1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News WannaCry malware downs systems worldwide

Discussion in 'Article Discussion' started by Gareth Halfacree, 15 May 2017.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,394
    Likes Received:
    1,812
  2. Pookie

    Pookie So this is permanence, love's shattered pride.

    Joined:
    4 May 2010
    Posts:
    3,476
    Likes Received:
    129
    I'm sorry but the buck stops with Microsoft, they built the OS and it's their job to insure that it's secure. Maybe they need to invest in more time researching vulnerabilities rather than messing about with crappy stuff like Cortana.
     
  3. Mr_Mistoffelees

    Mr_Mistoffelees The Lunatic on the Grass.

    Joined:
    26 Aug 2014
    Posts:
    1,839
    Likes Received:
    357
    No it doesn't, Microsoft have made secure (against this vulnerability) OS software available to everyone who wants it. It is the end user's responsibility to update. It is not Microsoft's fault that much of the NHS and many other organisations, are still running a 16 year old OS.
     
  4. Broadwater06

    Broadwater06 Member

    Joined:
    10 Apr 2016
    Posts:
    225
    Likes Received:
    11
    But why should they keep supporting XP, they told us very clearly when the support end, they even extended the support more than any other Windows.
     
  5. tonyd223

    tonyd223 king of nothing

    Joined:
    12 Nov 2009
    Posts:
    388
    Likes Received:
    2
    Why didn't the NSA tell Microsoft? Because it was using the vulnerabilities for itself?
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,394
    Likes Received:
    1,812
    Yes, exactly that. Which, incidentally, goes directly against the Vulnerability Equities Process (VEP) introduced by the Obama administration which requires all government agencies to share discovered vulnerabilities with vendors unless they can successfully argue for a temporary stay (such as "we're actively using this in an ongoing investigation which is due to wrap up on the 15th of November," rather than "we might need this in the future so we're keeping it to ourselves.")
     
  7. fix-the-spade

    fix-the-spade Well-Known Member

    Joined:
    4 Jul 2011
    Posts:
    3,579
    Likes Received:
    313
    So if Microsoft is officially blaming the NSA both for discovering the vulnerability, withholding knowledge from Microsoft of it and for failing to keep the information secure, where does this leave the rest of the world legally?

    I can see lawyers round the world rubbing their hands with glee at the thought of suing the US government. Hoarding security flaws to carry out (presumably) surveillance without warrants and/or outside of their jurisdiction and then allowing those security flaws to fall into the hands of organised crime. That could be quite the damages claim.
     
  8. MLyons

    MLyons Half dev, Half doge. Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    2,862
    Likes Received:
    1,018
    I'm curious who the blame would legally fall on if a death had been the result of this. Does it go to the person that started the attack, the NHS, the NSA or Microsoft. It also seems like the person(s) behind this didn't get that much of a pay day based on the amount seen going into the wallets.
     
  9. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,253
    Likes Received:
    312
    INAL so I'm probably wrong but I'd say it lies with the NSA as they're the ones who discovered the vulnerability and did nothing to strengthen the worlds defenses against it.

    Frankly i find it ridiculous that when it comes to chemical, biological, radiological and nuclear weapons we have a plethora of international agreements governing there use but when it comes to 'cyber space' the rules seem so lax.

    We wouldn't allow a government agency to use anthrax or ebola for anything other than researching ways to defend against them but when it comes to vulnerabilities in software it seems fine to weaponise those.
     
  10. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    11,197
    Likes Received:
    1,346
    And people wonder why MS forced automatic updates on everyone.
     
  11. N17 dizzi

    N17 dizzi Well-Known Member

    Joined:
    23 Mar 2011
    Posts:
    3,108
    Likes Received:
    311
    What repercussions will the NSA face? My guess would be none, except measures to keep the vulnerabilities the staff are employed to find more secure.
     
  12. Chicken76

    Chicken76 Active Member

    Joined:
    10 Nov 2009
    Posts:
    920
    Likes Received:
    25
    Is there a tool I can point at my machines to see which are vulnerable through the network?
     
  13. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    2,887
    Likes Received:
    208
    Air gap your backups people.
     
  14. DriftCarl

    DriftCarl Member

    Joined:
    2 Nov 2004
    Posts:
    600
    Likes Received:
    12
    Well the good news is I freed up loads of room on my virtual image backup server, since I could argue that it would be a pain to patch them all up and we dont really need them anymore, so they are deleted and I have now freed up a few TB of space :)
     
  15. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,253
    Likes Received:
    312
    Not everyone, only home users really as most other versions allow the deference of updates.

    Oddly enough it seems home users were the least effected or probably the least reported.
     
  16. N17 dizzi

    N17 dizzi Well-Known Member

    Joined:
    23 Mar 2011
    Posts:
    3,108
    Likes Received:
    311
    You mean backups that are isolated from your system, or levitate them using high powered fans? I do both anyway, who doesn't.
     
  17. MLyons

    MLyons Half dev, Half doge. Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    2,862
    Likes Received:
    1,018
    I believe there is a script for nmap and a module for metasploit.
     
  18. MLyons

    MLyons Half dev, Half doge. Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    2,862
    Likes Received:
    1,018
    :worried:
     
  19. Anfield

    Anfield Well-Known Member

    Joined:
    15 Jan 2010
    Posts:
    5,000
    Likes Received:
    377
    http://www.nextpowerup.com/news/36028/the-shadow-brokers-claim-more-leaks-are-coming/
     
  20. SuperHans123

    SuperHans123 Well-Known Member

    Joined:
    27 Dec 2013
    Posts:
    1,344
    Likes Received:
    34
    But Linux is a ballache to use and is not compatible with Planet Earth.
     

Share This Page