1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News WannaCry malware downs systems worldwide

Discussion in 'Article Discussion' started by Gareth Halfacree, 15 May 2017.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
  2. Pookie

    Pookie Illegitimi non carborundum

    Joined:
    4 May 2010
    Posts:
    3,557
    Likes Received:
    146
    I'm sorry but the buck stops with Microsoft, they built the OS and it's their job to insure that it's secure. Maybe they need to invest in more time researching vulnerabilities rather than messing about with crappy stuff like Cortana.
     
  3. Mr_Mistoffelees

    Mr_Mistoffelees The Bit-Tech Cat. New Improved Version.

    Joined:
    26 Aug 2014
    Posts:
    5,198
    Likes Received:
    2,433
    No it doesn't, Microsoft have made secure (against this vulnerability) OS software available to everyone who wants it. It is the end user's responsibility to update. It is not Microsoft's fault that much of the NHS and many other organisations, are still running a 16 year old OS.
     
  4. Broadwater06

    Broadwater06 Minimodder

    Joined:
    10 Apr 2016
    Posts:
    278
    Likes Received:
    14
    But why should they keep supporting XP, they told us very clearly when the support end, they even extended the support more than any other Windows.
     
  5. tonyd223

    tonyd223 king of nothing

    Joined:
    12 Nov 2009
    Posts:
    389
    Likes Received:
    2
    Why didn't the NSA tell Microsoft? Because it was using the vulnerabilities for itself?
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    Yes, exactly that. Which, incidentally, goes directly against the Vulnerability Equities Process (VEP) introduced by the Obama administration which requires all government agencies to share discovered vulnerabilities with vendors unless they can successfully argue for a temporary stay (such as "we're actively using this in an ongoing investigation which is due to wrap up on the 15th of November," rather than "we might need this in the future so we're keeping it to ourselves.")
     
  7. fix-the-spade

    fix-the-spade Multimodder

    Joined:
    4 Jul 2011
    Posts:
    5,482
    Likes Received:
    1,267
    So if Microsoft is officially blaming the NSA both for discovering the vulnerability, withholding knowledge from Microsoft of it and for failing to keep the information secure, where does this leave the rest of the world legally?

    I can see lawyers round the world rubbing their hands with glee at the thought of suing the US government. Hoarding security flaws to carry out (presumably) surveillance without warrants and/or outside of their jurisdiction and then allowing those security flaws to fall into the hands of organised crime. That could be quite the damages claim.
     
  8. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,174
    Likes Received:
    2,732
    I'm curious who the blame would legally fall on if a death had been the result of this. Does it go to the person that started the attack, the NHS, the NSA or Microsoft. It also seems like the person(s) behind this didn't get that much of a pay day based on the amount seen going into the wallets.
     
  9. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    INAL so I'm probably wrong but I'd say it lies with the NSA as they're the ones who discovered the vulnerability and did nothing to strengthen the worlds defenses against it.

    Frankly i find it ridiculous that when it comes to chemical, biological, radiological and nuclear weapons we have a plethora of international agreements governing there use but when it comes to 'cyber space' the rules seem so lax.

    We wouldn't allow a government agency to use anthrax or ebola for anything other than researching ways to defend against them but when it comes to vulnerabilities in software it seems fine to weaponise those.
     
  10. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,395
    Likes Received:
    2,992
    And people wonder why MS forced automatic updates on everyone.
     
  11. N17 dizzi

    N17 dizzi Multimodder

    Joined:
    23 Mar 2011
    Posts:
    3,234
    Likes Received:
    356
    What repercussions will the NSA face? My guess would be none, except measures to keep the vulnerabilities the staff are employed to find more secure.
     
  12. Chicken76

    Chicken76 Minimodder

    Joined:
    10 Nov 2009
    Posts:
    952
    Likes Received:
    32
    Is there a tool I can point at my machines to see which are vulnerable through the network?
     
  13. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    3,555
    Likes Received:
    646
    Air gap your backups people.
     
  14. DriftCarl

    DriftCarl Minimodder

    Joined:
    2 Nov 2004
    Posts:
    602
    Likes Received:
    12
    Well the good news is I freed up loads of room on my virtual image backup server, since I could argue that it would be a pain to patch them all up and we dont really need them anymore, so they are deleted and I have now freed up a few TB of space :)
     
  15. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    Not everyone, only home users really as most other versions allow the deference of updates.

    Oddly enough it seems home users were the least effected or probably the least reported.
     
  16. N17 dizzi

    N17 dizzi Multimodder

    Joined:
    23 Mar 2011
    Posts:
    3,234
    Likes Received:
    356
    You mean backups that are isolated from your system, or levitate them using high powered fans? I do both anyway, who doesn't.
     
  17. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,174
    Likes Received:
    2,732
    I believe there is a script for nmap and a module for metasploit.
     
  18. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,174
    Likes Received:
    2,732
    :worried:
     
  19. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,058
    Likes Received:
    969
    http://www.nextpowerup.com/news/36028/the-shadow-brokers-claim-more-leaks-are-coming/
     
  20. SuperHans123

    SuperHans123 Multimodder

    Joined:
    27 Dec 2013
    Posts:
    2,127
    Likes Received:
    384
    But Linux is a ballache to use and is not compatible with Planet Earth.
     

Share This Page