BSD or Linux host) or airgapped.

    • Re: (Score:3, Interesting)

      They don't have to be directly connected to the internet. They just have to have a shitty network admin that didnt close 445 on the firewall and didnt patch windows.
      • by DaHat ( 247651 )

        Yup, plus a single exposed machine which is infected will then turn around and start scanning it's own subnet which may include machines which may not even have internet access.

      • Then they ARE connected to the Internet, having a proxy to the entire network is the same as having no firewall. From my understanding this isn't being done via social engineering though (yet), a coordinated "attack" (I would call it a test) would devastate these Windows-only enterprises.

        Rule number one on any network: everything else is hostile. Not sure how even Microsoft hasn't figured that one out.

    • In NHS's case, I am guessing only one person had to be infected.   Then it used the SMB exploit to worm it's way through the entire system.  It only took one person.  I am checking all of my machines to make sure it's all patched.. (in health care)
    • That's not what happened. It's an exploit in SMB. Meaning, the Ransomware is now a worm on the local subnet. Once someone behind the keyboard opens the malware in the form of an attachment to infect their PC, it then proceeds to scan the LAN and replicate to other computers via the SMB protocol exploit. Those computers in turn do the same thing. Lather, rinse, repeat.

      FYI, SMB ports are open between client an server on any machine joined to a Windows Domain (Active Directory).

  • ... the NSA.

    Lots of demonstrable dollar loss.

    Microsoft plugged this hole back in March.

  • EVERY Person, and EVERY Business, that this will do damage to. Its their tool, POORLY secured, that caused this ENTIRE MESS! If they had been sitting there catching terrorists, like we paid them to do, rather than designing malware to perform black ops with, we wouldn't be having this little "Chat" LoL!
    • by Gravis Zero ( 934156 ) on Friday May 12, 2017 @07:37PM (#54408367)

      EVERY Person, and EVERY Business, that this will do damage to. Its their tool, POORLY secured, that caused this ENTIRE MESS!

      You got it all wrong. The entity to blame is Microsoft. Their operating system is poorly secured which is the root cause of this entire mess.

      • If some hacker finds an exploit, doesn't tell Microsoft, uses it for his own purposes but fails to keep it secure so other hackers get hold of it and use it to install ransomware, would you still blame Microsoft, or only if the hacker's initials are NSA?

        You might as well criticize the Linux devs too because of all the unpatched security holes in Linux.

        • If some hacker finds an exploit, doesn't tell Microsoft, uses it for his own purposes but fails to keep it secure so other hackers get hold of it and use it to install ransomware, would you still blame Microsoft,

          Yes, yes I would.

          You might as well criticize the Linux devs too because of all the unpatched security holes in Linux.

          Also yes.

      • Can you say in a serious face that the NSA HAS 0 backdoors on Linux? No really. It's not like the NSA didn't have a role in developing Redhats apoarmor or anything.

        The echo chamber of anti MS hate is strong here as always but put the crackpipe down.

        The NSA has keys to juniper and even a backdoor of old Nortel now Avaya routers. The NSA logs on and does what it likes

        • Can you say in a serious face that the NSA HAS 0 exploitable bugs on Linux?

          A) FTFY
          B) Why bring up Linux? I'm just talking about the flaws that Microsoft owned code has.

          The echo chamber of anti MS hate is strong here as always but put the crackpipe down.

          The only thing I've done is lay blame where blame should be laid. When a severe bug for operating system XYZ is exposed then you blame the people who developed it, not the people who exploited it. This is true for all operating systems.

          • You imply NSA is innocent and only Windows can be hacked. A false belief. Where do you think the term ROOTkit came from? Unix security was a joke before WindowsNT came into the scene as VMS was more secure because it was not written in C. I have seen hackers take over a SuSE enterprise server to host a phishing website. Just because it's opensource doesn'tean it's secure.

            • You imply NSA is innocent and only Windows can be hacked.

              I did not imply either of those, you inferred that using faulty logic.

        • by thule ( 9041 )
          Not AppArmor, SELinux. I know the accusation has been around for quite sometime, but I have yet to find anyone pointing out the backdoor. The code is GPL'd so people can audit the code.

          If anything, SELinux has saved systems from 0days by restricting the vulnerable process to only what it should do. Filesystem permissions or chroots only get you so far. SELinux goes farther. For example, it prevents a process from making outgoing IP connections.
        • by HiThere ( 15173 )

          IIUC the NSA has "rainbow tables" that allow them access to any Linux system. But these don't allow access to all Linux systems.

          This is not to claim that the NSA don't have any exploitable tools that will handle all Linux systems, but I don't know of any. Linux systems can be stripped down and "hardened" in ways that MS intentionally doesn't allow. And, for that matter, the same is true of BSD, even slightly more-so. But not Apple, except, perhaps, their iPhones. As with MS, Apple doesn't let *you* str

      • by trawg ( 308495 )

        You got it all wrong. The entity to blame is Microsoft. Their operating system is poorly secured which is the root cause of this entire mess.

        I dunno about this. From what I've read they fixed the problem a while ago and a patch has been available for a reasonable amount of time - enough for most people to have tested and deployed it, especially given its seemingly obvious criticality.

        Your post implies that software should only be shipped when it is perfectly bug free, which I at least think is simply not possible.

      • You got it all wrong. The entity to blame is Microsoft. Their operating system is poorly secured which is the root cause of this entire mess.

        I have a better idea, instead of blaming someone who had a bug in their code and patched that code the moment they discovered it, how about you blame the government entity which knew about the exploit and decided to weaponise it rather than report it.

