bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 15th May 2017, 11:02   #1
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 8,615
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
WannaCry malware downs systems worldwide

Microsoft displeased with the NSA.
https://www.bit-tech.net/news/bits/2...acry-malware/1
__________________
Author, Raspberry Pi User Guide Fourth Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me! | Need a VPN? Try AirVPN!
Gareth Halfacree is offline   Reply With Quote
Old 15th May 2017, 11:13   #2
Pookie
Level 0
 
Pookie's Avatar
 
Join Date: May 2010
Location: Newton Scabbot
Posts: 3,413
Pookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming SaiyanPookie is a Super Spamming Saiyan
I'm sorry but the buck stops with Microsoft, they built the OS and it's their job to insure that it's secure. Maybe they need to invest in more time researching vulnerabilities rather than messing about with crappy stuff like Cortana.
__________________
Unlimited Fibre Broadband 38Inc Per month including line Rental!
http://pulse8broadband.co.uk/fibreoptic-broadband
Pookie is offline   Reply With Quote
Old 15th May 2017, 11:16   #3
Mr_Mistoffelees
More Spanners Please.
 
Mr_Mistoffelees's Avatar
 
Join Date: Aug 2014
Location: Where nobody goes and nobody knows...
Posts: 941
Mr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming SaiyanMr_Mistoffelees is a Super Spamming Saiyan
Quote:
Originally Posted by Pookie
I'm sorry but the buck stops with Microsoft, they built the OS and it's their job to insure that it's secure. Maybe they need to invest in more time researching vulnerabilities rather than messing about with crappy stuff like Cortana.
No it doesn't, Microsoft have made secure (against this vulnerability) OS software available to everyone who wants it. It is the end user's responsibility to update. It is not Microsoft's fault that much of the NHS and many other organisations, are still running a 16 year old OS.
__________________
A rusty spanner is not a happy spanner...
Mr_Mistoffelees is offline   Reply With Quote
Old 15th May 2017, 11:17   #4
Broadwater06
Multimodder
 
Join Date: Apr 2016
Location: London
Posts: 187
Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.Broadwater06 is the Cheesecake. Relix smiles down upon them.
But why should they keep supporting XP, they told us very clearly when the support end, they even extended the support more than any other Windows.
Broadwater06 is offline   Reply With Quote
Old 15th May 2017, 11:19   #5
tonyd223
king of nothing
 
Join Date: Nov 2009
Location: Hull
Posts: 382
tonyd223 has yet to learn the way of the Dremel
Why didn't the NSA tell Microsoft? Because it was using the vulnerabilities for itself?
tonyd223 is offline   Reply With Quote
Old 15th May 2017, 11:26   #6
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 8,615
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by tonyd223 View Post
Why didn't the NSA tell Microsoft? Because it was using the vulnerabilities for itself?
Yes, exactly that. Which, incidentally, goes directly against the Vulnerability Equities Process (VEP) introduced by the Obama administration which requires all government agencies to share discovered vulnerabilities with vendors unless they can successfully argue for a temporary stay (such as "we're actively using this in an ongoing investigation which is due to wrap up on the 15th of November," rather than "we might need this in the future so we're keeping it to ourselves.")
__________________
Author, Raspberry Pi User Guide Fourth Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me! | Need a VPN? Try AirVPN!
Gareth Halfacree is offline   Reply With Quote
Old 15th May 2017, 11:39   #7
fix-the-spade
Mod Master
 
fix-the-spade's Avatar
 
Join Date: Jul 2011
Location: UK, North Yorks
Posts: 2,377
fix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyanfix-the-spade is a Super Spamming Saiyan
So if Microsoft is officially blaming the NSA both for discovering the vulnerability, withholding knowledge from Microsoft of it and for failing to keep the information secure, where does this leave the rest of the world legally?

