News WannaCry malware downs systems worldwide

Discussion in 'Article Discussion' started by Gareth Halfacree, 15 May 2017.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,422
    Likes Received:
    307
  2. Pookie

    Pookie So this is permanence, love's shattered pride.

    Joined:
    4 May 2010
    Posts:
    3,447
    Likes Received:
    116
    I'm sorry but the buck stops with Microsoft, they built the OS and it's their job to insure that it's secure. Maybe they need to invest in more time researching vulnerabilities rather than messing about with crappy stuff like Cortana.
     
  3. Mr_Mistoffelees

    Mr_Mistoffelees Grand Vizier. Temporarily spannerless.

    Joined:
    26 Aug 2014
    Posts:
    1,097
    Likes Received:
    20
    No it doesn't, Microsoft have made secure (against this vulnerability) OS software available to everyone who wants it. It is the end user's responsibility to update. It is not Microsoft's fault that much of the NHS and many other organisations, are still running a 16 year old OS.
     
  4. Broadwater06

    Broadwater06 Member

    Joined:
    10 Apr 2016
    Posts:
    194
    Likes Received:
    3
    But why should they keep supporting XP, they told us very clearly when the support end, they even extended the support more than any other Windows.
     
  5. tonyd223

    tonyd223 king of nothing

    Joined:
    12 Nov 2009
    Posts:
    388
    Likes Received:
    2
    Why didn't the NSA tell Microsoft? Because it was using the vulnerabilities for itself?
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,422
    Likes Received:
    307
    Yes, exactly that. Which, incidentally, goes directly against the Vulnerability Equities Process (VEP) introduced by the Obama administration which requires all government agencies to share discovered vulnerabilities with vendors unless they can successfully argue for a temporary stay (such as "we're actively using this in an ongoing investigation which is due to wrap up on the 15th of November," rather than "we might need this in the future so we're keeping it to ourselves.")
     
  7. fix-the-spade

    fix-the-spade Well-Known Member

    Joined:
    4 Jul 2011
    Posts:
    2,575
    Likes Received:
    56
    So if Microsoft is officially blaming the NSA both for discovering the vulnerability, withholding knowledge from Microsoft of it and for failing to keep the information secure, where does this leave the rest of the world legally?

    I can see lawyers round the world rubbing their hands with glee at the thought of suing the US government. Hoarding security flaws to carry out (presumably) surveillance without warrants and/or outside of their jurisdiction and then allowing those security flaws to fall into the hands of organised crime. That could be quite the damages claim.
     
  8. MLyons

    MLyons Half doge/ half dev Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    814
    Likes Received:
    102
    I'm curious who the blame would legally fall on if a death had been the result of this. Does it go to the person that started the attack, the NHS, the NSA or Microsoft. It also seems like the person(s) behind this didn't get that much of a pay day based on the amount seen going into the wallets.
     
  9. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    7,614
    Likes Received:
    97
    INAL so I'm probably wrong but I'd say it lies with the NSA as they're the ones who discovered the vulnerability and did nothing to strengthen the worlds defenses against it.

    Frankly i find it ridiculous that when it comes to chemical, biological, radiological and nuclear weapons we have a plethora of international agreements governing there use but when it comes to 'cyber space' the rules seem so lax.

    We wouldn't allow a government agency to use anthrax or ebola for anything other than researching ways to defend against them but when it comes to vulnerabilities in software it seems fine to weaponise those.
     
  10. jrs77

    jrs77 theorycrafting

    Joined:
    17 Feb 2006
    Posts:
    5,273
    Likes Received:
    121
    Another excellent reason to drop Windows and go with Linux. MacOS would be another better option as it has all the professional software available.

    Let's face it. Microsoft is the target #1 for any attacks like this. It's used by 90+ percent of all PC users including business and most of the users are too stoopid to prevent things like that from happening, be it by not updating, not running antivirus, clicking on every link without thinking twice, etc, etc

    Sure, the NSA is partly to blame in this particular scenario, if they withheld critical information about this specific issue and they should be held accountable in part, but the main-reason for this issue is that Microsoft doesn't have any competition and is too lazy to write a better and more secure OS. Instead Microsoft forces more and more ridiculous crap onto their users.
     
  11. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,100
    Likes Received:
    373
    And people wonder why MS forced automatic updates on everyone.
     
  12. N17 dizzi

    N17 dizzi Mod Amateur

    Joined:
    23 Mar 2011
    Posts:
    2,913
    Likes Received:
    268
    What repercussions will the NSA face? My guess would be none, except measures to keep the vulnerabilities the staff are employed to find more secure.
     
  13. Chicken76

    Chicken76 Member

    Joined:
    10 Nov 2009
    Posts:
    827
    Likes Received:
    19
    Is there a tool I can point at my machines to see which are vulnerable through the network?
     
  14. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    2,605
    Likes Received:
    112
    Air gap your backups people.
     
  15. jrs77

    jrs77 theorycrafting

    Joined:
    17 Feb 2006
    Posts:
    5,273
    Likes Received:
    121
    Who doesn't?
     
  16. DriftCarl

    DriftCarl Member

    Joined:
    2 Nov 2004
    Posts:
    587
    Likes Received:
    4
    Well the good news is I freed up loads of room on my virtual image backup server, since I could argue that it would be a pain to patch them all up and we dont really need them anymore, so they are deleted and I have now freed up a few TB of space :)
     
  17. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    7,614
    Likes Received:
    97
    Not everyone, only home users really as most other versions allow the deference of updates.

    Oddly enough it seems home users were the least effected or probably the least reported.
     
  18. N17 dizzi

    N17 dizzi Mod Amateur

    Joined:
    23 Mar 2011
    Posts:
    2,913
    Likes Received:
    268
    You mean backups that are isolated from your system, or levitate them using high powered fans? I do both anyway, who doesn't.
     
  19. MLyons

    MLyons Half doge/ half dev Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    814
    Likes Received:
    102
    I believe there is a script for nmap and a module for metasploit.
     
  20. MLyons

    MLyons Half doge/ half dev Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    814
    Likes Received:
    102
    :worried:
     

Share This Page