        If we blame Microsoft then all programmers should hang because I've yet to see a bug free piece of software. That includes open source security software which we all hold near and dear to our hearts.

        • I have a better idea, instead of blaming someone who had a bug in their code and patched that code the moment they discovered it

          Why wouldn't you blame the people who wrote poorly secured code?

          If we blame Microsoft then all programmers should hang because I've yet to see a bug free piece of software.

          It doesn't have to be bug free, it just shouldn't have remotely exploitable bugs in critical systems. Critical systems include the kernel, startup configs/scripts and daemons/services. In this case, Microsoft failed to secure their WINS service.

          That includes open source security software which we all hold near and dear to our hearts.

          Absolutely, I hold the Apache devs equally responsible for their HTTPd daemon's poor security model, especially with regard to addons like PHP. Simply put, people need to validate their inputs and mit

          • Why wouldn't you blame the people who wrote poorly secured code?

            You can, just don't pretend that this is a Microsoft problem vs a programmers are human problem. You're masking the underlying issue with a blame game.

            It doesn't have to be bug free, it just shouldn't have remotely exploitable bugs in critical systems.

            Bugs, remotely exploitable critical bugs, same thing different label. This kind of stuff traverses all programmers, programming languages and OSes.

            Nobody can do this perfectly but Microsoft is hardly trying.

            I'm not sure I agree. Microsoft may look like they are hardly trying but they are also under the biggest scrutiny, and let's not forget who WanaCry actually initiates an infection: phishing email. It's also some ob

            • You're masking the underlying issue with a blame game.

              I responded to a post that was specifically laying blame on the NSA. I didn't start off waving a banner and cheering, "this is Microsoft's fault" but rather I was merely correcting the original post so that blame was properly credited.

              Bugs, remotely exploitable critical bugs, same thing different label.

              Poppycock! You may think they are the same but one is a specific subtype of the other that doesn't just happen anywhere.

              Nobody can do this perfectly but Microsoft is hardly trying.

              I'm not sure I agree.

              Considering the first thing the new guy at MS did was cut QA, I would say he's not interested in doing things like security reviews on existing code.

              let's not forget who WanaCry actually initiates an infection: phishing email.

              Actual

  • This time, Microsoft, there is no need for you to consider yourself middle-fingered - you are.
  • Hey, where's the headline about this being patched back in March?

    Oh, but it takes time to verify that these patches won't...

    Yeah, and how long is it going to take you to recover from getting slammed, and at what cost? For something that was patched TWO MONTHS AGO.

    Not a zero day, a YESTER-DAY!

    And if you're still relying on XP...
    • by nnull ( 1148259 )
      You'd be surprised how many industrial computers or commercial type computers which run displays (For airline displays, trains, etc), still use XP. Some have moved to Windows 7, but that's like a small percentage. Then you'd be surprised how many of these mission critical PC's are connected to the Internet without any sense of security. Of course none of them patched. It was a disaster waiting to happen and many here predicted for years was going to happen.

      So, no surprise that someone finally exploited
  • When will people get it that, with a mission-critical computer system, it should have no more ability or authority to do _anything_ than it needs. If you computer is only there to do your financial stuff, the it doesn't need to be able to run Minecraft, so it should not be able to run Minecraft at all. Having a single all-things-to-all-people OS that, once booted, can do anything and everything, and is so complex that even its manufacturer can't track all the bugs and holes, and nobody else can even tell if

    • You say "if your computer". Then you proceed to define how a hardcore least privilege makes a computer not yours anymore. It belongs to whatever entity is tying your hands with respect to running it...

  • by Neo-Rio-101 ( 700494 ) on Friday May 12, 2017 @09:46PM (#54408775)

    IT admins: Let's patch this box
    IT management: NO. You can't do that! We need a stable operating environment. Sorry you don't have a maintenance window until 6 months from now.
    IT admins: But we'll get hacked!
    IT management: Then we'll blame the hackers! It won't be our fault that the system has downtime. We'll keep our jobs!
    IT admins: Oh I get it. If we bring servers down for maintenance, that will be our fault and we'll get fired.... but if we get hacked - it's not our fault.
    IT management: YES! and then we can blame Microsoft and point the finger at all our vendors.

  • Don't these institutions have IT security? Don't people understand how to design networks that are isolated from the internet, minimizing the attack surface of unpatched or intentionally held back machines?

    Not trying to blame the victims here, well, ok I am, this is totally avoidable with some proper network design and isolation of critical and potentially vulnerable 'held back' systems.

    Nothing inherently wrong with saying, "I don't want this machine's OS changed, cuz it works perfectly now." Where the pr

    • by nnull ( 1148259 )
      Management sees the price tag of doing so and they say "whoooooaaaa, no way". And that's that. And we have what we have. Even though the costs of doing so is negligible, other than doubling your material costs, that's about it. I've done it, I have my PLC's on a separate dedicated network from everything else. I have my video system on a separate network. I have my PC's all on a separate network. I even have my management computers all on a separate network. It's not really hard to do, especially when you h
  • by TheNarrator ( 200498 ) on Saturday May 13, 2017 @12:47AM (#54409317)

    Remember how Munich switched to Linux? Yup, not affected.

  • 1, Microsoft has always had a disclosure that their OS is not suitable for life-critical applications

    2. NSA has a dual mission -- the second (neglected) mission is to ensure the security of domestic computer networks

"Marriage is low down, but you spend the rest of your life paying for it." -- Baskins

Working...