I can see lawyers round the world rubbing their hands with glee at the thought of suing the US government. Hoarding security flaws to carry out (presumably) surveillance without warrants and/or outside of their jurisdiction and then allowing those security flaws to fall into the hands of organised crime. That could be quite the damages claim.
__________________
CMDR Fix-the-spade
fix-the-spade is offline   Reply With Quote
Old 15th May 2017, 11:47   #8
MLyons@BOXFX
Minimodder
 
MLyons@BOXFX's Avatar
 
Join Date: Mar 2017
Posts: 21
MLyons@BOXFX has yet to learn the way of the Dremel
I'm curious who the blame would legally fall on if a death had been the result of this. Does it go to the person that started the attack, the NHS, the NSA or Microsoft. It also seems like the person(s) behind this didn't get that much of a pay day based on the amount seen going into the wallets.
MLyons@BOXFX is offline   Reply With Quote
Old 15th May 2017, 12:42   #9
Corky42
What did walle eat for breakfast?
 
Join Date: Oct 2012
Posts: 6,860
Corky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming Saiyan
Quote:
Originally Posted by MLyons@BOXFX View Post
I'm curious who the blame would legally fall on if a death had been the result of this.
INAL so I'm probably wrong but I'd say it lies with the NSA as they're the ones who discovered the vulnerability and did nothing to strengthen the worlds defenses against it.

Frankly i find it ridiculous that when it comes to chemical, biological, radiological and nuclear weapons we have a plethora of international agreements governing there use but when it comes to 'cyber space' the rules seem so lax.

We wouldn't allow a government agency to use anthrax or ebola for anything other than researching ways to defend against them but when it comes to vulnerabilities in software it seems fine to weaponise those.
Corky42 is offline   Reply With Quote
Old 15th May 2017, 12:59   #10
jrs77
theorycrafting
 
jrs77's Avatar
 
Join Date: Feb 2006
Location: Finland
Posts: 4,830
jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.
Another excellent reason to drop Windows and go with Linux. MacOS would be another better option as it has all the professional software available.

Let's face it. Microsoft is the target #1 for any attacks like this. It's used by 90+ percent of all PC users including business and most of the users are too stoopid to prevent things like that from happening, be it by not updating, not running antivirus, clicking on every link without thinking twice, etc, etc

Sure, the NSA is partly to blame in this particular scenario, if they withheld critical information about this specific issue and they should be held accountable in part, but the main-reason for this issue is that Microsoft doesn't have any competition and is too lazy to write a better and more secure OS. Instead Microsoft forces more and more ridiculous crap onto their users.
__________________
...and allways remember, that the world is an orange!

Cooltek/Jonsbo U1 | Silverstone SX500-LG | Noctua NF-R8 Redux 1200
Gigabyte H97N-WiFi | intel i7-5775C | Noctua NH-D9L | Crucial Ballistix 16GB DDR3L1600 | Crucial MX200 250GB | 2.5" WD AV 1TB
jrs77 is offline   Reply With Quote
Old 15th May 2017, 19:51   #11
RedFlames
...is a figment of your imagination
 
RedFlames's Avatar
 
Join Date: Apr 2009
Location: The northern wastes of Geordieland
Posts: 7,080
RedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming SaiyanRedFlames is a Super Spamming Saiyan
Quote:
Originally Posted by Mr_Mistoffelees View Post
It is the end user's responsibility to update.

It is not Microsoft's fault that much of the NHS and many other organisations, are still running a 16 year old OS and/or didn't install the patch.
And people wonder why MS forced automatic updates on everyone.
__________________
Why are you still reading this? The post is over. Go Home.

RedFlames is offline   Reply With Quote
Old 15th May 2017, 20:05   #12
N17 dizzi
Mod Amateur
 
N17 dizzi's Avatar
 
Join Date: Mar 2011
Posts: 2,870
N17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming Saiyan
Quote:
Originally Posted by Gareth Halfacree View Post
Yes, exactly that. Which, incidentally, goes directly against the Vulnerability Equities Process (VEP) introduced by the Obama administration which requires all government agencies to share discovered vulnerabilities with vendors unless they can successfully argue for a temporary stay (such as "we're actively using this in an ongoing investigation which is due to wrap up on the 15th of November," rather than "we might need this in the future so we're keeping it to ourselves.")
What repercussions will the NSA face? My guess would be none, except measures to keep the vulnerabilities the staff are employed to find more secure.
N17 dizzi is offline   Reply With Quote
Old 15th May 2017, 20:38   #13
Chicken76
Hypermodder
 
Chicken76's Avatar
 
Join Date: Nov 2009
Location: Romania
Posts: 801
Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!Chicken76 - it's over 9000!!!!!!!!1!1!1!!!
Is there a tool I can point at my machines to see which are vulnerable through the network?
Chicken76 is offline   Reply With Quote
Old 15th May 2017, 23:11   #14
wolfticket
Downwind from the bloodhounds
 
wolfticket's Avatar
 
Join Date: Apr 2008
Location: Devon, England
Posts: 2,428
wolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyanwolfticket is a Super Spamming Saiyan
Air gap your backups people.
__________________
Wolfticket: Ambitious but rubbish

"A facility for quotation covers the absence of original thought."
Dorothy L. Sayers (1893 - 1957)
wolfticket is offline   Reply With Quote
Old 16th May 2017, 07:58   #15
jrs77
theorycrafting
 
jrs77's Avatar
 
Join Date: Feb 2006
Location: Finland
Posts: 4,830
jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.jrs77 is definitely a rep cheat.
Quote:
Originally Posted by wolfticket View Post
Air gap your backups people.
Who doesn't?
__________________
...and allways remember, that the world is an orange!

Cooltek/Jonsbo U1 | Silverstone SX500-LG | Noctua NF-R8 Redux 1200
Gigabyte H97N-WiFi | intel i7-5775C | Noctua NH-D9L | Crucial Ballistix 16GB DDR3L1600 | Crucial MX200 250GB | 2.5" WD AV 1TB
jrs77 is offline   Reply With Quote
Old 16th May 2017, 08:01   #16
DriftCarl
Supermodder
 
Join Date: Nov 2004
Posts: 584
DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.DriftCarl is the Cheesecake. Relix smiles down upon them.
Well the good news is I freed up loads of room on my virtual image backup server, since I could argue that it would be a pain to patch them all up and we dont really need them anymore, so they are deleted and I have now freed up a few TB of space
DriftCarl is offline   Reply With Quote
Old 16th May 2017, 08:43   #17
Corky42
What did walle eat for breakfast?
 
Join Date: Oct 2012
Posts: 6,860
Corky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming Saiyan
Quote:
Originally Posted by RedFlames View Post
And people wonder why MS forced automatic updates on everyone.
Not everyone, only home users really as most other versions allow the deference of updates.

Oddly enough it seems home users were the least effected or probably the least reported.
Corky42 is offline   Reply With Quote
Old 16th May 2017, 12:07   #18
N17 dizzi
Mod Amateur
 
N17 dizzi's Avatar
 
Join Date: Mar 2011
Posts: 2,870
N17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming SaiyanN17 dizzi is a Super Spamming Saiyan
Quote:
Originally Posted by wolfticket View Post
Air gap your backups people.
You mean backups that are isolated from your system, or levitate them using high powered fans? I do both anyway, who doesn't.
N17 dizzi is offline   Reply With Quote
Old 16th May 2017, 16:14   #19
MLyons@BOXFX
Minimodder
 
MLyons@BOXFX's Avatar
 
Join Date: Mar 2017
Posts: 21
MLyons@BOXFX has yet to learn the way of the Dremel
Quote:
Originally Posted by Chicken76 View Post
Is there a tool I can point at my machines to see which are vulnerable through the network?
I believe there is a script for nmap and a module for metasploit.
MLyons@BOXFX is offline   Reply With Quote
Old 16th May 2017, 16:15   #20
MLyons@BOXFX
Minimodder
 
MLyons@BOXFX's Avatar
 
Join Date: Mar 2017
Posts: 21
MLyons@BOXFX has yet to learn the way of the Dremel
Quote:
Originally Posted by jrs77 View Post
Who doesn't?
MLyons@BOXFX is offline   Reply With Quote
Reply

Tags
insecurity, malware, nsa, r.i.p. windows xp, ransomware, security, vulnerability, wanna decryptor, wannacry, wannacrypt, wikileaks, windows, windows xp, worm

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 06:19.
Powered by: vBulletin Version 3
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.